NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Listers, Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-... It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting. Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data. We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder! However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab? I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up. So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. -- *Regards,* *Wait**haka Ngigi* Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke
I’ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA’s prying eyes, with locally established standards of encryption etc… We’ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles Obbo…. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/44... -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Listers, Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-... It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting. Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data. We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder! However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab? I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up. So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. -- Regards, Waithaka Ngigi Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
@Phares, this line of thinking was has been explored recently at the IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more @ http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-Gov... walu. -------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 10:09 AM I’ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA’s prying eyes, with locally established standards of encryption etc… We’ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles Obbo…. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/44... -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Listers, Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-... It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting. Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data. We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder! However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab? I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up. So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. -- Regards, Waithaka Ngigi Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -----Inline Attachment Follows----- _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Mr. Walubengo, While not present at the IGF, and without a lot hesitation, I respectfully disagree with the view you have shared, that was taken at IGF in relation to securing countries. While there is a need for international cooperation, National Security at the end of the day is a matter for individual countries with various priorities in regard to their security. This also has an impact in terms of relationships between countries. Therefore it would be ill-advised to through security concerns to "International" where we know exactly what that term refers to. Whereas the Internet has crossed boundaries, countries still operate within their borders and laws govern within those borders. The push for internationalization or globalization has been going on for a while but that is a subject for another day. But while each country may not need to build their own email systems ( and they should) there is a need for countries to develop their own online applications and security systems instead of depending on those from other countries for obvious reasons highlighted very well in recent news media. One would be foolish to continue relying on popular western online services for example, for a government's Mission Critical communications and would only blame themselves for consequences of such strategies. Regards Sammy Buruchara On 10/31/13 11:10 AM, "Walubengo J" <[email protected]> wrote:
@Phares,
this line of thinking was has been explored recently at the IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more @ http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
walu.
-------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 10:09 AM
I¹ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA¹s prying eyes, with locally established standards of encryption etc We¹ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles Obbo. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/ 440808/2053660/-/j8oy4g/-/index.html -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Listers,
Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/ e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting.
Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data.
We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder!
However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab?
I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up.
So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. --
Regards,
Waithaka Ngigi
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000
www.at.co.ke
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -----Inline Attachment Follows-----
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40me.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Listers There is a case for a hybrid approach to Internet Security and Governance. No one wants Balkanisation of the Internet but no one also wants one country controlling most of the levers that run the Internet running roughshod over everyone else!! Here is a telling interview from the NSA Director on the latest #SnowdenAffair http://www.bloomberg.com/video/snowden-leaks-increase-threat-of-attack-alexa... Judge for yourself...and as you do that think about all the emails that run on google apps and yahoo and Microsoft platforms including most of the senior guys in county government and possibly national government.. I shudder to think that we have institutions like the NIS and ICTA and CCK and this practice is still going on in Government.lets not even start with Private Companies.. Sitting Ducks is what we are.. Ali Hussein +254 0770 906375 / 0713 601113 "Kujikwaa si kuanguka, bali ni kwenda mbele" (To stumble is not to fall but a sign of going forward) - Swahili Proverb Sent from my iPad
On Oct 31, 2013, at 11:24 AM, Sammy Buruchara <[email protected]> wrote:
Mr. Walubengo,
While not present at the IGF, and without a lot hesitation, I respectfully disagree with the view you have shared, that was taken at IGF in relation to securing countries.
While there is a need for international cooperation, National Security at the end of the day is a matter for individual countries with various priorities in regard to their security. This also has an impact in terms of relationships between countries. Therefore it would be ill-advised to through security concerns to "International" where we know exactly what that term refers to.
Whereas the Internet has crossed boundaries, countries still operate within their borders and laws govern within those borders. The push for internationalization or globalization has been going on for a while but that is a subject for another day.
But while each country may not need to build their own email systems ( and they should) there is a need for countries to develop their own online applications and security systems instead of depending on those from other countries for obvious reasons highlighted very well in recent news media. One would be foolish to continue relying on popular western online services for example, for a government's Mission Critical communications and would only blame themselves for consequences of such strategies.
Regards Sammy Buruchara
On 10/31/13 11:10 AM, "Walubengo J" <[email protected]> wrote:
@Phares,
this line of thinking was has been explored recently at the IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more @ http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
walu.
-------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 10:09 AM
I¹ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA¹s prying eyes, with locally established standards of encryption etcŠ We¹ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles ObboŠ. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/ 440808/2053660/-/j8oy4g/-/index.html -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Listers,
Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/ e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting.
Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data.
We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder!
However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab?
I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up.
So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. --
Regards,
Waithaka Ngigi
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000
www.at.co.ke
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -----Inline Attachment Follows-----
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40me.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
On Thu, 2013-10-31 at 11:59 +0300, Ali Hussein wrote:
Listers
There is a case for a hybrid approach to Internet Security and Governance. No one wants Balkanisation of the Internet but no one also wants one country controlling most of the levers that run the Internet running roughshod over everyone else!!
