Re: [kictanet] Kenya's new registry system
Wesley, I totally agree with you on this point. Its one thing to set up a system where you will have citizens access their details and its another entirely different thing to ensure its security is not compromised. Even as these guys come up with this revolutionary system, am sure they have security in mind and even more importantly have taken the necessary steps to ensuring that its not compromised. What I always have qualms with as you are well aware of in skunkworks, is the reluctance by the developers or system operators to provide room for Independent Penetration Testing. Granted this is not a panacea for hack-proofing the system but will make the system devoid of common vulnerabilities like what we saw in the ipo website. In America, identity theft has occurred even on their secure servers alike but if you look at the frequency, its relatively low since tests are carried out on the system very often and when loop holes are discovered relevant authorities are informed. Its a very novel idea the Government is pursuing but even as we speak there are notable Govt bodies whose IT infrastructure's security is very sketchy. If there was a dedicated body in the ICT Board to dedicatedly look into security issues regarding IT growth and implementation, I guess there would be standards set even when putting a very basic implementation like a web-site. Regards, "fyodor"
Gentlemen, all your arguments are in place.....unfortunately we do not have a cyber crime law in place nor a data privacy law...(subject to be corrected)....so before we go very far.....we need to make Kenyans understand.... 1. What is personal/private data?....very few understand that and why it may need to be protected... 2. what are the implications of the data,that this, system will hold, in the hands of a third party?...from here...we can ask for a document for public scrutiny.....what security measures...are in place...etc Kind Regards, On Wed, Jun 11, 2008 at 1:06 PM, <tyrus@icsit.jkuat.ac.ke> wrote:
Wesley, I totally agree with you on this point.
Its one thing to set up a system where you will have citizens access their details and its another entirely different thing to ensure its security is not compromised. Even as these guys come up with this revolutionary system, am sure they have security in mind and even more importantly have taken the necessary steps to ensuring that its not compromised. What I always have qualms with as you are well aware of in skunkworks, is the reluctance by the developers or system operators to provide room for Independent Penetration Testing. Granted this is not a panacea for hack-proofing the system but will make the system devoid of common vulnerabilities like what we saw in the ipo website.
In America, identity theft has occurred even on their secure servers alike but if you look at the frequency, its relatively low since tests are carried out on the system very often and when loop holes are discovered relevant authorities are informed.
Its a very novel idea the Government is pursuing but even as we speak there are notable Govt bodies whose IT infrastructure's security is very sketchy. If there was a dedicated body in the ICT Board to dedicatedly look into security issues regarding IT growth and implementation, I guess there would be standards set even when putting a very basic implementation like a web-site.
Regards,
"fyodor"
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
-- 'Our lives begin to end the day we become silent about things that matter. ' Martin Luther King, Jr.
I would like to balance this discussion by pointing out a historical fact..... Due to "security" concerns our country was held back from a liberalised telecoms industry for years. There were a lot of misplaced fears which originated from blanket generalisations of new technology and a fear of loss of control by the powers that be. When I set up KIXP at the end of 2000, it was shut down within two weeks because Telkom Kenya insinuated that it presented a national security risk. It took us one whole year to educate, enlighten and lobby almost every component of the Executive in order to get KIXP re-opened. Today it is considered a 'national resource' and KRA even wants to have it gazetted so that it can receive 24-hour physical security since it plays such an integral part of Kenya's economy. I am not saying that we should blind ourselves to the consideration of security concerns, just that it is very easy to further delays innovation and development with hyped up discussions about security (or more appropriately insecurity). best, Brian -- Brian Munyao Longwe e-mail: blongwe@gmail.com cell: + 254 722 518 744 blog : zinjlog.blogspot.com On Wed, Jun 11, 2008 at 11:40 PM, Judy Okite <judyokite@gmail.com> wrote:
Gentlemen,
all your arguments are in place.....unfortunately we do not have a cyber crime law in place nor a data privacy law...(subject to be corrected)....so before we go very far.....we need to make Kenyans understand....
1. What is personal/private data?....very few understand that and why it may need to be protected...
2. what are the implications of the data,that this, system will hold, in the hands of a third party?...from here...we can ask for a document for public scrutiny.....what security measures...are in place...etc
Kind Regards,
On Wed, Jun 11, 2008 at 1:06 PM, <tyrus@icsit.jkuat.ac.ke> wrote:
Wesley, I totally agree with you on this point.
