Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Politics
nowayhaha
Level: Lord Barons
Posts: 1132
Joined: Thu Mar 28, 2013 6:05 am

Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by nowayhaha » Sun Sep 17, 2017 3:58 am

http://www.judiciary.go.ke/portal/asset ... 17%201.pdf


ICT EXPERTS

PROF ELIJAH OMWENGA
PROF JOSEPH SEVILLA



What is their level of expertise ?
How independent are they and what is their political leaning ?
Did they knowingly or unknowingly or was it by design to mislead the Supreme Court ?
What are their business interests ?
Most importantly are they academicians as it is known the side of academics is always good in theory and very poor in practicals ?

These are some of the fundamental questions which will be discussed in the coming months

nowayhaha
Level: Lord Barons
Posts: 1132
Joined: Thu Mar 28, 2013 6:05 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by nowayhaha » Sun Sep 17, 2017 5:28 am

Prof. Elijah I. Omwenga, PhD
Education and Professional Experience: Professor Elijah I. Omwenga holds a PhD in Computer
Science from the University of Nairobi in the area of Information Systems. He also has a Masters
degree in Computer Science from the National University of Science and Technology (NUST),
Bulawayo; a Post-graduate Diploma in Computer Science, Nairobi; and a Bachelor of Education
(Sc.) degree from Kenyatta University. He is an Associate Professor at the School of Computing
and Informatics, University of Nairobi. Omwenga is a seasoned Software Engineer with over 25
years of experience.

https://profiles.uonbi.ac.ke/eomwenga/f ... norefs.pdf

nowayhaha
Level: Lord Barons
Posts: 1132
Joined: Thu Mar 28, 2013 6:05 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by nowayhaha » Sun Sep 17, 2017 5:29 am

DR. JOSEPH SEVILLASenior Lecturer
Dr. Sevilla is currently Director of @iLabAfrica, a Research and Innovation Centre at Strathmore University (Nairobi, Kenya). He is also the Director of @iBizAfrica, a business incubator at Strathmore. He graduated as an Industrial Engineer (Universidad del País Vasco, Spain, 1980) and holds an MSc in Computer Science (University College London, UK, 1995) and a PhD in BioInformatics (Tecnun, Universidad de Navarra, Spain, 2005).

Dr Sevilla is a Member of the British Computer Society and has actively participated in the “East African Internet Association” (EAIA) and the “Computer Society of Kenya” (CSK); he has been a member of the EAIA Executive Board and Chairman of the CSK Education Committee.

http://www.fit.strathmore.edu/dr-joseph-sevilla

nowayhaha
Level: Lord Barons
Posts: 1132
Joined: Thu Mar 28, 2013 6:05 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by nowayhaha » Sun Sep 17, 2017 7:45 am

IT experts and scrutiny of forms may have sunk IEBC

Failure by the electoral commission to demonstrate that the presidential election was held in a transparent and accountable manner was at the heart of the Supreme Court’s decision to void the results.

The court appears to have taken seriously reports presented to it by two teams of experts it directed to examine Independent Electoral and Boundaries Commission servers and forms 34A, 34B and 34C that were used to declare Uhuru Kenyatta the winner of the August 8 election.

The report on the servers was written by Prof Elijah Omwenga and Prof Joseph Sevilla, IT experts appointed by the court and Ms Janet Kadenyi, an employee of the Judiciary.

The court wanted its experts and those of the petitioner, Raila Odinga, to access IEBC servers to mine some key information.

IEBC stonewalled and delayed the access for hours and when it allowed it, it was not in the manner the court ordered.

TESTS
For example, IEBC declined to provide the internal configuration firewall to its server, arguing that it will affect the security of their system.

In their report to the court, the experts disagreed, saying providing the firewall will not affect the integrity of the system.

That IEBC refused to open itself to scrutiny appears to have convinced the judges the commission had something to hide.

The court also wanted certified copies of certificates of penetration tests conducted on the IEBC election technology system.

HACKING

These are performed to test the integrity of the system and ability to withstand hacking.

IEBC provided copies that were not certified in accordance with Election Technology regulation 10 of 2017.

Again, the experts report indicts the commission and the judges followed suit.

KIEMS

The other order was on log-in trail of users and equipment into the IEBC servers and Kiems database management system.

This could have revealed information on whether there was unauthorised access to the system to change results as claimed by Nasa.

IEBC refused to provide this information.

On the forms scrutiny IEBC provided 41,451 34As, 291 34Bs and one 34C.

The scrutiny showed a number of anomalies that could have helped sway the judges decision.

They included forms that did not have security features, those that were not signed by agents and returning officers or stamped by the IEBC.

IMPUNITY

An election, Chief Justice David Maraga said, is a process, not an event.

How the winner is declared, from the tallying of the votes to their transmission, matters.

It is not random numbers announced.

They must be backed up by genuine documents and a system that is transparent, accountable and verifiable.