I believe that the owner of an e-mail account should have their mailbox as close as they can to themselves. If its a company mail box - host the mail server at the office. If its for a private individual, use the local ISP. I can not see a need to use services such as gmail - unless the service at the ISP or your company is completely dreadful. That should be an opportunity to get things fixed. Keeping mail as local as possible should just make common sense. The same holds for web sites - unless your target audience is worldwide and evenly dispersed. If a website has a local orientation - it should be local. I guess the same could be said for the Domain names that are used. "Cloud" storage (the fancy newish name for keeping systems in an ISP's Data-Centre - which has been around for years) - should be localised or at least in the same country. The primary reason for not doing this would be for disaster recovery purposes - where you require a copy of your data a hundred or more kilometres from where you are for "safety" sake.. All of the above should help local connectivity grow in speed/efficiency and drop in price. This should not stop the Internet as a whole from continuing to be important. Fragmentation would be bad, really bad. Building new international fibre links - eg BRICS - Brazil --> South Africa --> India --> China --> Russia - is a good thing. More redundant links. I'm pretty sure though that all the BRICS Intelligent Agencies will snoop the packets... I believe that people are chowing out the US Government (as they got caught last) - to move attention from the fact that other governments are also doing the same thing or wishing they could do the same - and would if they technically could. Being English - I guess I have the attitude that as I'm not doing anything "wrong" in the Internet - my data should pass beneath the radar. I (hmm..) trust my government. Of course certain entities could be (OK - probably are) using my data for nefarious purposes... Its going to happen, or rather is and has been happening for years. The Internet is just more efficient and the world just a bit smaller. -- . . ___. .__ Posix Systems - (South) Africa /| /| / /__ [email protected] - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
On 31 October 2013 15:28, Mark Elkins <[email protected]> wrote:
On Thu, 2013-10-31 at 11:59 +0300, Ali Hussein wrote:
Listers
There is a case for a hybrid approach to Internet Security and Governance. No one wants Balkanisation of the Internet but no one also wants one country controlling most of the levers that run the Internet running roughshod over everyone else!!
I believe that the owner of an e-mail account should have their mailbox as close as they can to themselves. If its a company mail box - host the mail server at the office. If its for a private individual, use the local ISP. I can not see a need to use services such as gmail - unless the service at the ISP or your company is completely dreadful. That should be an opportunity to get things fixed.
Keeping mail as local as possible should just make common sense.
+1 Mark I feel you. I wonder if there is a study on how much users of the global south pay for data transit because most of the content is hosted in the global north. The same holds for web sites - unless your target audience is worldwide
and evenly dispersed. If a website has a local orientation - it should be local. I guess the same could be said for the Domain names that are used.
+1 .de and .za have done wonderful in this aspect.
"Cloud" storage (the fancy newish name for keeping systems in an ISP's Data-Centre - which has been around for years) - should be localised or at least in the same country. The primary reason for not doing this would be for disaster recovery purposes - where you require a copy of your data a hundred or more kilometres from where you are for "safety" sake..
All of the above should help local connectivity grow in speed/efficiency and drop in price.
This should not stop the Internet as a whole from continuing to be important. Fragmentation would be bad, really bad. Building new international fibre links - eg BRICS - Brazil --> South Africa --> India --> China --> Russia - is a good thing. More redundant links. I'm pretty sure though that all the BRICS Intelligent Agencies will snoop the packets...
I believe that people are chowing out the US Government (as they got caught last) - to move attention from the fact that other governments are also doing the same thing or wishing they could do the same - and would if they technically could.
Being English - I guess I have the attitude that as I'm not doing anything "wrong" in the Internet - my data should pass beneath the radar. I (hmm..) trust my government. Of course certain entities could be (OK - probably are) using my data for nefarious purposes...
Its going to happen, or rather is and has been happening for years. The Internet is just more efficient and the world just a bit smaller.
-- . . ___. .__ Posix Systems - (South) Africa /| /| / /__ [email protected] - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafr...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
______________________ Mwendwa Kivuva twitter.com/lordmwesh google ID | Skype ID: lordmwesh
+1 Sammy ______________________ Mwendwa Kivuva twitter.com/lordmwesh google ID | Skype ID: lordmwesh On 31 October 2013 11:24, Sammy Buruchara <[email protected]> wrote:
Mr. Walubengo,
While not present at the IGF, and without a lot hesitation, I respectfully disagree with the view you have shared, that was taken at IGF in relation to securing countries.
While there is a need for international cooperation, National Security at the end of the day is a matter for individual countries with various priorities in regard to their security. This also has an impact in terms of relationships between countries. Therefore it would be ill-advised to through security concerns to "International" where we know exactly what that term refers to.
Whereas the Internet has crossed boundaries, countries still operate within their borders and laws govern within those borders. The push for internationalization or globalization has been going on for a while but that is a subject for another day.
But while each country may not need to build their own email systems ( and they should) there is a need for countries to develop their own online applications and security systems instead of depending on those from other countries for obvious reasons highlighted very well in recent news media. One would be foolish to continue relying on popular western online services for example, for a government's Mission Critical communications and would only blame themselves for consequences of such strategies.
Regards Sammy Buruchara
On 10/31/13 11:10 AM, "Walubengo J" <[email protected]> wrote:
@Phares,
this line of thinking was has been explored recently at the IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more @
http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G
overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
walu.
-------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 10:09 AM
I¹ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA¹s prying eyes, with locally established standards of encryption etcŠ We¹ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles ObboŠ.
http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/
440808/2053660/-/j8oy4g/-/index.html -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Listers,
Just came across this
http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link
s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/ e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting.
Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data.
We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder!
However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab?
I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up.
So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. --
Regards,
Waithaka Ngigi
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000
www.at.co.ke
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -----Inline Attachment Follows-----
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40me.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafr...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
@Phares,
this line of thinking was has been explored recently at
a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more @ http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
walu.
-------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 10:09 AM
I¹ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA¹s prying eyes, with locally established standards of encryption etcŠ We¹ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles ObboŠ. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/ 440808/2053660/-/j8oy4g/-/index.html -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Listers,
Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/ e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting.
Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data.
We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder!
However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab?
I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up.
