Over the years, The Kenyan Network Information Center (KeNIC) has struggled to reach the 100,000 mark in .ke Kenya country code domain registrations.

Many reasons have been given for this shortfall, among them pricing, competition from Generic Top Level Domains (gTLDs) like .com and .org, and also competition from Geographic domains like the new .africa. Also, not opening up the second level for registration has been cited as one of the reasons for the low number. KeNIC subsequently opened up registration on the second level in 2018, but this did not shore up the numbers. Other reasons include fear of political interference of .ke registered domains where political orders may takedown a registered domain without following due process, and downtime at the registry costing .ke dependent businesses unwarranted business loss.

KeNIC has grappled with pricing for many years. The latest strategy has been to give domain Registrars a flat fee for registering domains. The cost of registering a .co.ke domain (example nation.co.ke) to the Registrar as of 2019 is Ksh650 ($6.5), and the cost of renewal for each subsequent year is Ksh1160 ($11.6). The cost of registering a .ke domain (example nation.ke) is Ksh5800 ($58). These, however, are not the costs that the end-user (Registrant) will get since the bulk sellers (Registrars) will add some markup to sustain their businesses. There is no regulation on how much the Registrars mark up their prices, but Ksh2000 ($20) is common for .co.ke and ksh8000 ($80) for .ke domains. KeNIC’s pricing model is confusing to end-users because customers expect consistency. When registration fees are lower than renewal fees, the customers feel duped at the point of renewal, usually after the first year of registration.

How is the competition in Africa faring? In South Africa, there are around 1.26m .za domains. A single domain is priced at around R 75.00 ($5) for the end-user. For a .com, the average price is $15 per year.

Registry: The company responsible for managing the domain namespace. Examples are KeNIC for .ke ccTLD, and Verisign for .com and .net gTLDs.

ccTLD: Country Code Level Domain e.g co.ke or .co.za.

gTLD: Generic Top Level Domain e.g. .com or .org.

Registrar: A company that has access to a Registry to register domains for end users usually at a profit.

Registrant: An entity that registers a domain through a Registrar, and is usually the owner or end-user of the registered domain.

Domain: A unique name that identifies a company or individual on the Internet. e.g. wikipedia.org.

Registration on the second level: Ability to register your domain as yourcompany.ke, in addition to yourcompany.co.ke.

Common Domain business terms.

From the September 2019 statistics, .ke domains stand at 93,446. This is 6,554 domains shy of the 100,000 mark. With proper management, marketing, and value proposition, KeNIC should cross the 100k mark in early 2020.

The numbers can be higher if KeNIC can be more deliberate about it. They should put strategies to increase trust on the Registry by reducing downtime of this key critical infrastructure, and provide periodic reports on how the resource is doing on availability. 100% availability is the minimum that is expected of a Registry. They should also address the political risk issue, and also increase in marketing and awareness. KeNIC revenue is about Ksh84,000,000 $0.84m (Assuming 43,000 new registrations at $6.5, and 43,000 renewals at $11.6). A good portion of that should go towards enriching its human resource, upgrading its infrastructure and marketing. That way, KeNIC can catch up with South Africa’s ZA Central Registry (ZACR)

NOW you can Register cool names in the .ke namespace like li.ke ju.ke karao.ke awa.ke. Register here ONLY transworldafrica.co.ke

KENIC opened up the Second Level Domain today on 19th January 2018. Get lucky. This is your chance to register cool names.

Domain registration in Kenya at TransworldAfrica.co.ke

Register .ke domains only at TransworldAfrica.co.ke

For West Africans, and especially Nigerians, you can register names like adeni.ke, aderon.ke, adeto.ke, atinu.ke, fadesi.ke, moreni.ke, olajumo.ke, oluwafun.ke, omolaba.ke, oyeni.ke

What are some of the cool names you can register? Of course most of them will be registered tonight. Which one will you register?









Kenya does not have a data protection law. But there is a data protection bill [1] pending somewhere in the corridors of power.

