[kictanet] Kenya Internet Governance Forum: Summary of KIGF Online Discussion held from June 22, 2022 to June 24, 2022

[Nancy marangu]

Good morning,

*Topics of Discussion *



Day  1                     Governing data and protecting privacy.

Day  2                     ICT's and the upcoming elections.

Day 3           Connecting all people and promoting cyber hygiene and
emerging issues including youth, online work, inclusion and regulation.



Day 1:  *Governing Data and Protecting Privacy*

*Noted:* The Kenya Data Protection Act  <https://www.odpc.go.ke/dpa-act/>was
gazetted in 2019, An Act of Parliament to give effect to Article 31(c) and
(d) of the Constitution of Kenya, 2010 (Right to privacy);

   - To establish the Office of the Data Protection Commissioner;
   - To make provision for the regulation of the processing of personal
   data;
   - To provide for the rights of data subjects and obligations of data
   controllers and processors; and for connected purposes.
   -

*Asked:* as a lister how safe do you feel about the safety of your personal
data online? What do you think could be done better to improve the
protection of data online?

*Answered:* people are over fearful regarding the issue of data protection.
It was suggested there is need to take the same approach as organizations
are doing by conducting a personal data privacy impact assessment. E.g.
what is the real risk of your personal identifiable Information leaking?
One example was the personal telephone number. You hide it online but hand
out your business cards that have your contact details.

*Asked:*  how safe are children and persons with disabilities on their data
privacy?

*Observed:* recently the number of Socially Engineered emails received is
at an all-time high. Spam calls also seem to be on the rise. It looks like
scammers have realized that the new field of play is the Internet as such I
am increasingly weary about engaging in e-commerce transactions online
especially using public networks.

*Concerned:* to know the current statistics in so far as Internet related
fraud is concerned and how many people have actually been charged for
perpetrating such acts. Maybe the Ke-CIRT team can assist us with the
statistics.

*Emphasized:* children are ever ahead of adults in discovering and using
tech applications and tool. The Communications Authority has been running a
Child Online Protection program for a while and would be keen to know the
current state of play in so far as data protection is concerned*. *

*Noted: *@Lillian <lillian at watotowatchnetwork.org> recently posted an
article from Human Rights Watch on misuse of data by companies targeting
children, it would be interesting to hear if any measures have been taken
by the Office of the Data Protection Commissioner to curb this.

*Recommended:* If I may offer you a tip and a safeguard on e-commerce:
there are cards that banks issue whether you bank with them or not, which
you can load using Mpesa and use to transact online so that you do not
expose your main card to fraudsters. I have had one from I&M Bank since
2011 (renewable), and I load it with just the money I need to make a
purchase so I never worry about any unauthorized purchases on it. It is  a
great way to beat online fraud exposure.

*Thanked:* Kathy, for the tip.

*Asked:* whether all banks have these services and information for  anyone
and everyone  or it is one of those *you must ask* .

*Observed:*  recently in the news CS Joe Mucheru, EGH opened a Data
protection and compliance conference,
https://www.youtube.com/watch?v=w59n41KX1QQ/.

*Asked:* whether anyone here in this mailing list had an opportunity to
attend and if there were any insights that can help us with our questions
for the day.

*Thanked:* Barrack for the questions, I do hope that those in the relevant
institutions/positions will be able to assist or share further information,
as we  continue with the discussions.

*Highlighted:*  the main issue I have is that most services/websites/apps
don’t give any options. You accept the Terms and Conditions or you don’t.
It is good that nowadays, at least in Android that I know well, permissions
can be easily denied or limited for apps in relation to accessing certain
functions from the device. However this is not the same as using data
itself. Hopefully in the future there will be more flexibility and options
around what one accepts. With cookies, some websites give options (either a
list of several things you can toggle on or off, or options of reject,
minimum required, all) though other websites don’t give options at all.

*Accentuated:* I am not aware of any voluntary standards in Kenya that a
website/app/service could self-certify against or be independently verified
against that shows they meet such standards around use of data
protection/privacy. An Act really only defines illegal and legal, but it is
good to have different options within legal that can show strong, stronger,
very strong protections, for example, that are something that is voluntary
but could be recognized by users.

*Underlined:* we have tonnes of domesticated ISO 27,000 series Standards at
the Kenya Bureau of Standards. Together with @John Walubengo
<jwalubengo at kictanet.or.ke> and other listers we have been involved in
local standards development. The Challenge we have always faced is that
Standards focusing on ICT are voluntary. Only those touching on Health and
Safety are mandatory. With creation of the Office of the Data Protection
Commissioner, things might change.

*Asked:* since organizations have Standards like the ISO 27000 series,
where can individuals get credible standards for self-assessment?