So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. --
Regards,
Waithaka Ngigi
Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building
T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000
www.at.co.ke
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -----Inline Attachment Follows-----
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40me.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or
@Sammy, You've lost me. I agree with what you say below, that I am confused and still searching for the point of disagreement... walu. -------------------------------------------- On Thu, 10/31/13, Sammy Buruchara <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <[email protected]> Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 11:24 AM Mr. Walubengo, While not present at the IGF, and without a lot hesitation, I respectfully disagree with the view you have shared, that was taken at IGF in relation to securing countries. While there is a need for international cooperation, National Security at the end of the day is a matter for individual countries with various priorities in regard to their security. This also has an impact in terms of relationships between countries. Therefore it would be ill-advised to through security concerns to "International" where we know exactly what that term refers to. Whereas the Internet has crossed boundaries, countries still operate within their borders and laws govern within those borders. The push for internationalization or globalization has been going on for a while but that is a subject for another day. But while each country may not need to build their own email systems ( and they should) there is a need for countries to develop their own online applications and security systems instead of depending on those from other countries for obvious reasons highlighted very well in recent news media. One would be foolish to continue relying on popular western online services for example, for a government's Mission Critical communications and would only blame themselves for consequences of such strategies. Regards Sammy Buruchara On 10/31/13 11:10 AM, "Walubengo J" <[email protected]> wrote: the IGF and I had personalize, respect
privacy, do not spam, do not market your wares or qualifications.
Search engines will be largely unaffected btw. Search engines don’t go through your mail etc… The internet services that are centralised will remain centralised (basic web hosting/blogs etc). However, mail, internal applications etc still have to be secured… There’s data that we don’t mind being publicly accessible (e.g. The Nation Media Group website), and there’s data that the NSA/Search engines etc should not have access to (e.g. My banking records, my health records etc). We need to bring the latter back home simply because the US has proven it cannot be trusted… It’s not that the galvanised internet is the best option, it’s simply a compromise because some people have broken trust… -- Phares Kariuki From: Walubengo J Walubengo J Reply: Walubengo J [email protected] Date: October 31, 2013 at 11:10:34 AM To: Phares Kariuki [email protected] Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? @Phares, this line of thinking was has been explored recently at the IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more @ http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-Gov... walu. -------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 10:09 AM I’ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA’s prying eyes, with locally established standards of encryption etc… We’ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles Obbo…. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/44... -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Listers, Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-... It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting. Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data. We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder! However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab? I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up. So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. -- Regards, Waithaka Ngigi Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -----Inline Attachment Follows----- _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: We need to bring the latter back home simply because the US has proven it cannot be trusted… It’s not that the galvanised internet is the best option, it’s simply a compromise because some people have broken trust…
I totally agree. I am for local content, local hosting, local, local this and the other. What I find difficult to understand is the myth that once something is local, then it is safer.
We need to be careful not to mix security with being local. Let us have two independent tracks on the issues. Lets build local content to increase uptake, reduce latency, perhaps pricing, etc. But I would hate to imagine our NSIS director briefing our President that we are very secure because we have made all our ICT infrastructure local. ICT Security is often discussed under CIA - Confidentiality, Integrity, and Availability (not central intelligence agency :-). I want to believe the geographic location of your data cannot save you, if your CIA procedures are poor. So if we want to be secure, lets put the emphasis where it should be. walu. nb: Osama bin laden was as local and as manual as you can get. US folks still smoked him out. -------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <[email protected]> Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 11:58 AM Search engines will be largely unaffected btw. Search engines don’t go through your mail etc… The internet services that are centralised will remain centralised (basic web hosting/blogs etc). However, mail, internal applications etc still have to be secured… There’s data that we don’t mind being publicly accessible (e.g. The Nation Media Group website), and there’s data that the NSA/Search engines etc should not have access to (e.g. My banking records, my health records etc). We need to bring the latter back home simply because the US has proven it cannot be trusted… It’s not that the galvanised internet is the best option, it’s simply a compromise because some people have broken trust… -- Phares Kariuki From: Walubengo J Walubengo J Reply: Walubengo J [email protected] Date: October 31, 2013 at 11:10:34 AM To: Phares Kariuki [email protected] Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? @Phares, this line of thinking was has been explored recently at the IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries. The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more @ http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-Gov... walu. -------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 10:09 AM I’ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA’s prying eyes, with locally established standards of encryption etc… We’ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles Obbo…. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/44... -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Listers, Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-... It looks like Google might have been caught by the NSA with their pants down since hacking into their Data Transport layer simply gives up all the secrets that encryption is supposed to be protecting. Now, moving on swiftly to the local setup, I am also concerned that even as we look to start pushing for National Standards of Encryption through the PKI project, whether we as a country have come together to review and see how to protect our countries intelligence and data. We also know for a fact that the US was busy tapping into World Leaders phones, and I can bet if there are a few presidents to be 'tapped' in Africa, ours should be way up on that ladder! However, more worrying would be, how protected are our internal networks from such tapping, even from locals? Could there be a guy who has tapped into Safaricoms internal network and is busy reading every email, chat that is flying through and perhaps selling such information to our erstwhile enemies the Al-Shabbab? I was once very surprised when a personal friend got a transcript of all his calls, and chat messages, word-for-word for the previous past 6 months, dug up from one of the local Telcos. The ease with which such information was availed appalled me as it clearly means that the Telcos clearly store all our chats, and such records in clear text months after we have used them and a guy with basic SQL knowledge just needs to hack into the network (easy) and call them up. So, as we continue with the PKI project, there are really very basic things on security of data that we as a nation haven't even dealt with. -- Regards, Waithaka Ngigi Chief Executive Officer | Alliance Technologies | MCK Nairobi Synod Building T + 254 (0) 20 2333 471 |Office Mobile: +254 786 28 28 28 | M + 254 737 811 000 www.at.co.ke _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -----Inline Attachment Follows----- _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
On 31 October 2013 16:49, Walubengo J <[email protected]> wrote:
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: We need to bring the latter back home simply because the US has proven it cannot be trusted… It’s not that the galvanised internet is the best option, it’s simply a compromise because some people have broken trust…
I totally agree. I am for local content, local hosting, local, local this and the other. What I find difficult to understand is the myth that once something is local, then it is safer.