This was simply not the case and with the court’s ruling, Kenya is no longer just another African country where democracy is routinely subverted with impunity.

http://mobile.nation.co.ke/news/supreme ... index.html

obienga
Level: Council of the gods
Posts: 5136
Joined: Thu Mar 21, 2013 7:28 pm

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by obienga » Sun Sep 17, 2017 9:56 am

nowayhaha wrote:
Sun Sep 17, 2017 3:58 am
http://www.judiciary.go.ke/portal/asset ... 17%201.pdf


ICT EXPERTS

PROF ELIJAH OMWENGA
PROF JOSEPH SEVILLA



What is their level of expertise ?
Most importantly are they academicians as it is known the side of academics is always good in theory and very poor in practicals ?

These are some of the fundamental questions which will be discussed in the coming months
These two questions are indeed pertinent, IT is broad body of knowledge. Its akin to the difference between a pediatrician, a urologist, a neurosurgeon and an anesthesiologist. They are all doctors but they are qualified for very specific niches and cannot interchangeably perform each others speciality.

The relevant question thus would be whether they are experts in the specialization they were undertaking which was in effect an IT audit. Did they have the requisite and globally recognised credentials such as CISSP or CISA?

User avatar
anonymousz
Level: Nobles
Posts: 850
Joined: Sun Oct 02, 2016 7:28 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by anonymousz » Sun Sep 17, 2017 2:25 pm

technology is about simplifying work, you can count votes, if you will, with fingers/toes, stones, abacus, calculator, spreadsheets, applications ... so long as the votes are cast in a fair and credible manner and properly preserved, that's all what is important, you may count them several dozen ways to everyone's satisfaction. the results can be written on whatever is at folks disposal, on toilet paper, curved on stone, where the results are written is not an issue, what matters is verifiable accuracy, and finally, we MUST understand how diverse .KE is, those results can be sent via a donkey, camel, mkokoteni, on foot, air, sea, land ... what is important is that what is received can be verified with what was sent ...

ALL what we are hearing is lawyers and politicians noise clobbering and scapegoating "technology"

C.J. Maraga's/ SCORK demands on IEBC were most unreasonable, any worthy technology company would NEVER agree to those orders. I would never agree to setup a technology company in Kenya unless ALL those clobbering legal precedents were removed in their entirety. SCORK should never order a forced login to a system, details of a firewall, security features, audit, log files...

There are many types of log files: systems, applications ... logins are recorded in systems log file, also contained in log files are very dangerous information like ALL hardware information, ALL applications initialized on the system including Vendor, Version, Release, Build ... wonder how SCORK would order a technology company to surrender a log file "without showing applications" and system configuration...

IT is too confined in understanding full implications of SCORK orders, Professor Elijah I. Omwenga is basically an IT guy, his main focus is business applications, MicroSoft stuff, " Professor Elijah I. Omwenga holds a PhD in Computer Science from the University of Nairobi in the area of Information Systems. Given a secure server user/password, he may NEVER be able to even login" ( this may have happened at IEBC) I strongly doubt he understands systems or even IF he took an "Operating Systems" course as an undergraduate, the ONLY course an academician, read: PhD may have briefly come into contact with intricacies of stuff like Operating Systems, log files. My visit to UoN confirms there is NO possibility they understood the area they were rendering expertise in ...

Ditto Dr. Sevilla. Would love to see their transcripts ...

These two gentlemen MAY have mislead SCORK by standing as experts in areas they do NOT understand, do NOT have experience in, and never studied. It's the ONLY way a SCORK could have made such outrageous demands to a technology company and IEBC.

Also, the information obtained was mishandled to the extent it's inadmissible in a court of law ...

There is a number of experts including the original developers of FTP Software lurking in .KE that can provide consultancy in the area of file transfer, and many other software professionals who are at this time wholly drowned by politicians / lawyers.

Wonder if SCORK would make such orders for Supreme Court itself, CID, Central Bank, or even how folks secures their village hut!
obienga wrote:
Sun Sep 17, 2017 9:56 am
nowayhaha wrote:
Sun Sep 17, 2017 3:58 am
http://www.judiciary.go.ke/portal/asset ... 17%201.pdf

ICT EXPERTS

PROF ELIJAH OMWENGA
PROF JOSEPH SEVILLA


What is their level of expertise?
Most importantly are they academicians as it is known the side of academics is always good in theory and very poor in practicals?

These are some of the fundamental questions which will be discussed in the coming months
These two questions are indeed pertinent, IT is broad body of knowledge. Its akin to the difference between a pediatrician, a urologist, a neurosurgeon and an anesthesiologist. They are all doctors but they are qualified for very specific niches and cannot interchangeably perform each others speciality.

The relevant question thus would be whether they are experts in the specialization they were undertaking which was in effect an IT audit. Did they have the requisite and globally recognised credentials such as CISSP or CISA?

Murata
Level: Aristocrats
Posts: 140
Joined: Fri Jun 16, 2017 3:06 pm

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by Murata » Sun Sep 17, 2017 3:02 pm

Nice write up Anon. Let me ask you, what are your thoughts on a foreign company dictating when an election of a Sovereign Nation should be held? When it comes to the layout of the IEBC electronic system infrastructure, what are your thoughts on them Outsourcing that and not having full control of such a major piece of the voting infrastructure ? You see at the time when the judges requested for this information it could be two fold one to inform them on exactly what the layout is since nobody seemed to know and all this information was withheld from the public. And second to inform the public on what exactly maybe illegalities by IEBC of Kenya's Constitution. The European Union observers team proposed a solution for this which was that the electral body should have its own in-house servers electronic voting system and full access and control, did they listen? We will see.