Police in Eldoret arrested a man suspected of stealing over Sh180,000 from mobile money agents in Nandi using dozens of stolen SIM cards and ID cards, which were used to register M-Pesa lines

This is an election year in Kenya. As part of the requirements to vote, the Independent Electoral and Boundaries Commission (IEBC), the electoral body mandated to conduct elections, registered voters who will participate in the 2017 plebiscite. Just like most countries, to qualify to vote in Kenya[2], the voter has to be over 18 years, a citizen of Kenya, and hold an identification document which is either a National ID card, or a Kenyan passport.

This year, 19.6 million [3] people registered as voters. That is just about half of all Kenyan citizens of 48 million [4]. The beauty of the new revamped IEBC is that they released publickly all the datasets of registered voters [5]. Voter registration is only by physically going to a registration center. There is nothing like online registration. Registration entails capturing the biometric data of the vote. The biometrics are finger prints of both hands and facial features. They also capture all the details available at the registrar of person (full name, ID/passport number, and date of birth). Finally they capture your phone number, address, and voting location. To prove you are a registered voter, you are given a laminated card, which serves no purpose apart from bragging rights in the village pub. This whole process is called Biometric Voter Registration.

The author undergoes Biometric Voter Registration. Photo credit Mariana Mulinge.

Verification of voters
For some strange reasons, Kenyans feel a need to confirm their voter registration details. In this part of the world, elections are a high stake game, and the level of mistrust with the system is at it’s highest. According to the Constitution, the Electoral body has to provide a mechanism for the electorate to verify their voter data. Section 6 of the Election Laws 2011 was updated by The Election Laws (Amendment) Act, 2017 where “The Commission shall cause the Register of Voters to be opened for inspection by members of the public at all times for the purpose of rectifying the particulars therein, except for such period of time as the Commission may consider appropriate [6].

According to IEBC, there are two ways of identifying voters; through finger print scan, or though the ID document by either searching the ID number or scanning the machine-readable part of the ID. This process and tools are called Biometric Voter Identification (BVID).

In their wisdom, the IEBC provided a two week windows for voters to verify and correct any registration anomaly by physically going to a verification center. After the correction, the voter register is supposed to be accessible to the general public for auditing. IEBC has a provision to give the entire voter register to any entity for Ksh20,000 [7] (US$200). The law requires IEBC to provide the register for free or at a reasonable cost.

Not every Kenyan would require the entire register. Individual voters want to confirm their details on ongoing basis. IEBC has an SMS system where the voter sends an ID number to the phone number 70000 [8], and the system returns the registration details of that number if it’s registered. The cost of that SMS is Ksh7 (Us¢7). These are the parameters that the SMS returns; name, county, name, constituency, polling station code, polling station, ward. It does not matter who queries the database, the information returned is the same. One phone number can query as many registered voters as the amount of Ksh7 they are ready to spend. The system will return the full list of all those parameters. You don’t even need to send a challenge code like a date of birth to get that information.

IEBC SMS verification output. Image source twitter @OwenKims [9]


To make the system more intuitive, IEBC development a Web portal where voters can query the same voter information at http://voterstatus.iebc.or.ke/voter. Here at no cost, the voter uses their ID number to query and get their registration status. The query returns all these parameters; ID number, name, date of birth, gender, poling station, county, constituency, and ward. It does not matter which ID number you query, you will be able to get the voter data. Here too, more data than required for verification is displayed, and there is no challenge code asked by the system. Any automated bot can harvest the entire database. And that is the problem.

more data than required for verification is displayed, and there is no challenge code asked by the system. Any automated bot can harvest the entire database. And that is the problem.

The problem

For the privacy conscious, IEBC is doing poorly with how they are exposing raw data of nearly 20 million Kenyans to the world. Anybody with basic programing skills would be able to harvest the raw data through an automated search. If you search any random number with the format of Kenya ID numbers, say hypothetically 12345678, you will realize you can pull up citizen’s details, at least ID number, and name, and locality they live. Basic security tips would require the system to have a captcha to prevent automated harvest of the information, and also output just the required information for verification, and nothing more. A captcha is defined as program or system intended to distinguish human from machine input, typically as a way of thwarting spam and automated extraction of data from websites.