Walu, not necessarily a myth, maybe a fallacy. If your classified data is out there with third party hosts, you have already given it away. You have no control on how it will be used, even with slogans like "don't be evil". :) On the other hand, if you have hosted your content, you are the master of your fate. Your competence will determine the security level you give your sensitive data. We need to be careful not to mix security with being local. Let us have two
independent tracks on the issues. Lets build local content to increase uptake, reduce latency, perhaps pricing, etc. But I would hate to imagine our NSIS director briefing our President that we are very secure because we have made all our ICT infrastructure local.
ICT Security is often discussed under CIA - Confidentiality, Integrity, and Availability (not central intelligence agency :-). I want to believe the geographic location of your data cannot save you, if your CIA procedures are poor. So if we want to be secure, lets put the emphasis where it should be.
walu. nb: Osama bin laden was as local and as manual as you can get. US folks still smoked him out.
______________________ Mwendwa Kivuva twitter.com/lordmwesh google ID | Skype ID: lordmwesh
Walu, I beg to differ. Even if you outsourced internet security, I wonder how you would outsource the risks.This issue is not just about governments snooping. Less reported and even much more are private parties ruthlessly spying on others while pursuing commercial gain against competitors and you will be shocked to learn the extent to which they can go. As more and more governments and companies go online, the stakes become higher and higher as opportunities to make huge returns increase. Cyber security is no longer an option, it is essential. We have CID chief,NSIS chief etc. Cyber threats are even greater since the enemy is global and often invisible. So who is the Cybersecurity Chief in Kenya? John Kariuki On Thursday, 31 October 2013, 19:14, Kivuva <[email protected]> wrote: On 31 October 2013 16:49, Walubengo J <[email protected]> wrote:
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
We need to bring the latter back home simply because the US has proven it cannot be trusted… It’s not that the galvanised internet is the best option, it’s simply a compromise because some people have broken trust…
I totally agree. I am for local content, local hosting, local, local this and the other. What I find difficult to understand is the myth that once something is local, then it is safer.
Walu, not necessarily a myth, maybe a fallacy. If your classified data is out there with third party hosts, you have already given it away. You have no control on how it will be used, even with slogans like "don't be evil". :) On the other hand, if you have hosted your content, you are the master of your fate. Your competence will determine the security level you give your sensitive data. We need to be careful not to mix security with being local. Let us have two independent tracks on the issues. Lets build local content to increase uptake, reduce latency, perhaps pricing, etc. But I would hate to imagine our NSIS director briefing our President that we are very secure because we have made all our ICT infrastructure local.
ICT Security is often discussed under CIA - Confidentiality, Integrity, and Availability (not central intelligence agency :-). I want to believe the geographic location of your data cannot save you, if your CIA procedures are poor. So if we want to be secure, lets put the emphasis where it should be.
walu. nb: Osama bin laden was as local and as manual as you can get. US folks still smoked him out.
______________________
Mwendwa Kivuva twitter.com/lordmwesh google ID | Skype ID: lordmwesh _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngethe.kariuki2007%40y... The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Walu, I would like emphasize the need for us to mix security and locally hosted data, contrary to your assertions. If your data is local and is snooped on, you have a legal recourse with the local hosting provider. But if the data is stored in the USA for example, any legal action against the provider can prove to be a daunting task. Whether government or private data, any snooping on the data would have consequences as spelt out in the communication act. While we cannot rule out hacking of even local content, or guarantee its safety 100 percent for locally hosted data, at least there is a starting point and legal framework for dealing with such acts. Next would be increasing our competences in securing the data. Regards Sammy Buruchara On 10/31/13 4:49 PM, "Walubengo J" <[email protected]> wrote:
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: We need to bring the latter back home simply because the US has proven it cannot be trusted It¹s not that the galvanised internet is the best option, it¹s simply a compromise because some people have broken trust
I totally agree. I am for local content, local hosting, local, local this and the other. What I find difficult to understand is the myth that once something is local, then it is safer.
We need to be careful not to mix security with being local. Let us have two independent tracks on the issues. Lets build local content to increase uptake, reduce latency, perhaps pricing, etc. But I would hate to imagine our NSIS director briefing our President that we are very secure because we have made all our ICT infrastructure local.
ICT Security is often discussed under CIA - Confidentiality, Integrity, and Availability (not central intelligence agency :-). I want to believe the geographic location of your data cannot save you, if your CIA procedures are poor. So if we want to be secure, lets put the emphasis where it should be.
walu. nb: Osama bin laden was as local and as manual as you can get. US folks still smoked him out.
-------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <[email protected]> Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 11:58 AM
Search engines will be largely unaffected btw. Search engines don¹t go through your mail etc The internet services that are centralised will remain centralised (basic web hosting/blogs etc). However, mail, internal applications etc still have to be secured There¹s data that we don¹t mind being publicly accessible (e.g. The Nation Media Group website), and there¹s data that the NSA/Search engines etc should not have access to (e.g. My banking records, my health records etc). We need to bring the latter back home simply because the US has proven it cannot be trusted It¹s not that the galvanised internet is the best option, it¹s simply a compromise because some people have broken trust -- Phares Kariuki From: Walubengo J Walubengo J Reply: Walubengo J [email protected] Date: October 31, 2013 at 11:10:34 AM To: Phares Kariuki [email protected] Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? @Phares,
this line of thinking was has been explored recently at the IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more
@
http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
walu.
