Good afternoon Listers, Does the Kenyan law give you as a citizen the right to privacy? Without a right to privacy you cannot expect your data to be private as there is no legal basis. Without the legal pressure to keep your data private most organizations will not invest in data security. Regards, From: kictanet <kictanet-bounces+awatila=yahoo.co.uk@lists.kictanet.or.ke> On Behalf Of Mariga Wang'ombe via kictanet Sent: Wednesday, July 11, 2018 12:18 To: awatila@yahoo.co.uk Cc: Mariga Wang'ombe <marigawangombethoithi@gmail.com> Subject: Re: [kictanet] Kenya IGF Online Discussions Day 2: Strengthening Data Security in the Context of Emerging Trends Here's a short Twitter thread on basic ways that we give away our information https://twitter.com/alkags/status/1011626368847794177 There are small ways we give away information without even thinking about it e.g when paying via Mpesa at restaurants and they ask to see our confirmation message- the has two problems- one you give away your Mpesa balance but additionally, you give away other Mpesa transactions- the names of people, the numbers and the value of your transactions. Additionally, when we get into buildings and leave them with our ID cards and then give them details including our phone numbers. There are endless ways to harvest data from a population that isn't conscious about it On 11 July 2018 at 09:37, David Indeje via kictanet <kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> > wrote: Listers, This is an interesting topic now that almost every service we get from the government is being automated to ensure our personal details are captured. For instance, our children are being registered in schools digitally, NTSA, KRA, NHIF/NSSF and so much more. It is a fact that data sharing is a way of life now. Credit cards, e-commerce, and online banking all rely on personal data being transmitted to companies via technology. Thus, security must become our way of life too. On the other hand, We can’t rely on orgs, companies, and brands to protect our data in the way that we would. Therefore, we should: Not give up personal data easily Ultimately, how policies are crafted, and how much we invest in data security will pay off. For instance, The enactment of the Access to Information Act ensures that information within Government custody is freely available to the public. This will provide opportunities for openness and transparency thus stifling corruption. The public will have the opportunity to peruse public information and hold government accountable. Kind Regards, David Indeje <https://cytonn.sheerhr.com/signature/icon/ico-phone.png> +254 (0) 711 385 945| +254 (0) 734 024 856 <https://cytonn.sheerhr.com/signature/icon/ico-web.png> Khusoko <http://bit.ly/2eJF9B4> <https://www.facebook.com/DavidIndeje/> <https://twitter.com/David_Indeje> <http://ke.linkedin.com/pub/david-indeje/17/7b9/647> Skype: david.indeje On Wed, 11 Jul 2018 at 08:02, Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> > wrote: Listers, Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation. Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data. Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the Chacha saga to justify the quick passage of a law creating offences. But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data. In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security? Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats? Do we have positive cases or good practices to imitate? What challenges that remain and how can we address them? Welcome to the discussion. -- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke <http://www.eacdirectory.co.ke> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/davidindeje%40gmail.co... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke <http://www.eacdirectory.co.ke> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/marigawangombethoithi%... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- Kind Regards, Mariga Wang'ombe wa Thoithi +254 721 629 658/ +254 731 053 816

Haha.. Muraya's 'steal' deserves its own thread. privacy is what you have never told your smartphone. On Wed, 11 Jul 2018, 19:41 S.M. Muraya via kictanet, < kictanet@lists.kictanet.or.ke> wrote:

Stolen >> "every app on your phone is allowed un-monitored access to everything and that with your full consent.."

On Wed, Jul 11, 2018 at 9:46 AM Admin CampusCiti via kictanet < kictanet@lists.kictanet.or.ke> wrote:

...

Grace and all

This is a pertinent issue in 2018. First let me address this in the context of Policy and Legislation.

1. In the absence of solid Policy and laws regarding Data Security we are really groping in the dark. I appreciate that there are various initiatives ongoing to remedy this situation. From a personal data security there’s always the issue of who is accessing my data - this needs to be viewed from a personal security angle i.e hackers, unauthorized use of data by corporates, unsolicited communication using data mining tools, government subpoenas etc.

2. From a Corporate perspective the above is relevant but from a body corporate perspective. This becomes more important considering the magnitude of data some corporates hold and the potential liabilities and losses that can arise through data breaches. For example it is alleged that Kenyan banks lost Kshs.30 billion in the last 3 years.

https://www.standardmedia.co.ke/business/article/2001232241/how-kenyan-banks...

3. From a government perspective it takes on a National Security perspective. As the proliferation of Cloud Computing becomes standard operating procedure for most organizations governments are starting to ask pertinent questions about control, access to data etc. One critical issue that is now a major block is the one about Data Sovereignty. In a nutshell the issues around Data Sovereignty can be encapsulated in one sentence.

