Telcos regulator seeks to monitor WhatsApp

It has.

Sent from my iPhone

On 4 Nov 2018, at 09:02, Albert Mukiria via kictanet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote:

I am not sure if this has already been posted, but this article says the regulator wants the data stored on WhatsApp and Skype to be shared by the Govt.

www.businessdailyafrica.com/economy/Telcos-regulator-seeks-to-monitor-WhatsApp/3946234-4832970-15byqjn/index.html

On Fri, 2 Nov 2018 at 16:56, Mark Elkins via kictanet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote:

As a follow on to WhatsApp and its end-to-end security – one can do something quite similar for e-mail.

Practising what I preach…

At Posix Systems – customers can send e-mail to my mail relay server. This is running Mail Submission on port 587 with username/password authentication over TLS (The session is encrypted). This has the distinct advantage of working from any Internet connection my customer is on and everything is encrypted whilst over the wire. Additionally, if you are an ISP with your own customer infrastructure – you can now block port 25 and reduce SPAM from Virus\’ on customer PC\’s. Customers can also fetch e-mail (POP3/IMAP) over TLS (Ports 995 and 993 respectively) – so both the e-mail and passwords are also securely encrypted when fetching/downloading email.

Whilst email-server to email-server can opportunistically also run TLS (encryption) between MTA\’s (Mail Transport Agents), I also run DANE. This means if the target mail system advertises their TLS info in a TLSA DNS record (Advertise their SSL Certificate in the DNS System) – I KNOW they have TLS (a Security Certificate) and WHAT IT SHOULD LOOK LIKE – so if a connection is made and either the TLS signature is incorrect or does not exist (perhaps a man-in-the-middle attack) – the mail will not be delivered.
The only issue with this is the target TLSA record must be in a DNSSEC signed zone – and obviously, the sending MTU must use a DNSSEC aware DNS Resolver to check the Target Mail system.

This setup though gives end-to-end encryption of e-mail that no one can intercept. The MTA\’s though do have the e-mail in an unencrypted form. I\’d presume the e-mail customers can trust their ISP\’s.

(Although technical – I hope this brief description is understandable)

On 11/02/2018 12:16 PM, Mwendwa Kivuva via kictanet wrote:
Thanks Wambua.

Just to clarify, and even rubbish that article, we need to understand that a platform like whatsapp uses end to end encryption, and cannot be snooped on, not even by Facebook.

End-to-end encryption

When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates and calls are secured from falling into the wrong hands.

WhatsApp end-to-end encryption ensures only you and the person you\’re communicating with can read what\’s sent, and nobody in between, not even WhatsApp. Your messages are secured with locks, and only the recipient and you have the special keys needed to unlock and read your messages. For added protection, every message you send has an unique lock and key. All of this happens automatically: No need to turn on settings or set up special secret chats to secure your messages.

Important: End-to-end encryption is always activated. There\’s no way to turn off end-to-end encryption.

OK, Now that we have debunked the possibility of CA reading your whatsapp, let us look at the types of regulations CA can put on over the top services. Remember Uganda social media tax? What about Ethiopia restriction of Skype? Yes those are the two most popular regulatory interventions that backward regimes use.

1. Censorship, filtering, and blockage

2. Taxation

On Fri, Nov 2, 2018, 11:50 AM Wambua, Christopher via kictanet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote:
Listers

For purposes of clarity on the objects of the tender in question, I wish to refer listers to the public tender document which is available on CA’s website at ca.go.ke/wp-content/uploads/2018/10/Consultancy-Services-For-The-Study-On-Over-The-Top-OTTs-Technologies-Services-In-Kenya.pdf

In brief, the Authority, under its strategic objective of enabling widespread deployment of infrastructure and services through promotion of new and emerging technologies, plans to undertake a study to determine the regulatory mechanisms that can be employed to cater for new and emerging areas with specific focus on over the top services. The consultant shall be expected to propose the regulatory approach that the Authority can take in respect to OTTs. CA takes this opportunity to invite listers who meet the requirements set out in the tender documents to submit their bids by 14th November 2018.

CA wishes to assure listers that we have not interest whatsoever in snooping into your WhatsApp conversations as that would be against the spirit and letter of the constitution. We have however noted that the headlines on the articles on this tender are misleading, and the Authority is taking up this matter with the respective editors.

I hope this clarification puts this matter to rest.