--------------------------------------------
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Cc: "KICTAnet ICT Policy Discussions" <[email protected]>
Date: Thursday, October 31, 2013, 10:09 AM
I¹ll very selfishly
advocate for an increased uptake of local cloud services,
away from the NSA¹s prying eyes, with locally established
standards of encryption etc
We¹ve got capable
universities that can assist in coming up with new
encryption etc standards for the military &
government.
Interesting article by
Charles
Obbo. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/ 440808/2053660/-/j8oy4g/-/index.html
--
Phares Kariuki
From: Ngigi
Waithaka Ngigi Waithaka
Reply: Ngigi Waithaka
Date: October 31, 2013 at
9:12:10 AM
To: Phares Kariuki [email protected]
Subject: [kictanet] NSA
Tapping into Google & Yahoo Networks? How is Kenya
protected?
Listers,
Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/ e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
It looks like Google might have been caught by the NSA
with
their pants down since hacking into their Data Transport
layer
simply gives up all the secrets that encryption is supposed
to be
protecting.
Now, moving on swiftly to the local setup, I am also
concerned
that even as we look to start pushing for National Standards
of
Encryption through the PKI project, whether we as a country
have
come together to review and see how to protect our countries
intelligence and data.
We also know for a fact that the US was busy tapping
into
World Leaders phones, and I can bet if there are a few
presidents
to be 'tapped' in Africa, ours should be way up on
that
ladder!
However, more worrying would be, how protected are our
internal networks from such tapping, even from locals? Could
there
be a guy who has tapped into Safaricoms internal network and
is
busy reading every email, chat that is flying through and
perhaps
selling such information to our erstwhile enemies the
Al-Shabbab?
I was once very surprised when a personal friend got a
transcript of all his calls, and chat messages,
word-for-word for
the previous past 6 months, dug up from one of the local
Telcos.
The ease with which such information was availed appalled me
as it
clearly means that the Telcos clearly store all our chats,
and such
records in clear text months after we have used them and a
guy with
basic SQL knowledge just needs to hack into the network
(easy) and
call them up.
So, as we continue with the PKI project, there are
really very
basic things on security of data that we as a nation
haven't even
dealt with.
--
Regards,
Waithaka
Ngigi
Chief Executive Officer
| Alliance
Technologies | MCK Nairobi
Synod
Building
T +
254 (0)
20 2333 471 |Office
Mobile: +254 786 28 28 28 | M +
254 737 811 000
www.at.co.ke
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and institutions
interested and involved in ICT policy and regulation. The
network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled growth
and development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't
flame or abuse or personalize, respect privacy, do not spam,
do not market your wares or
qualifications.
-----Inline Attachment Follows-----
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and institutions
interested and involved in ICT policy and regulation. The
network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled growth
and development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't flame
or abuse or personalize, respect privacy, do not spam, do
not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40mac.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: We need to bring the latter back home simply because the US has proven it cannot be trustedŠ It¹s not that the galvanised internet is the best option, it¹s simply a compromise because some people have broken trustŠ
I totally agree. I am for local content, local hosting, local, local this and the other. What I find difficult to understand is the myth that once something is local, then it is safer.
We need to be careful not to mix security with being local. Let us have two independent tracks on the issues. Lets build local content to increase uptake, reduce latency, perhaps pricing, etc. But I would hate to imagine our NSIS director briefing our President that we are very secure because we have made all our ICT infrastructure local.
ICT Security is often discussed under CIA - Confidentiality, Integrity, and Availability (not central intelligence agency :-). I want to believe the geographic location of your data cannot save you, if your CIA procedures are poor. So if we want to be secure, lets
where it should be. walu. nb: Osama bin laden was as local and as manual as you can get. US folks still smoked him out.
-------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <[email protected]> Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 11:58 AM
Search engines will be largely unaffected btw. Search engines don¹t go
your mail etcŠ The internet services that are centralised will remain centralised (basic web hosting/blogs etc). However, mail, internal applications etc still have to be securedŠ There¹s data that we don¹t mind being publicly accessible (e.g. The Nation Media Group website), and there¹s data that the NSA/Search engines etc should not have access to (e.g. My banking records, my health records etc). We need to bring the latter back home simply because the US has proven it cannot be trustedŠ It¹s not that the galvanised internet is
best option, it¹s simply a compromise because some
have broken trustŠ -- Phares Kariuki From: Walubengo J Walubengo J Reply: Walubengo J [email protected] Date: October 31, 2013 at 11:10:34 AM To: Phares Kariuki [email protected] Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? @Phares,
this line of thinking was has been explored recently at
IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national
and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more
@
http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
walu.
--------------------------------------------
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Cc: "KICTAnet ICT Policy Discussions" <[email protected]>
Date: Thursday, October 31, 2013, 10:09 AM
I¹ll very selfishly
advocate for an increased uptake of local cloud services,
away from the NSA¹s prying eyes, with locally established
standards of encryption etcŠ
We¹ve got capable
universities that can assist in coming up with new
encryption etc standards for the military &
government.
Interesting article by
Charles
ObboŠ. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/ 440808/2053660/-/j8oy4g/-/index.html
--
Phares Kariuki
From: Ngigi
Waithaka Ngigi Waithaka
Reply: Ngigi Waithaka
Date: October 31, 2013 at
9:12:10 AM
To: Phares Kariuki [email protected]
Subject: [kictanet] NSA
Tapping into Google & Yahoo Networks? How is Kenya
protected?
