Wednesday, March 21, 2012

A small step for Government but a leap for Kenya

Today a story broken by the Daily Nation had the sensational headline "CCK Sparks Row with Fresh Bid to Spy on Internet Users". The story has triggered a very lively debate both in conventional broadcast as well as online media. While many feel threatened about the alleged invasion of their privacy, some of the more clued up are welcoming this development. The 'row' alluded to by the author the DN article seems to be attributed to some telecoms service providers reactions towards letters received from the CCK requiring them to cooperate in the installation of internet traffic monitoring equipment which the article refers to as "Network Early Warning System (NEWS)". Apparently CCK has clearly stated that the system will support the country's ability to detect and facilitate response to possible cyber threats.

Kenya as a country has had her fair share of threats, both online or in the form of cyber-threats as well as in real life. The most significant of these was the bombing of the US embassy in Nairobi which took place on August 8th 1998 (a day before my wedding!) and resulted in the deaths of hundreds of people. The bombing, which took place simultaneously with a similar attack in Dar es Salaam, Tanzania was attributed to Al-Qaeda, the fundamentalist terrorist group associated with Osama bin Laden. The 1998 incident cast a spotlight on Kenya's low level of preparedness to deal with major disasters and also raised a lot of questions about our ability as a country to gather intelligence and act on it.

A grenade blast which killed two and and led to the near capture of one of the most wanted Al-Qaeda terrorists at a cybercafe in Mombasa in 2003 in an operation carried out jointly between Kenyan and CIA operatives was a result of close coordination between security agencies as well as the use of "high tech gear, low tech human intelligence and courage". Part of the high tech gear involved in this operation allowed the security officers to track and monitor "patterns" of online communication that allowed them to close in on the terrorists. In this incident and a few other similar ones it has always been reported that the "Kenyan authorities used information provided by" [foreign nation], why can't we have our own capability to gather such information? Especially when it seems that the terrorists use online technologies for much of their planning.

It is therefore my opinion that the move by Kenya to improve her ability to detect and facilitate response to cyber-threats is a small step for the Government but a huge leap for the country. This exercise, coupled with the impending setup of the Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC) with support from the ITU will go a long way towards enhancing the Government's obligation to protect her citizens.

No comments: