Hey all, This discussion I feel has gone off topic slightly; this focus on what technology we use and how well encrypted it is is besides the point. If you checked out Nanjira's tweets the second one is a photo form the Standard about the CA sending 2b to monitor communication(Sh1.1 billion on a spectrum monitoring system to monitor unauthorised broadcasts, Sh600 million on a social media monitoring system and Sh400 million on a device management system to closely monitor mobile phones and the activities around them), The article seems to have been taken offline for some reason but the google cached version can be found here <https://webcache.googleusercontent.com/search?q=cache:T9Z2xi4rXBIJ:https://www.standardmedia.co.ke/article/2000229727/communications-authority-to-monitor-private-talk-and-texts-during-poll+&cd=1&hl=en&ct=clnk> . Under which law does the CA have the authority to monitor mobile phones without a court order? If it is by court order, can we have a copy of that order? The data that is collected by these systems, who is its custodian, how long will it be held for? What about my constitutionally right to privacy?(particularly part d of section 31: *the right not to have the privacy of my communications infringed*) When was the tendering process for these systems and who is supplying them?(I've built social media monitoring tools -for research purposes- would have been nice to get 600m😅) These systems have been acquired with the stated purpose of *preventing a repeat of the 2007/2008 post-election violence.* At iHub Research, a team of researchers that Nanjira and I were a part of a team that spent 5 years looking for a link between hate speech online and violence offline <http://ihub.co.ke/research/projects/23> and never found one, not even a cursory one. So the question becomes where did the CA get the notion that this was necessary? Would they care to share their research? Finally on internet shutdowns? By which law? Or court order? The article says *measures like an internet shut-down will only be deployed in a "worst-case scenario" *What the hell is a "worst case scenario"? I would like to know in very specific terms what that means and what conditions have to be met for it to be considered a worst-case scenario. Last question, what happens to these systems after the election? If someone from the CA could answer these questions I'd be most appreciative On 14 January 2017 at 13:28, Moses Karanja via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Ali, as you noted, The Guardian decided to go with the catchphrase. Asking the right questions would have been boring but who has time for boring studies when you can attack Facebook/WhatsApp and get the spotlight? :)
Security is hard and no one person/organization can get it 100%. It is more practical to live with systems that can fail well by being transparent on vulnerabilities and being proactive with patching them.
M
On 14/01/2017 13:21, Ali Hussein wrote:
Moses
Thanks for sharing. I personally considered the Guardian story and then read the Open Whispers System blog and came to the conclusion that it just may be possible that the Guardian Newspaper in this case was really dabbling in sensationalism.
I'm keen to hear comments from listers who have a deeper understanding of cryptography.
Meanwhile in all things tech and social the best defense against snooping and hacking is simply this:-
Exercise caution. Don't write or post anything that may embarrass you if someone hacked into any of your devices.
This may be an opportunity for those who have gotten into the habit of engaging in an online relationship to actually go out and meet..You know...like we used to do in the 1980s and before..
You may just find it super fulfilling...in more ways than one.. :-)
*Ali Hussein* *Principal* *Hussein & Associates* +254 0713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
On 14 Jan 2017, at 8:24 AM, Moses Karanja via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Open Whispers response to The Guardian article, maintaining it is not a backdoor:
The only question it might be reasonable to ask is whether these safety number change notifications should be "blocking" or "non-blocking." In other words, when a contact's key changes, should WhatsApp require the user to manually verify the new key before continuing, or should WhatsApp display an advisory notification and continue without blocking the user.
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Moses
On 13/01/2017 21:43, kictanet-request@lists.kictanet.or.ke wrote:
Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit https://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke
You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: (no subject) (McTim) 2. Re: (no subject) (Keith Andere) 3. Re: CA Speaks to Internet Shutdowns and "Monitoring" of Online Comms (Mutemi wa Kiama)
_______________________________________________ kictanet mailing listkictanet@lists.kictanet.or.kehttps://lists.kictanet.or.ke/mailman/listinfo/kictanet
-- Moses Karanjawww.moseskaranja.com/blog
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Moses Karanjawww.moseskaranja.com/blog
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/sidney.ochieng%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Regards, Sidney *Twitter:* @princelySid <https://twitter.com/princelySid> | *Website: * sidneyochieng.co.ke