[kictanet] CA Speaks to Internet Shutdowns and "Monitoring" of Online Comms
Andrew Alston
Andrew.Alston at liquidtelecom.com
Sun Jan 15 07:48:06 EAT 2017
Without commenting on the primary debate at all, I have to say that if stingray systems are indeed what we are talking about here (and I haven’t seen anything that actually confirms that – so it may well be the case that something else was acquired), such devices have amazing potential for abuse (and let’s be clear, I am not saying that they would be abused, I am merely highlighting the potential for it)….
This is what happened when a stingray system was last found in South Africa:
https://mybroadband.co.za/news/security/134584-super-cellphone-spying-machine-in-sa-used-to-rig-government-tenders.html
The fallout from THAT little incident is still going on…
Andrew
From: kictanet <kictanet-bounces+andrew.alston=liquidtelecom.com at lists.kictanet.or.ke> on behalf of Brian Muhia via kictanet <kictanet at lists.kictanet.or.ke>
Reply-To: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Date: Saturday, 14 January 2017 at 16:53
To: Andrew Alston <Andrew.Alston at liquidtelecom.com>
Cc: Brian Muhia <bmn at savannahinformatics.com>, Mose Karanja <mosekaranja at gmail.com>
Subject: Re: [kictanet] CA Speaks to Internet Shutdowns and "Monitoring" of Online Comms
Thank you Ali and Nanjira. In the case where we know we'll be under surveillance, it helps to know which tools may be used, as documentation for reference during future events like what we're about to live through. There are tools for this kind of thing if you're interested in gathering data on the ground. Here's one: SnoopSnitch (https://play.google.com/store/apps/details?id=de.srlabs.snoopsnitch), which claims to detect IMSI-catchers and cell site simulators. Read about the Stingray from the EFF's website.
On Sat, 14 Jan 2017, 16:42 Ali Hussein via kictanet, <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
Sidney/Moses
Thanks for bringing us back to this very critical discussions.
I want to make an observation(s):-
1. There is a tendency creeping in this country for government officials to ignore uncomfortable conversations and topics. I would like to humbly remind them that they have a duty and a responsibility to respond to our queries.
2. Governments Agencies beating doors down to seem to respond and support to the powers that be on issues yet when we citizens ask questions there is loud silences.
I know you all are reading these posts. Engagement with the citizenry is a must. Uncomfortable as it may be.
Ali Hussein
Principal
Hussein & Associates
+254 0713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 14 Jan 2017, at 3:17 PM, Mose Karanja via kictanet <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
Sidney, your observations are spot on.
There are legal and oversight issues here regarding the CA briefing.
There is also the issue of civil society PLEADING with the government ‘will you shutdown the Internet during the elections? please do not shutdown the Internet?’ Total confusion. If they want to shutdown communications channels, they should do it knowing they will be legally responsible for violations of a host of laws in Kenya and definitely the Constitution. There is no legal justification whatsoever for a total Internet shutdown. That amounts to collective punishment, unless may be they institute a State of Emergency as Ethiopia did last year. If there are no active shutdowns then we will start to celebrate yet that is what a normal election should be. We are subtly normalizing Internet shutdowns - or better still, information controls online including censorship.
As a citizen of this republic and as a believer in the separation of powers, I hope the judiciary can offer sufficient oversight on this matter regarding court orders. If this fails, a constitutional interpretation on this can be instituted.
I also haven’t hear anything from Internet service providers or the business community on this matter. Hopefully we will know who got our back in due course.
@Sidney, the thread on WhatsApp is a different conversation that happened to be on this one. Apologies for the mixup.
M
On 14 Jan 2017, at 14:52, Sidney Ochieng <sidney.ochieng at gmail.com<mailto:sidney.ochieng at gmail.com>> wrote:
Hey all,
This discussion I feel has gone off topic slightly; this focus on what technology we use and how well encrypted it is is besides the point. If you checked out Nanjira's tweets the second one is a photo form the Standard about the CA sending 2b to monitor communication(Sh1.1 billion on a spectrum monitoring system to monitor unauthorised broadcasts, Sh600 million on a social media monitoring system and Sh400 million on a device management system to closely monitor mobile phones and the activities around them), The article seems to have been taken offline for some reason but the google cached version can be found here<https://webcache.googleusercontent.com/search?q=cache:T9Z2xi4rXBIJ:https://www.standardmedia.co.ke/article/2000229727/communications-authority-to-monitor-private-talk-and-texts-during-poll+&cd=1&hl=en&ct=clnk>.