As far as the responsibility of Uhuru's governance in delegating a major piece of the election including documentation which could not be verified or authenticated all paid for by his treasury, what was their involvement if any in procurement and selection of this process and technology? This would be the questions that I would be asking you see
anonymousz wrote:
Sun Sep 17, 2017 2:25 pm
technology is about simplifying work, you can count votes, if you will, with fingers/toes, stones, abacus, calculator, spreadsheets, applications ... so long as the votes are cast in a fair and credible manner and properly preserved, that's all what is important, you may count them several dozen ways to everyone's satisfaction. the results can be written on whatever is at folks disposal, on toilet paper, curved on stone, where the results are written is not an issue, what matters is verifiable accuracy, and finally, we MUST understand how diverse .KE is, those results can be sent via a donkey, camel, mkokoteni, on foot, air, sea, land ... what is important is that what is received can be verified with what was sent ...

ALL what we are hearing is lawyers and politicians noise clobbering and scapegoating "technology"

C.J. Maraga's/ SCORK demands on IEBC were most unreasonable, any worthy technology company would NEVER agree to those orders. I would never agree to setup a technology company in Kenya unless ALL those clobbering legal precedents were removed in their entirety. SCORK should never order a forced login to a system, details of a firewall, security features, audit, log files...

There are many types of log files: systems, applications ... logins are recorded in systems log file, also contained in log files are very dangerous information like ALL hardware information, ALL applications initialized on the system including Vendor, Version, Release, Build ... wonder how SCOK would order a technology company to surrender a log file "without showing applications" and system configuration...

IT is too confined in understanding full implications of SCORK orders, Professor Elijah I. Omwenga is basically an IT guy, his main focus is business applications, MicroSoft stuff, " Professor Elijah I. Omwenga holds a PhD in Computer Science from the University of Nairobi in the area of Information Systems. Given a secure server user/password, he may NEVER be able to even login" ( this may have happened at IEBC) I strongly doubt he understands systems or even IF he took an "Operating Systems" course as an undergraduate, the ONLY course an academician, read: PhD may have briefly come into contact with intricacies of stuff like Operating Systems, log files. My visit to UoN confirms there is NO possibility they understood the area they were rendering expertise in ...

Ditto Dr. Sevilla. Would love to see their transcripts ...

These two gentlemen MAY have mislead SCORK by standing as experts in areas they do NOT understand, do NOT have experience in, and never studied. It's the ONLY way a SCORK could have made such outrageous demands to a technology company and IEBC.

Also, the information obtained was mishandled to the extent it's inadmissible in a court of law ...

There is a number of experts including the original developers of FTP Software lurking in .KE that can provide consultancy in the area of file transfer, and many other software professionals who are at this time wholly drowned by politicians / lawyers.

Wonder if SCORK would make such orders for Supreme Court itself, CID, Central Bank, or even how folks secures their village hut!
obienga wrote:
Sun Sep 17, 2017 9:56 am
nowayhaha wrote:
Sun Sep 17, 2017 3:58 am
http://www.judiciary.go.ke/portal/asset ... 17%201.pdf

ICT EXPERTS

PROF ELIJAH OMWENGA
PROF JOSEPH SEVILLA


What is their level of expertise?
Most importantly are they academicians as it is known the side of academics is always good in theory and very poor in practicals?

These are some of the fundamental questions which will be discussed in the coming months
These two questions are indeed pertinent, IT is broad body of knowledge. Its akin to the difference between a pediatrician, a urologist, a neurosurgeon and an anesthesiologist. They are all doctors but they are qualified for very specific niches and cannot interchangeably perform each others speciality.

The relevant question thus would be whether they are experts in the specialization they were undertaking which was in effect an IT audit. Did they have the requisite and globally recognised credentials such as CISSP or CISA?

obienga
Level: Council of the gods
Posts: 5136
Joined: Thu Mar 21, 2013 7:28 pm

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by obienga » Sun Sep 17, 2017 3:54 pm

You could not have said it any better. I read elsewhere about the analogy of a bank customer who suspects their bank is stealing from them. The customer goes to court and gets a court order. The bank is forced to disclose all its standard operating procedures, security measures (firewalls, rules etc) and everything that is required to show that it has not been stealing the bank customer's money. The only problem now is that the information needed to rob the bank cleanly and get away with it, is in the public domain. The only remedy the bank has to avoid such a problem is to retool their entire infrastructure and security procedures.

Such was the effect of the technologically challenged Maraga orders as he proposed. He did not order an independent ICT audit conducted by certified IT auditors, he ordered that which NASA asked for, but without regard to the irreparable harm it would pose to IEBC and which I believe their providers and IEBC later itself found to be judicial overreach.

In such matters of technological complexity, 10 minutes is hardly enough to explain the limits of compliance. What Maraga had ordered would be akin to helping any hacker break into IEBC for the repeat election he ordered. In one of the reports, it is noted that NASWA attempted to demand admin credentials for their access, their motive is obvious as to what they wanted to do.

