[kictanet] Telcos regulator seeks to monitor WhatsApp

Albert Mukiria mukiria.albert at gmail.com
Sun Nov 4 07:31:30 EAT 2018


I am not sure if this has already been posted, but this article says the
regulator wants the data stored on WhatsApp and Skype to be shared by the
Govt.

https://www.businessdailyafrica.com/economy/Telcos-regulator-seeks-to-monitor-WhatsApp/3946234-4832970-15byqjn/index.html


On Fri, 2 Nov 2018 at 16:56, Mark Elkins via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> As a follow on to WhatsApp and its end-to-end security - one can do
> something quite similar for e-mail.
>
> Practising what I preach...
>
> At Posix Systems - customers can send e-mail to my mail relay server. This
> is running Mail Submission on port 587 with username/password
> authentication over TLS (The session is encrypted). This has the distinct
> advantage of working from any Internet connection my customer is on and
> everything is encrypted whilst over the wire. Additionally, if you are an
> ISP with your own customer infrastructure - you can now block port 25 and
> reduce SPAM from Virus' on customer PC's. Customers can also fetch e-mail
> (POP3/IMAP) over TLS (Ports 995 and 993 respectively) - so both the e-mail
> and passwords are also securely encrypted when fetching/downloading email.
>
> Whilst email-server to email-server can opportunistically also run TLS
> (encryption) between MTA's (Mail Transport Agents), I also run DANE. This
> means if the target mail system advertises their TLS info in a TLSA DNS
> record (Advertise their SSL Certificate in the DNS System) - I KNOW they
> have TLS (a Security Certificate)  and WHAT IT SHOULD LOOK LIKE - so if a
> connection is made and either the TLS signature is incorrect or does not
> exist (perhaps a man-in-the-middle attack) - the mail will not be delivered.
> The only issue with this is the target TLSA record must be in a DNSSEC
> signed zone - and obviously, the sending MTU must use a DNSSEC aware DNS
> Resolver to check the Target Mail system.
>
> This setup though gives end-to-end encryption of e-mail that no one can
> intercept. The MTA's though do have the e-mail in an unencrypted form. I'd
> presume the e-mail customers can trust their ISP's.
>
> (Although technical - I hope this brief description is understandable)
>
> On 11/02/2018 12:16 PM, Mwendwa Kivuva via kictanet wrote:
>
> Thanks Wambua.
>
> Just to clarify, and even rubbish that article, we need to understand that
> a platform like whatsapp uses end to end encryption, and cannot be snooped
> on, not even by Facebook.
>
> End-to-end encryption
>
> When end-to-end encrypted, your messages, photos, videos, voice messages,
> documents, status updates and calls are secured from falling into the wrong
> hands.
>
> WhatsApp end-to-end encryption ensures only you and the person you're
> communicating with can read what's sent, and nobody in between, not even
> WhatsApp. Your messages are secured with locks, and only the recipient and
> you have the special keys needed to unlock and read your messages. For
> added protection, every message you send has an unique lock and key. All of
> this happens automatically: No need to turn on settings or set up special
> secret chats to secure your messages.
>
> Important: End-to-end encryption is always activated. There's no way to
> turn off end-to-end encryption.
>
> OK, Now that we have debunked the possibility of CA reading your whatsapp,
> let us look at the types of regulations CA can put on over the top
> services. Remember Uganda social media tax? What about Ethiopia restriction
> of Skype? Yes those are the two most popular regulatory interventions that
> backward regimes use.
>
> 1. Censorship, filtering, and blockage
>
> 2. Taxation
>
> On Fri, Nov 2, 2018, 11:50 AM Wambua, Christopher via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> Listers
>>
>> For purposes of clarity on the objects of the tender in question,  I wish
>> to refer listers to  the public tender document which is available on CA’s
>> website at
>> https://ca.go.ke/wp-content/uploads/2018/10/Consultancy-Services-For-The-Study-On-Over-The-Top-OTTs-Technologies-Services-In-Kenya.pdf
>>
>> In brief, the Authority, under its strategic objective of enabling
>> widespread deployment of infrastructure and services through promotion of
>> new and emerging technologies, plans to undertake a study to determine the
>> regulatory mechanisms that can be employed to cater for new and emerging
>> areas with specific focus on over the top services.  The consultant shall
>> be expected to propose the regulatory approach that the Authority can take
>> in respect to OTTs. CA takes this opportunity to invite listers who meet
>> the requirements set out in the tender documents to submit their bids by
>> 14th November 2018.
>>
>> CA wishes to assure listers that we have not interest whatsoever in
