<p>+1 Mark.</p>
<div class="gmail_quote">On Nov 4, 2013 9:08 AM, "Walubengo J" <<a href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I see the point and concede that local hosting affords the national goverments some leverage with regards to holding organisations liable in the event of a security breach.<br>
<br>
However, for this to happen, we need to enact the Data Protection Act - otherwise I still feel local hosting on its own, will not necessary increase information security.<br>
<br>
walu.<br>
<br>
<br>
--------------------------------------------<br>
On Fri, 11/1/13, Sammy Buruchara <<a href="mailto:buruchara@me.com">buruchara@me.com</a>> wrote:<br>
<br>
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?<br>
To: "Walubengo J" <<a href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a>><br>
Cc: "KICTAnet ICT Policy Discussions" <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>><br>
Date: Friday, November 1, 2013, 4:46 AM<br>
<br>
Walu,<br>
<br>
I would like emphasize the need for us to mix security and<br>
locally hosted<br>
data, contrary to your assertions. If your data is<br>
local and is snooped<br>
on, you have a legal recourse with the local hosting<br>
provider. But if the<br>
data is stored in the USA for example, any legal action<br>
against the<br>
provider can prove to be a daunting task.<br>
<br>
Whether government or private data, any snooping on the data<br>
would have<br>
consequences as spelt out in the communication act. While we<br>
cannot rule<br>
out hacking of even local content, or guarantee its safety<br>
100 percent for<br>
locally hosted data, at least there is a starting point and<br>
legal<br>
framework for dealing with such acts. Next would be<br>
increasing our<br>
competences in securing the data.<br>
<br>
Regards<br>
Sammy Buruchara<br>
<br>
On 10/31/13 4:49 PM, "Walubengo J" <<a href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a>><br>
wrote:<br>
<br>
>>>On Thu, 10/31/13, Phares Kariuki <<a href="mailto:pkariuki@gmail.com">pkariuki@gmail.com</a>><br>
wrote:<br>
>We need to bring the latter back home simply because the<br>
US has proven it<br>
>cannot be trustedŠ It¹s not that the galvanised<br>
internet is the best<br>
>option, it¹s simply a compromise because some people<br>
have broken trustŠ<br>
><br>
>>><br>
>I totally agree. I am for local content, local hosting,<br>
local, local this<br>
>and the other. What I find difficult to understand<br>
is the myth that once<br>
>something is local, then it is safer.<br>
><br>
>We need to be careful not to mix security with being<br>
local. Let us have<br>
>two independent tracks on the issues. Lets build<br>
local content to<br>
>increase uptake, reduce latency, perhaps pricing,<br>
etc. But I would hate<br>
>to imagine our NSIS director briefing our President that<br>
we are very<br>
>secure because we have made all our ICT infrastructure<br>
local.<br>
><br>
>ICT Security is often discussed under CIA -<br>
Confidentiality, Integrity,<br>
>and Availability (not central intelligence agency :-). I<br>
want to believe<br>
>the geographic location of your data cannot save you, if<br>
your CIA<br>
>procedures are poor. So if we want to be secure, lets<br>
put the emphasis<br>
>where it should be.<br>
> <br>
>walu.<br>
>nb: Osama bin laden was as local and as manual as you<br>
can get. US folks<br>
>still smoked him out.<br>
><br>
>--------------------------------------------<br>
>On Thu, 10/31/13, Phares Kariuki <<a href="mailto:pkariuki@gmail.com">pkariuki@gmail.com</a>><br>
wrote:<br>
><br>
> Subject: Re: [kictanet] NSA Tapping into Google &<br>
Yahoo Networks? How is<br>
>Kenya protected?<br>
> To: "Walubengo J" <<a href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a>><br>
> Cc: "KICTAnet ICT Policy Discussions" <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>><br>
> Date: Thursday, October 31, 2013, 11:58 AM<br>