The IEBC lawyers are also to blame for not having contested the same and demanded that independent IT forensic auditors with the requisite qualifications be appointed.

Unfortunately ICT in Kenya is assumed to be an all encompassing body of knowledge. The Kenyan ICT experts were not professionally qualified to conduct a certified internationally recognised audit. It is why the technologically challenged NASWA act with bewilderment and amazement when they hear that OT Morpho had its servers audited, forgetting that Morpho had its servers audited by two professionally recognised audit firms and that their mere words vs an international audit firms findings in an EU court will hold no water. It is the norm in these advanced economies for IT audits to take place unlike Kenya.

No organisation in this world would accept to commit operational suicide to meet NASWA's overreaching demands which among other things include the below. Such information is irrelevant pre-election and can only be used to fabricate new logs or to hack into IEBC and has little besides the logs, to do with verification of transmission of results. If I was IEBC, I would have a certified IT security firm scrutinize and respond to NASWA explaining each of the risks such disclosure poses pre-election.

The only thing that makes sense with such a pre-disclosure is to then rebuild the IEBC infrastructure from scratch to keep out would be hackers and mischief from interested parties. NASWA have already stated there will be no election, it is this precise information a saboteur would want to launch a crippling and widescale attack on IEBC infrastructure.
• Firewall configuration including ports configuration. - of what relevance is this except to allow for security exploits and DDOS attacks
• Disclose all database transaction logs including: alert logs, archive/redo logs, audit trail, data files, OS command history, network logs, sql.net logs database vault logs and trace files.
• Physical view and inspection of IEBC servers, portal access to the servers and IP addresses of all 20 servers. - IP addresses are precisely what is needed to conduct a DDOS attack or be a starting point for an external hacker intrusion
• Full access and copy of all servers and databases. it is using - a good way to clone the IEBC infrastructure elsewhere so data can be manipulated in its cloned copy to be later represented as factual data, this can be done after the fact
• Disclose all support partners with SLAs and escalation matrix.
• Entire enterprise architecture of the landscape. - of what relevance is this for? For hackers to find their way around?
• GPS coordinates of KIEMS.
• KIEMS sim card numbers for all kits - SIM cards can be cloned allowing for unauthorised access into the data network
• Telkom and network structure with all service providers (provide agreements and implementation details. - of what relevance is this
• Transaction logs of all databases and servers.
Kenyans will once again be taken for an even greater ride with these requests whose true motive does quite the opposite in guaranteeing the integrity of the election and any security measures in place. Were it after the fact in an attempt to establish if hacking did occur then yes, but such information should only be viewed by an independent professional audit firm that is at arms length from the contestants.
anonymousz wrote:
Sun Sep 17, 2017 2:25 pm
technology is about simplifying work, you can count votes, if you will, with fingers/toes, stones, abacus, calculator, spreadsheets, applications ... so long as the votes are cast in a fair and credible manner and properly preserved, that's all what is important, you may count them several dozen ways to everyone's satisfaction. the results can be written on whatever is at folks disposal, on toilet paper, curved on stone, where the results are written is not an issue, what matters is verifiable accuracy, and finally, we MUST understand how diverse .KE is, those results can be sent via a donkey, camel, mkokoteni, on foot, air, sea, land ... what is important is that what is received can be verified with what was sent ...

ALL what we are hearing is lawyers and politicians noise clobbering and scapegoating "technology"

C.J. Maraga's/ SCORK demands on IEBC were most unreasonable, any worthy technology company would NEVER agree to those orders. I would never agree to setup a technology company in Kenya unless ALL those clobbering legal precedents were removed in their entirety. SCORK should never order a forced login to a system, details of a firewall, security features, audit, log files...

There are many types of log files: systems, applications ... logins are recorded in systems log file, also contained in log files are very dangerous information like ALL hardware information, ALL applications initialized on the system including Vendor, Version, Release, Build ... wonder how SCORK would order a technology company to surrender a log file "without showing applications" and system configuration...

IT is too confined in understanding full implications of SCORK orders, Professor Elijah I. Omwenga is basically an IT guy, his main focus is business applications, MicroSoft stuff, " Professor Elijah I. Omwenga holds a PhD in Computer Science from the University of Nairobi in the area of Information Systems. Given a secure server user/password, he may NEVER be able to even login" ( this may have happened at IEBC) I strongly doubt he understands systems or even IF he took an "Operating Systems" course as an undergraduate, the ONLY course an academician, read: PhD may have briefly come into contact with intricacies of stuff like Operating Systems, log files. My visit to UoN confirms there is NO possibility they understood the area they were rendering expertise in ...

Ditto Dr. Sevilla. Would love to see their transcripts ...

These two gentlemen MAY have mislead SCORK by standing as experts in areas they do NOT understand, do NOT have experience in, and never studied. It's the ONLY way a SCORK could have made such outrageous demands to a technology company and IEBC.

Also, the information obtained was mishandled to the extent it's inadmissible in a court of law ...

There is a number of experts including the original developers of FTP Software lurking in .KE that can provide consultancy in the area of file transfer, and many other software professionals who are at this time wholly drowned by politicians / lawyers.

