We would like to bring to your attention the introduction of second level domain registration in Kenya by the Kenya Network Information Center (KENIC). This means that you can register a domain like transworldafrica.ke instead of transworldafrica.co.ke.

Any existing third level domain owners can register similar names to their third level domains on the second level. This means that you have an opportunity to also register a new domain mycompany.ke to suppliment your existing mycompany.co.ke

Please note the following three faces for the .ke second level domain registration:

Sunrise Period.
This is the period when registered trademark owners can register their domains. If you have a trademark you want registered, contact us to register a .ke domain for you. example of a trademark is Google, so we can register for you google.ke if you are the trademark owner. Act now, and register your trademark on the .ke domain name space. The registration fee in this phase is Ksh10,000

Grandfathering phase
From now to 22nd December 2017.
This Phase will allow for existing third level domain owners to register similar names to their third level domains on the second level. Any existing third level domain owners can register similar names to their third level domains on the second level. This means that you have an opportunity to also register a new domain mycompany.ke to suppliment your existing mycompany.co.ke

The following are the conditions to register a domain in the second level from now through December 2017 (Gradfathering phase).
1. Provide a copy of Business name certificates to show proof of ownership.

Landrash phase
From December 2017.
This is general auction where all the cool names will be auctioned off. Example is ca.keba.ke etc.
If you have names you want to bid, you can sent them to us via email, with the bid price, and we will bid them for you.

General Availability
From January 2018
In this phase going forward, anybody can register the domain of their choice using the normal first come, first served basis.
The registration fee in this phase is Ksh10,000
Act now, and register your name on the .ke domain name space.

If you have any queries, do not hesitate to contact us on the address below.

Register now your favorite domain at https://transworldafrica.co.ke

email: domains[at]transworldafrica.com
Tel: +254722402248


One wise person said, “The Man Who Does Not Read good books Has No Advantage Over the Man Who Cannot Read.” This applies to women as well by the way. Three years ago today, I decided I wanted to be a more prolific reader.

I identified the Kindle as the device that would enable me accomplish the goal. Instead of carrying a boxload of books, I would just pack then in one small portable device, and read a dozen books a month. After all, kindle versions are usually cheaper than paperback books.

So I sought to buy an e-reader, and the kindle paper white was the obvious leader. (show picture of kindle paperwhite) It is slim and very portable, can accommodate hundreds of books, and it does not develop dog ears.

So I went shopping on the Amazon website for that perfect paper white kindle. Amazon had like 10 versions of kindles. I was a bit confused. Why give a man a choice while you can have only one perfect product and save him the paradox of choice? They had the paperback version alright, but they came in different dimensions and capacity. 5″, 8″, 1GB, 2GB. And they had the Kindle HD that had Android operating system and could do a lot more. This also came in 8″ and 11″. Then they had the Kindle HDX ultimate, which came in 32 and 64, and 128GB, and 8″, and 11.5″. The HDX was dazzling, crystal clear images, great front and back camera, HD movie support, Internet browser, wifi, Bluetooth, and all bells and whistles that come with modern tablets. I fell in love. You see what Amazon did, they oversold a product to me.

This is a Kindle (show the big kindle). I know, It’s big, right? So I ended up buying the Kindle HDX, at a price I would not disclose to my mother, because that was the same cost of a 40*80 plot in our neighborhood. The plots where when you step out of the house, you are on the streets. Never mind.

Now I have this sparkling new Kindle HDX, that could do more than just read books. I could tweet great paragraphs, or Facebook them. Of course if I switched to Twitter, I had to check who had followed or un-followed me, scroll through the timeline, and lazy around retweeting and replying to fans, before switching to Facebook where I would spend another hour in vanity. Then to compensate for the lost time, I would open Temple Run the game and run, and run through the jungle, and slide through cool looking streams collecting golden coins and treasure. By the time I realise what I’m doing, 3 hours have gone by, and my reading time is over.

This pattern went on for a while, until I vowed to arrest it. I bought some physical paperback books which I can read with minimum interruption, with the phones and tablets stored far away. (show the books).