>> snooping  into your WhatsApp conversations as that would be against the
>> spirit and letter of the constitution. We have however noted that the
>> headlines on the articles on this tender are misleading, and the Authority
>> is taking up this matter with the respective editors.
>>
>> I hope this clarification puts this matter to rest.
>>
>> Regards
>>
>>
>>
>>
>> Christopher Wambua
>>
>> Ag. Director/Consumer & Public Affairs | Consumer and Public Affairs
>>
>> [image: Description: Description:
>> http://digital.scanad.com/casignature/img/logo.png]
>>
>> Tel: +254 20 4242000/284
>>
>> Office Mobile: +254 730 042284/
>>
>>                        +254 730172284
>>
>> P.O. Box 14448 Nairobi 00800
>>
>> [image: Description: Description:
>> http://digital.scanad.com/casignature/img/mail.png]*wambua at ca.go.ke
>> <wambua at ca.go.ke> *[image: Description: Description:
>> http://digital.scanad.com/casignature/img/facebook.png]Communications
>> Authority of Kenya <https://www.facebook.com/CAOKenya?ref=hl> [image:
>> Description: Description:
>> http://digital.scanad.com/casignature/img/twitter.png]ca_kenya
>> <https://twitter.com/CA_Kenya>[image: Description: Description:
>> http://digital.scanad.com/casignature/img/web.png]www.ca.go.ke
>> <http://www.ca.go.ke/>
>>
>>
>> [image: Description: Description:
>> http://digital.scanad.com/signature/banner.jpg]
>>
>> From: kictanet <kictanet-bounces+wambua=ca.go.ke at lists.kictanet.or.ke>
>> on behalf of KICTAnet Discussions <kictanet at lists.kictanet.or.ke>
>> Reply-To: KICTAnet Discussions <kictanet at lists.kictanet.or.ke>
>> Date: Friday, 2 November 2018 at 05:07
>> To: Christopher Wambua <wambua at ca.go.ke>
>> Cc: Ali Hussein <ali at hussein.me.ke>
>> Subject: Re: [kictanet] Telcos regulator seeks to monitor WhatsApp
>>
>> @GG
>>
>> Thanks for sharing. I’m curious as to what the world is coming to.
>> Everyone wants to snoop and regulate. Can the CA tell us what’s the major
>> value proposition to increasing  snooping on us?
>>
>> Regulators need to spend more time enabling the sector they are supposed
>> to grow and the CA has really been progressive in many ways. Once in a
>> while though they try to go back to the bad old KANU days. The onus is on
>> us to remind them that Kenyans shut that door kitambo sana.
>>
>> *Ali Hussein*
>> *Principal*
>> *AHK & Associates*
>> +254 0713 601113
>>
>> Twitter: @AliHKassim
>>
>> Skype: abu-jomo
>>
>> LinkedIn: http://ke.linkedin.com/in/alihkassim
>>
>> "We are what we repeatedly do. Excellence, therefore, is not an act but a
>> habit."  ~ Aristotle
>>
>>
>> Sent from my iPad
>>
>> On 1 Nov 2018, at 10:57 PM, Grace Githaiga via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>> Kenya is considering regulating online services such as WhatsApp and
>> Skype in a radical move that could force the internet-based service
>> providers to share data with the government.
>>
>> The Communications Authority of Kenya (CA) is in search of a consultant
>> to study and determine how the so-called over-the-top services (OTTS)
>> operated by groups such as Facebook, which runs WhatsApp, and Skype owner
>> Microsoft, could be regulated.
>> Read on:
>> https://www.nation.co.ke/business/Telcos-regulator-seeks-to-monitor-WhatsApp/996-4833020-fn9u7s/index.html
>>
>>
>>
>>
>>
>> Best regards
>>
>>
>> Githaiga, Grace
>>
>>
>> Co-Convenor
>> Kenya ICT Action Network (KICTANet)
>> Twitter:@ggithaiga
>> Tel: 254722701495
>> Skype: gracegithaiga
>> Alternate email: ggithaiga at hotmail.com
>> Linkedin: https://www.linkedin.com/in/gracegithaiga
>> www.kictanet.or.ke
>>
>> "Change only happens when ordinary people get involved, get engaged and
>> come together to demand it. I am asking you to believe. Not in my ability
>> to bring about change – but in yours"---Barrack Obama.
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> Domain Registration sponsored by www.eacdirectory.co.ke
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>> Domain Registration sponsored by www.eacdirectory.co.ke
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafrica.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
>
> _______________________________________________
> kictanet mailing listkictanet at lists.kictanet.or.kehttps://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/mje%40posix.co.za
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>
>
> --
> Mark James ELKINS  -  Posix Systems - (South) Africamje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
> Domain Registration sponsored by www.eacdirectory.co.ke
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/mukiria.albert%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-- 
Sent from Gmail Mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20181104/6556deed/attachment.htm>


More information about the KICTANet mailing list