This is a very serious anomaly that must be addressed soonest possible. It begs the question, are we safe as data subjects? If a body like IEBC that is expected to be beyond reproach can have such open flaws...then we say that we are ready to go for elections huh?its a disappointment.

On 29-Jun-2017 11:47 PM, "Mwendwa Kivuva via kictanet" <kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,

Today I'm wearing my CISA hat.

IEBC has launched a voter verification tool both through sms, and web query at http://voterstatus.iebc.or.ke/voter

If you are privacy conscious, and a little bit paranoid, you will realize that IEBC is doing badly with how they are exposing  raw data of nearly 20 million Kenyans to the world. Anybody with basic programing skills can be able to harvest the raw data through an automated search. If you search any random number with the format of Kenya ID numbers, say hypothetically 12345678, you will realize you can pull up citizen's details, at least ID number, and name, and where they live.

Basic security tips would require the system to have a captcha to prevent automated harvest of the information, and also have a challenge questions like date of birth to supplement the ID number, therefore thwart any mischievous individuals from harvesting the rich data

Can IEBC correct the anomaly?

Attached is a sample demo screenshot. Of course there is the other thing of strange ID numbers finding their way into the voter register.

Voter Details for Id: 12345678

Id / Passport Number12345678
Primary NameKIBET
Secondary NameKIRUI
Birth Date01/01/1994
GenderM
Polling Station Code101
Polling StationLELACH PRIMARY SCHOOL
CountyKERICHO
ContituencyBURETI
WardCHEPLANGET

______________________
Mwendwa Kivuva, Nairobi, Kenya
twitter.com/lordmwesh




_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ronojinx%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.