Under which law does the CA have the authority to monitor mobile phones without a court order? If it is by court order, can we have a copy of that order? The data that is collected by these systems, who is its custodian, how long will it be held for? What about my constitutionally right to privacy?(particularly part d of section 31: the right not to have the privacy of my communications infringed)
When was the tendering process for these systems and who is supplying them?(I've built social media monitoring tools -for research purposes- would have been nice to get 600m😅)
These systems have been acquired with the stated purpose of preventing a repeat of the 2007/2008 post-election violence. At iHub Research, a team of researchers that Nanjira and I were a part of a team that spent 5 years looking for a link between hate speech online and violence offline<http://ihub.co.ke/research/projects/23> and never found one, not even a cursory one. So the question becomes where did the CA get the notion that this was necessary? Would they care to share their research?
Finally on internet shutdowns? By which law? Or court order? The article says measures like an internet shut-down will only be deployed in a "worst-case scenario" What the hell is a "worst case scenario"? I would like to know in very specific terms what that means and what conditions have to be met for it to be considered a worst-case scenario.
Last question, what happens to these systems after the election?
If someone from the CA could answer these questions I'd be most appreciative
On 14 January 2017 at 13:28, Moses Karanja via kictanet <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
Ali, as you noted, The Guardian decided to go with the catchphrase. Asking the right questions would have been boring but who has time for boring studies when you can attack Facebook/WhatsApp and get the spotlight? :)
Security is hard and no one person/organization can get it 100%. It is more practical to live with systems that can fail well by being transparent on vulnerabilities and being proactive with patching them.
M
On 14/01/2017 13:21, Ali Hussein wrote:
Moses
Thanks for sharing. I personally considered the Guardian story and then read the Open Whispers System blog and came to the conclusion that it just may be possible that the Guardian Newspaper in this case was really dabbling in sensationalism.
I'm keen to hear comments from listers who have a deeper understanding of cryptography.
Meanwhile in all things tech and social the best defense against snooping and hacking is simply this:-
Exercise caution. Don't write or post anything that may embarrass you if someone hacked into any of your devices.
This may be an opportunity for those who have gotten into the habit of engaging in an online relationship to actually go out and meet..You know...like we used to do in the 1980s and before..
You may just find it super fulfilling...in more ways than one.. :-)
Ali Hussein
Principal
Hussein & Associates
+254 0713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 14 Jan 2017, at 8:24 AM, Moses Karanja via kictanet <kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>> wrote:
Open Whispers response to The Guardian article, maintaining it is not a backdoor:
The only question it might be reasonable to ask is whether these safety number change notifications should be "blocking" or "non-blocking." In other words, when a contact's key changes, should WhatsApp require the user to manually verify the new key before continuing, or should WhatsApp display an advisory notification and continue without blocking the user.
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Moses
On 13/01/2017 21:43, kictanet-request at lists.kictanet.or.ke<mailto:kictanet-request at lists.kictanet.or.ke> wrote:
Send kictanet mailing list submissions to
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
or, via email, send a message with subject or body 'help' to
kictanet-request at lists.kictanet.or.ke<mailto:kictanet-request at lists.kictanet.or.ke>
You can reach the person managing the list at
kictanet-owner at lists.kictanet.or.ke<mailto:kictanet-owner at lists.kictanet.or.ke>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: (no subject) (McTim)
2. Re: (no subject) (Keith Andere)
3. Re: CA Speaks to Internet Shutdowns and "Monitoring" of
Online Comms (Mutemi wa Kiama)
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
--
Moses Karanja
www.moseskaranja.com/blog<http://www.moseskaranja.com/blog>
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Moses Karanja
www.moseskaranja.com/blog<http://www.moseskaranja.com/blog>
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/sidney.ochieng%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Regards,
Sidney
Twitter: @princelySid<https://twitter.com/princelySid> | Website: sidneyochieng.co.ke<http://sidneyochieng.co.ke/>
---
Moses Karanja
www.moseskaranja.com/blog<http://www.moseskaranja.com/blog>
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke<mailto:kictanet at lists.kictanet.or.ke>
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/bmn%40savannahinformatics.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
Software Engineer - Savannah Informatics Ltd.
---------------------------------------------------------------------------------------
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com
---------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170115/9d6d0108/attachment.htm>
More information about the KICTANet
mailing list