[kictanet] Poor show by IEBC: Data Protection in year 2017 and the case of raw voter registration data
Grace Mutung'u
nmutungu at gmail.com
Fri Jun 30 19:58:30 EAT 2017
Thank you Emmanuel,
Just bringing in the provision for inspection of the register from the
Elections Act:
6. Inspection of register of voters
(1) The Commission shall cause the Register of Voters to be opened for
inspection *by members of the public* at all times for the purpose of
rectifying the
particulars therein, except for such period of time as the Commission may
consider
appropriate.
The idea here is not only for voters to verify their details but also for
the public to inspect the register. Inspection serves an important role in
assuring the integrity of the vote by weeding out errors, dead voters etc.
The register is also available in physical form at constituency offices for
public inspection.
It should therefore be possible for members of the public to view other
people's voter registration details. The question should only be what
details are made public and also how to prevent harvesting of the data. I
do not see a justification for serial numbers or SMS verification.
I wonder whether there are lessons we can pick from KRA's PIN verification
system
https://itax.kra.go.ke/KRA-Portal/pinChecker.htm?actionCode=loadPage&viewType=static
2017-06-30 19:44 GMT+03:00 Ngigi Waithaka via kictanet <
kictanet at lists.kictanet.or.ke>:
> Chebukati,
>
> Phone gets lost either:
> 1. Use an alternate number (Google does this all the time)
> 2. Log in with your Username/Password (ID / Serial No) combo, list a
> different number
>
> Regards
>
> On Fri, Jun 30, 2017 at 7:37 PM, Emmanuel Chebukati via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> Good evening,
>>
>> Victor: Unfortunately, perception is reality in all matters electoral in
>> Kenya.
>>
>> Denis & Ngigi: SMS 2FA is not exactly full proof as a solution to the
>> problem of voter verification. What if phone numbers change, get lost or
>> expire? How does that voter then confirm their polling station & details?
>>
>> Washington: Glad we agree. Donge!
>>
>> Grace:
>> 1) In an ideal world, NRB should update their database and sambaza
>> changes to all connected parties in case of a serial number or any other
>> change.
>> 2) As we await stricter privacy laws, we are at the liberty of the
>> service provider whom we trust to do the right thing.
>>
>>
>> Regards,
>>
>> EC
>>
>> On Fri, Jun 30, 2017 at 7:13 PM, Ngigi Waithaka via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>>> Mark,
>>>
>>> On a security vs affordability basis, how exactly would SMS 2FA not be
>>> an effective solution?
>>>
>>> Unless you are going to hack the Telco SMS Gateway where the SMS is in
>>> clear txt, in which case I would think even our M-Pesa Pins would be
>>> vulnerable, where else is do you have a credible attack surface?
>>>
>>> Rgds
>>>
>>> On Fri, Jun 30, 2017 at 3:25 PM, Mark Kipyegon via kictanet <
>>> kictanet at lists.kictanet.or.ke> wrote:
>>>
>>>> SMS as a form of 2FA is unsuitable considering the sensitivity of such
>>>> information. On the other hand a government backed smart card would offer
>>>> the appropriate level of authentication without locking out access to a
>>>> section of users.
>>>>
>>>> On 30 Jun 2017, at 12:30, "Denis G. Wahome" <dwahome at gmail.com> wrote:
>>>>
>>>> Mark,
>>>>
>>>> While I do concur completely with your observation. I was considering
>>>> the user group for the service. Other more advanced mechanisms would reduce
>>>> the usability/accessibility by a large portion of the Country.
>>>>
>>>> A better way would be a registration process to access your records
>>>> where one can select a Channel for 2FA
>>>>
>>>> Denis
>>>>
>>>> On Fri, Jun 30, 2017 at 10:54 AM, Mark Kipyegon via kictanet <
>>>> kictanet at lists.kictanet.or.ke> wrote:
>>>>
>>>>> SMS is not a secure implementation of two factor authentication.
>>>>>
>>>>> On 30 Jun 2017, at 10:40, "kictanet-request at lists.kictanet.or.ke" <
>>>>> kictanet-request at lists.kictanet.or.ke> wrote:
>>>>>
>>>>>
>>>>> >
>>>>> > A simple 2 Factor Authentication mechanism via SMS would suffice to
>>>>> start
>>>>> > with.
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> kictanet mailing list
>>>> kictanet at lists.kictanet.or.ke
>>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>> Twitter: http://twitter.com/kictanet
>>>> Facebook: https://www.facebook.com/KICTANet/
>>>>
>>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>>>> ailman/options/kictanet/ngigi%40at.co.ke
>>>>
>>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>>> for people and institutions interested and involved in ICT policy and
>>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>>> sector in support of the national aim of ICT enabled growth and development.
>>>>
>>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>>> online that you follow in real life: respect people's times and bandwidth,
>>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>>> not spam, do not market your wares or qualifications.
>>>>
>>>>
>>>
>>>
>>> --
>>> *Regards,*
>>>
>>> *Wait**haka Ngigi*
>>> Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod
>>> Building
>>> T +254 20 525 0750 |Office Mobile: +254 716 201061 <+254%20716%20201061>
>>> | M +254 737 811 000
>>> www.at.co.ke
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> Twitter: http://twitter.com/kictanet
>>> Facebook: https://www.facebook.com/KICTANet/
>>>
>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>>> ailman/options/kictanet/echebukati%40gmail.com
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>> ailman/options/kictanet/ngigi%40at.co.ke
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>>
>
>
> --
> *Regards,*
>
> *Wait**haka Ngigi*
> Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod
> Building
> T +254 20 525 0750 |Office Mobile: +254 716 201061 <+254%20716%20201061>
> | M +254 737 811 000
> www.at.co.ke
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/nmutungu%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>
--
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20170630/005c510b/attachment.htm>
More information about the KICTANet
mailing list