*Responded:* I think this would be critical tool kit that can supplement
the Data protection laws. KICTANet has actually developed a Curriculum on
Digital Security and Privacy that attempts to create awareness and empower
Internet end users with skills that enable them to conduct self-assessment.

*Asked:*  Barrack, are those standards addressing the issue I raise around
data protection and privacy, i.e. if you meet the standard then you do not
share data to third parties, or that any data you share is anonymized, or
to some other definition? I am not an ISO expert, but I thought they focus
more on following processes than actual results, and may not be specific
enough to convince me they are not sharing my data….

*Observed:* maybe I am just not well enough informed, in which case whoever
promotes such ISO standards that can assure me of such are not promoting it
very well, or have few apps/websites/services adopting such standards, or
both….Being voluntary is a good thing. But there needs to be awareness of
the benefits of those standards; and maybe some market pressure to adopt
the standards

*Emphasized:*  the standards are pretty high level but they elicit a sense
of responsibility from anyone who acquires them towards ensuring their
information assets are properly managed and well protected. Digitalization
revolves around processes, the standards actually address such processes.
Not sure if there is a simpler solution among other bodies such as ISACA.
Probably ISACA members on the list can shed some light. @Mwendwa Kivuva
<kivuva at kictanet.or.ke>

*Thanked:* Listers for the continued discussions, once again I would
request those within these institutions that can shed some more light or
share information, to kindly do so.

*Noted:* one of the key things that I can pick from this discussion is that
there is lack of awareness, i.e because within your network you are aware
of e.g the standards, tools etc we assume that everyone knows.

*Asked:* How do we create this awareness?  Who should create this
awareness?  To whom?

*Anticipated:* to hearing from you, we still have another day to share,
even as we continue to engage with our day 2 discussion.

Day 2: *ICTs and the Upcoming Elections*

*Asked:* Our elections are a few weeks to come, are we confident in the
preparations by IEBC and other agencies involved in electoral management?
If not, how best can these agencies be supported to prepare for the
election? What role has social media played during this election?

*Asked:* one, the IEBC normally responds by sticking to the law and the
regulations as passed by Bunge. Does that mean parliament normally pass
things that they do not understand? Two, is there a need to re-look at the
same laws and perhaps look at what can be amended before the election year?
This is where we normally get it wrong every electoral cycle, we make
elections an event and not a process.

*Noted:* this is an important issue and I would like to thank you Wanjiru
for leading this discussion. A research by Mozilla Fellow Odanga Madung
revealed that there is disinformation being spread on TikTok and it
violates the platform’s policies. This disinformation is similar in tone
and quality to the Cambridge Analytica and Harris Media content that spread
on Kenyan Facebook in 2017. In 2017 we did not have Tiktok but now we can
see new platforms being used by politicians to push their agenda.

*Link:* https://foundation.mozilla.org/en/campaigns/kenya-tiktok/

Emphasized: the campaigns are still ongoing and the social media discourse
is becoming more political by the day. We can only hope for sanity,
maturity and patriotism by those online.

*Agreed:* with Francis, that recently SABC News interviewed digital
strategies from two political parties in Kenya to understand how they are
using social media during this campaign season. The interview highlighted
that Political parties consider social media is very important to win
elections as it provides avenues to speak to voters directly. Interesting
was the role associated with Video content on all platforms but also
TikTok, because of how the platform is designed.

*Link:*  https://www.youtube.com/watch?v=jIbiqyBdV4E

*Asked:*  what steps have platforms taken to minimize misuse of their
platforms to spread misinformation, disinformation, hate speech or Online
Gender based violence related content? What more can be done to deal with
this?

*Highlighted:*  links/videos on the report have been removed.

*Concerned:* Is the research an ongoing exercise? Are the videos being
collated and stored in a data pool/storage? I'm not sure about the
platform's policies on the data. Is it a situation like Facebook where you
cannot scrape or even screenshot posts legally? I'm not acquainted with the
platform but how easy is it to get/copy these videos and their respective
metadata from the platform?

*Observed:* it would be an interesting resource afterwards or even act as a
source of evidence.

Day 3: * Connecting all people and promoting cyber hygiene and emerging
issues including youth, online work, inclusion and regulation.*

*Observed:*  for the youthful population, what is their degree of awareness
on existing regulations, as they engage online are they aware of how to
enhance their privacy? On inclusion, is there existing data on persons with
disabilities and their general consumption of the internet?

*Noted:* especially for children, the Ministry of Public Service, Gender,
Senior Citizens Affairs and Special Programmes developed a national plan of
action to tackle online child sexual exploitation and abuse. The plan is
grounded in the ‘We Protect Model National Response’ and has five key areas
— law, policy leadership and coordination, prevention, capacity
strengthening, response and support services, and monitoring and evaluating
progress.