Listers,
Just came across this http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/ e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
It looks like Google might have been caught by
I see the point and concede that local hosting affords the national goverments some leverage with regards to holding organisations liable in the event of a security breach. However, for this to happen, we need to enact the Data Protection Act - otherwise I still feel local hosting on its own, will not necessary increase information security. walu. -------------------------------------------- On Fri, 11/1/13, Sammy Buruchara <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <[email protected]> Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Friday, November 1, 2013, 4:46 AM Walu, I would like emphasize the need for us to mix security and locally hosted data, contrary to your assertions. If your data is local and is snooped on, you have a legal recourse with the local hosting provider. But if the data is stored in the USA for example, any legal action against the provider can prove to be a daunting task. Whether government or private data, any snooping on the data would have consequences as spelt out in the communication act. While we cannot rule out hacking of even local content, or guarantee its safety 100 percent for locally hosted data, at least there is a starting point and legal framework for dealing with such acts. Next would be increasing our competences in securing the data. Regards Sammy Buruchara On 10/31/13 4:49 PM, "Walubengo J" <[email protected]> wrote: put the emphasis through the people the pride the NSA
with
their pants down since hacking into their Data
Transport
layer
simply gives up all the secrets that encryption
is supposed
to be
protecting.
Now, moving on swiftly to the local setup, I am
also
concerned
that even as we look to start pushing for
Standards
of
Encryption through the PKI project, whether we as a country
have
come together to review and see how to protect our countries
intelligence and data.
We also know for a fact that the US was busy tapping
into
World Leaders phones, and I can bet if there are a few
presidents
to be 'tapped' in Africa, ours should be way up on
that
ladder!
However, more worrying would be, how protected are our
internal networks from such tapping, even from locals? Could
there
be a guy who has tapped into Safaricoms internal network and
is
busy reading every email, chat that is flying
National through and
perhaps
selling such information to our erstwhile enemies
the
Al-Shabbab?
I was once very surprised when a personal friend
got a
transcript of all his calls, and chat messages,
word-for-word for
the previous past 6 months, dug up from one of
the local
Telcos.
The ease with which such information was availed
me
as it
clearly means that the Telcos clearly store all our chats,
and such
records in clear text months after we have used
appalled them and a
guy with
basic SQL knowledge just needs to hack into the
network
(easy) and
call them up.
So, as we continue with the PKI project, there
are
really very
basic things on security of data that we as a
nation
haven't even
dealt with.
--
Regards,
Waithaka
Ngigi
Chief Executive Officer
| Alliance
Technologies | MCK Nairobi
Synod
Building
T +
254 (0)
20 2333 471 |Office
Mobile: +254 786 28 28 28 | M +
254 737 811 000
www.at.co.ke
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and
institutions
interested and involved in ICT policy and
regulation. The
network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT
enabled growth
and development.
KICTANetiquette : Adhere to the same standards
acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't
flame or abuse or personalize, respect privacy, do not spam,
do not market your wares or
qualifications.
-----Inline Attachment Follows-----
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and institutions
interested and involved in ICT policy and regulation. The
network aims to act as a catalyst for reform in
of the ICT
sector in support of the national aim of ICT
enabled growth
and development.
KICTANetiquette : Adhere to the same standards
acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't flame
or abuse or personalize, respect privacy, do not spam, do
not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40mac.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or
of personalize, respect
privacy, do not spam, do not market your wares or qualifications.
+1 Mark. On Nov 4, 2013 9:08 AM, "Walubengo J" <[email protected]> wrote:
I see the point and concede that local hosting affords the national goverments some leverage with regards to holding organisations liable in the event of a security breach.
However, for this to happen, we need to enact the Data Protection Act - otherwise I still feel local hosting on its own, will not necessary increase information security.
walu.
-------------------------------------------- On Fri, 11/1/13, Sammy Buruchara <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <[email protected]> Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Friday, November 1, 2013, 4:46 AM
Walu,
I would like emphasize the need for us to mix security and locally hosted data, contrary to your assertions. If your data is local and is snooped on, you have a legal recourse with the local hosting provider. But if the data is stored in the USA for example, any legal action against the provider can prove to be a daunting task.
Whether government or private data, any snooping on the data would have consequences as spelt out in the communication act. While we cannot rule out hacking of even local content, or guarantee its safety 100 percent for locally hosted data, at least there is a starting point and legal framework for dealing with such acts. Next would be increasing our competences in securing the data.
Regards Sammy Buruchara
On 10/31/13 4:49 PM, "Walubengo J" <[email protected]> wrote:
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote: We need to bring the latter back home simply because the US has proven it cannot be trustedŠ It¹s not that the galvanised internet is the best option, it¹s simply a compromise because some people have broken trustŠ
I totally agree. I am for local content, local hosting, local, local this and the other. What I find difficult to understand is the myth that once something is local, then it is safer.
We need to be careful not to mix security with being local. Let us have two independent tracks on the issues. Lets build local content to increase uptake, reduce latency, perhaps pricing, etc. But I would hate to imagine our NSIS director briefing our President that we are very secure because we have made all our ICT infrastructure local.
ICT Security is often discussed under CIA - Confidentiality, Integrity, and Availability (not central intelligence agency :-). I want to believe the geographic location of your data cannot save you, if your CIA procedures are poor. So if we want to be secure, lets put the emphasis where it should be.
walu. nb: Osama bin laden was as local and as manual as you can get. US folks still smoked him out.