><br>
> Search engines will be<br>
> largely unaffected btw. Search engines don¹t go<br>
through<br>
> your mail etcŠ<br>
> The internet services that<br>
> are centralised will remain centralised (basic web<br>
> hosting/blogs etc). However, mail, internal<br>
applications etc<br>
> still have to be securedŠ<br>
> There¹s data that we<br>
> don¹t mind being publicly accessible (e.g. The Nation<br>
> Media Group website), and there¹s data that the<br>
NSA/Search<br>
> engines etc should not have access to (e.g. My banking<br>
> records, my health records etc).<br>
> We need to bring the<br>
> latter back home simply because the US has proven it<br>
cannot<br>
> be trustedŠ It¹s not that the galvanised internet is<br>
the<br>
> best option, it¹s simply a compromise because some<br>
people<br>
> have broken trustŠ --<br>
> Phares Kariuki<br>
> From: Walubengo<br>
> J Walubengo<br>
> J<br>
> Reply: Walubengo J <a href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a><br>
> Date: October 31, 2013 at<br>
> 11:10:34 AM<br>
> To: Phares Kariuki <a href="mailto:pkariuki@gmail.com">pkariuki@gmail.com</a><br>
> Subject: Re: [kictanet] NSA<br>
> Tapping into Google & Yahoo Networks? How is Kenya<br>
> protected?<br>
> @Phares,<br>
><br>
><br>
><br>
> this line of thinking was has been explored recently at<br>
the<br>
> IGF and I had a different angle to it and I quote:<br>
><br>
><br>
><br>
> >><br>
><br>
> Whereas having each economy build its own email,<br>
social<br>
> media and other web-based systems may provide national<br>
pride<br>
> and a debatable sense of national security, it<br>
unfortunately<br>
> goes towards balkanising the Internet along existing<br>
> national geographic boundaries.<br>
><br>
><br>
><br>
> The final effect will be a diminished value for online<br>
> services. Search engines will end up with only a<br>
localised<br>
> or national view of data, as opposed to the more<br>
> international view currently enjoyed by keeping the<br>
Internet<br>
> open and global.<br>
><br>
> >>><br>
><br>
><br>
><br>
> more <br>
><br>
> @<br>
><br>
><a href="http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G" target="_blank">http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G</a><br>
>overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html<br>
><br>
><br>
><br>
> walu.<br>
><br>
><br>
><br>
> --------------------------------------------<br>
><br>
> On Thu, 10/31/13, Phares Kariuki <<a href="mailto:pkariuki@gmail.com">pkariuki@gmail.com</a>><br>
> wrote:<br>
><br>
><br>
><br>
> Subject: Re: [kictanet] NSA Tapping into Google<br>
& Yahoo<br>
> Networks? How is Kenya protected?<br>
><br>
> To: <a href="mailto:jwalu@yahoo.com">jwalu@yahoo.com</a><br>
><br>
> Cc: "KICTAnet ICT Policy Discussions"<br>
> <<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a>><br>
><br>
> Date: Thursday, October 31, 2013, 10:09 AM<br>
><br>
> <br>
><br>
> I¹ll very selfishly<br>
><br>
> advocate for an increased uptake of local cloud<br>
services,<br>
><br>
> away from the NSA¹s prying eyes, with locally<br>
established<br>
><br>
> standards of encryption etcŠ<br>
><br>
> We¹ve got capable<br>
><br>
> universities that can assist in coming up with<br>
new<br>
><br>
> encryption etc standards for the military &<br>
><br>
> government.<br>
><br>
> Interesting article by<br>
><br>
> Charles<br>
><br>
> ObboŠ.<br>
><a href="http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/" target="_blank">http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/</a><br>
>440808/2053660/-/j8oy4g/-/index.html<br>
><br>
> --<br>
><br>
> Phares Kariuki<br>
><br>
> From: Ngigi<br>
><br>
> Waithaka Ngigi Waithaka<br>
><br>
> Reply: Ngigi Waithaka<br>
><br>
> <a href="mailto:ngigi@at.co.ke">ngigi@at.co.ke</a><br>
><br>
> Date: October 31, 2013 at<br>
><br>
> 9:12:10 AM<br>
><br>
> To: Phares Kariuki <a href="mailto:pkariuki@gmail.com">pkariuki@gmail.com</a><br>