Screenshot IEBC website returning more information than necessary, and without requiring a captcha


To test this problem, I Googled one of the top Presidential candidate Raila Odinga’s ID number, which was readily available online [10]. I then went ahead to retrieve his registration details as shown in the screenshot below.

Screenshot of Raila Odinga’s Voter details. Image source @lordmwesh [11]


The technical solution

This data breech was discussed at length at the KICTANET mailing list [12], where the community provided several solution;

  • Have a captcha to prevent automated harvest of the information, and have a challenge questions like date of birth to supplement the ID number, therefore only have the data owner have access their information (suggestion by yours truly)
  • Limit requests per IP address (suggestion by Emmanuel Chebukati)
  • Implement a two factor authentication (suggestion by Denis G. Wahome)
  • A government backed smart card which would offer appropriate level of authentication without locking out access to a section of users (suggestion by Mark Kipyegon)
  • Use ID Serial Number as a check to match the ID number (suggestion by Ngigi Waithaka), which he thought could be central to Kenya’s citizen data authentication, where Citizens are made to keep their ID Serial number as their ‘private key’ for all authentication in government platforms. This suggestion was backed by Odhiambo Washington.
  • Integrate the IEBC system with the ecitizen platform [13].  (Suggestion by Victor Kapiyo)

The policy, legal, and procedural solution

Still on the mailing list, Grace Githaiga supported an idea of legitimate implementable solution, which could be sent to IEBC, mooted by Emmanuel Chebukati. Ali Hussein suggested the whole verification exercise be suspended until the rookie mistake by IEBC is rectified. He continued,  “This is a serious breach. In the dark web there are vendors of stolen identities. What IEBC has done is to basically leave the bank vaults open and invite every identity theft vendor in the world into this treasure trove.” Victor Kapiyo added that the implementation by IEBC showed that in the absence of guidelines on how citizens data is managed, then anything is possible, and it wouldn’t be so hard to mine this data from IEBC servers for whatever purpose.

Grace Mutung’u provided a legal interpretation quoting the provision of the elections act on the inspection of the register by the public. She said the idea of the elections act was not only for voters to verify their details but also for the public to inspect the register. Inspection serves an important role in assuring the integrity of the vote by weeding out errors, and non existent voters. The register is also available in physical form at constituency offices for public inspection. It should therefore be possible for members of the public to view other people’s voter registration details. The question should only be what details are made public and also how to prevent harvesting of the data. She objected the justification for serial numbers or SMS [two factor] verification.

From the problem statement, only two of these implementations seem feasible, and still comply with the elections law of allowing a public audit of the register. The solution is have a captcha, and output just enough information to verify a voter, and nothing more.

From the problem statement, only two of these implementations seem feasible, and still comply with the elections law of allowing a public audit of the register. The solution is have a captcha, and output just enough information to verify a voter, and nothing more.

Changes by IEBC

On being notified of the glaring data breaches, IEBC put of the online system for 2 weeks as they were implementing the security mechanisms. The SMS platform remained firmly online.

Computer screenshot of IEBC verification page temporarily down


Now, the new, robust system according to IEBC is live. With only one change, captcha.

A mobile screenshot of IEBC website voter identification form screenshot with the captcha


From the query, the system is still spewing out more information than required. From a data protection perspective, a clean implementation should maybe just show the initials of the voter, in the case for Raila Odinda, show RO, and his polling station. The query should certainly not show his date of birth, and gender.

A mobile screenshot query from the IEBC system still with more private information relayed to the public than necessary.


This sort of rookie mistakes makes you feel there are no competent programmers, cyber security analysts , legal professions, and policy experts remaining in Kenya. But we are here :-). This serves as an indictment to the community who develop applications without proper system analysis.

Kenya does not have any data protection law. But there is a draft data protection bill. This should be a priority for us in lobbying the next Parliament. Data protection is envisioned in the constitution [14]. Article 31(c) of the Constitution outlines the right of every person not to have “information relating to their family or private affairs unnecessarily required or revealed” and Article 31(d), the right not to have “the privacy of their communications infringed”. It would also regulate the collection, retrieval, processing, storing, use and disclosure of personal data.