Wonder if SCORK would make such orders for Supreme Court itself, CID, Central Bank, or even how folks secures their village hut!
obienga wrote:
Sun Sep 17, 2017 9:56 am
nowayhaha wrote:
Sun Sep 17, 2017 3:58 am
http://www.judiciary.go.ke/portal/asset ... 17%201.pdf

ICT EXPERTS

PROF ELIJAH OMWENGA
PROF JOSEPH SEVILLA


What is their level of expertise?
Most importantly are they academicians as it is known the side of academics is always good in theory and very poor in practicals?

These are some of the fundamental questions which will be discussed in the coming months
These two questions are indeed pertinent, IT is broad body of knowledge. Its akin to the difference between a pediatrician, a urologist, a neurosurgeon and an anesthesiologist. They are all doctors but they are qualified for very specific niches and cannot interchangeably perform each others speciality.

The relevant question thus would be whether they are experts in the specialization they were undertaking which was in effect an IT audit. Did they have the requisite and globally recognised credentials such as CISSP or CISA?

User avatar
anonymousz
Level: Nobles
Posts: 850
Joined: Sun Oct 02, 2016 7:28 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by anonymousz » Sun Sep 17, 2017 11:36 pm

@Murata, over 90% of Silicon Valley companies are "hosted" in massive data centers, their systems are put in "secure" cages and ONLY the "hosted firm" have access, there is even extra strict security for "hosted" credit/credit cards, financials, etc ... & networks, processing, transmission, data follow very strict compliance, and are periodically validated. At that level, you are the boss, you call the shots, so long as you pay for the services.

There is another level, you can hire professionals, technicians, application folks, buy software, even your own people to manage what it is that you wish to do- deliver products, services, projects. These folks depending on how you have drawn their contract, can have a say or absolutely no say, the legal scope of the contract will dictate your work relationship na ni nani mdosi ...

With respect to sovereignty and elections, I defer that to our political scientists.

Kenya is very diverse, even in Nairobi, you find pockets without network, there are places you could never find a pen to write, you start to write text on your cell, then you realize preserving the power is more important, other places you can hardly find a paper to write on ... there are dire extreme conditions, dire lack of bare necessities, places you could not even find mud to squeeze a drop of water to quench you thirst... and in ALL these places voting MUST be conducted

I think we SHOULD go back to basics. In Software developement, there is a critical decision a company must make-buy or make, one of the key factors in deciding to buy a piece of software or making it is control, you do have control IF you make/+ you know your competitors do NOT have that piece of software, you can tweak your product ...

With respect to IEBC, they have to make similar decisions, BUT putting up an electronics voting structure can be a daunting task for IEBC, and, it's NOT economically viable, even IF they rendered themselves as a "voting company" even helping with schools server requirements ... further, we do NOT have the required discipline.

Sorry, but the judges have to train themselves to treat "technology" as a "blackBox" - what is put in there and what is gotten out MUST add up ... even in testing an electronic circuit, you power up one end, and observe results on the other end ...once judges get involved with electronics, they will lose sight of their professional mandate, treat this stuff as they treat changaa/busaa evidence, you secure evidence, and do NOT go putting changaa into new mitungis, you will contaminate evidence, and will be inadmissible in a court of law ... ditto public, keep the eye on the ball, NOT the grass/dust the ball has travelled over ...

Simple clean laws are good, laws that encumber the supreme free will of the people should be done away with ...

Finally, the EU, NYT, Kelly are behaving like a flag in the wind, they have twisted and turned, their latest comments are gut-wrench·ing, they have the means and wherewithal to pull Kenya/IEBC out of the hole they are in, instead, they chose to dig the hole deeper. They could have offered to i) validated the votes still in ballot boxes, ii) tallied cast votes iii) helped transmit results ... instead, they twisted and pissed into the wind.

In sum, Kenya is very diverse, a simple verifiable voting system within our means/capability is where the solution lies.

FYI: due to work demands will not be able to respond to this important thread, but will browse once in a while ..

http://www.nipate.com/posting.php?mode= ... 2&p=580966#
Murata wrote:
Sun Sep 17, 2017 3:02 pm
Nice write up Anon. Let me ask you, what are your thoughts on a foreign company dictating when an election of a Sovereign Nation should be held? When it comes to the layout of the IEBC electronic system infrastructure, what are your thoughts on them Outsourcing that and not having full control of such a major piece of the voting infrastructure ? You see at the time when the judges requested for this information it could be two fold one to inform them on exactly what the layout is since nobody seemed to know and all this information was withheld from the public. And second to inform the public on what exactly maybe illegalities by IEBC of Kenya's Constitution. The European Union observers team proposed a solution for this which was that the electral body should have its own in-house servers electronic voting system and full access and control, did they listen? We will see.

As far as the responsibility of Uhuru's governance in delegating a major piece of the election including documentation which could not be verified or authenticated all paid for by his treasury, what was their involvement if any in procurement and selection of this process and technology? This would be the questions that I would be asking you see
anonymousz wrote:
Sun Sep 17, 2017 2:25 pm
technology is about simplifying work, you can count votes, if you will, with fingers/toes, stones, abacus, calculator, spreadsheets, applications ... so long as the votes are cast in a fair and credible manner and properly preserved, that's all what is important, you may count them several dozen ways to everyone's satisfaction. the results can be written on whatever is at folks disposal, on toilet paper, curved on stone, where the results are written is not an issue, what matters is verifiable accuracy, and finally, we MUST understand how diverse .KE is, those results can be sent via a donkey, camel, mkokoteni, on foot, air, sea, land ... what is important is that what is received can be verified with what was sent ...

