[kictanet] Data Protection & Residency

S.M. Muraya murigi.muraya at gmail.com
Tue Oct 17 15:01:29 EAT 2017 

Barrack,

The Cyber Crimes Bill/Act has moved Kenya forward, but more specifications
(if not Acts) may be required to effect more *data protection* + *data
residency* (processing) in Kenya (under certain conditions). It may also
allow back up of data outside Kenya under certain (performance based)
conditions or treaties.

Interesting links below indicating how Data Protection Acts are used to
protect citizens/nations.

https://autoriteitpersoonsgegevens.nl/en/news/dutch-dpa-microsoft-breaches-data-protection-law-windows-10

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/07/royal-free-google-deepmind-trial-failed-to-comply-with-data-protection-law/

The General Data Protection Regulation (GDPR) is a new law that will
replace the Data Protection Act 1998 and will apply in the UK from 25 May
2018. The government has confirmed that the UK’s decision to leave the EU
will not affect the commencement of the GDPR.



https://rcpmag.com/articles/2017/10/13/windows-10-vs-dutch-privacy-laws.aspx





On Sun, Oct 1, 2017 at 7:54 PM, Barrack Otieno <otieno.barrack at gmail.com>
wrote:

> Hi Muraya.
>
>
> Things will even become tougher with the introduction of the General Data
> Protection Regulations that is set to come into effect next year.  Ali
> Hussein recently posted a brief developed by a local legal expert Juliet on
> the same. Be that as it may your wish is an ideal that can only be found in
> environments with value based leadership who will go at any length to
> promote local entrepreneurs. It is baffling to note that this companies
> don't even provide this services during the national electoral processes
> but do so in the global south. As is we have transactional leaders in all
> spheres of society who are only interested in what they get in return.
> Anyway, Kenya will rise again some day.
>
> Best Regards
>
> On Sun, Oct 1, 2017 at 9:35 AM, S.M. Muraya via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> For about a decade now, Kenya has had the local talent, commitment and
>> infrastructure to deliver on most demands below. The law should ban the
>> political class from procuring foreign firms. Foreign firms should talk to
>> local firms first.
>>
>> http://www.nation.co.ke/news/politics/Wafula-Chebukati-outli
>> nes-tough-demands-on-OT-Morpho-/1064-4119384-10rr6uaz/index.html
>>
>> His conditions are also captured in the new contract.
>>
>> In her letter and in what could further deepen the standoff with Nasa,
>> OT-Morpho opposed the decision by the chairman to open servers before the
>> election day, arguing the move may compromise data security.
>>
>> “OT-Morpho would like to respectfully warn IEBC that opening access to
>> servers, databases and logs prior to the elections might open security
>> weaknesses. We would rather recommend that access to server and databases
>> be provided after the Election Day. Anyhow, logs will be shared on a daily
>> basis with IEBC. Agents should be allowed to review them at IEBC premises
>> only,” Ms Charlanes wrote.
>>
>> On embedding external IT experts in the system, she said they do not
>> object but say there is need to agree on their scope and role.
>>
>> Another frontier of clash is the decision not to have locally hosted
>> backup system.
>>
>>
>> *BACKUP SYSTEM*
>> Mr Chebukati said the refusal to set a local backup system had landed
>> them into problems when they could not fully comply with the Supreme Court
>> orders to open up the servers for scrutiny.
>>
>> “One of the easiest things to do is setting up ‘real-time master/slave
>> database replication’. We already have the infrastructure in place,” he
>> suggests.
>>
>> Responding to conditions they have set out before they can participate in
>> the polls, Mr Chebukati had promised Nasa that they would deploy a cloud
>> server and a local backup system and that all these would adhere to the
>> international standards.
>>
>> “OT-Morpho will only deliver RTS (Results Transmission System) on a cloud
>> platform as for the August 8 elections,” Ms Charlanes said in a letter
>> addressed to the chairman.  The firm further informs Mr Chebukati that
>> considering the limited time left to the date of polls, it is impossible to
>> conduct a dry-run of results transmission as he had indicated to Nasa.
>>
>>
>> *DRY-RUN*
>> “Even though OT-Morpho was and remains willing to support such a dry-run,
>> IEBC has to realise that conducting such an operation is hogging the RTS
>> system for four days, so as to prepare, test, run and clean the system. In
>> the current planning and considering the recent delays in receiving the SIM