><br>
> Subject: [kictanet] NSA<br>
><br>
> Tapping into Google & Yahoo Networks? How is<br>
Kenya<br>
><br>
> protected? <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> Listers,<br>
><br>
> <br>
><br>
> <br>
><br>
> Just came across<br>
> this<br>
><a href="http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link" target="_blank">http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link</a><br>
>s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/<br>
>e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1<br>
><br>
> <br>
><br>
> <br>
><br>
> It looks like Google might have been caught by<br>
the NSA<br>
><br>
> with<br>
><br>
> their pants down since hacking into their Data<br>
Transport<br>
><br>
> layer<br>
><br>
> simply gives up all the secrets that encryption<br>
is supposed<br>
><br>
> to be<br>
><br>
> protecting.<br>
><br>
> <br>
><br>
> <br>
><br>
> Now, moving on swiftly to the local setup, I am<br>
also<br>
><br>
> concerned<br>
><br>
> that even as we look to start pushing for<br>
National<br>
> Standards<br>
><br>
> of<br>
><br>
> Encryption through the PKI project, whether we as<br>
a country<br>
><br>
> have<br>
><br>
> come together to review and see how to protect<br>
our<br>
> countries<br>
><br>
> intelligence and data.<br>
><br>
> <br>
><br>
> <br>
><br>
> We also know for a fact that the US was busy<br>
tapping<br>
><br>
> into<br>
><br>
> World Leaders phones, and I can bet if there are<br>
a few<br>
><br>
> presidents<br>
><br>
> to be 'tapped' in Africa, ours should be way up<br>
on<br>
><br>
> that<br>
><br>
> ladder!<br>
><br>
> <br>
><br>
> <br>
><br>
> However, more worrying would be, how protected<br>
are our<br>
><br>
> internal networks from such tapping, even from<br>
locals?<br>
> Could<br>
><br>
> there<br>
><br>
> be a guy who has tapped into Safaricoms internal<br>
network<br>
> and<br>
><br>
> is<br>
><br>
> busy reading every email, chat that is flying<br>
through and<br>
><br>
> perhaps<br>
><br>
> selling such information to our erstwhile enemies<br>
the<br>
><br>
> Al-Shabbab?<br>
><br>
> <br>
><br>
> <br>
><br>
> I was once very surprised when a personal friend<br>
got a<br>
><br>
> transcript of all his calls, and chat messages,<br>
><br>
> word-for-word for<br>
><br>
> the previous past 6 months, dug up from one of<br>
the local<br>
><br>
> Telcos.<br>
><br>
> The ease with which such information was availed<br>
appalled<br>
> me<br>
><br>
> as it<br>
><br>
> clearly means that the Telcos clearly store all<br>
our chats,<br>
><br>
> and such<br>
><br>
> records in clear text months after we have used<br>
them and a<br>
><br>
> guy with<br>
><br>
> basic SQL knowledge just needs to hack into the<br>
network<br>
><br>
> (easy) and<br>
><br>
> call them up.<br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> So, as we continue with the PKI project, there<br>
are<br>
><br>
> really very<br>
><br>
> basic things on security of data that we as a<br>
nation<br>
><br>
> haven't even<br>
><br>
> dealt with.<br>
><br>
> --<br>
><br>
> <br>
><br>
> <br>
><br>
> Regards,<br>
><br>
> <br>
><br>
> <br>
><br>
> Waithaka<br>
><br>
> Ngigi<br>
><br>
> <br>
><br>
> <br>
><br>
> Chief Executive Officer<br>
><br>
> | Alliance<br>
><br>
> Technologies | MCK Nairobi<br>
><br>
> Synod<br>
><br>
> Building<br>
><br>
> <br>
><br>
> <br>
><br>
> T +<br>
><br>
> 254 (0)<br>
><br>
> 20 2333 471 |Office<br>
><br>
> Mobile: +254 786 28 28 28 | M +<br>
><br>
> 254 737 811 000<br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <a href="http://www.at.co.ke" target="_blank">www.at.co.ke</a><br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> _______________________________________________<br>
><br>
> <br>
><br>
> kictanet mailing list<br>
><br>
> <br>
><br>
> <a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
><br>
> <br>
><br>
> <a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> Unsubscribe or change your options at<br>
><br>
> <br>
><a href="https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com</a><br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> The Kenya ICT Action Network (KICTANet) is a<br>
><br>
> multi-stakeholder platform for people and<br>
institutions<br>
><br>
> interested and involved in ICT policy and<br>
regulation. The<br>
><br>
> network aims to act as a catalyst for reform in<br>
the ICT<br>
><br>
> sector in support of the national aim of ICT<br>
enabled growth<br>
><br>
> and development.<br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> KICTANetiquette : Adhere to the same standards<br>
of<br>
> acceptable<br>
><br>
> behaviors online that you follow in real life:<br>
respect<br>
><br>
> people's times and bandwidth, share knowledge,<br>
> don't<br>
><br>
> flame or abuse or personalize, respect privacy,<br>
do not<br>
> spam,<br>
><br>
> do not market your wares or<br>
><br>
> qualifications.<br>
><br>
> -----Inline Attachment Follows-----<br>
><br>
> <br>
><br>
> _______________________________________________<br>
><br>
> kictanet mailing list<br>
><br>
> <a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
><br>
> <a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
><br>
> <br>
><br>
> Unsubscribe or change your options at<br>
> <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com</a><br>
><br>
> <br>
><br>
> The Kenya ICT Action Network (KICTANet) is a<br>
><br>
> multi-stakeholder platform for people and<br>
institutions<br>
><br>
> interested and involved in ICT policy and<br>
regulation. The<br>
><br>
> network aims to act as a catalyst for reform in<br>
the ICT<br>
><br>
> sector in support of the national aim of ICT<br>
enabled growth<br>
><br>
> and development.<br>
><br>
> <br>
><br>
> KICTANetiquette : Adhere to the same standards<br>
of<br>
> acceptable<br>
><br>
> behaviors online that you follow in real life:<br>
respect<br>
><br>
> people's times and bandwidth, share knowledge,<br>
> don't flame<br>
><br>
> or abuse or personalize, respect privacy, do not<br>
spam, do<br>
><br>
> not market your wares or qualifications.<br>
><br>
><br>
><br>
>_______________________________________________<br>
>kictanet mailing list<br>
><a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
><a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
><br>
>Unsubscribe or change your options at<br>
><a href="https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40mac.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40mac.com</a><br>
><br>
>The Kenya ICT Action Network (KICTANet) is a<br>
multi-stakeholder platform<br>
>for people and institutions interested and involved in<br>
ICT policy and<br>
>regulation. The network aims to act as a catalyst for<br>
reform in the ICT<br>
>sector in support of the national aim of ICT enabled<br>
growth and<br>
>development.<br>
><br>
>KICTANetiquette : Adhere to the same standards of<br>
acceptable behaviors<br>
>online that you follow in real life: respect people's<br>
times and<br>
>bandwidth, share knowledge, don't flame or abuse or<br>
personalize, respect<br>
>privacy, do not spam, do not market your wares or<br>
qualifications.<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
kictanet mailing list<br>
<a href="mailto:kictanet@lists.kictanet.or.ke">kictanet@lists.kictanet.or.ke</a><br>
<a href="https://lists.kictanet.or.ke/mailman/listinfo/kictanet" target="_blank">https://lists.kictanet.or.ke/mailman/listinfo/kictanet</a><br>
<br>
Unsubscribe or change your options at <a href="https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com" target="_blank">https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com</a><br>
<br>
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.<br>
<br>
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.</blockquote>
</div>