Warigia, In my view, the assessment of CCK's performance in respect to Universal Access Fund is not fair. I say this because the legal framework for the Universal Service Fund (USF) is barely three years old (i.e. the Kenya Information and Communications Act of 2009 and the Kenya Information and Communications Universal Access and Service Regulations of 2010). It is these pieces of legislation that charge CCK with the responsibility of managing and administering the Fund. From the date USF's legal instruments were put in place, the issue of doing nothing in the last six years does not arise. You will also recall that the Universal Service Access Committee (USAC), which is mandated to advise the CCK Board on the management of the Fund, was appointed in December 2012 by the Minister for Information and Communications. As it awaited the legal framework to be in place, CCK undertook a number of preparatory activities for the implementation of USF. These include: * Establishing a Statistical function within the Commission in view of the need for up to date information on access and usage of ICT to inform universal access planning. This is the Unit that prepares the Quarterly Sector Statistics. * Carrying out a number of studies to guide the implementation of the Fund, including the National ICT Survey (2010/2011) and the ICT Access Gaps Study (2011). The Survey was undertaken in conjunction with the Kenya National Bureau of Statistics to provide baseline information on the level of access and usage of ICTs at the household level in Kenya. The Survey provides benchmark indicators against which to measure the penetration of ICT services particularly through the USF. It provided a key input into the ICTs Access Gap study of 2011 undertaken by APOYO Consultoria. The ICT Access Gap Study identified areas that lacked access to voice, postal and data services and provide cost estimates for closing the gaps. It has provided the basis for identifying the areas requiring USF interventions and prioritizing allocation of funds. These reports are available on the CCK website. * Implementing a number of UA pilot projects whose experience will be key in implementing national UA projects. The pilot projects include: 16 ICT Centers in Secondary Schools (2 in each province), 4 Community Centers, 8 ICT Centers schools for PWDs (covering all secondary schools for PwDs in Kenya), 10 e-Resource Centers within the Kenya National Library Service outlets, E-health Project (in collaboration with the Ministry of Health and Qualcomm Inc), Content Development that include the Digitization of the Kenya Certificate of Secondary School (KCSE) Form I and II curriculum by KIE and a Web Portal for Persons With Disabilities (in partnership with the National Council for Persons with Disabilities and United Disabled Persons of Kenya). These projects have been funded largely by the Commission. * From 2012 to date, the Commission has been developing USF program concepts, projects prioritization criteria and USF Strategy with technical support from USAID's Global Broadband Innovation (GBI) programme. Again with support from the USAID, the Commission in conjunction with the Ministry of Information and Communications, Kenya ICT Board, E-Government Directorate, Vision 2030 Secretariat and National Communications Secretariat and other stakeholders are developing a National Broadband Strategy (NBS). This strategy is important in the realization of universal access to broadband services in Kenya. Starting from July 2013, the Fund shall be brought into operation. In this regard, all licensees shall be expected to begin remitting their statutory contribution to the Fund. On its part, the Commission has set aside Kshs1,000,000,000 as seed money for the USF. I hope this sheds more light on this matter. Wambua From: kictanet [mailto:[email protected]] On Behalf Of Warigia Bowman Sent: Thursday, March 21, 2013 4:50 PM To: Wambua, Christopher Cc: KICTAnet ICT Policy Discussions Subject: Re: [kictanet][Skunkworks] Fwd: Kenya's PKI Destined for Failure? Dear Brian Thank you for this very thoughtful discussion. 4. Inertia: CCK has proven to be very poor at the timely execution of functions that fall outside their core mandate of licensing, regulation and resource management. A perfect example is the implementation of the Universal Service Fund, which CCK insisted on handling as an inhouse function instead of facilitating the setup of a dedicated entity to handle the task. It has been over 6 years since regulation and legislation regarding the USF came into place and there is still nothing to speak of. I will reserve this as a subject for another day (it is a long and detailed one!) Erm, am I the only one embarassed that all of our neighbors have a functional USF, but Kenya does not? Recommendations The Government should immediately consider adopting a Public Private Partnership approach for the implementation of Kenya's NPKI. This is especially timely because we now have a fully ratified Public Private Partnership Policy that provides a variety of models for project implementation. This will not only ensure involvement from crucial stakeholders but also free the Root Authority from the problems highlighted above (and probably many others) while at the same time ensuring that enough private sector energy and enthusiasm is infused into the project so that it moves with speed and determination. Success stories such as KENIC and TEAMS show that it is not only possible but that it can be done with ease. PPPs are the respected model for many kinds of endeavors, and this is a very strong suggestion. Yours, Warigia On Thu, Mar 21, 2013 at 8:24 AM, Lucy Kimani <[email protected]> wrote: Ali and Brian +1 CCK can be the CA for the government but there has to be Private Sector based CAs as well to avoid conflict of interest. What may seem complex when broken down may not be all that bad as evidenced in this paper: http://www.articsoft.com/whitepapers/AustPKI03SMr2.pdf I especially like the not always waiting for the government "The business and Internet communities are not waiting for some over-arching system to be put into place by governments or agencies such as the UN. They are seizing opportunities as they arise, putting in place systems that they trust and selecting their own RCA - a PRIVATE RCA - if they select one at all. An example of this is the Secure Electronic Transaction (SET) PKI developed by Visa and MasterCard. Figure 4 represents the basic SET PKI as identified by Ford & Baum. A new version of the SET protocol has recently been introduced, sometimes referred to as 3DSET. It expects to provide the customer with a provable digital receipt for a transaction, establishing the formality of the contract between the customer and the merchant, something that was lacking in the original implementation." VISA introduced 3D SET in 2000 to address issues with SET PKI. 3D SET simplifies the SET protocol into three domain Model: 1) acquirer domain, 2) issuer domain, 3) interoperability domain. 3D SET provide a flexible framework that allows banks and acquirers to use their method to authenticate cardholders and merchants in a transaction. --- On Thu, 3/21/13, Ali Hussein <[email protected]> wrote: From: Ali Hussein <[email protected]> Subject: Re: [kictanet] [Skunkworks] Fwd: Kenya's PKI Destined for Failure? To: [email protected] Cc: "KICTAnet ICT Policy Discussions" <[email protected]> Date: Thursday, March 21, 2013, 7:24 AM Adam +1 And I give Brian the highest commendation for highlighting this issue. We must always try our level best to embrace the Multi-Stakeholder regime because as much as sometimes it sound like we are in the Tower of Babel ultimately the best solutions emerge (most of the time). Regards Ali Hussein CEO, 3mice interactive media ltd Partner, Telemedia Africa Ltd Tel: +254713601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim Blog: www.alyhussein.com On Thu, Mar 21, 2013 at 12:58 PM, Adam Nelson <[email protected] <http://mc/[email protected]> > wrote: I think Brian's original point is well taken. It's not ideal for a Korean government agency to hold such important keys. However, Kenya can't just start its own key without at least a few years of lead time to get on a critical mass of browsers and operating systems by default (although it should start now just to get the ball rolling). Finland and Turkey have CAs (although Turkey's was famously hacked with google.com signatures). I would suggest that the certificate authority for this be one of the most trusted and common commercial ones - Equifax. That's what Google uses and because they're commercial, will probably be more responsive to the needs of the government than a Koren agency. -Adam https://twitter.com/varud https://www.linkedin.com/in/adamcnelson On Thu, Mar 21, 2013 at 12:32 PM, Kivuva <[email protected] <http://mc/[email protected]> > wrote: Good points from Brian and Evans. I think the elephant in the room is CCK to be the Root Certification Authority. PPP as Brian puts it might be the best way to go, although it has its own challenges, as we saw last year when KENIC was facing leadership challenges, and discord within the board. Other channels might be to tender for local companies to bid to be the RCA. This has worked very well in developed countries. The issue of HR can be sorted if we are willing to empower our youth, by say Knowledge Transfer. Unfortunately, these Asians are not very keen in transferring such knowledge to the client side of the business since they want to be indispensable. But we can be forceful, and find ways to train people who will administer the NPKI system. We currently have thousands of security experts in the country, and we are willing to learn more. Kind Regards. -- ______________________ Mwendwa Kivuva _______________________________________________ skunkworks mailing list [email protected] <http://mc/[email protected]> ------------ List info, subscribe/unsubscribe http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke _______________________________________________ kictanet mailing list [email protected] <http://mc/[email protected]> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein. com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -----Inline Attachment Follows----- _______________________________________________ kictanet mailing list [email protected] <http://mc/[email protected]> https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/lkimani%40yahoo.co m The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list [email protected] https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.co m The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. -- Dr. Warigia Bowman Assistant Professor Clinton School of Public Service University of Arkansas [email protected] ------------------------------------------------- View my research on my SSRN Author page: http://ssrn.com/author=1479660 --------------------------------------------------