The paradox is, the paper white Kindle could solve all that. Friends, don’t fall for the paradox of choice. When you have rationally made a decision to pursue a path, let distractions not derail you. Pursue it with singular vision, and that way, you shall achieve your goals.

 

You see now, I still need to buy a Kindle, the paperwhite.

Speech delivered at Sema Toastmasters on 22nd November 2017, in the Humorous speech contest, at United Kenya Club, Nairobi, Kenya


“A lion doesn’t concern itself with the opinion of sheep.”
― George R.R. MartinA Game of Thrones

“Did you think the lion was sleeping because he didn’t roar?”
― Friedrich SchillerDie Verschwörung des Fiesco zu Genua

“She slept with wolves without fear, for the wolves knew a lion was among them.”
― R.M. Drake

“Truth does not sit in a cave and hide like a lie. It wanders around proudly and roars loudly like a lion.”
― Suzy KassemRise Up and Salute the Sun: The Writings of Suzy Kassem

“If ever you feel like an animal among men, be a lion.”
― Criss JamiDiotima, Battery, Electric Personality

“Only in art will the lion lie down with the lamb, and the rose grow without thorn.”
― Martin Amis

“A lion does not flinch at laughter coming from a hyena. A gorilla does not budge from a banana thrown at it by a monkey. A nightingale does not stop singing its beautiful song at the intrusion of an annoying woodpecker.”
― Suzy KassemRise Up and Salute the Sun: The Writings of Suzy Kassem

“A Lion that hunts for survival in the jungle does not envy the one being fed in a zoo”
― Suhaib Rumi

“Should five slaves dictate to a king? If five baboons bark, must the black-maned lion tremble?”
― Wilbur Smith

“If a lion kills a gazelle, the Universe does not judge the lion as evil and the gazelle as good. The energy and matter of the gazelle is transferred to the lion. Because we are all connected as one, what appears to be death is in fact transformation and rebirth.”
― Russell Anthony GibbsThe Six Principles of Enlightenment and Meaning of Life

“Clever and civilized men will not stay home
Leave your homeland and explore foreign fields
Go out! You shall find replacement for those you have left
Give your all, the sweetness of life will be tasted after the struggle
I have seen that standing water stagnates
If it flows, it is pure, if it does not, it will become murky
If the lion doesn’t leave his den, he will not eat
If the arrow does not leave the bow, it will not strike
If the sun stands still in its orbit
Man will tire of it
Gold dust merely soil before excavated
Aloewood is just ordinary wood if in the forest

Travel by Imam Syafii”
― Ahmad FuadiNegeri 5 Menara

“Lions are neither predators nor killers. They just go for hunting like kings; because they are the kings!”
― Munia Khan

“The personal power of being confident and clear about our actions and saying what we know without holding back is described in the texts as ‘the lions roar.”
― Sharon SalzbergLovingkindness: The Revolutionary Art of Happiness

Adopted from goodreads on 6th November 2017


Do you want to change your life? Successfully create happiness, prosperity, abundance, fulfillment, and all your heart desires?

Psychologists say it takes 21 days to form a habit, including a new belief system, with repetition being key. I call this how to brainwash yourself.

Your mind is extremely powerful. It records what you are hearing or saying. It records all your life memories and events as mental movies. It does not hear NOT or NO. If you say I will not procrastinate, it hears “procrastinate“. It cannot comprehend the future. It only knows the present. That is why you should always see your goals as accomplished. It does not know the difference between imagination and reality. That is why we get scared at the movies.