The Access to Information Act 31 of 2016 confers the Commission on Administrative Justice the oversight and enforcement functions to ensure citizen’s privacy is maintained. in section 21 of the Act, the Commission on Administrative Justice has the Functions [15]; (b) request for and receive reports from public entities with respect to the implementation of this Act and of the Act relating to data protection and to assess and act on those reports with a view to assessing and evaluating the use and disclosure of information and the protection of personal data; (d) work with public entities to promote the right to access to information and work with other regulatory bodies on promotion and compliance with data protection measures in terms of legislation; (h) perform such other functions as the Commission may consider necessary for the promotion of access to information and promotion of data protection.

Why is all this important?

The Business Daily newspaper has case in point of citizen data breach. In 2011, a convicted criminal serving time at the Kamiti Maximum Prison, forged an ID card belonging to retired Chief of the Kenya Defense Forces (KDF), General Jeremiah Kianga. The fraudster conned Kenyans off thousands of shillings via mobile money with the promise of enrolling them in the army. Last March, police in Eldoret arrested a man suspected of stealing over Sh180,000 from mobile money agents in Nandi using dozens of stolen SIM cards and ID cards, which were used to register M-Pesa lines [16].

Who else is mishandling citizen data in Kenya? Reach out to me if you have such case studies at @lordmwesh

The next debate on information confidentiality is usually centered around the question, “Why should I care if I have nothing to hide?” The next article will try to answer that question. Do you have anything to hide?


  1. Data protection bill 2013 http://icta.go.ke/data-protection-bill-2012/
  2. Elections Act No: No. 24 of 2011 http://www.kenyalaw.org/lex//actview.xql?actid=No.%2024%20of%202011
  3. Registered Voters Per Constituency For 2017 General Elections https://www.iebc.or.ke/docs/Registered%20Voters%20Per%20Contituency%20For%202017%20General%20Elections.pdf
  4. Kenya Population http://www.worldometers.info/world-population/kenya-population/
  5. Statistics of 2017 voters https://www.iebc.or.ke/registration/?stats
  6. Election Laws Amendment Act 2017 http://kenyalaw.org/kl/fileadmin/pdfdownloads/AmendmentActs/2016/ElectionLaws_Amendment_Act_No1of2017.pdf
  7. IEBC register Sh20,000 price tag questioned www.businessdailyafrica.com/news/IEBC-register-Sh20-000-price-tag-questioned/539546-4002054-fdm6p9/index.html
  8. Check registration status by texting ID or passport number to 70000 – IEBC www.the-star.co.ke/news/2017/06/29/check-registration-status-by-texting-id-or-passport-number-to-70000_c1588008
  9. SMS verification output https://twitter.com/OwenKims/status/880376549920448512
  10. Raila shares ID number with another voter https://citizentv.co.ke/news/raila-shares-id-number-with-another-voter-155443/
  11. Screenshot without captcha https://twitter.com/LORDMWESH/status/880554515832782855
  12. [kictanet] Poor show by IEBC: Data Protection in year 2017 and the case of raw voter registration datahttps://lists.kictanet.or.ke/pipermail/kictanet/2017-June/052096.html
  13. Kenya E-citizen portal https://www.ecitizen.go.ke/ecitizen-services.html
  14. Constitution of Kenya http://www.kenyalaw.org:8181/exist/kenyalex/actview.xql?actid=Const2010
  15. Access to Information Act No. 31 of 2016 http://www.kenyalaw.org/lex//actview.xql?actid=No.%2031%20of%202016
  16. Safaricom goes for photo IDs to block M-Pesa fraud http://www.businessdailyafrica.com/corporate/companies/Safaricom-photo-ID-agents-M-Pesa-fraud/4003102-4008158-1sep6kz/index.html retrieved 10 July 2017


Humans have been traveling across the globe even before borders were drawn for reasons ranging from business, exploration, social, medical, education, and migration. After 9/11, traveling became more complex with tight Visa rules, military grade screening of passengers, and increased surveillance. The latest casualty of these tight measures are ICT savvy travelers.