>> cards to start the KIEMS (Kenya Integrated Elections Management System)
>> kits production as well as latest IEBC requirement, we fear we have no room
>> any more for such an operation,” Ms charlanes had said.
>>
>> In a counter-argument, the IEBC chief says this needs not take four days
>> but a shorter time.  He also reminds them that the Commission is the boss
>> and will define the terms of engagement.
>>
>> “Dry run is essential confidence building measure to assure our
>> stakeholders on the integrity of our system. For example, it can be one kit
>> per polling station per county live on television. Such an exercise
>> well-co-ordinated can take less than two hours,” he argues.
>>
>> OT-Morpho also objected to the idea of initiating an external audit on
>> grounds of limited time.
>>
>> Further, on plans by the commission to display all the forms 34B from
>> constituencies, the firm says it is technologically impossible to do this
>> given the bulky nature of the forms.
>>
>>
>> *DATA CAPACITY*
>> Mr Chebukati insists that the tech firm should enhance its data capacity
>> to accommodate the bulk data.
>>
>> “Please not that since OT-Morpho are the ones who receive the forms 34A
>> first, they must make them public. Text results without forms, shall not be
>> allowed in whatever circumstances,” he tersely says.
>>
>> He instructs them to avoid a situation that happened in August where some
>> 10,000 polling stations sent results without forms.
>>
>> OT-Morpho also say that based on IEBC specifications, the media cannot
>> show live feed on verified results since there is no “mechanisms of
>> verification of any kind of verification on the RTS platform before results
>> sharing”.
>>
>> Mr Chebukati had written that the commission would provide access to
>> accredited media houses to cover results announcements at all levels. Media
>> will be encouraged to show a live feed of the verified results. Given the
>> haphazard way with which the IEBC handled GPS technology last time, the
>> chairman is also asking OT-Morpho to ensure that they activate the
>> technology in a way that is easy to install locally.
>>
>>
>>
>> On Thu, Sep 28, 2017 at 11:19 AM, Admin CampusCiti <info at campusciti.com>
>> wrote:
>>
>>> Personally I'm surprised that we are yet to have a Data Protection Law
>>> in this country. This disconnect between policy, regulation and the reality
>>> on the ground is scary. Reminds of the Government official defending the
>>> fact that we have hotels and not enough stadiums so we should have hosted
>>> the Africa CAF Championships!!
>>>
>>> *Ali Hussein*
>>> *Hussein & Associates*
>>> +254 0713 601113 <0713%20601113> / 0770906375 <0770%20906375>
>>>
>>> Twitter: @AliHKassim
>>>
>>> Skype: abu-jomo
>>>
>>> LinkedIn: http://ke.linkedin.com/in/alihkassim
>>> <http://ke.linkedin.com/in/alihkassim>
>>>
>>> Blog: www.alyhussein.com
>>>
>>> "Discovery consists in seeing what everyone else has seen and thinking
>>> what no one else has thought".  ~ Albert Szent-Györgyi
>>>
>>> Sent from my iPad
>>>
>>> On 28 Sep 2017, at 10:25 AM, S.M. Muraya via kictanet <
>>> kictanet at lists.kictanet.or.ke> wrote:
>>>
>>> Looking beyond the politics, interesting comments here.
>>>
>>> http://www.nation.co.ke/news/Raila-Odinga-drags-Safaricom-in
>>> to-poll-dispute/1056-4112876-view-asAMP-aakx2sz/index.html
>>>
>>> With increasing demands for local data termination points, sooner (2017)
>>> or later (2018) a court order is going to require Data Residency in Kenya.
>>>
>>> Where are we on the Data Protection and Residency Act?
>>>
>>> It may not go well for technocrats caught off guard by a court order,
>>> inevitably coming.
>>>
>>>
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> Twitter: http://twitter.com/kictanet
>>> Facebook: https://www.facebook.com/KICTANet/
>>>
>>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>>> ailman/options/kictanet/info%40campusciti.com
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>>>
>>
>>
>> --
>> SMM
>>
>> *"Better a patient person than a warrior, one with self-control than one
>> who takes a city." Prov 16:32*
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at https://lists.kictanet.or.ke/m
>> ailman/options/kictanet/otieno.barrack%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>>
>
>
> --
> Barrack O. Otieno
> +254721325277
> +254733206359
> Skype: barrack.otieno
> PGP ID: 0x2611D86A
>
>
>
>
>


-- 
SMM

*"Better a patient person than a warrior, one with self-control than one
who takes a city." Prov 16:32*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20171017/9fd74920/attachment.htm>

More information about the KICTANet mailing list