-------------------------------------------- On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "Walubengo J" <[email protected]> Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 11:58 AM
Search engines will be largely unaffected btw. Search engines don¹t go through your mail etcŠ The internet services that are centralised will remain centralised (basic web hosting/blogs etc). However, mail, internal applications etc still have to be securedŠ There¹s data that we don¹t mind being publicly accessible (e.g. The Nation Media Group website), and there¹s data that the NSA/Search engines etc should not have access to (e.g. My banking records, my health records etc). We need to bring the latter back home simply because the US has proven it cannot be trustedŠ It¹s not that the galvanised internet is the best option, it¹s simply a compromise because some people have broken trustŠ -- Phares Kariuki From: Walubengo J Walubengo J Reply: Walubengo J [email protected] Date: October 31, 2013 at 11:10:34 AM To: Phares Kariuki [email protected] Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? @Phares,
this line of thinking was has been explored recently at the IGF and I had a different angle to it and I quote:
Whereas having each economy build its own email, social media and other web-based systems may provide national pride and a debatable sense of national security, it unfortunately goes towards balkanising the Internet along existing national geographic boundaries.
The final effect will be a diminished value for online services. Search engines will end up with only a localised or national view of data, as opposed to the more international view currently enjoyed by keeping the Internet open and global.
more
@
http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G
overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
walu.
--------------------------------------------
On Thu, 10/31/13, Phares Kariuki <[email protected]> wrote:
Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Cc: "KICTAnet ICT Policy Discussions" <[email protected]>
Date: Thursday, October 31, 2013, 10:09 AM
I¹ll very selfishly
advocate for an increased uptake of local cloud services,
away from the NSA¹s prying eyes, with locally established
standards of encryption etcŠ
We¹ve got capable
universities that can assist in coming up with new
encryption etc standards for the military &
government.
Interesting article by
Charles
ObboŠ.
http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/
440808/2053660/-/j8oy4g/-/index.html
--
Phares Kariuki
From: Ngigi
Waithaka Ngigi Waithaka
Reply: Ngigi Waithaka
Date: October 31, 2013 at
9:12:10 AM
To: Phares Kariuki [email protected]
Subject: [kictanet] NSA
Tapping into Google & Yahoo Networks? How is Kenya
protected?
Listers,
Just came across this
http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link
s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/ e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
It looks like Google might have been caught by the NSA
with
their pants down since hacking into their Data Transport
layer
simply gives up all the secrets that encryption is supposed
to be
protecting.
Now, moving on swiftly to the local setup, I am also
concerned
that even as we look to start pushing for National Standards
of
Encryption through the PKI project, whether we as a country
have
come together to review and see how to protect our countries
intelligence and data.
We also know for a fact that the US was busy tapping
into
World Leaders phones, and I can bet if there are a few
presidents
to be 'tapped' in Africa, ours should be way up on
that
ladder!
However, more worrying would be, how protected are our
internal networks from such tapping, even from locals? Could
there
be a guy who has tapped into Safaricoms internal network and
is
busy reading every email, chat that is flying through and
perhaps
selling such information to our erstwhile enemies the
Al-Shabbab?
I was once very surprised when a personal friend got a
transcript of all his calls, and chat messages,
word-for-word for
the previous past 6 months, dug up from one of the local
Telcos.
The ease with which such information was availed appalled me
as it
clearly means that the Telcos clearly store all our chats,
and such
records in clear text months after we have used them and a
guy with
basic SQL knowledge just needs to hack into the network
(easy) and
call them up.
So, as we continue with the PKI project, there are
really very
basic things on security of data that we as a nation
haven't even
dealt with.
--
Regards,
Waithaka
Ngigi
Chief Executive Officer
| Alliance
Technologies | MCK Nairobi
Synod
Building
T +
254 (0)
20 2333 471 |Office
Mobile: +254 786 28 28 28 | M +
254 737 811 000
www.at.co.ke
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and
institutions
interested and involved in ICT policy and
regulation. The
network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT
enabled growth
and development.
KICTANetiquette : Adhere to the same standards
acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't
flame or abuse or personalize, respect privacy, do not spam,
do not market your wares or
qualifications.
-----Inline Attachment Follows-----
_______________________________________________
kictanet mailing list
https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
The Kenya ICT Action Network (KICTANet) is a
multi-stakeholder platform for people and institutions
interested and involved in ICT policy and regulation. The
network aims to act as a catalyst for reform in
of the ICT
sector in support of the national aim of ICT
enabled growth
and development.
