On Thu, 10/31/13, Phares Kariuki <pkariuki@gmail.com> wrote: We need to bring the latter back home simply because the US has proven it cannot be trustedŠ It¹s not that the galvanised internet is the best option, it¹s simply a compromise because some people have broken trustŠ
I totally agree. I am for local content, local hosting, local, local this and the other. What I find difficult to understand is the myth that once something is local, then it is safer.
We need to be careful not to mix security with being local. Let us have two independent tracks on the issues. Lets build local content to increase uptake, reduce latency, perhaps pricing, etc. But I would hate to imagine our NSIS director briefing our President that we are very secure because we have made all our ICT infrastructure local.
ICT Security is often discussed under CIA - Confidentiality, Integrity, and Availability (not central intelligence agency :-). I want to believe the geographic location of your data cannot save you, if your CIA procedures are poor. So if we want to be secure, lets
where it should be. walu. nb: Osama bin laden was as local and as manual as you can get. US folks still smoked him out.
-------------------------------------------- On Thu, 10/31/13, Phares Kariuki <pkariuki@gmail.com> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <jwalu@yahoo.com> Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, October 31, 2013, 11:58 AM
Search engines will be largely unaffected btw. Search engines don¹t go
your mail etcŠ The internet services that are centralised will remain centralised (basic web hosting/blogs etc). However, mail, internal applications etc still have to be securedŠ There¹s data that we don¹t mind being publicly accessible (e.g. The Nation Media Group website), and there¹s data that the NSA/Search engines etc should not have access to (e.g. My banking records, my health records etc). We need to bring the latter back home simply because the US has proven it cannot be trustedŠ It¹s not that the galvanised internet is
best option, it¹s simply a compromise because some
have broken trustŠ -- Phares Kariuki From: Walubengo J Walubengo J Reply: Walubengo J jwalu@yahoo.com Date: October 31, 2013 at 11:10:34 AM To: Phares Kariuki pkariuki@gmail.com Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? @Phares,
this line of thinking was has been explored recently at
IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national
and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more
@
http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
walu.
--------------------------------------------
On Thu, 10/31/13, Phares Kariuki <pkariuki@gmail.com> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
To: jwalu@yahoo.com
Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke>
Date: Thursday, October 31, 2013, 10:09 AM
I¹ll very selfishly
advocate for an increased uptake of local cloud services,
away from the NSA¹s prying eyes, with locally established
standards of encryption etcŠ
We¹ve got capable
universities that can assist in coming up with new
encryption etc standards for the military &
government.
Interesting article by
Charles
ObboŠ. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/ 440808/2053660/-/j8oy4g/-/index.html
--
Phares Kariuki
From: Ngigi
Waithaka Ngigi Waithaka
Reply: Ngigi Waithaka
ngigi@at.co.ke
Date: October 31, 2013 at
9:12:10 AM
To: Phares Kariuki pkariuki@gmail.com
Subject: [kictanet] NSA
Tapping into Google & Yahoo Networks? How is Kenya
protected?
Listers,
Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/ e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
It looks like Google might have been caught by
I see the point and concede that local hosting affords the national goverments some leverage with regards to holding organisations liable in the event of a security breach. However, for this to happen, we need to enact the Data Protection Act - otherwise I still feel local hosting on its own, will not necessary increase information security. walu. -------------------------------------------- On Fri, 11/1/13, Sammy Buruchara <buruchara@me.com> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <jwalu@yahoo.com> Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Friday, November 1, 2013, 4:46 AM Walu, I would like emphasize the need for us to mix security and locally hosted data, contrary to your assertions. If your data is local and is snooped on, you have a legal recourse with the local hosting provider. But if the data is stored in the USA for example, any legal action against the provider can prove to be a daunting task. Whether government or private data, any snooping on the data would have consequences as spelt out in the communication act. While we cannot rule out hacking of even local content, or guarantee its safety 100 percent for locally hosted data, at least there is a starting point and legal framework for dealing with such acts. Next would be increasing our competences in securing the data. Regards Sammy Buruchara On 10/31/13 4:49 PM, "Walubengo J" <jwalu@yahoo.com> wrote: put the emphasis through the people the pride the NSA
with
their pants down since hacking into their Data
Transport
layer
simply gives up all the secrets that encryption
is supposed
to be
protecting.
Now, moving on swiftly to the local setup, I am
also
concerned
that even as we look to start pushing for
Standards
of
Encryption through the PKI project, whether we as a country
have
come together to review and see how to protect our countries
intelligence and data.
We also know for a fact that the US was busy tapping
into
World Leaders phones, and I can bet if there are a few
presidents
to be 'tapped' in Africa, ours should be way up on
that
ladder!
However, more worrying would be, how protected are our
internal networks from such tapping, even from locals? Could
there
be a guy who has tapped into Safaricoms internal network and
is
busy reading every email, chat that is flying
National through and
perhaps
selling such information to our erstwhile enemies
the
Al-Shabbab?
I was once very surprised when a personal friend
got a
transcript of all his calls, and chat messages,
word-for-word for
the previous past 6 months, dug up from one of
the local
Telcos.
The ease with which such information was availed
me
as it
clearly means that the Telcos clearly store all our chats,
and such
records in clear text months after we have used
appalled them and a
guy with
basic SQL knowledge just needs to hack into the
network
(easy) and
call them up.
So, as we continue with the PKI project, there
are
really very
basic things on security of data that we as a
nation
haven't even
dealt with.
--
Regards,
Waithaka
Ngigi
Chief Executive Officer
| Alliance
Technologies | MCK Nairobi
Synod
Building
T +
254 (0)
20 2333 471 |Office
Mobile: +254 786 28 28 28 | M +
254 737 811 000
www.at.co.ke
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and
institutions
interested and involved in ICT policy and
regulation. The
network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT
enabled growth
and development.
KICTANetiquette : Adhere to the same standards
acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't
flame or abuse or personalize, respect privacy, do not spam,
do not market your wares or
qualifications.
-----Inline Attachment Follows-----
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and institutions
interested and involved in ICT policy and regulation. The
network aims to act as a catalyst for reform in
of the ICT
sector in support of the national aim of ICT
enabled growth
and development.
KICTANetiquette : Adhere to the same standards
acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't flame
or abuse or personalize, respect privacy, do not spam, do
not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40mac.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or
of personalize, respect
privacy, do not spam, do not market your wares or qualifications.