As a follow on to WhatsApp and its end-to-end security - one can do something quite similar for e-mail.
Practising what I preach...
At Posix Systems - customers can send e-mail to my mail relay
server. This is running Mail Submission on port 587 with
username/password authentication over TLS (The session is
encrypted). This has the distinct advantage of working from any
Internet connection my customer is on and everything is encrypted
whilst over the wire. Additionally, if you are an ISP with your
own customer infrastructure - you can now block port 25 and reduce
SPAM from Virus' on customer PC's. Customers can also fetch e-mail
(POP3/IMAP) over TLS (Ports 995 and 993 respectively) - so both
the e-mail and passwords are also securely encrypted when
fetching/downloading email.
Whilst email-server to email-server can opportunistically also
run TLS (encryption) between MTA's (Mail Transport Agents), I also
run DANE. This means if the target mail system advertises their
TLS info in a TLSA DNS record (Advertise their SSL Certificate in
the DNS System) - I KNOW they have TLS (a Security Certificate)
and WHAT IT SHOULD LOOK LIKE - so if a connection is made and
either the TLS signature is incorrect or does not exist (perhaps a
man-in-the-middle attack) - the mail will not be delivered.
The only issue with this is the target TLSA record must be in a
DNSSEC signed zone - and obviously, the sending MTU must use a
DNSSEC aware DNS Resolver to check the Target Mail system.
This setup though gives end-to-end encryption of e-mail that no
one can intercept. The MTA's though do have the e-mail in an
unencrypted form. I'd presume the e-mail customers can trust their
ISP's.
(Although technical - I hope this brief description is
understandable)
Thanks Wambua.
Just to clarify, and even rubbish that article, we need to understand that a platform like whatsapp uses end to end encryption, and cannot be snooped on, not even by Facebook.
End-to-end encryption
When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates and calls are secured from falling into the wrong hands.
WhatsApp end-to-end encryption ensures only you and the person you're communicating with can read what's sent, and nobody in between, not even WhatsApp. Your messages are secured with locks, and only the recipient and you have the special keys needed to unlock and read your messages. For added protection, every message you send has an unique lock and key. All of this happens automatically: No need to turn on settings or set up special secret chats to secure your messages.
Important: End-to-end encryption is always activated. There's no way to turn off end-to-end encryption.
OK, Now that we have debunked the possibility of CA reading your whatsapp, let us look at the types of regulations CA can put on over the top services. Remember Uganda social media tax? What about Ethiopia restriction of Skype? Yes those are the two most popular regulatory interventions that backward regimes use.
1. Censorship, filtering, and blockage
2. Taxation
On Fri, Nov 2, 2018, 11:50 AM Wambua, Christopher via kictanet <kictanet@lists.kictanet.or.ke> wrote:
_______________________________________________Listers
For purposes of clarity on the objects of the tender in question, I wish to refer listers to the public tender document which is available on CA’s website at https://ca.go.ke/wp-content/uploads/2018/10/Consultancy-Services-For-The-Study-On-Over-The-Top-OTTs-Technologies-Services-In-Kenya.pdf
In brief, the Authority, under its strategic objective of enabling widespread deployment of infrastructure and services through promotion of new and emerging technologies, plans to undertake a study to determine the regulatory mechanisms that can be employed to cater for new and emerging areas with specific focus on over the top services. The consultant shall be expected to propose the regulatory approach that the Authority can take in respect to OTTs. CA takes this opportunity to invite listers who meet the requirements set out in the tender documents to submit their bids by 14th November 2018.
CA wishes to assure listers that we have not interest whatsoever in snooping into your WhatsApp conversations as that would be against the spirit and letter of the constitution. We have however noted that the headlines on the articles on this tender are misleading, and the Authority is taking up this matter with the respective editors.
I hope this clarification puts this matter to rest.
Regards
Christopher Wambua
Ag. Director/Consumer & Public Affairs | Consumer and Public Affairs
Tel: +254 20 4242000/284
Office Mobile: +254 730 042284/
+254 730172284
P.O. Box 14448 Nairobi 00800
wambua@ca.go.ke Communications Authority of Kenya ca_kenya www.ca.go.ke
From: kictanet <kictanet-bounces+wambua=ca.go.ke@lists.kictanet.or.ke> on behalf of KICTAnet Discussions <kictanet@lists.kictanet.or.ke>
Reply-To: KICTAnet Discussions <kictanet@lists.kictanet.or.ke>
Date: Friday, 2 November 2018 at 05:07
To: Christopher Wambua <wambua@ca.go.ke>
Cc: Ali Hussein <ali@hussein.me.ke>
Subject: Re: [kictanet] Telcos regulator seeks to monitor WhatsApp
@GG
Thanks for sharing. I’m curious as to what the world is coming to. Everyone wants to snoop and regulate. Can the CA tell us what’s the major value proposition to increasing snooping on us?
Regulators need to spend more time enabling the sector they are supposed to grow and the CA has really been progressive in many ways. Once in a while though they try to go back to the bad old KANU days. The onus is on us to remind them that Kenyans shut that door kitambo sana.
Ali HusseinPrincipalAHK & Associates+254 0713 601113
"We are what we repeatedly do. Excellence, therefore, is not an act but a habit." ~ Aristotle
Sent from my iPad
Kenya is considering regulating online services such as WhatsApp and Skype in a radical move that could force the internet-based service providers to share data with the government.
The Communications Authority of Kenya (CA) is in search of a consultant to study and determine how the so-called over-the-top services (OTTS) operated by groups such as Facebook, which runs WhatsApp, and Skype owner Microsoft, could be regulated.
Read on: https://www.nation.co.ke/business/Telcos-regulator-seeks-to-monitor-WhatsApp/996-4833020-fn9u7s/index.html
Best regards
Githaiga, Grace
Co-Convenor
Kenya ICT Action Network (KICTANet)
Twitter:@ggithaiga
Tel: 254722701495
Skype: gracegithaiga
Alternate email: ggithaiga@hotmail.com
Linkedin: https://www.linkedin.com/in/gracegithaiga
www.kictanet.or.ke
"Change only happens when ordinary people get involved, get engaged and come together to demand it. I am asking you to believe. Not in my ability to bring about change – but in yours"---Barrack Obama.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafrica.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/mje%40posix.co.za The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Mark James ELKINS - Posix Systems - (South) Africa mje@posix.co.za Tel: +27.128070590 Cell: +27.826010496 For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za