In March 2017, The US and Britain introduced new regulations for flights from Middle East, and Africa. The regulations ban passengers from carrying large electronic devices citing security concerns. The countries affected were Jordan, Egypt, Turkey, Saudi Arabia, Qatar, Kuwait, Morocco and the United Arab Emirates. The circular from the US homeland security read:

“These enhancements apply to 10 specific airports. The affected overseas airports are: Queen Alia International Airport (AMM), Cairo International Airport (CAI), Ataturk International Airport (IST), King Abdul-Aziz International Airport (JED), King Khalid International Airport (RUH), Kuwait International Airport (KWI), Mohammed V Airport (CMN), Hamad International Airport (DOH), Dubai International Airport (DXB), and Abu Dhabi International Airport (AUH).”

With the new regulations, any device bigger than a hand help phone should be put in the checked-in luggage, and not carried onboard by the passenger. The listed devices are laptops, tablets, e-Readers
cameras, Portable DVD players, electronic game units larger than a smartphone, travel printers, and scanners.

In the age of Snowden and Wikileaks, these regulations pose a cyber security risk. It gives a window of opportunity for anybody targeting data in the devices to get access to the checked-in devices, usually a laptop. The checked-in laptops of persons of interests will either be cloned, or disappear altogether. A federal agent will mark the luggage of the person of interest, and along the several luggage transfer chain, locate it and remove the laptop and clone the hard disk getting away with a wealth of data. This process can be done by either physically removing the hard disk, using a live CD like Tails to copy the contents of the laptop, or just crack the user account and gaining access to the laptop. This may sound far fetched, but federal agents have been known to go to great lengths to access information they deem necessary in their work.

Airlines have started being creative to help their clients experience the same convenience they are used to. For example, Emirates Airlines has introduced two services to it’s clients, a laptop handling service that lets clients use their devices until before boarding, and complimentary laptops for business and first class customers, where the customers are given Microsoft Surface 3 tablets to work onboard. Although this does not remove the security concerns mentioned above, it gives those who can afford a window to be productive while flying.

How do you secure your data while traveling?
The Electronic Frontier Foundation, an international non-profit digital rights group based in San Francisco, California, gives some suggestions on traveling with data, especially after the U.S. government reported an increase in the number of electronic media searches at the US border.

  • Store all sensitive data on a secure cloud offering like Dropbox or SpiderOak, or better still on a private hosted server.
  • Use a Chromebook as your travel laptop, which by default store all data on the cloud
  • If you must travel with your data, have two hard drives which you swap on convenience. One with a clean operating system install without any data, and another with the operating system and data, but only swapped when the laptop is in use.
  • Always use full strong disk encryption for all your data.
  • The next debate on information confidentiality is usually centered around the question, Why should I care if I have nothing to hide? The next article will try to answer that question. Do you have anything to hide?

    The 25th Africa Network Information Center (AFRINIC) meeting will be held from 25th to 30th November 2016 at Sofitel Imperial hotel in Mauritius.

    Tutorials will be held on Computer Emergency Response Teams (CERTs), IPV6 foundation training, Internet Number Resource Management, and a session on increasing participation at the Internet Engineering Task Force (IETF) in the African Region.

    The session on AFRINIC Government Working Group will explore ways of involving more African governments and multilateral organisations in Internet Governance efforts.

    The Fund for Internet Research and Education (FIREAfrica.org) will hold a session training their grantees on Leadership skills, project management, and pitching to investors.

    An interesting development will be the launch of AFRINIC’s new IPv6 testing and certification platform available at http://certi6.io.

    The hallmark for all Regional Internet Registry meetings is usually the Policy Discussion Working Group (PDWG). The PDWG will discuss four policies among them Inbound Transfer Policy, Soft Landing policy Overhaul, the proposal to Transfer IPv4 Resource within the AFRINIC region, and Internet Number Resources Review by AFRINIC.

    The last day will have the Special general members meeting, where members will vote for Special Resolutions for AFRINIC Proposed Bylaws Changes, and elections of members for the AFRINIC Governance Committee.