*Data sovereignty* comes into play when an organisation's *data* is stored outside of their country and is subject to the laws of the country in which the *data* resides. The main concern with *data sovereignty* is maintaining privacy regulations and keeping foreign countries from being able to subpoena *data*.

Bottom line I’d urge us to expedite the building of both hard (roads, bridges, fiber etc) and soft (enabling policy, laws and regulations etc) infrastructure. Soft Infrastructure is not going in tandem with hard Infrastructure. Data Security is a key component of this. Without this in place we cannot expect Tier 4 Data Centre operators to even think about investing in Kenya.

*Ali Hussein*

+254 0713 601113

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>

Blog: www.alyhussein.com

"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi

Sent from my iPad

On 11 Jul 2018, at 7:52 AM, Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:

Listers, Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation. Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data.

Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the Chacha saga to justify the quick passage of a law creating offences.

But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data. In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security? Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats? Do we have positive cases or good practices to imitate? What challenges that remain and how can we address them?

Welcome to the discussion.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40campusciti.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail....

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- SMM

*"Better a patient person than a warrior, one with self-control than one who takes a city." Prov 16:32* _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kmachuhi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

@ Machuhi, Wahengas may need to be recalled to modify 'hakuna siri ya watu wawili' to the smartphone era. Il mercoledì 11 luglio 2018, Grace Bomu <nmutungu@gmail.com> ha scritto:

@John, while it is important to understand these distinctions, we should also be alive to the pervasiveness of data harvesting in every aspect of our lives. We ought therefore to see stakeholders beyond the traditional players such as techies, law enforcement and government. @Muraya, Collins, thank you for the reality check examples.I n last year's KIGF, a big debate during the fireside chat was whether privavcy is dead? The call to engage with the Data Protection Bill may be a first step in ensuring that those who collect data protect it. We shall heed it @Mercy.

Il mercoledì 11 luglio 2018, K Machuhi via kictanet < kictanet@lists.kictanet.or.ke> ha scritto:

...

Haha.. Muraya's 'steal' deserves its own thread. privacy is what you have never told your smartphone.

On Wed, 11 Jul 2018, 19:41 S.M. Muraya via kictanet, < kictanet@lists.kictanet.or.ke> wrote:

...

Stolen >> "every app on your phone is allowed un-monitored access to everything and that with your full consent.."

On Wed, Jul 11, 2018 at 9:46 AM Admin CampusCiti via kictanet < kictanet@lists.kictanet.or.ke> wrote:

...

Grace and all

This is a pertinent issue in 2018. First let me address this in the context of Policy and Legislation.

1. In the absence of solid Policy and laws regarding Data Security we are really groping in the dark. I appreciate that there are various initiatives ongoing to remedy this situation. From a personal data security there’s always the issue of who is accessing my data - this needs to be viewed from a personal security angle i.e hackers, unauthorized use of data by corporates, unsolicited communication using data mining tools, government subpoenas etc.

2. From a Corporate perspective the above is relevant but from a body corporate perspective. This becomes more important considering the magnitude of data some corporates hold and the potential liabilities and losses that can arise through data breaches. For example it is alleged that Kenyan banks lost Kshs.30 billion in the last 3 years.

https://www.standardmedia.co.ke/business/article/2001232241/ how-kenyan-banks-lost-sh30-billion-in-two-years-to-tech-savvy-criminals

3. From a government perspective it takes on a National Security perspective. As the proliferation of Cloud Computing becomes standard operating procedure for most organizations governments are starting to ask pertinent questions about control, access to data etc. One critical issue that is now a major block is the one about Data Sovereignty. In a nutshell the issues around Data Sovereignty can be encapsulated in one sentence.

*Data sovereignty* comes into play when an organisation's *data* is stored outside of their country and is subject to the laws of the country in which the *data* resides. The main concern with *data sovereignty* is maintaining privacy regulations and keeping foreign countries from being able to subpoena *data*.

Bottom line I’d urge us to expedite the building of both hard (roads, bridges, fiber etc) and soft (enabling policy, laws and regulations etc) infrastructure. Soft Infrastructure is not going in tandem with hard Infrastructure. Data Security is a key component of this. Without this in place we cannot expect Tier 4 Data Centre operators to even think about investing in Kenya.

*Ali Hussein*

+254 0713 601113

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>

Blog: www.alyhussein.com

"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi

Sent from my iPad

On 11 Jul 2018, at 7:52 AM, Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:

Listers, Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation. Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data.

Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the Chacha saga to justify the quick passage of a law creating offences.

But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data. In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security? Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats? Do we have positive cases or good practices to imitate? What challenges that remain and how can we address them?