ALL what we are hearing is lawyers and politicians noise clobbering and scapegoating "technology"

C.J. Maraga's/ SCORK demands on IEBC were most unreasonable, any worthy technology company would NEVER agree to those orders. I would never agree to setup a technology company in Kenya unless ALL those clobbering legal precedents were removed in their entirety. SCORK should never order a forced login to a system, details of a firewall, security features, audit, log files...

There are many types of log files: systems, applications ... logins are recorded in systems log file, also contained in log files are very dangerous information like ALL hardware information, ALL applications initialized on the system including Vendor, Version, Release, Build ... wonder how SCOK would order a technology company to surrender a log file "without showing applications" and system configuration...

IT is too confined in understanding full implications of SCORK orders, Professor Elijah I. Omwenga is basically an IT guy, his main focus is business applications, MicroSoft stuff, " Professor Elijah I. Omwenga holds a PhD in Computer Science from the University of Nairobi in the area of Information Systems. Given a secure server user/password, he may NEVER be able to even login" ( this may have happened at IEBC) I strongly doubt he understands systems or even IF he took an "Operating Systems" course as an undergraduate, the ONLY course an academician, read: PhD may have briefly come into contact with intricacies of stuff like Operating Systems, log files. My visit to UoN confirms there is NO possibility they understood the area they were rendering expertise in ...

Ditto Dr. Sevilla. Would love to see their transcripts ...

These two gentlemen MAY have mislead SCORK by standing as experts in areas they do NOT understand, do NOT have experience in, and never studied. It's the ONLY way a SCORK could have made such outrageous demands to a technology company and IEBC.

Also, the information obtained was mishandled to the extent it's inadmissible in a court of law ...

There is a number of experts including the original developers of FTP Software lurking in .KE that can provide consultancy in the area of file transfer, and many other software professionals who are at this time wholly drowned by politicians / lawyers.

Wonder if SCORK would make such orders for Supreme Court itself, CID, Central Bank, or even how folks secures their village hut!
obienga wrote:
Sun Sep 17, 2017 9:56 am

These two questions are indeed pertinent, IT is broad body of knowledge. Its akin to the difference between a pediatrician, a urologist, a neurosurgeon and an anesthesiologist. They are all doctors but they are qualified for very specific niches and cannot interchangeably perform each others speciality.

The relevant question thus would be whether they are experts in the specialization they were undertaking which was in effect an IT audit. Did they have the requisite and globally recognised credentials such as CISSP or CISA?

User avatar
anonymousz
Level: Nobles
Posts: 850
Joined: Sun Oct 02, 2016 7:28 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by anonymousz » Mon Sep 18, 2017 12:20 am

@obienga;

The log file spiritedly exhibited as "smoking gun" by Baaba earlier on clearly demonstrated NASWA have given up hope of winning a fair election and resolved to embarked on a wild goose chase, secondly, that their technology group is totally incompetent in claiming a WinTel log file to be that of IEBC servers, even going further to insinuate crime that they are receiving stolen info from IEBC.

NASA ended up pushing their so called technology experts to SCORK, which has caused most tragic results.

I'm elated there are folks like you who fully understand the technology issues as they relate to Kenya elections, I'll take the back seat now without any guilt ...at the advent of cyber crimes, we had one of our key software stolen, and I had a chance to work with key national law enforcement agencies, I was very impressed with how key Engineers, lawyers, judges, worked to secure, preserve and present evidence, any possibility that the any evidence was tampered with was automatically thrown out ...
obienga wrote:
Sun Sep 17, 2017 3:54 pm
You could not have said it any better. I read elsewhere about the analogy of a bank customer who suspects their bank is stealing from them. The customer goes to court and gets a court order. The bank is forced to disclose all its standard operating procedures, security measures (firewalls, rules etc) and everything that is required to show that it has not been stealing the bank customer's money. The only problem now is that the information needed to rob the bank cleanly and get away with it, is in the public domain. The only remedy the bank has to avoid such a problem is to retool their entire infrastructure and security procedures.

Such was the effect of the technologically challenged Maraga orders as he proposed. He did not order an independent ICT audit conducted by certified IT auditors, he ordered that which NASA asked for, but without regard to the irreparable harm it would pose to IEBC and which I believe their providers and IEBC later itself found to be judicial overreach.

In such matters of technological complexity, 10 minutes is hardly enough to explain the limits of compliance. What Maraga had ordered would be akin to helping any hacker break into IEBC for the repeat election he ordered. In one of the reports, it is noted that NASWA attempted to demand admin credentials for their access, their motive is obvious as to what they wanted to do.

The IEBC lawyers are also to blame for not having contested the same and demanded that independent IT forensic auditors with the requisite qualifications be appointed.

