Dear Judy, distinguished listers,
I will attempt to crack this menu:
ecrime: in so far as electronic crime is concerned insecurity means different things to different people, the first step in my humble opinion would be to educate the public on issues such as the importance of contracts and or service level agreements (ISACA can come in here), you are right Judy when you ask what happens when a client loses money? does it turn out to be a wild goose chase, will the corporates pay back just to save face?, i suppose it is high time we developed elaborate measure that would compel the client and the service provider to take responsibility in so far as their obligations towards security are concerned so that should a problem occur it is easy to see who is on the wrong (service level agreements). It is common practice that most of us walk around with the ATMs of our significant others :-) whether this is correct or not , the people will decide since it puts to test basic policies for security in so far as e-commerce is concerned, this is a direct challenge to the Consumer affairs depart at the Communications Commision of Kenya and the relevant Consumer constituencies and advocacy organisations to educate the public.
I agree with Walu, Business and innovation will not always wait for regulation, regulation in fact comes to streamline business (read fairplay) meaning it is not always easy to regulate a new idea when it begins since you need to understand it at first.
Evoting
In so far as E-voting is concerned i am pertubed by the way the exercise is being conducted, anyway, even making mistakes can be termed as learning. IMHO evoting is an intricate subject based on the issues around it, Voting is a question of trust. Flashback to the controversies sorrounding the election in the USA in 2004 http://en.wikipedia.org/wiki/2004_United_States_election_voting_controversies, shows how this concept is giving the developed world a headache. There are questions regarding procurement of the e-voting machines, in the aforementioned case, Financiers of one of the leading contenders for the presidential election happened to be suppliers of the e-voting machines which brings in the question of who should supply this machines. India being one of the countries that has done well in this regard http://en.wikipedia.org/wiki/Indian_voting_machines Chose to have public entities design the machines, i wonder if we might want to attempt this or outsource the manufacturing of the machines, considering past experiences.
Brazil has also been very successfull in so far as e-voting is concerned http://en.wikipedia.org/wiki/Elections_in_Brazil
Apparently Brazil hires out their machines as stipulated in the reference material above and i wonder whether our new found alliance would herald greater things to come. Non the less the point i am trying to raise is that e-voting should be as transparent as possible because an election is hinged on trust, this is why we need the Freedom of Information Bill or act as a matter of urgency, there is not secrecy or classification when it comes to elections otherwise we shall be headed for disaster.
This is my take on the issues you have raised.On Mon, Jul 12, 2010 at 3:25 PM, Judy Okite <judyokite@gmail.com> wrote:
This message was sent to: otieno.barrack@gmail.comMr. Walubengo,thank you for the clarifications.what would create the demand for Data Protection Bill/Act and Freedom of Information Bill/Act?Kind Regards,
On Mon, Jul 12, 2010 at 3:07 PM, Walubengo J <jwalu@yahoo.com> wrote:
@Judy,
in general technology tends to moves ahead of its security implications...and so all these MPESA/MKESHO/ and/or eCommerce in general will always happen before laws and regulations catch up. It only becomes an issue if such laws take a relatively longer period to happen. Within the Kenyan Context so far.
1. Kenya Comm. Amendement Act (2009) - done (good for ecommerce)
2. Data Protection Bill/Act - NOT YET DONE -wonder @ what level this is
3. Freedom of Information Bill/Act - NOT YET DONE - wonder @ what level this is
These three laws are complimentary within the ICT/IS security domain and must eventually be delivered sooner rather than later...
walu.
nb: visit www.isaca.or.ke and see more of what ISACA-Kenya are trying to do in contributing in this security space...Subject: Re: [kictanet] Kenya IGF 2010, Discussions :Day 6 of 8 Theme:E-Crime, Online Privacy & Data Security.
To: jwalu@yahoo.comDate: Monday, July 12, 2010, 3:36 PMSolomon,thank you....and I agree with you, irregardless of how many players may have to be brought into it...we need to laws to protect the consumers as well as the service providers.when we talk about e-crime, am sure that its not just about MPESA/ZAP...lets take for example a personal experience, given to us by Michuki, earlier last week...and I quote"Well if you may, let me indulge you with my personal experience with my
bank regarding online transactions.
My bank approached me with a new service called email authorization.
Which means that i can send an email to authorize transactions from my
account. Well as exciting as this may sound, i asked how would they be
in a position to validate that am the sender. At that point the bank had
no way to do so.
All the same, i went ahead and said, i have a PGP key, would you be
willing to exchange keys with me so that you have a way of validating
that am the sender i.e encrypt my messages or digitally sign them for
security purposes. At that point it was clear that such a feature did
not exist.
I have to give credit to my bank for taking the bold step of introducing
such a service. I would however have been even more glad if they
supported digital email signatures or PGP for email authorizations. But
then again, how many people actually use this?."
the introduction to online services, is GREAT! it could be towards the right direction, .....BUT are we jumping before we leap? again I ask, are we being oblivious to the implications?Kind Regards,
On Mon, Jul 12, 2010 at 1:18 PM, Solomon Mburu Kamau <solo.mburu@gmail.com> wrote:
On 12 July 2010 12:54, Judy Okite <judyokite@gmail.com> wrote:
Wesley and Solomon,Thank you for your contributions, what are we saying? these platforms are here with us and we are using them, we have fallen victims,whichever way that has been dealt with outside, the public forum, is upto the person's concerned?do you you wait until you become a victim, before you know which law applies or will apply?However, that said, MPESA/ZAP/SOKOTELE was/has been in operation for a while, the KCA 2009 never captured it or atleast the IT part of it. why?
You've touched on a classic mobile money transfer (SOKOTELE) which was not as vibrant as is successor, ZAP!