Welcome to the discussion.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/info%40campusciti.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/murigi.muraya%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- SMM

*"Better a patient person than a warrior, one with self-control than one who takes a city." Prov 16:32* _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/m ailman/options/kictanet/kmachuhi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

This is interesting. We have been conditioned to believe that more and more data is needed from us to usher us into the brave new world. And the use of good old maths to solve shiny new computing problems- We would be interested to hear more.... Thank you for this perspective Il mercoledì 11 luglio 2018, John Paul Karijo <johnpaulem@gmail.com> ha scritto:

I was in a multidisciplinary conference a few weeks ago and this presenter was working on a mathematical formula that would allow us to measure the optimum level at which to give up privacy in order for meaningful use to be viable on the data that is accessed.

A kind of a sweet spot where the data collected from users is sufficient for analysis, for computation, for analytics... enough for A.I and ubiquitous computing and yet not to the level where it is personally identifiable or can be used for unwarranted or unsolicited or harmful targeting.

He is still working on this - I will go look up his name and share later tomorrow.

He said something interesting though - that coders didn't know how to do this Math...and didn't consult mathematicians (speaking of needing each other)

My reservations though is that even if this did come to fruition in the long run it would become similar to other mathematical formulae such as the one used to calculate speed limits on roads... which totally doesn't make sense in this era... but which we still apply religiously.

With kind regards

Jeipea

Believe in yourself then you can change your world

____________________________________________ Skype: john.paul.em Cell: +254735586956

On Wed, Jul 11, 2018 at 9:21 PM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:

...

@ Machuhi, Wahengas may need to be recalled to modify 'hakuna siri ya watu wawili' to the smartphone era.

Il mercoledì 11 luglio 2018, Grace Bomu <nmutungu@gmail.com> ha scritto:

...

@John, while it is important to understand these distinctions, we should also be alive to the pervasiveness of data harvesting in every aspect of our lives. We ought therefore to see stakeholders beyond the traditional players such as techies, law enforcement and government. @Muraya, Collins, thank you for the reality check examples.I n last year's KIGF, a big debate during the fireside chat was whether privavcy is dead? The call to engage with the Data Protection Bill may be a first step in ensuring that those who collect data protect it. We shall heed it @Mercy.

Il mercoledì 11 luglio 2018, K Machuhi via kictanet < kictanet@lists.kictanet.or.ke> ha scritto:

...

Haha.. Muraya's 'steal' deserves its own thread. privacy is what you have never told your smartphone.

On Wed, 11 Jul 2018, 19:41 S.M. Muraya via kictanet, < kictanet@lists.kictanet.or.ke> wrote:

...

Stolen >> "every app on your phone is allowed un-monitored access to everything and that with your full consent.."

On Wed, Jul 11, 2018 at 9:46 AM Admin CampusCiti via kictanet < kictanet@lists.kictanet.or.ke> wrote:

...

Grace and all

This is a pertinent issue in 2018. First let me address this in the context of Policy and Legislation.

1. In the absence of solid Policy and laws regarding Data Security we are really groping in the dark. I appreciate that there are various initiatives ongoing to remedy this situation. From a personal data security there’s always the issue of who is accessing my data - this needs to be viewed from a personal security angle i.e hackers, unauthorized use of data by corporates, unsolicited communication using data mining tools, government subpoenas etc.

2. From a Corporate perspective the above is relevant but from a body corporate perspective. This becomes more important considering the magnitude of data some corporates hold and the potential liabilities and losses that can arise through data breaches. For example it is alleged that Kenyan banks lost Kshs.30 billion in the last 3 years.

https://www.standardmedia.co.ke/business/article/ 2001232241/how-kenyan-banks-lost-sh30-billion-in-two- years-to-tech-savvy-criminals

3. From a government perspective it takes on a National Security perspective. As the proliferation of Cloud Computing becomes standard operating procedure for most organizations governments are starting to ask pertinent questions about control, access to data etc. One critical issue that is now a major block is the one about Data Sovereignty. In a nutshell the issues around Data Sovereignty can be encapsulated in one sentence.

*Data sovereignty* comes into play when an organisation's *data* is stored outside of their country and is subject to the laws of the country in which the *data* resides. The main concern with *data sovereignty* is maintaining privacy regulations and keeping foreign countries from being able to subpoena *data*.

Bottom line I’d urge us to expedite the building of both hard (roads, bridges, fiber etc) and soft (enabling policy, laws and regulations etc) infrastructure. Soft Infrastructure is not going in tandem with hard Infrastructure. Data Security is a key component of this. Without this in place we cannot expect Tier 4 Data Centre operators to even think about investing in Kenya.

*Ali Hussein*

+254 0713 601113

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>

Blog: www.alyhussein.com

"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought". ~ Albert Szent-Györgyi

Sent from my iPad

On 11 Jul 2018, at 7:52 AM, Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:

Listers, Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation. Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data.

Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the Chacha saga to justify the quick passage of a law creating offences.

But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data. In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security? Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats? Do we have positive cases or good practices to imitate? What challenges that remain and how can we address them?

Welcome to the discussion.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/info%40campusciti.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/murigi.muraya%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- SMM

*"Better a patient person than a warrior, one with self-control than one who takes a city." Prov 16:32* _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/kmachuhi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/johnpaulem%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

Ethics and trust in a digital age | | | | Ethics and trust in a digital age ACCA - http://www.accaglobal.com We examine the importance and challenge of ethical behaviour in this digital age with insight and guidance provi... | | | "Professional accountants have an obligation to act in the public interest. If there was a data breach, they should endeavour to inform the end user, the customer or the client, at the earliest opportunity and let them know that their confidential information has been exposed…rather than seeking to protect the interests or reputation of the organisation." Ken Siong, technical director, IESBA 2017 Publication, insights useful. Be blessed.Regards/Wangari--- Pray God Bless. 2013Wangari circa - "Being of the Light, We are Restored Through Faith in Mind, Body and Spirit; We Manifest The Kingdom of God on Earth". On Wednesday, 11 July 2018, 22:47:55 GMT+3, John Paul Karijo via kictanet <kictanet@lists.kictanet.or.ke> wrote: Thank you Grace - I agree! Also interesting was the fact that he was from a local university. On Wed, Jul 11, 2018, 21:43 Grace Bomu <nmutungu@gmail.com> wrote: This is interesting. We have been conditioned to believe that more and more data is needed from us to usher us into the brave new world. And the use of good old maths to solve shiny new computing problems- We would be interested to hear more.... Thank you for this perspective  Il mercoledì 11 luglio 2018, John Paul Karijo <johnpaulem@gmail.com> ha scritto: I was in a multidisciplinary conference a few weeks ago and this presenter was working on a mathematical formula that would allow us to measure the optimum level at which to give up privacy in order for meaningful use to be viable on the data that is accessed. A kind of a sweet spot where the data collected from users is sufficient for analysis, for computation, for analytics... enough for A.I and ubiquitous computing and yet not to the level where it is personally identifiable or can be used for unwarranted or unsolicited or harmful targeting. He is still working on this - I will go look up his name and share later tomorrow. He said something interesting though - that coders didn't know how to do this Math...and didn't consult mathematicians (speaking of needing each other) My reservations though is that even if this did come to fruition in the long run it would become similar to other mathematical formulae such as the one used to calculate speed limits on roads... which totally doesn't make sense in this era... but which we still apply religiously. With kind regards Jeipea Believe in yourself then you can change your world ____________________________________________Skype: john.paul.emCell: +254735586956 On Wed, Jul 11, 2018 at 9:21 PM Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke> wrote: @ Machuhi, Wahengas may need to be recalled to modify 'hakuna siri ya watu wawili' to the smartphone era. Il mercoledì 11 luglio 2018, Grace Bomu <nmutungu@gmail.com> ha scritto: @John, while it is important to understand these distinctions, we should also be alive to the pervasiveness of data harvesting in every aspect of our lives. We ought therefore to see stakeholders beyond the traditional players such as techies, law enforcement and government. @Muraya, Collins, thank you for the reality check examples.I n last year's KIGF, a big debate during the fireside chat was whether privavcy is dead? The call to engage with the Data Protection Bill may be a first step in ensuring that those who collect data protect it. We shall heed it @Mercy.  Il mercoledì 11 luglio 2018, K Machuhi via kictanet <kictanet@lists.kictanet.or.ke> ha scritto: Haha.. Muraya's 'steal' deserves its own thread. privacy is what you have never told your smartphone. On Wed, 11 Jul 2018, 19:41 S.M. Muraya via kictanet, <kictanet@lists.kictanet.or.ke> wrote: Stolen >> "every app on your phone is allowed un-monitored access to everything and that with your full consent.." On Wed, Jul 11, 2018 at 9:46 AM Admin CampusCiti via kictanet <kictanet@lists.kictanet.or.ke> wrote: Grace and all This is a pertinent issue in 2018. First let me address this in the context of Policy and Legislation. 1. In the absence of solid Policy and laws regarding Data Security we are really groping in the dark. I appreciate that there are various initiatives ongoing to remedy this situation. From a personal data security there’s always the issue of who is accessing my data - this needs to be viewed from a personal security angle i.e hackers, unauthorized use of data by corporates, unsolicited communication using data mining tools, government subpoenas etc. 2. From a Corporate perspective the above is relevant but from a body corporate perspective. This becomes more important considering the magnitude of data some corporates hold and the potential liabilities and losses that can arise through data breaches. For example it is alleged that Kenyan banks lost Kshs.30 billion in the last 3 years.  https://www.standardmedia.co.ke/business/article/2001232241/how-kenyan-banks... 3. From a government perspective it takes on a National Security perspective. As the proliferation of Cloud Computing becomes standard operating procedure for most organizations governments are starting to ask pertinent questions about control, access to data etc. One critical issue that is now a major block is the one about Data Sovereignty. In a nutshell the issues around Data Sovereignty can be encapsulated in one sentence. Data sovereignty comes into play when an organisation's data is stored outside of their country and is subject to the laws of the country in which the data resides. The main concern with data sovereignty is maintaining privacy regulations and keeping foreign countries from being able to subpoena data. Bottom line I’d urge us to expedite the building of both hard (roads, bridges, fiber etc) and soft (enabling policy, laws and regulations etc) infrastructure. Soft Infrastructure is not going in tandem with hard Infrastructure. Data Security is a key component of this. Without this in place we cannot expect Tier 4 Data Centre operators to even think about investing in Kenya. Ali Hussein +254 0713 601113  Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim Blog: www.alyhussein.com "Discovery consists in seeing what everyone else has seen and thinking what no one else has thought".  ~ Albert Szent-Györgyi Sent from my iPad On 11 Jul 2018, at 7:52 AM, Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke> wrote: Listers, Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation. Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data. Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the  Chacha saga to justify the quick passage of a law creating offences. But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data. In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security? Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats? Do we have positive cases or good practices to imitate? What challenges that remain and how can we address them? Welcome to the discussion. -- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40campusciti.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/murigi.muraya%40gmail.... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- SMM "Better a patient person than a warrior, one with self-control than one who takes a city." Prov 16:32 _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kmachuhi%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F -- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/johnpaulem%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/wangarikabiru%40yahoo.... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

Interesting report from the Web Foundation "Is Open Data Working for Women in Africa? <http://webfoundation.org/docs/2018/07/WF_WomanDataAfrica_Report.pdf> *Kind Regards,* *David Indeje * +254 (0) 711 385 945| +254 (0) 734 024 856 Khusoko <http://bit.ly/2eJF9B4> <https://www.facebook.com/DavidIndeje/> <https://twitter.com/David_Indeje> <http://ke.linkedin.com/pub/david-indeje/17/7b9/647> Skype: david.indeje On Thu, 12 Jul 2018 at 23:43, Mwendwa Kivuva via kictanet < kictanet@lists.kictanet.or.ke> wrote:

Germany's highest court has ruled that the parents of a dead daughter have the rights to her Facebook account under inheritance law.

The Federal Court of Justice (BGH) said online data should be treated the same as private diaries or letters, and pass to heirs.

https://www.bbc.com/news/world-europe-44804599 _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/davidindeje%40gmail.co...

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

Hi Grace, Many thanks for this interesting discussion. I would like to look at the subject from a slightly different angle, culture. We need to be deliberate and intentional about building a culture of security. Generally most Kenyan citizens frown at Security processes and procedures and equate them to harassment. Herein lies the challenge. Kenya is an active participant in ISO 27000 series Standards Development and is a voting member of Sub committee 27 that deals with Information Security Management Systems. Tonnes of Standards are lying at the Kenya Bureau of Standards library which are not bought by local sme's and enterprises. Every time is ask some of them why they are not implementing the standards they say it is too expensive and cumbersome to implement. This standards can be used to enhance our Information Systems Security culture. The other challenge we have is that is that only Health related standards are mandatory any other standards including Information Security Management System standards are implemented on a voluntary basis. It is very difficult to protect data under such an environment since data resides within an information Eco-system. I am also reliably informed that the ICT Authority has implemented some Information Security Management System Standards and that it is part of the performance contracting system for some government officers. It would be great to have feedback on how effective the implementation has been in light of data breaches that attributed to the IFMIS system. In conclusion, we have to build a culture of information security management through an awareness campaign program and capacity building as institutions such as KICTANet are doing. Kenyan Companies should also strive to align their Information Security Management Systems in accordance with International Standards and or best practices such a ISO 27000 series. In fact as many as can get certified should be certified the way the Communications Authority has done. Best Regards On 7/11/18, Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke> wrote:

This is interesting. We have been conditioned to believe that more and more data is needed from us to usher us into the brave new world. And the use of good old maths to solve shiny new computing problems- We would be interested to hear more.... Thank you for this perspective

Il mercoledì 11 luglio 2018, John Paul Karijo <johnpaulem@gmail.com> ha scritto:

...

I was in a multidisciplinary conference a few weeks ago and this presenter was working on a mathematical formula that would allow us to measure the optimum level at which to give up privacy in order for meaningful use to be viable on the data that is accessed.