You will draw to yourself the situations, circumstances, people, and events that match your dominant feelings, thoughts, and words. You usually think the same thoughts over and over again, and that is why you get the same results over and over again. It’s no wonder Albert Einstein said “Insanity is doing the same things over and over again and expecting different results”. So, how do we brainwash ourselves? I find the following four steps effective in brainwashing yourself.
Firstly,
1. Make a list of what you want in full details. This may be things about Lifestyle, education, adventure, or public speaking, whatever it is.
2. Visualize having already attained your heart’s desire. Maybe see yourself speaking at Engage. Begin to talk about what you desire as if it’s already a fact. Use your imagination as a child and pretend. For example, talk about your new found love. Talk about that residence in a top address. Talk about how you are a great public speaker. Stay away from any influence that contradicts your wishes. This can be negative people, negative movies, or even news.
3. Create an affirmation for your needs. For example, “I am”, or “I have” then add your need. For example, “I am a great public speaker”. Every day, recite the affirmation over and over again. Do this for a minimum of 21 days. Make sure it does not feel like work. “I am a great public speaker. I am a great public speaker”.
4. Repeat, Repeat, Repeat, until you believe it. Repetition creates new beliefs in the subconscious mind. For example positive affirmations work even if you don’t belief them at the beginning. You attract the things that you think about most often.

To recap, make a list of your desires, visualise having achieved your desire, recite your affirmation, and Repeat.

Remember, it takes a minimum of 21 days to create a new belief system.

 

A Toastmasters CC2 Organise your speech, delivered on 1st November 2017, at United Kenya Club, Nairobi, Kenya. NB. Most of the actual speech was paraphrased, and did not follow the script written here


I was having a conversation with @MercyMutemi, and it came to the elected representatives in Kenya who have got into power despite being implicated in grant corruption. “Yaani. We love thieves. Love them. Love them!”, Mercy exclaimed. This led to this social explanation on why we love our looters.

The Tragedy of the Commons.

The tragedy of the commons is an economic problem in which every individual tries to reap the greatest benefit from a given resource. As the demand for the resource overwhelms the supply, every individual who consumes an additional unit directly harms others who can no longer enjoy the benefits. Generally, the resource of interest is easily available to all individuals; the tragedy of the commons occurs when individuals neglect the well-being of society in the pursuit of personal gain. (Source: Investopedia).

Ok, let me now put the Tragedy of Commons into context where the normal villager can understand. This is if you have ever been to a grazing field. In most African societies, we have common grazing fields. All villagers graze on common grazing fields. This is what we call community land. But because the land has no ownership, we overstock livestock, deplete the pasture, until there is no enough for our livestock, and our animals die. On the other hand, if you have your own land, say 10 acres, you will be careful not to overgraze or overstock. So you will partition your land into paddocks, and ensure your animals graze in the paddocks using a pre-determined timetable not to deplete the pasture. That is the perfect example of the tragedy of the commons.

The tragedy of the commons: We only care if our MCA, MP, or Governor stealing from us. But if our Minister or President is stealing, he is our tribal hero. He is increasing the size of our paddocks.

What is the political relevance?

If a politician from our tribe is stealing, we have some untold pride. They are grazing on the community land of other communities thus not affecting us. We are sad if a politician from the other tribe is stealing from the common basket of all communities. We are sad when our governor steals because we are all from the same tribe in a county. The governor is grazing alone in our communal land, and denying us opportunity also to graze. All this translates into the convoluted book by Michela Wrong of 2010 who quoted whistle blower John Githongo philosophy of “it’s our time to eat”.

In a nutshell, the idea is this, if the politicians are stealing from the National coffers, then they are stealing for us, and denying other communities [enlarging our paddocks]. Which is good for us. That is the narrative some politicians use in their campaigns. They tell the electorate they stole from government to bring to them. Perfect psychology that sells to the majority simpletons in our midst. When one of our own steals, we say “wacha ajisaidie na pesa ya serikali”. We never see it as our money. Its on a bigger budget pool that we cannot comprehend. We don’t even know how it is distributed. That is the main reason we love our thieves. We love our thieves, that is in no doubt. Check the results of your last elections, and see how many politicians who looted public resources are back in positions of power and influence.

@lordmwesh


Tesla Model 3 now on roads

Tesla unveiled the Model 3 in 2016, with Elon Musk promising a cheaper electric car than the Tesla Roadster and Model S.

In July 28 2017, Tesla hosted its delivery event for the first batch of 30 Model 3s pre-ordered in 2016. During this event, they released a bunch of information regarding the price, options, features, and specs of the Model 3.

David Imai, Senior Manager, Exterior and Interior Design at Tesla described the Tesla  as designed in a way where  “form can follow function without sacrificing comfort, performance, or styling”, because the cars have been build from the ground up.

