[kictanet] Poor show by IEBC: Data Protection in year 2017 and the case of raw voter registration data

Ronald Ojino ronojinx at gmail.com
Thu Jun 29 23:55:28 EAT 2017


This is a very serious anomaly that must be addressed soonest possible. It
begs the question, are we safe as data subjects? If a body like IEBC that
is expected to be beyond reproach can have such open flaws...then we say
that we are ready to go for elections huh?its a disappointment.

On 29-Jun-2017 11:47 PM, "Mwendwa Kivuva via kictanet" <
kictanet at lists.kictanet.or.ke> wrote:

> Dear Listers,
>
> Today I'm wearing my CISA hat.
>
> IEBC has launched a voter verification tool both through sms, and web
> query at http://voterstatus.iebc.or.ke/voter
>
> If you are privacy conscious, and a little bit paranoid, you will realize
> that IEBC is doing badly with how they are exposing  raw data of nearly 20
> million Kenyans to the world. Anybody with basic programing skills can be
> able to harvest the raw data through an automated search. If you search any
> random number with the format of Kenya ID numbers, say hypothetically
> 12345678, you will realize you can pull up citizen's details, at least ID
> number, and name, and where they live.
>
> Basic security tips would require the system to have a captcha to prevent
> automated harvest of the information, and also have a challenge questions
> like date of birth to supplement the ID number, therefore thwart any
> mischievous individuals from harvesting the rich data
>
> Can IEBC correct the anomaly?
>
> Attached is a sample demo screenshot. Of course there is the other thing
> of strange ID numbers finding their way into the voter register.
>
> Voter Details for Id: 12345678
> Id / Passport Number 12345678
> Primary Name KIBET
> Secondary Name KIRUI
> Birth Date 01/01/1994
> Gender M
> Polling Station Code 101
> Polling Station LELACH PRIMARY SCHOOL
> County KERICHO
> Contituency BURETI
> Ward CHEPLANGET
>
> ______________________
> Mwendwa Kivuva, Nairobi, Kenya
> twitter.com/lordmwesh
>
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/ronojinx%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170629/8f83eb36/attachment.htm>


More information about the KICTANet mailing list