    The Agenda of the meeting is available here: https://meeting.afrinic.net/afrinic-25/agenda

    The security firm ESET has warned on an increase of infected e-mails containing a malicious zipped attachment called Nemucod. It downloads ransomware, for example, TeslaCrypt or Locky. When opened, it encrypts the data on the victim’s computer and demand ransom for decryption. The virus has been detected in Europe, North America, Australia, Japan, and Africa . According to an Intel security report, global ransomware cases increased almost 170% in 2015. Bitdefender, an internet security company, found that almost half of the victims surveyed across Europe and the US have paid extortionists to recover data .

    The Eastern Africa nations in March 2016 formed a network to tackle Cybercrime.

    Uganda, Kenya, South Sudan, Ethiopia, and Somalia have formed the Eastern African Cybercrime Criminal Justice Network. This will help exchange of information between law enforcement agencies among members on issues pertaining to the fight against cybercrime. The network will facilitate learning on best practices, and harmonisation of national laws. It will also provide technical assistance needs in the area of international cooperation to combat cybercrime. The initiative was championed by the United Nations Office on Drugs and Crime and the Commonwealth Secretariat.

    Netflix is the US based on-demand internet video streaming service that rolled out globally earlier this year. It offers subscribers an extensive array of streaming videos. Netflix is an expensive affair. To access it, you need a proper working broadband internet, a specialized device like chromcast to stream if you don’t have a smart TV or a computer, and pay a monthly subscription fee. This is out of reach of many Kenyans.

    Despite it being expensive, Netflix will disrupt the Internet landscape in Kenya. It will bring Internet prices down, increase internet access and coverage, and increase competition in the industry.

    Netflix is accessed through a broadband Internet connection. That means the 30 million internet users can theoretically access it. But they can’t since majority of them only have feature phones. Those with smartphones must be ready to break the bank to have enough data bundles to stream movies month in, month out.

    Affordable unlimited internet is the only way many Kenyans will be able to access Netflix. How Internet Service Providers (ISPs) improve their products and coverage to cater for home users will determine the uptake of Netflix. Zuku, and Jamii Telkom (JTL) are poised to lead on this one because they relatively have the best products on unlimited fixed broadband access in the market. But they will feel the heat because the international Netflix traffic consumes a lot of bandwidth. This may lead to trotting bandwidth to survive. Cellular companies like Safaricom, Airtel and Orange too can capitalize on Netflix demand if they can have competitive unlimited broadband Internet. Airtel’s Unliminit product seem to be popular within the low income bracket. Satellite provides too can roll out VSAT and cover underserved regions. The entrance of Kenya Power in the fray may be what the consumers need. Bruising competition.

    ISPs are barely scratching the surface with JTL having 7,486 and Zuku 50,000 subscribers. According to Communications Authority of Kenya (CA) data, broadband subscriptions increased by 19.3 per cent to reach 6.3 million in 2015, marking a penetration level of 14.7 per cent. Most of these being from cellular companies.

    Our market is unique. The cost for Netflix alone is around 800 bob a month, but the cost of unlimited broadband is around 4000 bob. 800 bob can give you 16 DVDs in River Road, enough to entertain your family for a whole month. Technology must match the cost of buying a counterfeit DVD to dismantle that market. That day is coming.

    To promote locally hosted content uptake, ISPs may need to discriminate between local and international transit. Netflix should setup a local cache, and ISPs should give an unlimited package for local content for say Ksh1000 a month, that will see local content production and utilization explode.

    This may go against net neutrality principles, but since CA has not given any policy direction on the same, the ISPs may take advantage of it. A cache peering at the Kenya Internet Exchange Point (KIXP) will make the service really affordable because the cost of international bandwidth will be eliminated.

    Every user I meet who lives outside the coverage area of fixed cable internet is praying that they roll out in their neighborhoods, although the ISPs are hesitant since the only wish to invest in areas where they have the highest return on investments.

    I live in one of the most non digital estate, a place called “Rungiri rwa Ngwaci”, where my village mates may never have use for the internet and where zuku or JTL would never have thought of venturing. But with Netflix, we might see places like “Rungiri rwa Ngwaci” covered because my neighbors may see the use of Internet as a tool for entertainment.