The Model 3 starts at $35,000, but with options the price can get as high as $59,500. This dies not include taxes for your final destination, or country.

Standard Model 3

  • Unit price: $35,000,
  • 220 miles range (354 Kilometers range),
  • 5.6 sec 0-60mph (96kph),
  • 130 mph top speed (209kph top speed)
  • Full self-driving hardware
  • Wi-Fi and LTE connectivity
  • Free over-the-air software updates
  • Full LED lighting
  • Eight year, 100,000-mile battery warranty

Long range model 3

  • Unit Price: $44,000,
  • 310 miles range (499 Kilometers range),
  • 5.1 sec 0-60 mph (96kph),
  • 140 mph top speed (225kph top speed)
  • Rear wheel drive (the beginning configuration)
  • Premium upgrades
  • Three customization options: wheel size, exterior color, autopilot features

Options for Model 3

  • Long range battery – $9,000
  • Paint: Black, midnight silver metallic, deep blue metallic, silver metallic, pearl white multi-coat, red multi-coat (all colors but black cost $1,000 extra)
  • Wheels: 18″ aero or 19″ sport for an additional $1,500
  • Upgrade interior for $5,500 – Heated seating, two rear USBs, wood decor, 12-way power adjustable seats, premium audio system, tinted glass roof, auto dimming and heated side mirrors, LED fog lamps, center console with storage for docking two smartphones
  • Enhanced autopilot – $5,000 – Match traffic conditions, keep in lane, automatically change lanes, transition from one freeway to another, exit freeway and self park
  • Full self driving capability – $3,000 plus Enhanced Autopilot – This isn’t available now

For a while now, there have been rumors of Bitcoin war. The two camps have been sparing for over a year, and the fight is scheduled on 31st July 2017 Midnight. The winner will be announced on August 2017. That whole month will be used to evaluate the winner.

The War

This fight has been necessitated by a number of proposals for technical changes to Bitcoin – that is User Activated Hard Fork (UAHF) vs User Activated Soft Fork (UASF)

The User Activated Hard Fork (UAHF) is a proposal to increase the Bitcoin block size scheduled to activate on August 1. The UAHF is incompatible with the current Bitcoin ruleset and will create a separate blockchain. Should UAHF activate on August 1, there will be a new blockchain spewing out new coin associated with that Fork.

The User Activated Soft Fork (UASF) is a proposal to adopt Segregated Witness on the Bitcoin blockchain and could result in network instability. It is scheduled to activate at the same time as the UAHF on August 1.

If you have your bitcoins in any BTC wallet, be sure to find out which side your wallet is cheering, because that will decide the value of what you will be holding after the war is over.

Why have 2 different forks?

SegWit

The problem that the Bitcoin platform is facing is that as more and more transactions are being conducted, more blocks have to be added to the chain. Blocks are generated every 10 minutes and are constrained to a maximum size of 1 megabyte (MB). Due to this constraint, only a certain number of transactions can be added to a block. The weight of the transactions, represented by the blocks, is weighing down the network and causing delays in processing and verifying transactions, in some cases, taking hours to confirm a transaction as valid. Imagine all Bitcoin transactions that have been carried out since the inception of Bitcoin in 2009 sitting on the blockchain and still piling up. Long term, the system would not be sustainable if a radical change is not made.

SegWit is the process by which the block size limit on a blockchain is increased by removing signature data from Bitcoin transactions. When certain parts of a transaction are removed, this frees up space or capacity to add more transactions to the chain.

Segregate means to separate, and Witnesses are the transaction signatures. Hence, Segregated Witness in short, means to separate transaction signatures.

Read more: SegWit (Segregated Witness) Definition | Investopedia http://www.investopedia.com/terms/s/segwit-segregated-witness.asp#ixzz4nTOn151q
Follow us: Investopedia on Facebook

SegWit is an update for Bitcoin Core. It is assumed that this update will solve the problems. But some users, mining firms, i.e. Bitmain, and companies, i.e. Bitcoin Unlimited, do not support this idea. So, the realization of SegWit can split the whole system of Bitcoin. Some users and miners will accept new standards, but others can use the older version of Bitcoin code. So, different variants are considered to avoid this and save the one Blockchain of transactions.


Kenya does not have a data protection law. But there is a data protection bill [1] pending somewhere in the corridors of power.

Police in Eldoret arrested a man suspected of stealing over Sh180,000 from mobile money agents in Nandi using dozens of stolen SIM cards and ID cards, which were used to register M-Pesa lines

This is an election year in Kenya. As part of the requirements to vote, the Independent Electoral and Boundaries Commission (IEBC), the electoral body mandated to conduct elections, registered voters who will participate in the 2017 plebiscite. Just like most countries, to qualify to vote in Kenya[2], the voter has to be over 18 years, a citizen of Kenya, and hold an identification document which is either a National ID card, or a Kenyan passport.

This year, 19.6 million [3] people registered as voters. That is just about half of all Kenyan citizens of 48 million [4]. The beauty of the new revamped IEBC is that they released publickly all the datasets of registered voters [5]. Voter registration is only by physically going to a registration center. There is nothing like online registration. Registration entails capturing the biometric data of the vote. The biometrics are finger prints of both hands and facial features. They also capture all the details available at the registrar of person (full name, ID/passport number, and date of birth). Finally they capture your phone number, address, and voting location. To prove you are a registered voter, you are given a laminated card, which serves no purpose apart from bragging rights in the village pub. This whole process is called Biometric Voter Registration.

The author undergoes Biometric Voter Registration. Photo credit Mariana Mulinge.

Verification of voters
For some strange reasons, Kenyans feel a need to confirm their voter registration details. In this part of the world, elections are a high stake game, and the level of mistrust with the system is at it’s highest. According to the Constitution, the Electoral body has to provide a mechanism for the electorate to verify their voter data. Section 6 of the Election Laws 2011 was updated by The Election Laws (Amendment) Act, 2017 where “The Commission shall cause the Register of Voters to be opened for inspection by members of the public at all times for the purpose of rectifying the particulars therein, except for such period of time as the Commission may consider appropriate [6].

According to IEBC, there are two ways of identifying voters; through finger print scan, or though the ID document by either searching the ID number or scanning the machine-readable part of the ID. This process and tools are called Biometric Voter Identification (BVID).

In their wisdom, the IEBC provided a two week windows for voters to verify and correct any registration anomaly by physically going to a verification center. After the correction, the voter register is supposed to be accessible to the general public for auditing. IEBC has a provision to give the entire voter register to any entity for Ksh20,000 [7] (US$200). The law requires IEBC to provide the register for free or at a reasonable cost.

Not every Kenyan would require the entire register. Individual voters want to confirm their details on ongoing basis. IEBC has an SMS system where the voter sends an ID number to the phone number 70000 [8], and the system returns the registration details of that number if it’s registered. The cost of that SMS is Ksh7 (Us¢7). These are the parameters that the SMS returns; name, county, name, constituency, polling station code, polling station, ward. It does not matter who queries the database, the information returned is the same. One phone number can query as many registered voters as the amount of Ksh7 they are ready to spend. The system will return the full list of all those parameters. You don’t even need to send a challenge code like a date of birth to get that information.

IEBC SMS verification output. Image source twitter @OwenKims [9]

To make the system more intuitive, IEBC development a Web portal where voters can query the same voter information at http://voterstatus.iebc.or.ke/voter. Here at no cost, the voter uses their ID number to query and get their registration status. The query returns all these parameters; ID number, name, date of birth, gender, poling station, county, constituency, and ward. It does not matter which ID number you query, you will be able to get the voter data. Here too, more data than required for verification is displayed, and there is no challenge code asked by the system. Any automated bot can harvest the entire database. And that is the problem.

more data than required for verification is displayed, and there is no challenge code asked by the system. Any automated bot can harvest the entire database. And that is the problem.

The problem

For the privacy conscious, IEBC is doing poorly with how they are exposing raw data of nearly 20 million Kenyans to the world. Anybody with basic programing skills would be able to harvest the raw data through an automated search. If you search any random number with the format of Kenya ID numbers, say hypothetically 12345678, you will realize you can pull up citizen’s details, at least ID number, and name, and locality they live. Basic security tips would require the system to have a captcha to prevent automated harvest of the information, and also output just the required information for verification, and nothing more. A captcha is defined as program or system intended to distinguish human from machine input, typically as a way of thwarting spam and automated extraction of data from websites.

Screenshot IEBC website returning more information than necessary, and without requiring a captcha

 

To test this problem, I Googled one of the top Presidential candidate Raila Odinga’s ID number, which was readily available online [10]. I then went ahead to retrieve his registration details as shown in the screenshot below.

Screenshot of Raila Odinga’s Voter details. Image source @lordmwesh [11]

The technical solution

This data breech was discussed at length at the KICTANET mailing list [12], where the community provided several solution;

  • Have a captcha to prevent automated harvest of the information, and have a challenge questions like date of birth to supplement the ID number, therefore only have the data owner have access their information (suggestion by yours truly)
  • Limit requests per IP address (suggestion by Emmanuel Chebukati)
  • Implement a two factor authentication (suggestion by Denis G. Wahome)
  • A government backed smart card which would offer appropriate level of authentication without locking out access to a section of users (suggestion by Mark Kipyegon)
  • Use ID Serial Number as a check to match the ID number (suggestion by Ngigi Waithaka), which he thought could be central to Kenya’s citizen data authentication, where Citizens are made to keep their ID Serial number as their ‘private key’ for all authentication in government platforms. This suggestion was backed by Odhiambo Washington.
  • Integrate the IEBC system with the ecitizen platform [13].  (Suggestion by Victor Kapiyo)

The policy, legal, and procedural solution

Still on the mailing list, Grace Githaiga supported an idea of legitimate implementable solution, which could be sent to IEBC, mooted by Emmanuel Chebukati. Ali Hussein suggested the whole verification exercise be suspended until the rookie mistake by IEBC is rectified. He continued,  “This is a serious breach. In the dark web there are vendors of stolen identities. What IEBC has done is to basically leave the bank vaults open and invite every identity theft vendor in the world into this treasure trove.” Victor Kapiyo added that the implementation by IEBC showed that in the absence of guidelines on how citizens data is managed, then anything is possible, and it wouldn’t be so hard to mine this data from IEBC servers for whatever purpose.

Grace Mutung’u provided a legal interpretation quoting the provision of the elections act on the inspection of the register by the public. She said the idea of the elections act was not only for voters to verify their details but also for the public to inspect the register. Inspection serves an important role in assuring the integrity of the vote by weeding out errors, and non existent voters. The register is also available in physical form at constituency offices for public inspection. It should therefore be possible for members of the public to view other people’s voter registration details. The question should only be what details are made public and also how to prevent harvesting of the data. She objected the justification for serial numbers or SMS [two factor] verification.

From the problem statement, only two of these implementations seem feasible, and still comply with the elections law of allowing a public audit of the register. The solution is have a captcha, and output just enough information to verify a voter, and nothing more.

From the problem statement, only two of these implementations seem feasible, and still comply with the elections law of allowing a public audit of the register. The solution is have a captcha, and output just enough information to verify a voter, and nothing more.

Changes by IEBC

On being notified of the glaring data breaches, IEBC put of the online system for 2 weeks as they were implementing the security mechanisms. The SMS platform remained firmly online.

Computer screenshot of IEBC verification page temporarily down

 

Now, the new, robust system according to IEBC is live. With only one change, captcha.

A mobile screenshot of IEBC website voter identification form screenshot with the captcha

 

From the query, the system is still spewing out more information than required. From a data protection perspective, a clean implementation should maybe just show the initials of the voter, in the case for Raila Odinda, show RO, and his polling station. The query should certainly not show his date of birth, and gender.

A mobile screenshot query from the IEBC system still with more private information relayed to the public than necessary.

 

This sort of rookie mistakes makes you feel there are no competent programmers, cyber security analysts , legal professions, and policy experts remaining in Kenya. But we are here :-). This serves as an indictment to the community who develop applications without proper system analysis.

Kenya does not have any data protection law. But there is a draft data protection bill. This should be a priority for us in lobbying the next Parliament. Data protection is envisioned in the constitution [14]. Article 31(c) of the Constitution outlines the right of every person not to have “information relating to their family or private affairs unnecessarily required or revealed” and Article 31(d), the right not to have “the privacy of their communications infringed”. It would also regulate the collection, retrieval, processing, storing, use and disclosure of personal data.

The Access to Information Act 31 of 2016 confers the Commission on Administrative Justice the oversight and enforcement functions to ensure citizen’s privacy is maintained. in section 21 of the Act, the Commission on Administrative Justice has the Functions [15]; (b) request for and receive reports from public entities with respect to the implementation of this Act and of the Act relating to data protection and to assess and act on those reports with a view to assessing and evaluating the use and disclosure of information and the protection of personal data; (d) work with public entities to promote the right to access to information and work with other regulatory bodies on promotion and compliance with data protection measures in terms of legislation; (h) perform such other functions as the Commission may consider necessary for the promotion of access to information and promotion of data protection.

Why is all this important?

The Business Daily newspaper has case in point of citizen data breach. In 2011, a convicted criminal serving time at the Kamiti Maximum Prison, forged an ID card belonging to retired Chief of the Kenya Defense Forces (KDF), General Jeremiah Kianga. The fraudster conned Kenyans off thousands of shillings via mobile money with the promise of enrolling them in the army. Last March, police in Eldoret arrested a man suspected of stealing over Sh180,000 from mobile money agents in Nandi using dozens of stolen SIM cards and ID cards, which were used to register M-Pesa lines [16].

Who else is mishandling citizen data in Kenya? Reach out to me if you have such case studies at @lordmwesh

The next debate on information confidentiality is usually centered around the question, “Why should I care if I have nothing to hide?” The next article will try to answer that question. Do you have anything to hide?

Sources

  1. Data protection bill 2013 http://icta.go.ke/data-protection-bill-2012/
  2. Elections Act No: No. 24 of 2011 http://www.kenyalaw.org/lex//actview.xql?actid=No.%2024%20of%202011
  3. Registered Voters Per Constituency For 2017 General Elections https://www.iebc.or.ke/docs/Registered%20Voters%20Per%20Contituency%20For%202017%20General%20Elections.pdf
  4. Kenya Population http://www.worldometers.info/world-population/kenya-population/
  5. Statistics of 2017 voters https://www.iebc.or.ke/registration/?stats
  6. Election Laws Amendment Act 2017 http://kenyalaw.org/kl/fileadmin/pdfdownloads/AmendmentActs/2016/ElectionLaws_Amendment_Act_No1of2017.pdf
  7. IEBC register Sh20,000 price tag questioned www.businessdailyafrica.com/news/IEBC-register-Sh20-000-price-tag-questioned/539546-4002054-fdm6p9/index.html
  8. Check registration status by texting ID or passport number to 70000 – IEBC www.the-star.co.ke/news/2017/06/29/check-registration-status-by-texting-id-or-passport-number-to-70000_c1588008
  9. SMS verification output https://twitter.com/OwenKims/status/880376549920448512
  10. Raila shares ID number with another voter https://citizentv.co.ke/news/raila-shares-id-number-with-another-voter-155443/
  11. Screenshot without captcha https://twitter.com/LORDMWESH/status/880554515832782855
  12. [kictanet] Poor show by IEBC: Data Protection in year 2017 and the case of raw voter registration datahttps://lists.kictanet.or.ke/pipermail/kictanet/2017-June/052096.html
  13. Kenya E-citizen portal https://www.ecitizen.go.ke/ecitizen-services.html
  14. Constitution of Kenya http://www.kenyalaw.org:8181/exist/kenyalex/actview.xql?actid=Const2010
  15. Access to Information Act No. 31 of 2016 http://www.kenyalaw.org/lex//actview.xql?actid=No.%2031%20of%202016
  16. Safaricom goes for photo IDs to block M-Pesa fraud http://www.businessdailyafrica.com/corporate/companies/Safaricom-photo-ID-agents-M-Pesa-fraud/4003102-4008158-1sep6kz/index.html retrieved 10 July 2017

 


Humans have been traveling across the globe even before borders were drawn for reasons ranging from business, exploration, social, medical, education, and migration. After 9/11, traveling became more complex with tight Visa rules, military grade screening of passengers, and increased surveillance. The latest casualty of these tight measures are ICT savvy travelers.

In March 2017, The US and Britain introduced new regulations for flights from Middle East, and Africa. The regulations ban passengers from carrying large electronic devices citing security concerns. The countries affected were Jordan, Egypt, Turkey, Saudi Arabia, Qatar, Kuwait, Morocco and the United Arab Emirates. The circular from the US homeland security read:

“These enhancements apply to 10 specific airports. The affected overseas airports are: Queen Alia International Airport (AMM), Cairo International Airport (CAI), Ataturk International Airport (IST), King Abdul-Aziz International Airport (JED), King Khalid International Airport (RUH), Kuwait International Airport (KWI), Mohammed V Airport (CMN), Hamad International Airport (DOH), Dubai International Airport (DXB), and Abu Dhabi International Airport (AUH).”

With the new regulations, any device bigger than a hand help phone should be put in the checked-in luggage, and not carried onboard by the passenger. The listed devices are laptops, tablets, e-Readers
cameras, Portable DVD players, electronic game units larger than a smartphone, travel printers, and scanners.

In the age of Snowden and Wikileaks, these regulations pose a cyber security risk. It gives a window of opportunity for anybody targeting data in the devices to get access to the checked-in devices, usually a laptop. The checked-in laptops of persons of interests will either be cloned, or disappear altogether. A federal agent will mark the luggage of the person of interest, and along the several luggage transfer chain, locate it and remove the laptop and clone the hard disk getting away with a wealth of data. This process can be done by either physically removing the hard disk, using a live CD like Tails to copy the contents of the laptop, or just crack the user account and gaining access to the laptop. This may sound far fetched, but federal agents have been known to go to great lengths to access information they deem necessary in their work.

Airlines have started being creative to help their clients experience the same convenience they are used to. For example, Emirates Airlines has introduced two services to it’s clients, a laptop handling service that lets clients use their devices until before boarding, and complimentary laptops for business and first class customers, where the customers are given Microsoft Surface 3 tablets to work onboard. Although this does not remove the security concerns mentioned above, it gives those who can afford a window to be productive while flying.

How do you secure your data while traveling?
The Electronic Frontier Foundation, an international non-profit digital rights group based in San Francisco, California, gives some suggestions on traveling with data, especially after the U.S. government reported an increase in the number of electronic media searches at the US border.

  • Store all sensitive data on a secure cloud offering like Dropbox or SpiderOak, or better still on a private hosted server.
  • Use a Chromebook as your travel laptop, which by default store all data on the cloud
  • If you must travel with your data, have two hard drives which you swap on convenience. One with a clean operating system install without any data, and another with the operating system and data, but only swapped when the laptop is in use.
  • Always use full strong disk encryption for all your data.
  • The next debate on information confidentiality is usually centered around the question, Why should I care if I have nothing to hide? The next article will try to answer that question. Do you have anything to hide?


    Sometimes you find yourselve facing spammers on the server. How do you handle them?

    Here are Sendmail, exim cheatsheets. I’ve found useful

    1. List domains sending most email

    exim -bp | egrep -o "[a-z0-9A-Z\.]+@[a-z0-9A-Z\.]+" | awk -F @ '{if(/'`hostname`'/){print$1}else{print$2}}' | sort | uniq -c | sort -rn | head

    2.Frozen mails are of no use in exim queue. To remove all the frozen mails:

    exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm

    2a. This seems to work for me to delete Mail queue

    exiqgrep -z -i | xargs exim -Mrm

    3. To list the mail queue in sendmail do this:

    sendmail -bp

    4. To remove mails from mail@domain.co.ke

    # exiqgrep -i -f mail@domain.co.ke | xargs exim -Mrm

    A good source https://www.nixtree.com/blog/mailq-management-exim/