To answer your question, I think the KCA 2009 was developed as a need for supply and not demand. By this, I mean that the regulator saw it wise to have law that governs the use of technology and its related programmes. One of the most important thing here is to understand there is a greater need to look at the dynamics of the platforms, and see ways in which to integrate them well into the laws of the land.
When you are a victim of scam through the mobile money transfer, the providers must give ways in which a person can have the money back.
Since the law is already in place, then once becoming a victim, should have a reprieve, though the providers are better placed to inform the public on how to go about!
floor is open....Kind Regards,Mon, Jul 12, 2010 at 12:11 PM, Solomon Mburu Kamau <solo.mburu@gmail.com> wrote:This message was sent to: judyokite@gmail.comDear All,
Inline responsesOn 12 July 2010 09:02, wesley kirinya <kiriinya2000@yahoo.com> wrote:
b) E-voting
1. A human being only has 10 finger prints which cannot be replaced. I think the public deserves to know how secure their finger prints are in the e-system.
2. Is Kenya's election problem really an identity problem? Those are problems where I would expect fingerprints to be captured. IMHO I think it's a problem of non-existing people voting by ballot boxes being tampered with. Technology can help with electronic capturing of the cast votes. I've not heard much about this. If the problem is not really identity but non-existing ppl voting, then stealing votes is still here with us...
8~)
--- On Mon, 7/12/10, Judy Okite <judyokite@gmail.com> wrote:
From: Judy Okite <judyokite@gmail.com>
Subject: [kictanet] Kenya IGF 2010, Discussions :Day 6 of 8 Theme:E-Crime, Online Privacy & Data Security.
To: kiriinya2000@yahoo.com
Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke>
Date: Monday, July 12, 2010, 1:45 AMGood Morning,
I hope that we all, had a restful weekend! unless you were @ the campaign trails :-)
To the FIFA world cup2010 winners,SPAIN, CONGRATULATIONS!!
To the rest, lets keep an eye on 2014…yet another chance to better our skills J
As we continue with our discussions, your comments and contributions to the former threads are welcome, just respond to the correct subject/title.
The next two days (Monday & Tuesday) we will be discussing:
a) a) e-crime-
Definition: E-crime is where a computer or other electronic communications device (eg mobile phone) is used to commit an offence.
Looking at this definition, the question on top of my head, is how many transactions do we do through our mobile phones, in Kenya.
a) MPESA, ZAP- transfer of money
To my knowledge (I stand to be corrected) MPESA /ZAP still rides under the umbrella of Telecommunication, banking and IT.
Lately, you can pay your electricity bill, water bill etc…through this medium.
Their usage has increased and we have branded it innovation, creativity, but are we being oblivious of the implications?
When these 'innovations' were developed here in Kenya, we were apprehensive. First, it was because we were not sure whether such platforms were worthy emulating or using because, of obvious reasons such as security among others. Years later, the same problem still exists because of lack of mass education and capacity development for their use from the providers and regulator.
Their are ramifications which are likely to be great since there are scams around alleged to be coming from the providers. This is just the tip of the iceberg. There are those who have fallen victims to the scams and a lot of money gotten lost.
As the platforms become advanced, so are the thugs.
Where or who do you approach in loss of your money?
KPLC or Safaricom/Zain?etc and many other services that we are paying for using MPESA/ZAP
In normal situation, one should approach their respective provider in case of a loss of money. If for example, I was to pay KShs. 2,000 for my electricity using MPESA or ZAP, and typed a wrong account, KPLC will is not the custodian of these platforms, but Safaricom and Zain respectively!
b) b) E-voting
Definition: is an election system that allows a voter to record his or her secure and secret ballot electronically.
Currently we have a pilot project on e-voting that will first be tested, during the referendum on 4th August 2010.there are at least 1.5 million new voters in the 18 EVR pilot constituencies.
In the recent days, we have experienced instances of ‘computer error’ within the Ministry of Finance and Education, what happens when the same happens with the IIEC?
What do we have in place as a country, to ensure that this does not happen
and if it does, does IIEC have the technical know-how?
and as Kenyans, are we assured that such a case will have ‘e-evidence’ on how and when and where the ‘computer error’ took place?
I'm still going by what Wesley put forth. Without capacity development, the end-users are 'bombarded' with pilot programs without involving them. Ideally, it would work 'well' if the voters were given enough education on how to register, follow-up and vote using electronic voter registry (platform). Security is also another thing that requires much attention since there is no assurance that the e-voting is secure and free from any hitch.
This message was sent to: solo.mburu@gmail.com
I hope that these two are bound to see our inboxes full as it touches on each and every one of us.
Your thoughts, corrections, inputs, queries, reactions are welcome!
Kind Regards,
--
“To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: kiriinya2000@yahoo.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/kiriinya2000%40yahoo.com
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/solo.mburu%40gmail.com
--
Solomon Mbũrũ Kamau
*****************************************************
Man is a gregarious animal and enjoys agreement as cows will graze all the same way to the side of a hill!
AND
It is better to die in dignity than in the ignomity of ambiguous generosity!
http://smiley2.wordpress.com
http://mburu.sikika.co.ke
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
--
“To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
--
Solomon Mbũrũ Kamau
*****************************************************
Man is a gregarious animal and enjoys agreement as cows will graze all the same way to the side of a hill!
AND
It is better to die in dignity than in the ignomity of ambiguous generosity!
http://smiley2.wordpress.com
http://mburu.sikika.co.ke
--
“To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
-----Inline Attachment Follows-----This message was sent to: jwalu@yahoo.com_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
--
“To live is to choose. But to choose well, you must know who you are and what you stand for, where you want to go and why you want to get there.” Kofi Annan
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com
--
Barrack O. Otieno
+41767892272
Skype: barrack.otieno