    When we reach that stage where internet is a utility like water and electricity, then we shall know development. Before then, let me renew my internet bundles before they expire. There is one more reason to have Internet at home. Family entertainment.



    (Published in Daily Nation in Kenya, and at circleid)

    A very Interesting meeting The Internet Governance Forum (IGF) with an ambitious theme of connecting the worlds next billion people to the Internet took place in early November in a beautiful resort city of Joao Pessoa in Brazil under the auspice of the United Nations. Few Kenyans paid attention to it yet the repercussions of the policy issues discussed affects us all.

    Each year, there is one topic that takes the world by storm at the IGF. Two years ago, it was surveillance. This year, it was net neutrality. Net Neutrality in its most basic form is the ability of Internet service providers to treat all content that pass through their network equally without any form of discrimination. For example, Safaricom should not give preference to Wikipedia.com offering it for free, or Airtel should not give preference to Youtube, giving it a fast lane at the expense of other websites. There are many ways to which Net Neutrality is abused, among them giving fast lanes to certain services, traffic shaping, and zero rating.

    Zero rating means the end user does not pay for accessing a certain service, but the service offerings are limited. For example, the user will only have free access to Facebook, or Wikipedia, and nothing else. The content the user can access is determined by those with financial power. And there lies the problem, limited access for the end user. You see, the Internet is a public good, an engine for economic growth and development. The utilitarian approach is therefore to have as many people have access to the Internet as possible for a nation to attain its economic potential.
    At the IGF, researchers took sides on zero rating depending on their interests. A research in Asia revealed that zero rated services were an entry point for people who had no access to Internet, and those who used zero rated services converted to paid users after a while. Another research showed that people don’t use the Internet not because of the cost or availability, but because they don’t need it. Weird conclusion I can say. An interesting fact is; in communities where zero rated services were the norm, the users did not know the difference between the Internet and Facebook. That is a major problem if you ask me. Another research by Mozilla Foundation dubbed equal rating found that when users are given Internet bundles, they accessed diverse types of websites, not just one single website. But the big question was who funded these types of research? Facebook was accused of flying Cabinet Ministers from developing countries to expensive resorts in California to influence them allow zero rated service in their countries.

    We should say no to zero rating because it leads to monopolistic behaviours, anti-competitiveness, and customer lock-in. Zero rating gives a false Internet because it removes incentives for giving the underserved regions a proper Internet. Remember the definition of Internet is a global system of interconnected computer networks, not just a single website.  Companies running zero rated services are crafty and just want to add up number of users to their platforms to increase their advertisement revenue streams. Zero rating stifles innovation because innovators are not able to penetrate the market where market leaders with tonnes of money have directed all the users to their own services.

    Zero rating is here with us. Airtel partnered with Facebook to offer Free Basics, a service that allows users to only access specified websites.

    The government has not taken any steps to protect the users, and innovators among us from such demeaning service. What is more annoying is government inaction to formulate proper ICT policies that move with the rapid changing times. Can you believe the National ICT Policy was last updated in 2006? It is therefore sad to have a government with pools of policy expert, who cannot formulate a Net Neutrality policy. The government is getting everything wrong in ICT policy formulation. Isn’t it Plato who said, “We can easily forgive a child who is afraid of the dark; the real tragedy of life is when men are afraid of the light!”

    All that notwithstanding, the government should pay keen interests to the following points:

    • Zero rating is illegal in most of the developed countries. Ask yourself why.
    • Communications Authority of Kenya (CA) is a regulator and not a policy maker. Without policy on Net Neutrality, they have nothing to enforce thus leaving market players to their own devices, and anti-competitive behaviour.
    • The community, in an all-inclusive manner should develop a Net Neutrality policy.
    • CA is usually given targets to ensure universal coverage of communication services. They are very happy to maintain the status quo since they will report zero rated services as a metric of increased Internet access. This will be a big lie because they will have denied the rural folks access to the Internet. We all know one website is not the Internet. The best practice is to have the regulator pressure telcos increase rollout in under-served regions as part of their Universal Service obligations.
    • Zero rating infringes on fundamental human rights by denying users access to the Internet. It may be a conspiracy to keep developing countries in the darkness of the information age.
    • Let us advocate for universal coverage, better utilisation of Universal Service Fund, telecommunication infrastructure sharing, increased road coverage, accessible wayleaves and cable ducts, affordable energy, local content and hosting. All these will ensure the COST of internet comes down to a level where every citizen can afford.