Regards

Christopher Wambua

Ag. Director/Consumer & Public Affairs | Consumer and Public Affairs

[Description: Description: http://digital.scanad.com/casignature/img/logo.png]

Tel: +254 20 4242000/284
Office Mobile: +254 730 042284/
+254 730172284

P.O. Box 14448 Nairobi 00800

[Description: Description: http://digital.scanad.com/casignature/img/mail.png]wambua@ca.go.ke<mailto:wambua@ca.go.ke> [Description: Description: http://digital.scanad.com/casignature/img/facebook.png] Communications Authority of Kenya<www.facebook.com/CAOKenya?ref=hl> [Description: Description: http://digital.scanad.com/casignature/img/twitter.png] ca_kenya [Description: Description: http://digital.scanad.com/casignature/img/web.png] www.ca.go.ke <www.ca.go.ke/>

[Description: Description: http://digital.scanad.com/signature/banner.jpg]

From: kictanet <kictanet-bounces+wambua=ca.go.ke@lists.kictanet.or.ke<mailto:kictanet-bounces+wambua=ca.go.ke@lists.kictanet.or.ke>> on behalf of KICTAnet Discussions <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>>
Reply-To: KICTAnet Discussions <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>>
Date: Friday, 2 November 2018 at 05:07
To: Christopher Wambua <wambua@ca.go.ke<mailto:wambua@ca.go.ke>>
Cc: Ali Hussein <ali@hussein.me.ke<mailto:ali@hussein.me.ke>>
Subject: Re: [kictanet] Telcos regulator seeks to monitor WhatsApp

@GG

Thanks for sharing. I’m curious as to what the world is coming to. Everyone wants to snoop and regulate. Can the CA tell us what’s the major value proposition to increasing snooping on us?

Regulators need to spend more time enabling the sector they are supposed to grow and the CA has really been progressive in many ways. Once in a while though they try to go back to the bad old KANU days. The onus is on us to remind them that Kenyans shut that door kitambo sana.

Ali Hussein
Principal
AHK & Associates
+254 0713 601113

Twitter: @AliHKassim

Skype: abu-jomo

LinkedIn: ke.linkedin.com/in/alihkassim

\”We are what we repeatedly do. Excellence, therefore, is not an act but a habit.\” ~ Aristotle

Sent from my iPad

On 1 Nov 2018, at 10:57 PM, Grace Githaiga via kictanet <kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>> wrote:

Kenya is considering regulating online services such as WhatsApp and Skype in a radical move that could force the internet-based service providers to share data with the government.

The Communications Authority of Kenya (CA) is in search of a consultant to study and determine how the so-called over-the-top services (OTTS) operated by groups such as Facebook, which runs WhatsApp, and Skype owner Microsoft, could be regulated.

Read on: www.nation.co.ke/business/Telcos-regulator-seeks-to-monitor-WhatsApp/996-4833020-fn9u7s/index.html

Best regards

Githaiga, Grace

Co-Convenor
Kenya ICT Action Network (KICTANet)
Twitter:@ggithaiga
Tel: 254722701495
Skype: gracegithaiga
Alternate email: ggithaiga@hotmail.com<mailto:ggithaiga@hotmail.com>
Linkedin: www.linkedin.com/in/gracegithaiga
www.kictanet.or.ke<www.kictanet.or.ke>

\”Change only happens when ordinary people get involved, get engaged and come together to demand it. I am asking you to believe. Not in my ability to bring about change – but in yours\”—Barrack Obama.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>
lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke<www.eacdirectory.co.ke>

Unsubscribe or change your options at lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people\’s times and bandwidth, share knowledge, don\’t flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>
lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke<www.eacdirectory.co.ke>

Unsubscribe or change your options at lists.kictanet.or.ke/mailman/options/kictanet/kivuva%40transworldafrica.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people\’s times and bandwidth, share knowledge, don\’t flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke<mailto:kictanet@lists.kictanet.or.ke>
lists.kictanet.or.ke/mailman/listinfo/kictanet
Twitter: http://twitter.com/kictanet
Facebook: www.facebook.com/KICTANet/
Domain Registration sponsored by www.eacdirectory.co.ke<www.eacdirectory.co.ke>

Unsubscribe or change your options at lists.kictanet.or.ke/mailman/options/kictanet/mje%40posix.co.za

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people\’s times and bandwidth, share knowledge, don\’t flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.