[kictanet] Poor show by IEBC: Data Protection in year 2017 and the case of raw voter registration data

Fri Jun 30 19:37:07 EAT 2017

Good evening,

Victor: Unfortunately, perception is reality in all matters electoral in
Kenya.

Denis & Ngigi: SMS 2FA is not exactly full proof as a solution to the
problem of voter verification. What if phone numbers change, get lost or
expire? How does that voter then confirm their polling station & details?

Washington: Glad we agree. Donge!

Grace:
1) In an ideal world, NRB should update their database and sambaza changes
to all connected parties in case of a serial number or any other change.
2) As we await stricter privacy laws, we are at the liberty of the service
provider whom we trust to do the right thing.

Regards,

EC

On Fri, Jun 30, 2017 at 7:13 PM, Ngigi Waithaka via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> Mark,
>
> On a security vs affordability basis, how exactly would SMS 2FA not be an
> effective solution?
>
> Unless you are going to hack the Telco SMS Gateway where the SMS is in
> clear txt, in which case I would think even our M-Pesa Pins would be
> vulnerable, where else is do you have a credible attack surface?
>
> Rgds
>
> On Fri, Jun 30, 2017 at 3:25 PM, Mark Kipyegon via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> SMS as a form of 2FA is unsuitable considering the sensitivity of such
>> information. On the other hand a government backed smart card would offer
>> the appropriate level of authentication without locking out access to a
>> section of users.
>>
>> On 30 Jun 2017, at 12:30, "Denis G. Wahome" <dwahome at gmail.com> wrote:
>>
>> Mark,
>>
>> While I do concur completely with your observation. I was considering the
>> user group for the service. Other more advanced mechanisms would reduce the
>> usability/accessibility by a large portion of the Country.
>>
>> A better way would be a registration process to access your records where
>> one can select a Channel for 2FA
>>
>> Denis
>>
>> On Fri, Jun 30, 2017 at 10:54 AM, Mark Kipyegon via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>>> SMS is not a secure implementation of two factor authentication.
>>>
>>> On 30 Jun 2017, at 10:40, "kictanet-request at lists.kictanet.or.ke" <
>>> kictanet-request at lists.kictanet.or.ke> wrote:
>>>
>>>
>>> >
>>> > A simple 2 Factor Authentication mechanism via SMS would suffice to
>>> start
>>> > with.
>>>
>>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>> ailman/options/kictanet/ngigi%40at.co.ke
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>>
>
>
> --
> *Regards,*
>
> *Wait**haka Ngigi*
> Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod
> Building
> T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000
> www.at.co.ke
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/echebukati%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170630/349d3fee/attachment.htm>