Unfortunately ICT in Kenya is assumed to be an all encompassing body of knowledge. The Kenyan ICT experts were not professionally qualified to conduct a certified internationally recognised audit. It is why the technologically challenged NASWA act with bewilderment and amazement when they hear that OT Morpho had its servers audited, forgetting that Morpho had its servers audited by two professionally recognised audit firms and that their mere words vs an international audit firms findings in an EU court will hold no water. It is the norm in these advanced economies for IT audits to take place unlike Kenya.

No organisation in this world would accept to commit operational suicide to meet NASWA's overreaching demands which among other things include the below. Such information is irrelevant pre-election and can only be used to fabricate new logs or to hack into IEBC and has little besides the logs, to do with verification of transmission of results. If I was IEBC, I would have a certified IT security firm scrutinize and respond to NASWA explaining each of the risks such disclosure poses pre-election.

The only thing that makes sense with such a pre-disclosure is to then rebuild the IEBC infrastructure from scratch to keep out would be hackers and mischief from interested parties. NASWA have already stated there will be no election, it is this precise information a saboteur would want to launch a crippling and widescale attack on IEBC infrastructure.
• Firewall configuration including ports configuration. - of what relevance is this except to allow for security exploits and DDOS attacks
• Disclose all database transaction logs including: alert logs, archive/redo logs, audit trail, data files, OS command history, network logs, sql.net logs database vault logs and trace files.
• Physical view and inspection of IEBC servers, portal access to the servers and IP addresses of all 20 servers. - IP addresses are precisely what is needed to conduct a DDOS attack or be a starting point for an external hacker intrusion
• Full access and copy of all servers and databases. it is using - a good way to clone the IEBC infrastructure elsewhere so data can be manipulated in its cloned copy to be later represented as factual data, this can be done after the fact
• Disclose all support partners with SLAs and escalation matrix.
• Entire enterprise architecture of the landscape. - of what relevance is this for? For hackers to find their way around?
• GPS coordinates of KIEMS.
• KIEMS sim card numbers for all kits - SIM cards can be cloned allowing for unauthorised access into the data network
• Telkom and network structure with all service providers (provide agreements and implementation details. - of what relevance is this
• Transaction logs of all databases and servers.
Kenyans will once again be taken for an even greater ride with these requests whose true motive does quite the opposite in guaranteeing the integrity of the election and any security measures in place. Were it after the fact in an attempt to establish if hacking did occur then yes, but such information should only be viewed by an independent professional audit firm that is at arms length from the contestants.
anonymousz wrote:
Sun Sep 17, 2017 2:25 pm
technology is about simplifying work, you can count votes, if you will, with fingers/toes, stones, abacus, calculator, spreadsheets, applications ... so long as the votes are cast in a fair and credible manner and properly preserved, that's all what is important, you may count them several dozen ways to everyone's satisfaction. the results can be written on whatever is at folks disposal, on toilet paper, curved on stone, where the results are written is not an issue, what matters is verifiable accuracy, and finally, we MUST understand how diverse .KE is, those results can be sent via a donkey, camel, mkokoteni, on foot, air, sea, land ... what is important is that what is received can be verified with what was sent ...

ALL what we are hearing is lawyers and politicians noise clobbering and scapegoating "technology"

C.J. Maraga's/ SCORK demands on IEBC were most unreasonable, any worthy technology company would NEVER agree to those orders. I would never agree to setup a technology company in Kenya unless ALL those clobbering legal precedents were removed in their entirety. SCORK should never order a forced login to a system, details of a firewall, security features, audit, log files...

There are many types of log files: systems, applications ... logins are recorded in systems log file, also contained in log files are very dangerous information like ALL hardware information, ALL applications initialized on the system including Vendor, Version, Release, Build ... wonder how SCORK would order a technology company to surrender a log file "without showing applications" and system configuration...

IT is too confined in understanding full implications of SCORK orders, Professor Elijah I. Omwenga is basically an IT guy, his main focus is business applications, MicroSoft stuff, " Professor Elijah I. Omwenga holds a PhD in Computer Science from the University of Nairobi in the area of Information Systems. Given a secure server user/password, he may NEVER be able to even login" ( this may have happened at IEBC) I strongly doubt he understands systems or even IF he took an "Operating Systems" course as an undergraduate, the ONLY course an academician, read: PhD may have briefly come into contact with intricacies of stuff like Operating Systems, log files. My visit to UoN confirms there is NO possibility they understood the area they were rendering expertise in ...

Ditto Dr. Sevilla. Would love to see their transcripts ...

These two gentlemen MAY have mislead SCORK by standing as experts in areas they do NOT understand, do NOT have experience in, and never studied. It's the ONLY way a SCORK could have made such outrageous demands to a technology company and IEBC.

Also, the information obtained was mishandled to the extent it's inadmissible in a court of law ...

There is a number of experts including the original developers of FTP Software lurking in .KE that can provide consultancy in the area of file transfer, and many other software professionals who are at this time wholly drowned by politicians / lawyers.

Wonder if SCORK would make such orders for Supreme Court itself, CID, Central Bank, or even how folks secures their village hut!
obienga wrote:
Sun Sep 17, 2017 9:56 am

These two questions are indeed pertinent, IT is broad body of knowledge. Its akin to the difference between a pediatrician, a urologist, a neurosurgeon and an anesthesiologist. They are all doctors but they are qualified for very specific niches and cannot interchangeably perform each others speciality.