Its one thing to set up a system where you will have citizens access their details and its another entirely different thing to ensure its security is not compromised. Even as these guys come up with this revolutionary system, am sure they have security in mind and even more importantly have taken the necessary steps to ensuring that its not compromised. What I always have qualms with as you are well aware of in skunkworks, is the reluctance by the developers or system operators to provide room for Independent Penetration Testing. Granted this is not a panacea for hack-proofing the system but will make the system devoid of common vulnerabilities like what we saw in the ipo website.
In America, identity theft has occurred even on their secure servers alike but if you look at the frequency, its relatively low since tests are carried out on the system very often and when loop holes are discovered relevant authorities are informed.
Its a very novel idea the Government is pursuing but even as we speak there are notable Govt bodies whose IT infrastructure's security is very sketchy. If there was a dedicated body in the ICT Board to dedicatedly look into security issues regarding IT growth and implementation, I guess there would be standards set even when putting a very basic implementation like a web-site.
Regards,
"fyodor"
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
--
'Our lives begin to end the day we become silent about things that matter. ' Martin Luther King, Jr. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: blongwe@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/blongwe%40gmail.com
Security was 1 of the items I talked about. There is a thin line between security being used as a wrong excuse not to implement a system and where it's a real concern. Anyway if all appropriate measures have been taken then it's OK. As I said, I appreciate that effort by the Gvmnt. --- On Thu, 6/19/08, Brian Longwe <blongwe@gmail.com> wrote: From: Brian Longwe <blongwe@gmail.com> Subject: Re: [kictanet] Kenya's new registry system To: kiriinya2000@yahoo.com Cc: "KICTAnet ICT Policy Discussions" <kictanet@lists.kictanet.or.ke> Date: Thursday, June 19, 2008, 11:48 AM I would like to balance this discussion by pointing out a historical fact..... Due to "security" concerns our country was held back from a liberalised telecoms industry for years. There were a lot of misplaced fears which originated from blanket generalisations of new technology and a fear of loss of control by the powers that be. When I set up KIXP at the end of 2000, it was shut down within two weeks because Telkom Kenya insinuated that it presented a national security risk. It took us one whole year to educate, enlighten and lobby almost every component of the Executive in order to get KIXP re-opened. Today it is considered a 'national resource' and KRA even wants to have it gazetted so that it can receive 24-hour physical security since it plays such an integral part of Kenya's economy. I am not saying that we should blind ourselves to the consideration of security concerns, just that it is very easy to further delays innovation and development with hyped up discussions about security (or more appropriately insecurity). best, Brian -- Brian Munyao Longwe e-mail: blongwe@gmail.com cell: + 254 722 518 744 blog : zinjlog.blogspot.com On Wed, Jun 11, 2008 at 11:40 PM, Judy Okite <judyokite@gmail.com> wrote: Gentlemen, all your arguments are in place.....unfortunately we do not have a cyber crime law in place nor a data privacy law...(subject to be corrected)....so before we go very far.....we need to make Kenyans understand.... 1. What is personal/private data?....very few understand that and why it may need to be protected... 2. what are the implications of the data,that this, system will hold, in the hands of a third party?...from here...we can ask for a document for public scrutiny.....what security measures...are in place...etc Kind Regards, On Wed, Jun 11, 2008 at 1:06 PM, <tyrus@icsit.jkuat.ac.ke> wrote: Wesley, I totally agree with you on this point. Its one thing to set up a system where you will have citizens access their details and its another entirely different thing to ensure its security is not compromised. Even as these guys come up with this revolutionary system, am sure they have security in mind and even more importantly have taken the necessary steps to ensuring that its not compromised. What I always have qualms with as you are well aware of in skunkworks, is the reluctance by the developers or system operators to provide room for Independent Penetration Testing. Granted this is not a panacea for hack-proofing the system but will make the system devoid of common vulnerabilities like what we saw in the ipo website. In America, identity theft has occurred even on their secure servers alike but if you look at the frequency, its relatively low since tests are carried out on the system very often and when loop holes are discovered relevant authorities are informed. Its a very novel idea the Government is pursuing but even as we speak there are notable Govt bodies whose IT infrastructure's security is very sketchy. If there was a dedicated body in the ICT Board to dedicatedly look into security issues regarding IT growth and implementation, I guess there would be standards set even when putting a very basic implementation like a web-site. Regards, "fyodor" _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: judyokite@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com -- 'Our lives begin to end the day we become silent about things that matter. ' Martin Luther King, Jr. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: blongwe@gmail.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/blongwe%40gmail.com _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke http://lists.kictanet.or.ke/mailman/listinfo/kictanet This message was sent to: kiriinya2000@yahoo.com Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/kiriinya2000%40yahoo.co...
participants (4)
-
Brian Longwe -
Judy Okite -
tyrus@icsit.jkuat.ac.ke -
wesley kiriinya