KICTANetiquette : Adhere to the same standards
of
acceptable
behaviors online that you follow in real life: respect
people's times and bandwidth, share knowledge, don't flame
or abuse or personalize, respect privacy, do not spam, do
not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40mac.com
The Kenya ICT Action Network (KICTANet) is a
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or
multi-stakeholder platform personalize, respect
privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
in the last few years the amount of traffic routed through the usa by other countries has dropped because of the same concerns Sent from Yahoo! Mail on Android
Watila, Even though you dont quote your sources, I suspect it is true that Internet traffic routed through the USA is reducing. But I doubt that it has anything to do with security issues because technically, as you know internet routing is based on "best-effort" principles. Packets look for the most efficient routes which happen to be around the biggest Internet eXchange Points (IXPs). It so happens that rapid internet uptake in Asia Pacific (China, Korea, India, Indonesia etc), is presenting newer and bigger IXPs as those in the US reach maturity levels. And so the internet geography is indeed changing and more internet routing is going to be happening in Asia Pacific (think China). That's why for me, the emphasis on the geography (where packets are routed) at the expense of the principles and practices of cyber-security is quite worrying. walu. -------------------------------------------- On Thu, 10/31/13, Watila Alex <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 4:10 PM in the last few years the amount of traffic routed through the usa by other countries has dropped because of the same concerns Sent from Yahoo! Mail on Android From: Phares Kariuki <[email protected]>; To: <[email protected]>; Cc: KICTAnet ICT Policy Discussions <[email protected]>; Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Sent: Thu, Oct 31, 2013 7:09:34 AM I’ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA’s prying eyes, with locally established standards of encryption etc… We’ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles Obbo…. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/44... -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? -----Inline Attachment Follows----- _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Walu, See the link http://www.nytimes.com/2008/08/30/business/30pipes.html?_r=2&pagewanted=all& Internet Traffic Begins to Bypass the U.S. “Since passage of the Patriot Act, many companies based outside of the United States have been reluctant to store client information in the U.S.,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “There is an ongoing concern that U.S. intelligence agencies will gather this information without legal process. There is particular sensitivity about access to financial information as well as communications and Internet traffic that goes through U.S. switches.” -----Original Message----- From: kictanet [mailto:[email protected]] On Behalf Of Walubengo J Sent: Thursday, October 31, 2013 5:33 PM To: [email protected] Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Watila, Even though you dont quote your sources, I suspect it is true that Internet traffic routed through the USA is reducing. But I doubt that it has anything to do with security issues because technically, as you know internet routing is based on "best-effort" principles. Packets look for the most efficient routes which happen to be around the biggest Internet eXchange Points (IXPs). It so happens that rapid internet uptake in Asia Pacific (China, Korea, India, Indonesia etc), is presenting newer and bigger IXPs as those in the US reach maturity levels. And so the internet geography is indeed changing and more internet routing is going to be happening in Asia Pacific (think China). That's why for me, the emphasis on the geography (where packets are routed) at the expense of the principles and practices of cyber-security is quite worrying. walu. -------------------------------------------- On Thu, 10/31/13, Watila Alex <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 4:10 PM in the last few years the amount of traffic routed through the usa by other countries has dropped because of the same concerns Sent from Yahoo! Mail on Android From: Phares Kariuki <[email protected]>; To: <[email protected]>; Cc: KICTAnet ICT Policy Discussions <[email protected]>; Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Sent: Thu, Oct 31, 2013 7:09:34 AM I’ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA’s prying eyes, with locally established standards of encryption etc… We’ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles Obbo…. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/44... -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? -----Inline Attachment Follows----- _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/awatila%40yahoo.co.uk The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
@Watila, OK. Looks true that security concerns were driving data away from the US as far back as 2008. But still the same article points to my earlier fact that Asia's internet traffic was growing exponentially such that the bulk of internet data exchange was to eventually shift outside the US - with or without the US Patriot Act. Bottom line is whether you host locally, abroad or on Pluto, the US will snoop on you if they need to. Only benefit as Sammy puts it, is that at least you get to be sued locally if you happen to be the local data provider who was snooped on :-). walu. -------------------------------------------- On Thu, 10/31/13, Alex Watila <[email protected]> wrote: Subject: RE: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: "'Walubengo J'" <[email protected]> Cc: "'KICTAnet ICT Policy Discussions'" <[email protected]> Date: Thursday, October 31, 2013, 7:35 PM Walu, See the link http://www.nytimes.com/2008/08/30/business/30pipes.html?_r=2&pagewanted=all& Internet Traffic Begins to Bypass the U.S. “Since passage of the Patriot Act, many companies based outside of the United States have been reluctant to store client information in the U.S.,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “There is an ongoing concern that U.S. intelligence agencies will gather this information without legal process. There is particular sensitivity about access to financial information as well as communications and Internet traffic that goes through U.S. switches.” -----Original Message----- From: kictanet [mailto:[email protected]] On Behalf Of Walubengo J Sent: Thursday, October 31, 2013 5:33 PM To: [email protected] Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Watila, Even though you dont quote your sources, I suspect it is true that Internet traffic routed through the USA is reducing. But I doubt that it has anything to do with security issues because technically, as you know internet routing is based on "best-effort" principles. Packets look for the most efficient routes which happen to be around the biggest Internet eXchange Points (IXPs). It so happens that rapid internet uptake in Asia Pacific (China, Korea, India, Indonesia etc), is presenting newer and bigger IXPs as those in the US reach maturity levels. And so the internet geography is indeed changing and more internet routing is going to be happening in Asia Pacific (think China). That's why for me, the emphasis on the geography (where packets are routed) at the expense of the principles and practices of cyber-security is quite worrying. walu. -------------------------------------------- On Thu, 10/31/13, Watila Alex <[email protected]> wrote: Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, October 31, 2013, 4:10 PM in the last few years the amount of traffic routed through the usa by other countries has dropped because of the same concerns Sent from Yahoo! Mail on Android From: Phares Kariuki <[email protected]>; To: <[email protected]>; Cc: KICTAnet ICT Policy Discussions <[email protected]>; Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? Sent: Thu, Oct 31, 2013 7:09:34 AM I’ll very selfishly advocate for an increased uptake of local cloud services, away from the NSA’s prying eyes, with locally established standards of encryption etc… We’ve got capable universities that can assist in coming up with new encryption etc standards for the military & government. Interesting article by Charles Obbo…. http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/44... -- Phares Kariuki From: Ngigi Waithaka Ngigi Waithaka Reply: Ngigi Waithaka [email protected] Date: October 31, 2013 at 9:12:10 AM To: Phares Kariuki [email protected] Subject: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected? -----Inline Attachment Follows----- _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/awatila%40yahoo.co.uk The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
participants (11)
-
Alex Watila -
Ali Hussein -
Barrack Otieno -
John Kariuki -
Kivuva -
Mark Elkins -
Ngigi Waithaka -
Phares Kariuki -
Sammy Buruchara -
Walubengo J -
Watila Alex