    As Vyria Paselk, Director of Internet Leadership at Internet Society put it, “if your country does not have access to the Internet, then you are not participating in the internet economy”. And isn’t the entire world now an Internet economy?


    Mwendwa Kivuva is a research fellow at Strathmore University’s Centre for Intellectual Property and IT Law, and a fellow at Kenya ICT Action Network (KICTANET), Nairobi, Kenya.

    kivuva@transworldafrica.com, Twitter: @lordmwesh

    (Published in Daily Nation on Tuesday 19th January 2016)

    Technology can help Kenya achieve free Universal healthcare, and make it efficient too.
    Kenya is a country where its leaders have the temerity to gives its children dog food, as the leaders eat pizza.

    Consider this; healthcare in public hospitals is pathetic. It has always been like that. The public hospitals are ill equipped, Patients share beds, subjected to demeaning service , drugs are missing, doctors are few and apart, and when they are available , they do speed diagnosis so that they can go back to private practice. This systematic ruin has led to years of neglect in our healthcare system. Persevering Kenyans are used to this. They have accepted the poor service as a standard, dreading when they shall fall sick. The struggling middle-class raise funds, take loans and insurance to go to private hospitals. They are trying to escape the failures of government, and are too busy to pressure the government to offer better healthcare.

    This can change. And it would not cost an arm and a leg. Nearly all civil servants access healthcare in private hospitals. Private hospitals are doing booming business. They are equipped, pharmacies have drugs, hospitals are clean, and doctors are always on time. All this is paid by taxpayers, literally. And these private hospitals are conniving. They triple bills, conspire with patients for claims, and all manner of unimaginable malpractice.

    The government could have a policy that requires patients whose bills are paid by taxpayers to only access treatment in public hospitals, from the President to the lowest ranked civil servant. The policy makers would therefore demand better services because it affects them directly, and the benefits of this would reach every Mwananchi. This way, government would prioritize healthcare the way they prioritize other infrastructure projects. Former health Minister Charity Ngilu tried to change public perception by insisting on being admitted at KNH whenever she was sick.


    Assuming the 150,000 civil servants together with their families use Ksh100,000 per year on medical care, that translates to 15billion. If this is allocated to public healthcare, it is enough to build 4 hospitals the size of KNH every year.


    It’s scandalous that one hundred and fifteen years since King George hospitals (now Kenyatta hospital) was built, there is no national Electronic Medical Records (EMR). According to the US which has a Health Insurance Portability and Protection Act (HIPPA), an EMR is a systematized collection of patient and population electronically-stored health information in a digital format. These records can be shared across different health care settings. Records are shared through networked, enterprise-wide information systems. EMRs include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.


    EMR systems are designed to store data accurately and to capture the state of a patient across time. It eliminates the need to track down a patient’s previous paper medical records and assists in ensuring data is accurate and legible. It can reduce risk of data replication as there is only one modifiable file, which means the file is more likely up to date, and decreases risk of lost paperwork. Due to the digital information being searchable and in a single file, EMR’s are more effective when extracting medical data for the examination of possible trends and long term changes in a patient. EMRs also facilitate population-based studies of medical records.


    An EMR is ripe for Kenya which is committed to ensuring there is Internet in all health centers across the country by the year 2017. An EMR will bring efficiency to our hospitals and cut on costs, reduce the number of record officers, eliminate storage of voluminous files, and the time doctors spend with patients. Patients on the other hand will be able to access quality medical care anywhere in the country.

    I hope the current CS Dr. Mailu can read in between the lines and rescue ailing Kenyans. From his resume, he’s an intelligent and accomplished man. He can convince the self-christened digital government to walk the talk. If he teams up with the ICT CS Mucheru, I believe that will be a winning combination in bringing meaningful change.

    A healthy nation is a wealthy nation. With technology, and all of us eating dog food, we will achieve free universal healthcare.