[kictanet] Poor show by IEBC: Data Protection in year 2017 and the case of raw voter registration data

[Mwendwa Kivuva]

Dear Listers,

Today I'm wearing my CISA hat.

IEBC has launched a voter verification tool both through sms, and web query
at http://voterstatus.iebc.or.ke/voter

If you are privacy conscious, and a little bit paranoid, you will realize
that IEBC is doing badly with how they are exposing  raw data of nearly 20
million Kenyans to the world. Anybody with basic programing skills can be
able to harvest the raw data through an automated search. If you search any
random number with the format of Kenya ID numbers, say hypothetically
12345678, you will realize you can pull up citizen's details, at least ID
number, and name, and where they live.

Basic security tips would require the system to have a captcha to prevent
automated harvest of the information, and also have a challenge questions
like date of birth to supplement the ID number, therefore thwart any
mischievous individuals from harvesting the rich data

Can IEBC correct the anomaly?

Attached is a sample demo screenshot. Of course there is the other thing of
strange ID numbers finding their way into the voter register.

Voter Details for Id: 12345678
Id / Passport Number 12345678
Primary Name KIBET
Secondary Name KIRUI
Birth Date 01/01/1994
Gender M
Polling Station Code 101
Polling Station LELACH PRIMARY SCHOOL
County KERICHO
Contituency BURETI
Ward CHEPLANGET

______________________
Mwendwa Kivuva, Nairobi, Kenya
twitter.com/lordmwesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170630/6eee34d9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2017-06-30 at 00.20.23.png
Type: image/png
Size: 184721 bytes
Desc: not available
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170630/6eee34d9/attachment.png>