*Emphasized:* 12 million children in Kenya have access to adult content.
How can we mitigate this? Currently, though not rolled out in Africa, in
future one will need an ID to register on Instagram. How effective has
Youtube for Kids, Facebook for Kids been like in our own households?

*Link:*
https://nation.africa/kenya/news/study-reveals-scary-pitfalls-in-online-learning-3844030

*Highlighted:* a lot of work yet to be done on international transfer of
data from Kenya which in turn infringes on our data privacy under
protection laws. Over-reliance on foreign clouds and weak oversight
mechanisms create a watershed for that. Further, the expensive litigation
fees suing big tech gurus like Facebook and Twitter scares victims of data
breaches through international transfer of data to foreign servers.

*Underscored:* for people to connect in a matter that benefits all, the
digital divide must be done away with. At the moment we have two groups,
one that is very high level of digital literacy and one with very low level
of digital literacy.

*Underlined:* the question that government should address is, should we
invest on the low divide which has low or no digital literacy or should we
invest on the higher digital knowledge divide to ensure they advance even
further? Where should the government put its money? Where will there be a
greater return?

*Underscored:* on regulation, the legal framework is always behind the
technological advancements. Technology is an area that advances and changes
very fast but the law is very rigid and not ready to change that fast. How
can this be addressed? Should there be digital law reforms and introduction
of new study areas in the area of digital law?

End

On Sun, Jun 26, 2022 at 11:39 PM Nancy marangu <marangukn at gmail.com> wrote:

> Good evening,
>
> Kindly see the summary as plain text:
>
> Day 3: * Connecting all people and promoting cyber hygiene and emerging
> issues including youth, online work, inclusion and regulation.*
>
> *Observed:*  for the youthful population, what is their degree of
> awareness on existing regulations, as they engage online are they aware of
> how to enhance their privacy? On inclusion, is there existing data on
> persons with disabilities and their general consumption of the internet?
>
> *Noted:* especially for children, the Ministry of Public Service, Gender,
> Senior Citizens Affairs and Special Programmes developed a national plan of
> action to tackle online child sexual exploitation and abuse. The plan is
> grounded in the ‘We Protect Model National Response’ and has five key areas
> — law, policy leadership and coordination, prevention, capacity
> strengthening, response and support services, and monitoring and evaluating
> progress.
>
> *Emphasized:* 12 million children in Kenya have access to adult content.
> How can we mitigate this? Currently, though not rolled out in Africa, in
> future one will need an ID to register on Instagram. How effective has
> Youtube for Kids, Facebook for Kids been like in our own households?
>
> *Link:*
> https://nation.africa/kenya/news/study-reveals-scary-pitfalls-in-online-learning-3844030
>
> *Highlighted:* a lot of work yet to be done on international transfer of
> data from Kenya which in turn infringes on our data privacy under
> protection laws. Over-reliance on foreign clouds and weak oversight
> mechanisms create a watershed for that. Further, the expensive litigation
> fees suing big tech gurus like Facebook and Twitter scares victims of data
> breaches through international transfer of data to foreign servers.
>
> *Underscored:* for people to connect in a matter that benefits all, the
> digital divide must be done away with. At the moment we have two groups,
> one that is very high level of digital literacy and one with very low level
> of digital literacy.
>
> *Underlined:* the question that government should address is, should we
> invest on the low divide which has low or no digital literacy or should we
> invest on the higher digital knowledge divide to ensure they advance even
> further? Where should the government put its money? Where will there be a
> greater return?
>
> *Underscored:* on regulation, the legal framework is always behind the
> technological advancements. Technology is an area that advances and changes
> very fast but the law is very rigid and not ready to change that fast. How
> can this be addressed? Should there be digital law reforms and introduction
> of new study areas in the area of digital law?
>
> On Sat, Jun 25, 2022 at 9:37 AM Benson Muite via KICTANet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> Thanks for the nice summary. Putting the summary in plain text format in
>> the email body will increase its accessibility and so may get more
>> readers.
>>
>> On 6/24/22 23:37, Nancy marangu via KICTANet wrote:
>> > Good evening all,
>> >
>> > Kindly find attached the summary of the day's reflection.
>> >
>> > Thank you for your participation.
>> >
>>
>>
>> _______________________________________________
>> KICTANet mailing list
>> KICTANet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/marangukn%40gmail.com
>>
>>
>> KICTANet is a multi-stakeholder Think Tank for people and institutions
>> interested and involved in ICT policy and regulation. KICTANet is a
>> catalyst for reform in the Information and Communication Technology sector.
>> Its work is guided by four pillars of Policy Advocacy, Capacity Building,
>> Research, and Stakeholder Engagement.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>> KICTANet - The Power of Communities, is Kenya's premier ICT policy
>> engagement platform.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20220627/7f702bd9/attachment.htm>