@Judy,

in general technology tends to moves ahead of its security implications...and so all these MPESA/MKESHO/ and/or eCommerce in general will always happen before laws and regulations catch up.  It only becomes an issue if such laws take a relatively longer period to happen. Within the Kenyan Context so far.

1. Kenya Comm. Amendement Act (2009) - done (good for ecommerce)
2. Data Protection Bill/Act - NOT YET DONE -wonder @ what level this is
3. Freedom of Information Bill/Act - NOT YET  DONE - wonder @ what level this is

These three laws are complimentary within the ICT/IS security domain and must eventually be delivered sooner rather than later...

walu.
nb: visit www.isaca.or.ke and see more of what ISACA-Kenya are trying to do in contributing in this security space...
 

--- On Mon, 7/12/10, Judy Okite <judyokite@gmail.com> wrote:

From: Judy Okite <judyokite@gmail.com>
Subject: Re: [kictanet] Kenya IGF 2010, Discussions :Day 6 of 8 Theme:E-Crime, Online Privacy & Data Security.
To: jwalu@yahoo.com
Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke>
Date: Monday, July 12, 2010, 3:36 PM

Solomon,

thank you....and I agree with you, irregardless of how many players may have to be brought into it...we need to laws to protect the consumers as well as the service providers.

when we talk about e-crime, am sure that its not just  about MPESA/ZAP...lets take for example a personal experience, given to us by Michuki, earlier last week...
and I quote

"Well if you may, let me indulge you with my personal experience with my
bank regarding online transactions.

My bank approached me with a new service called email authorization.
Which means that i can send an email to authorize transactions from my
account. Well as exciting as this may sound, i asked how would they be
in a position to validate that am the sender. At that point the bank had
no way to do so.

All the same, i went ahead and said, i have a PGP key, would you be
willing to exchange keys with me so that you have a way of validating
that am the sender i.e encrypt my messages or digitally sign them for
security purposes. At that point it was clear that such a feature did
not exist.

I have to give credit to my bank for taking the bold step of introducing
such a service. I would however have been even more glad if they
supported digital email signatures or PGP for email authorizations. But
then again, how many people actually use this?."

the introduction to online services, is GREAT! it could be towards the right direction, .....BUT are we jumping before we leap? again I ask, are we being oblivious to the implications?

Kind Regards,

On Mon, Jul 12, 2010 at 1:18 PM, Solomon Mburu Kamau <solo.mburu@gmail.com> wrote:


On 12 July 2010 12:54, Judy Okite <judyokite@gmail.com> wrote:
Wesley and Solomon,

Thank you for your contributions, what are we saying? these platforms are here with us and we are using them, we have fallen victims,

whichever way that has been dealt with outside, the public forum, is upto the person's concerned? 

do you you wait until you become a victim, before you know which law applies or will apply?

 However, that said, MPESA/ZAP/SOKOTELE was/has been in operation for a while, the KCA 2009 never captured it or atleast the IT part of it. why?

You've touched on a classic mobile money transfer (SOKOTELE) which was not as vibrant as is successor, ZAP!
To answer your question, I think the KCA 2009 was developed as a need for supply and not demand. By this, I mean that the regulator saw it wise to have law that governs the use of technology and its related programmes. One of the most important thing here is to understand there is a greater need to look at the dynamics of the platforms, and see ways in which to integrate them well into the laws of the land.

When you are a victim of scam through the mobile money transfer, the providers must give ways in which a person can have the money back.
Since the law is already in place, then once becoming a victim, should have a reprieve, though the providers are better placed to inform the public on how to go about!

floor is open....

Kind Regards,







 Mon, Jul 12, 2010 at 12:11 PM, Solomon Mburu Kamau <solo.mburu@gmail.com> wrote:
Dear All,

Inline responses

On 12 July 2010 09:02, wesley kirinya <kiriinya2000@yahoo.com> wrote:

 b) E-voting
1. A human being only has 10 finger prints which cannot be replaced. I think the public deserves to know how secure their finger prints are in the e-system.

2. Is Kenya's election problem really an identity problem? Those are problems where I would expect fingerprints to be captured. IMHO I think it's a problem of non-existing people voting by ballot boxes being tampered with. Technology can help with electronic capturing of the cast votes. I've not heard much about this. If the problem is not really identity but non-existing ppl voting, then stealing votes is still here with us...

