[kictanet] Data Protection & Residency

[S.M. Muraya]

For about a decade now, Kenya has had the local talent, commitment and
infrastructure to deliver on most demands below. The law should ban the
political class from procuring foreign firms. Foreign firms should talk to
local firms first.

http://www.nation.co.ke/news/politics/Wafula-Chebukati-outlines-tough-demands-on-OT-Morpho-/1064-4119384-10rr6uaz/index.html

His conditions are also captured in the new contract.

In her letter and in what could further deepen the standoff with Nasa,
OT-Morpho opposed the decision by the chairman to open servers before the
election day, arguing the move may compromise data security.

“OT-Morpho would like to respectfully warn IEBC that opening access to
servers, databases and logs prior to the elections might open security
weaknesses. We would rather recommend that access to server and databases
be provided after the Election Day. Anyhow, logs will be shared on a daily
basis with IEBC. Agents should be allowed to review them at IEBC premises
only,” Ms Charlanes wrote.

On embedding external IT experts in the system, she said they do not object
but say there is need to agree on their scope and role.

Another frontier of clash is the decision not to have locally hosted backup
system.


*BACKUP SYSTEM*
Mr Chebukati said the refusal to set a local backup system had landed them
into problems when they could not fully comply with the Supreme Court
orders to open up the servers for scrutiny.

“One of the easiest things to do is setting up ‘real-time master/slave
database replication’. We already have the infrastructure in place,” he
suggests.

Responding to conditions they have set out before they can participate in
the polls, Mr Chebukati had promised Nasa that they would deploy a cloud
server and a local backup system and that all these would adhere to the
international standards.

“OT-Morpho will only deliver RTS (Results Transmission System) on a cloud
platform as for the August 8 elections,” Ms Charlanes said in a letter
addressed to the chairman.  The firm further informs Mr Chebukati that
considering the limited time left to the date of polls, it is impossible to
conduct a dry-run of results transmission as he had indicated to Nasa.


*DRY-RUN*
“Even though OT-Morpho was and remains willing to support such a dry-run,
IEBC has to realise that conducting such an operation is hogging the RTS
system for four days, so as to prepare, test, run and clean the system. In
the current planning and considering the recent delays in receiving the SIM
cards to start the KIEMS (Kenya Integrated Elections Management System)
kits production as well as latest IEBC requirement, we fear we have no room
any more for such an operation,” Ms charlanes had said.

In a counter-argument, the IEBC chief says this needs not take four days
but a shorter time.  He also reminds them that the Commission is the boss
and will define the terms of engagement.

“Dry run is essential confidence building measure to assure our
stakeholders on the integrity of our system. For example, it can be one kit
per polling station per county live on television. Such an exercise
well-co-ordinated can take less than two hours,” he argues.

OT-Morpho also objected to the idea of initiating an external audit on
grounds of limited time.

Further, on plans by the commission to display all the forms 34B from
constituencies, the firm says it is technologically impossible to do this
given the bulky nature of the forms.


*DATA CAPACITY*
Mr Chebukati insists that the tech firm should enhance its data capacity to
accommodate the bulk data.

“Please not that since OT-Morpho are the ones who receive the forms 34A
first, they must make them public. Text results without forms, shall not be
allowed in whatever circumstances,” he tersely says.

He instructs them to avoid a situation that happened in August where some
10,000 polling stations sent results without forms.

OT-Morpho also say that based on IEBC specifications, the media cannot show
live feed on verified results since there is no “mechanisms of verification
of any kind of verification on the RTS platform before results sharing”.

Mr Chebukati had written that the commission would provide access to
accredited media houses to cover results announcements at all levels. Media
will be encouraged to show a live feed of the verified results. Given the
haphazard way with which the IEBC handled GPS technology last time, the
chairman is also asking OT-Morpho to ensure that they activate the
technology in a way that is easy to install locally.



On Thu, Sep 28, 2017 at 11:19 AM, Admin CampusCiti <info at campusciti.com>
wrote:

> Personally I'm surprised that we are yet to have a Data Protection Law in
> this country. This disconnect between policy, regulation and the reality on
> the ground is scary. Reminds of the Government official defending the fact
> that we have hotels and not enough stadiums so we should have hosted the
> Africa CAF Championships!!
>
> *Ali Hussein*
> *Hussein & Associates*
> +254 0713 601113 / 0770906375
>
> Twitter: @AliHKassim
>
> Skype: abu-jomo
>
> LinkedIn: http://ke.linkedin.com/in/alihkassim
> <http://ke.linkedin.com/in/alihkassim>
>
> Blog: www.alyhussein.com
>
> "Discovery consists in seeing what everyone else has seen and thinking
> what no one else has thought".  ~ Albert Szent-Györgyi
>
> Sent from my iPad
>
> On 28 Sep 2017, at 10:25 AM, S.M. Muraya via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
> Looking beyond the politics, interesting comments here.
>
> http://www.nation.co.ke/news/Raila-Odinga-drags-Safaricom-
> into-poll-dispute/1056-4112876-view-asAMP-aakx2sz/index.html
>
> With increasing demands for local data termination points, sooner (2017)
> or later (2018) a court order is going to require Data Residency in Kenya.
>
> Where are we on the Data Protection and Residency Act?
>
> It may not go well for technocrats caught off guard by a court order,
> inevitably coming.
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/info%40campusciti.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
>


-- 
SMM

*"Better a patient person than a warrior, one with self-control than one
who takes a city." Prov 16:32*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20171001/f2dbd2a1/attachment.htm>