A kind of a sweet spot where the data collected from users is sufficient for analysis, for computation, for analytics... enough for A.I and ubiquitous computing and yet not to the level where it is personally identifiable or can be used for unwarranted or unsolicited or harmful targeting.

He is still working on this - I will go look up his name and share later tomorrow.

He said something interesting though - that coders didn't know how to do this Math...and didn't consult mathematicians (speaking of needing each other)

My reservations though is that even if this did come to fruition in the long run it would become similar to other mathematical formulae such as the one used to calculate speed limits on roads... which totally doesn't make sense in this era... but which we still apply religiously.

With kind regards

Jeipea

Believe in yourself then you can change your world

____________________________________________ Skype: john.paul.em Cell: +254735586956

On Wed, Jul 11, 2018 at 9:21 PM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:

...

@ Machuhi, Wahengas may need to be recalled to modify 'hakuna siri ya watu wawili' to the smartphone era.

Il mercoledì 11 luglio 2018, Grace Bomu <nmutungu@gmail.com> ha scritto:

...

@John, while it is important to understand these distinctions, we should also be alive to the pervasiveness of data harvesting in every aspect of our lives. We ought therefore to see stakeholders beyond the traditional players such as techies, law enforcement and government. @Muraya, Collins, thank you for the reality check examples.I n last year's KIGF, a big debate during the fireside chat was whether privavcy is dead? The call to engage with the Data Protection Bill may be a first step in ensuring that those who collect data protect it. We shall heed it @Mercy.

Il mercoledì 11 luglio 2018, K Machuhi via kictanet < kictanet@lists.kictanet.or.ke> ha scritto:

...

Haha.. Muraya's 'steal' deserves its own thread. privacy is what you have never told your smartphone.

On Wed, 11 Jul 2018, 19:41 S.M. Muraya via kictanet, < kictanet@lists.kictanet.or.ke> wrote:

...

Stolen >> "every app on your phone is allowed un-monitored access to everything and that with your full consent.."

On Wed, Jul 11, 2018 at 9:46 AM Admin CampusCiti via kictanet < kictanet@lists.kictanet.or.ke> wrote:

> Grace and all > > This is a pertinent issue in 2018. First let me address this in the > context of Policy and Legislation. > > 1. In the absence of solid Policy and laws regarding Data Security > we > are really groping in the dark. I appreciate that there are various > initiatives ongoing to remedy this situation. From a personal data > security > there’s always the issue of who is accessing my data - this needs to > be > viewed from a personal security angle i.e hackers, unauthorized use > of data > by corporates, unsolicited communication using data mining tools, > government subpoenas etc. > > 2. From a Corporate perspective the above is relevant but from a > body > corporate perspective. This becomes more important considering the > magnitude of data some corporates hold and the potential liabilities > and > losses that can arise through data breaches. For example it is > alleged that > Kenyan banks lost Kshs.30 billion in the last 3 years. > > https://www.standardmedia.co.ke/business/article/ > 2001232241/how-kenyan-banks-lost-sh30-billion-in-two- > years-to-tech-savvy-criminals > > 3. From a government perspective it takes on a National Security > perspective. As the proliferation of Cloud Computing becomes > standard > operating procedure for most organizations governments are starting > to ask > pertinent questions about control, access to data etc. One critical > issue > that is now a major block is the one about Data Sovereignty. In a > nutshell > the issues around Data Sovereignty can be encapsulated in one > sentence. > > *Data sovereignty* comes into play when an organisation's *data* is > stored outside of their country and is subject to the laws of the > country > in which the *data* resides. The main concern with *data sovereignty* > is > maintaining privacy regulations and keeping foreign countries from > being > able to subpoena *data*. > > Bottom line I’d urge us to expedite the building of both hard > (roads, > bridges, fiber etc) and soft (enabling policy, laws and regulations > etc) > infrastructure. Soft Infrastructure is not going in tandem with hard > Infrastructure. Data Security is a key component of this. Without > this in > place we cannot expect Tier 4 Data Centre operators to even think > about > investing in Kenya. > > *Ali Hussein* > > +254 0713 601113 > > Twitter: @AliHKassim > > Skype: abu-jomo > > LinkedIn: http://ke.linkedin.com/in/alihkassim > <http://ke.linkedin.com/in/alihkassim> > > Blog: www.alyhussein.com > > "Discovery consists in seeing what everyone else has seen and > thinking what no one else has thought". ~ Albert Szent-Györgyi > > Sent from my iPad > > On 11 Jul 2018, at 7:52 AM, Grace Bomu via kictanet < > kictanet@lists.kictanet.or.ke> wrote: > > Listers, > Thank you to all who contributed to yesterday's topic. The thread is > still open for those who may have further thoughts on content > regulation. > Welcome to Day 2 of online pre KIGF debates where out topic today is > Strengthening > Data Security in the Context of Emerging Trends. We shall look at > cybersecurity in the context of data. > > Barely a few weeks ago, social media was awash with memes of Wazir > Boniface Chacha, the young man alleged to have conned MPs after > getting > access to their phone data. Later when this was used as a > justification in > debates for the Cybercrime Act, some wondered whether the political > process > had used the Chacha saga to justify the quick passage of a law > creating > offences. > > But beyond "small data" in our personal possession, many SMEs , > corporations, institutions, societies and other bodies are holding > significant amounts of data. > In this community, the wider issue of cyber security has been a > recurring theme in KIGF. It is generally agreed that the best > approach is a > multi-pronged one that includes the law, good practices, effective > mitigation and response to incidences at multiple levels, creation > of > awareness and technical solutions among others. Having gotten a new > law in > the form of the Cybercrimes Act, are we assured of data security? > Are our existing mechanisms for mitigation and response to > incidences > adequate for emerging threats? > Do we have positive cases or good practices to imitate? > What challenges that remain and how can we address them? > > Welcome to the discussion. > > -- > Grace Mutung'u > Skype: gracebomu > @Bomu > PGP ID : 0x33A3450F > > _______________________________________________ > kictanet mailing list > kictanet@lists.kictanet.or.ke > https://lists.kictanet.or.ke/mailman/listinfo/kictanet > Twitter: http://twitter.com/kictanet > Facebook: https://www.facebook.com/KICTANet/ > Domain Registration sponsored by www.eacdirectory.co.ke > > Unsubscribe or change your options at https://lists.kictanet.or.ke/ > mailman/options/kictanet/info%40campusciti.com > > The Kenya ICT Action Network (KICTANet) is a multi-stakeholder > platform for people and institutions interested and involved in ICT > policy > and regulation. The network aims to act as a catalyst for reform in > the ICT > sector in support of the national aim of ICT enabled growth and > development. > > KICTANetiquette : Adhere to the same standards of acceptable > behaviors online that you follow in real life: respect people's times > and > bandwidth, share knowledge, don't flame or abuse or personalize, > respect > privacy, do not spam, do not market your wares or qualifications. > > _______________________________________________ > kictanet mailing list > kictanet@lists.kictanet.or.ke > https://lists.kictanet.or.ke/mailman/listinfo/kictanet > Twitter: http://twitter.com/kictanet > Facebook: https://www.facebook.com/KICTANet/ > Domain Registration sponsored by www.eacdirectory.co.ke > > Unsubscribe or change your options at https://lists.kictanet.or.ke/ > mailman/options/kictanet/murigi.muraya%40gmail.com > > The Kenya ICT Action Network (KICTANet) is a multi-stakeholder > platform for people and institutions interested and involved in ICT > policy > and regulation. The network aims to act as a catalyst for reform in > the ICT > sector in support of the national aim of ICT enabled growth and > development. > > KICTANetiquette : Adhere to the same standards of acceptable > behaviors online that you follow in real life: respect people's times > and > bandwidth, share knowledge, don't flame or abuse or personalize, > respect > privacy, do not spam, do not market your wares or qualifications. >

-- SMM

*"Better a patient person than a warrior, one with self-control than one who takes a city." Prov 16:32* _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/kmachuhi%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/johnpaulem%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A

Thank you for contributions so far and apologies that I could not come in earlier, I had shortage of the other data :) It seems that, like with many other aspects of our society, there are those who are far ahead in appreciating the role of data in present and future economies and therefore, they are collecting as much as possible even where the purposes are not immediately clear. A good example is government systems as pointed out by Indeje and private systems as shown on Mariga's Twitter thread example. On the other hand, there are those who have little or no knowledge of the implications of data processing. And so as pointed out by Ali and William, data processing activities can be couched in political narratives and tied to national security without proper safeguards for the security of the data. To add on to Gideon's points, why should we have data security in the first place? Is it primarily to protect the data economy or should we also have conversations about how data is changing our personhood and to what extent we need to center data protection frameworks around the person? Being that we are a nascent data economy, are there good practices that we have already seen and should encourage? For example, after banks have suffered data attacks,have they developed better data security standards? (this is clickbait for Barrack who is more knowledgeable on standards) @ Mariga, by the way, through the Private Security Regulation Act, private security providers are expected to protect data they collect and only use it for limited purposes of identification (section 48), collection of MPesa data is also regulated under the communications act, just like health info is also regulated. So how come there are still glaring data security problems even with regulation? What could be done better? As we answer these questions, let us also attempt to give proposals that could be incorporated in upcoming frameworks like data protection bills that are being prepared/debated in Parliament. One specific issues that we could talk about is how to get redress for data security issues like unlawful processing of data, protection from automated decisions and breaches to data. Should these be dealt with under criminal law, administrative fines (an authority fining the party on the wrong) or civil court (where those whose data has been breached sue)? 2018-07-11 12:46 GMT+03:00 william mathenge via kictanet < kictanet@lists.kictanet.or.ke>:

Hi listers,

Amazing insights being shared so far and one can only be grateful. Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats? At the moment the mechanisms cannot be stated to be adequate, if anything, we are vulnerable more than ever without the proverbial 'Data Protection Legislation' to profiling and all other forms of proliferation of personal data. The extent of this proliferation cannot be understated as was seen in the link below. http://kenyalaw.org/caselaw/cases/view/151117/ The Computer Misuse and CyberCrimes Bill is majorly unconstitutional and the Political agenda in enacting it was quite distinct.

Do we have positive cases or good practices to imitate? Since we cannot rely on the Soft Infrastructure that has been cited, data minimalism is an effective initiative we can undertake as a means of individual security measures. Kind of taking the law into your own hands only now you'd be taking your data into your own hands. Data minimalism is however moot without sufficient sensitization from the earliest age possible on the need to limit the amount of personal data divulged online. So to achieve adequate data security in the existing cyberspace, outreach and sensitization programmes on the need for data minimalism would best fit tackling the challenges to personal data security.

What challenges that remain and how can we address them? Again sensitization on Privacy and what Data one provides while scrolling, liking, commenting and generally using social media platforms would go a long way. The implications of filling online forms and/or linking third party users to online accounts that store our personal data are vast and unprecedented in a negative way. Access to the internet grows faster and deeper by the day and little or no consumer education is provided on the dynamics of accessing it such as Data. We can do better, ought to do better to ensure we thrive in a data driven economy.

Kind Regards, William (LL.B)

On Wed, Jul 11, 2018 at 8:00 AM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:

...

Listers, Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation. Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data.

Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the Chacha saga to justify the quick passage of a law creating offences.

But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data. In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security? Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats? Do we have positive cases or good practices to imitate? What challenges that remain and how can we address them?

Welcome to the discussion.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/willbill.mathenge%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/ mailman/options/kictanet/nmutungu%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

Hi, I am concerned about the culture of data misuse where custodians of personal information use information they have collected for other purposes. This is tied to lack of data minimization in business operations and lack of consent on data use. I hope with the incoming laws, there will be clear guidelines on prior consent before collection and processing of data. I also hope that despite all our security challenges, a data minimization culture will be inculcated in the KYC process. On Wed, 11 Jul 2018 at 17:13, John Kariuki via kictanet < kictanet@lists.kictanet.or.ke> wrote:

Listers, As we continue with the discussions, there's need to clearly distinguish two areas, namely Cybersecurity, an area where techies have core competence and can effectively engage the line ministry involved. The second area is Cybercrimes, whose core competence lies with the Criminal Justice System including the Police, the Courts, etc.

John Kariuki

Sent from Yahoo Mail on Android <https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature>

On Wed, Jul 11, 2018 at 8:23, Grace Bomu via kictanet <kictanet@lists.kictanet.or.ke> wrote:

Listers, Thank you to all who contributed to yesterday's topic. The thread is still open for those who may have further thoughts on content regulation. Welcome to Day 2 of online pre KIGF debates where out topic today is Strengthening Data Security in the Context of Emerging Trends. We shall look at cybersecurity in the context of data.

Barely a few weeks ago, social media was awash with memes of Wazir Boniface Chacha, the young man alleged to have conned MPs after getting access to their phone data. Later when this was used as a justification in debates for the Cybercrime Act, some wondered whether the political process had used the Chacha saga to justify the quick passage of a law creating offences.

But beyond "small data" in our personal possession, many SMEs , corporations, institutions, societies and other bodies are holding significant amounts of data. In this community, the wider issue of cyber security has been a recurring theme in KIGF. It is generally agreed that the best approach is a multi-pronged one that includes the law, good practices, effective mitigation and response to incidences at multiple levels, creation of awareness and technical solutions among others. Having gotten a new law in the form of the Cybercrimes Act, are we assured of data security? Are our existing mechanisms for mitigation and response to incidences adequate for emerging threats? Do we have positive cases or good practices to imitate? What challenges that remain and how can we address them?

Welcome to the discussion.

-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kariuki_jn%40yahoo.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/ Domain Registration sponsored by www.eacdirectory.co.ke

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

-- Francis Monyango Lawyer | ICT Policy and Legal Consultant www.monyango.com