[kictanet] Poor show by IEBC: Data Protection in year 2017 and the case of raw voter registration data

Ngigi Waithaka ngigi at at.co.ke
Fri Jun 30 19:44:43 EAT 2017


Chebukati,

Phone gets lost either:
1. Use an alternate number (Google does this all the time)
2. Log in with your Username/Password (ID / Serial No) combo, list a
different number

Regards

On Fri, Jun 30, 2017 at 7:37 PM, Emmanuel Chebukati via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> Good evening,
>
> Victor: Unfortunately, perception is reality in all matters electoral in
> Kenya.
>
> Denis & Ngigi: SMS 2FA is not exactly full proof as a solution to the
> problem of voter verification. What if phone numbers change, get lost or
> expire? How does that voter then confirm their polling station & details?
>
> Washington: Glad we agree. Donge!
>
> Grace:
> 1) In an ideal world, NRB should update their database and sambaza changes
> to all connected parties in case of a serial number or any other change.
> 2) As we await stricter privacy laws, we are at the liberty of the service
> provider whom we trust to do the right thing.
>
>
> Regards,
>
> EC
>
> On Fri, Jun 30, 2017 at 7:13 PM, Ngigi Waithaka via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> Mark,
>>
>> On a security vs affordability basis, how exactly would SMS 2FA not be an
>> effective solution?
>>
>> Unless you are going to hack the Telco SMS Gateway where the SMS is in
>> clear txt, in which case I would think even our M-Pesa Pins would be
>> vulnerable, where else is do you have a credible attack surface?
>>
>> Rgds
>>
>> On Fri, Jun 30, 2017 at 3:25 PM, Mark Kipyegon via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>>> SMS as a form of 2FA is unsuitable considering the sensitivity of such
>>> information. On the other hand a government backed smart card would offer
>>> the appropriate level of authentication without locking out access to a
>>> section of users.
>>>
>>> On 30 Jun 2017, at 12:30, "Denis G. Wahome" <dwahome at gmail.com> wrote:
>>>
>>> Mark,
>>>
>>> While I do concur completely with your observation. I was considering
>>> the user group for the service. Other more advanced mechanisms would reduce
>>> the usability/accessibility by a large portion of the Country.
>>>
>>> A better way would be a registration process to access your records
>>> where one can select a Channel for 2FA
>>>
>>> Denis
>>>
>>> On Fri, Jun 30, 2017 at 10:54 AM, Mark Kipyegon via kictanet <
>>> kictanet at lists.kictanet.or.ke> wrote:
>>>
>>>> SMS is not a secure implementation of two factor authentication.
>>>>
>>>> On 30 Jun 2017, at 10:40, "kictanet-request at lists.kictanet.or.ke" <
>>>> kictanet-request at lists.kictanet.or.ke> wrote:
>>>>
>>>>
>>>> >
>>>> > A simple 2 Factor Authentication mechanism via SMS would suffice to
>>>> start
>>>> > with.
>>>>
>>>>
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> Twitter: http://twitter.com/kictanet
>>> Facebook: https://www.facebook.com/KICTANet/
>>>
>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>>> ailman/options/kictanet/ngigi%40at.co.ke
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>>
>>
>>
>> --
>> *Regards,*
>>
>> *Wait**haka Ngigi*
>> Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod
>> Building
>> T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000
>> www.at.co.ke
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>> ailman/options/kictanet/echebukati%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/ngigi%40at.co.ke
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>


-- 
*Regards,*

*Wait**haka Ngigi*
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
T +254 20 525 0750 |Office Mobile: +254 716 201061 | M +254 737 811 000
www.at.co.ke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170630/fa5101fe/attachment.htm>


More information about the KICTANet mailing list