8~)


--- On Mon, 7/12/10, Judy Okite <judyokite@gmail.com> wrote:

From: Judy Okite <judyokite@gmail.com>
Subject: [kictanet] Kenya IGF 2010, Discussions :Day 6 of 8 Theme:E-Crime, Online Privacy & Data Security.
To: kiriinya2000@yahoo.com
Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke>
Date: Monday, July 12, 2010, 1:45 AM


Good Morning, 


  I hope that we  all,  had a restful weekend! unless you were @ the campaign trails :-)

To the FIFA world cup2010 winners,SPAIN, CONGRATULATIONS!!

To the rest, lets keep an eye on 2014…yet another chance to better our skills J


As we continue with our discussions, your comments and contributions to the former threads are welcome, just respond to  the correct subject/title.

The next two days (Monday & Tuesday) we will be discussing:

a)    a)  e-crime-

Definition: E-crime is where a computer or other electronic communications device (eg mobile phone) is used to commit an offence.

Looking at this definition, the question on top of my head,  is how many transactions do we do through our mobile phones, in Kenya.

a)    MPESA, ZAP- transfer of money

To my knowledge (I stand to be corrected) MPESA /ZAP still rides under the umbrella of Telecommunication, banking and IT.

Lately, you can pay your electricity bill, water bill etc…through this medium.

Their usage has increased and we have branded it innovation, creativity, but are we being oblivious of the implications?


When these 'innovations' were developed here in Kenya, we were apprehensive. First, it was because we were not sure whether such platforms were worthy emulating or using because, of obvious reasons such as security among others. Years later, the same problem still exists because of lack of mass education and capacity development for their use from the providers and regulator.
Their are ramifications which are likely to be great since there are scams around alleged to be coming from the providers. This is just the tip of the iceberg. There are those who have fallen victims to the scams and a lot of money gotten lost.
As the platforms become advanced, so are the thugs. 

Where or who do you approach in loss of your money?

KPLC or Safaricom/Zain?etc and many other services that we are paying for using MPESA/ZAP

In normal situation, one should approach their respective provider in case of a loss of money. If for example, I was to pay KShs. 2,000 for my electricity using MPESA or ZAP, and typed a wrong account, KPLC will is not the custodian of these platforms, but Safaricom and Zain respectively!

 

b)    b) E-voting

Definition:  is an election system that allows a voter to record his or her secure and secret ballot electronically.

Currently we have a pilot project on e-voting that will first be tested, during the referendum on 4th August 2010.there are at least 1.5 million new voters in the 18 EVR pilot constituencies.

more info: http://www.standardmedia.co.ke/InsidePage.php?id=2000007579&cid=4&ttl=Kenya%20enters%20era%20of%20electronic%20voting

In the recent days, we have experienced instances of ‘computer error’ within the Ministry of Finance and Education, what happens when the same happens with the IIEC?

What do we have in place as a country, to ensure that this does not happen 

and if it does, does IIEC have the technical know-how?

and as Kenyans,  are we assured that such a case will have ‘e-evidence’ on how and when and where the ‘computer error’ took place?


I'm still going by what Wesley put forth. Without capacity development, the end-users are 'bombarded' with pilot programs without involving them. Ideally, it would work 'well' if the voters were given enough education on how to register, follow-up and vote using electronic voter registry (platform). Security is also another thing that requires much attention since there is no assurance that the e-voting is secure and free from any hitch. 


I hope that these two are bound to see our inboxes full as it touches on each and every one of us.

Your thoughts, corrections, inputs, queries, reactions are welcome!

 

Kind Regards, 


--
“To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan

-----Inline Attachment Follows-----

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: kiriinya2000@yahoo.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/kiriinya2000%40yahoo.com


_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: solo.mburu@gmail.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/solo.mburu%40gmail.com




--
Solomon Mbũrũ Kamau

*****************************************************
Man is a gregarious animal and enjoys agreement as cows will graze all the same way to the side of a hill!

AND

It is better to die in dignity than in the ignomity of ambiguous generosity!

http://smiley2.wordpress.com
http://mburu.sikika.co.ke







_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: judyokite@gmail.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com




--
“To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan



--
Solomon Mbũrũ Kamau

*****************************************************
Man is a gregarious animal and enjoys agreement as cows will graze all the same way to the side of a hill!

AND

It is better to die in dignity than in the ignomity of ambiguous generosity!

http://smiley2.wordpress.com
http://mburu.sikika.co.ke









--
“To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan

-----Inline Attachment Follows-----

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: jwalu@yahoo.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com