Privacy trampled online in Kenya

[img_assist|nid=8314|title=|desc=|link=none|align=left|width=99|height=100]Kenyaipos, an African website that was built to facilitate online share applications for Safaricom's initial public offering, was found insufficiently secure with investors.

At fist the site was gladly welcomed by investors as they thought it very conveniently is able to escape queuing for hours at the brokers' offices to apply for shares.

To access the website where they could apply for their shares, these Internet investors were requested to enter their CDS account and national identity card numbers.

But as it turned out, the investors' applications could be easily accessed by anybody on the site.

The system proved to have some significant defects in its the information privacy and security.  By simply manipulating the CDS numbers one could view crucial details about fellow investors.

"The developers should have considered additional information such as date of birth, three names as opposed to the two required numbers to gain access to the site," said Mr Muchuki Mwangi, an education manager at Internet Society.
"Breach of privacy is liable for a huge lawsuit," Mr Mwangi said.

"Public exposure or not. Other people have access to my details. I feel stripped and naked. I cannot trust myself with some of this readily available information and some people might be blackmailed now that people are holding very private information," said a member of Skunkworks.

However after the host, Citibank, was supposedly informed of the flaw the whole day was spent to disable and block the site.

Such cases show that there is a substantial problem existing with securing personal information and ensuring privacy.
A large number of customers using the services of many companies such as banks, mobile phone service providers and supermarkets are undergoing unnecessary exposure as for their delicate information as well as hospital records now online in some technology savvy clinics.

"Companies need to step up their Internet security measures by investing heavily on how to detect hacking and breach of privacy as well as tighten security levels needed before one can gain information," said Mr Mwangi.

"Citi has to put into place appropriate procedures to safeguard and secure the information collected through authentication firewalls and encryption technology," he said.