@wesley,
 
the data on mobile  registration is definately at the telcos...and in the absence of Data Protection Act which would define how that data is to be used, secured and accessed we are indeed at the mercy of the Telcos.  Put more vividly, here  is what I could (maliciously) do with data at the telcos(or even in government) in the absence of legal protection.
 
1. I could sell the data to foreign marketing companys (some marketing companies are willing to pay 1Ksh per record and if you have 18million records you can see the tempting mathematics)
 
2. I can profile any user - now that I can match his mobile n0 to a national ID - I can see from my data that user X, call him Kamau, lives in Kayole, sends money every month to user Y in Muranga(is that the mom?), regularly calls user Z (call her Akinyi) and every weekend X & Y mobile phones seem to spend more time geographically together in a location other than Kayole (hope its the wife? ;-)....what's more if i work in one of the Telco's i could open a "silent" investigation firm to sell this type of intelligence to many kenyan couples that  are suspicious of each other...or even to Government authorities who wish to illegally access and profile data on political/economic competitors.
 
3.  Without sufficent safeguards, I could match telco data to banking data and/or medical data and create a more complete picture of any citizen.  Imagine you showing up for a Job Interview  and the folks on the panel know in advance:
(a) your not so innocent internet browsing habits,
(b) your broke financial status and
(c) your ailing kidney/blood pressure problem.
 ..and there you are trying to look extremely important and indespensible..
4. the list can be endless...
 
walu.

--- On Tue, 7/13/10, wesley kirinya <kiriinya2000@yahoo.com> wrote:

From: wesley kirinya <kiriinya2000@yahoo.com>
Subject: Re: [kictanet] [Skunkworks] Kenya IGF 2010, Discussions :Day 7 of 8 Theme:E-Crime, Online Privacy & Data Security- Continuation
To: jwalu@yahoo.com
Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke>
Date: Tuesday, July 13, 2010, 9:36 AM


 i)      Sim card registration
1. Where is this database located? Is it at the private companies (Telecos) or some government office?
 
2. Do the police have the hardware and software to cheaply, efficiently and conviniently access the data? Who within the police authorizes access to such data? What measures are there to prevent an authorized person viewing the data from abusing it because now the person not only sees numbers, but knows the names and residential addresses of people contacting a particular number.

3. Why give an ID number and birth info, yet this birth info was used when getting the ID? It seems the govenment needs to put it's data in order.

--- On Tue, 7/13/10, Judy Okite <judyokite@gmail.com> wrote:

From: Judy Okite <judyokite@gmail.com>
Subject: [Skunkworks] Kenya IGF 2010, Discussions :Day 7 of 8 Theme:E-Crime, Online Privacy & Data Security- Continuation
To: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke>, "Skunkworks forum" <skunkworks@lists.my.co.ke>
Date: Tuesday, July 13, 2010, 6:47 AM

Good Morning,

As we near, closing these discussions we, feel free to contribute to the former threads by clicking on the correct subject/title.

Today we continue with ,

  • a)      E-crime- situation in Kenya
  • b)      E- Voting- where Kenya is @

And today we add

c)      c)  Online privacy and data security

 i)      Sim card registration-  on the 21st June 2010 the government through  CCK(Communication Commission of Kenya) declared it mandatory for all mobile users to register their Sim cards

More info: http://www.cck.go.ke/news/2010/news_21june2010.html

“The exercise is aimed at safeguarding the public against acts of insecurity, including the wide spread threats posed by terrorism, drug trafficking, money laundering, extortion, fraud, hate messages, and incitement that are now wide spread throughout the world, “said the Minister for Information and Communication.

Currently we have 18million (I stand to be corrected ) mobile users in Kenya, In these forms, one has to give their residential area , their identity card number, their birth information etc… That is a whole lot of data on Kenyans… in short , a grand database! From yesterday’s discussions we saw that currently we have no LAW  to guard this database.

Q. What will stop the Authority from using my details wrongly?

Q. What happens if I don’t register by 31st of July? I will be disconnected? Under what LAW?

 


ii) When I send a SMS to 3007 with an ID card number, it returns with voter details, full names, place of voting and voter card number of the ID card holder, however,

1, the system put in place, does not verify in any way that it’s the real owner of the ID card, that has sent this query?

a)      Can this data be manipulated? Then what?

A question, on top of my head, with all these ongoing, what creates demand for LAW?(if there is anything, like that)

 

Your queries, comments, inputs, corrections are welcome!

 

Kind Regards,





--
“To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan

-----Inline Attachment Follows-----

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


-----Inline Attachment Follows-----

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: jwalu@yahoo.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com