The relevant question thus would be whether they are experts in the specialization they were undertaking which was in effect an IT audit. Did they have the requisite and globally recognised credentials such as CISSP or CISA?

User avatar
Kunadawa
Level: Council of the gods
Posts: 5863
Joined: Sun Nov 13, 2011 3:50 am
Location: NBO, .ke

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by Kunadawa » Mon Sep 18, 2017 2:25 am

If you recall, Apple refused to unlock the San Bernadino terrorists phone. This could have pertinent analogies to IEBC reluctance to 'open the server'

Tim Cook says Apple's refusal to unlock iPhone for FBI is a 'civil liberties' issue


https://www.theguardian.com/technology/ ... -liberties

User avatar
anonymousz
Level: Nobles
Posts: 850
Joined: Sun Oct 02, 2016 7:28 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by anonymousz » Mon Sep 18, 2017 2:26 am

IEBC MUST actively consult with SCORK to seek guidance and relief for the just ordered presidential re-run elections, they can use the court system to file "urgent matters". WE cannot afford to wait for SCORK decision write-up, what IF the guidance they need is NOT contained in the write-up?

At a minimum, the SCORK must give ( i) relieve to IEBC to use manual identification whereas electronic identification is not reliable / feasible / readily available (ii) relieve to do manual tallying where necessary (iii) relieve to use very basic / available means of transmission.

IEBC legal team MUST be boosted to get up to the task of re-election, they cannot wait for the SCORK decision write up for guidance / direction in election preparations/plans. They need to be proactive and conscientious. Already, there is precious time wasted waiting for guidance that may not be in the SCORK decision write-up ...

nowayhaha
Level: Lord Barons
Posts: 1132
Joined: Thu Mar 28, 2013 6:05 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by nowayhaha » Mon Sep 18, 2017 2:57 am

By relying entirely on the unchallenged report of a court-appointed official, the Supreme Court will be canvassing a new ground or grounds or evidence for the petitioner not advanced or envisaged in the pleadings.

Any reliance on a finding by the court that a certain number of the petitioner’s votes were discounted or that a certain number of the third respondent’s votes were inflated, would infer that the court acted as a litigant in the petition.

Expert witnesses

ALSO READ: IEBC CEO Ezra Chiloba in battle of his life

The failure to plead and lead evidence precludes the court from making a finding on the tally. Ours is an adversarial system of contest. The court has to remain an impartial arbiter of that adversarial contest and cannot generate evidence for all or any party in the contest. The report filed at the Supreme Court by Prof Elijah Omwenga, Prof Jose Sevilla and Janet Kadenyi was never tabled in Court and introduced as evidence by expert witnesses sworn to tell the truth, the whole truth and nothing but the truth and who were subject to cross-examination by the respondents.

It does not matter that the respondents’ advocates or representatives may have witnessed the event. Was the report filed by consent as rendering the true status of the material examined? The country would have loved to hear what the experts had to say in open court. We cannot claim to be transparent when the court process is itself 

https://www.standardmedia.co.ke/article ... -top-court

User avatar
anonymousz
Level: Nobles
Posts: 850
Joined: Sun Oct 02, 2016 7:28 am

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by anonymousz » Mon Sep 18, 2017 4:00 am

MOST of Silicon Valley companies will NOT put up with that sort of nonsense decision ... that said, I wonder why Vodafone / SafariCom is sitting like a duck, maybe NOT to disturb the underbelly of "pure monopoly power" they exercise in Kenya or is it that that their WinTel servers are still in Germany, thought there were plans to move them somewhere near Thika Road ... they should be screaming in protest over SCORK technology orders

Google has many times refused to hand over personal data to authorities not to violate personal liberties ...
Kunadawa wrote:
Mon Sep 18, 2017 2:25 am
If you recall, Apple refused to unlock the San Bernadino terrorists phone. This could have pertinent analogies to IEBC reluctance to 'open the server'

Tim Cook says Apple's refusal to unlock iPhone for FBI is a 'civil liberties' issue


https://www.theguardian.com/technology/ ... -liberties

User avatar
Kunadawa
Level: Council of the gods
Posts: 5863
Joined: Sun Nov 13, 2011 3:50 am
Location: NBO, .ke

Re: Questions On The So Called Supreme Court Appointed Experts for The Presidential Petition

Unread post by Kunadawa » Mon Sep 18, 2017 4:17 am

Acqually SCORK was pretty clear that all it wanted were 'Read only' access. In my view the most damning allegation was that technology somehow influenced the outcome throught the nonsensical so-called algorithm. Clearly here will be hordes waiting to tear Maraga's ruling apart
anonymousz wrote:
Mon Sep 18, 2017 4:00 am
MOST of Silicon Valley companies will NOT put up with that sort of nonsense decision ... that said, I wonder why Vodafone / SafariCom is sitting like a duck, maybe NOT to disturb the underbelly of "pure monopoly power" they exercise in Kenya or is it that that their WinTel servers are still in Germany, thought there were plans to move them somewhere near Thika Road ... they should be screaming in protest over SCORK technology orders

Google has many times refused to hand over personal data to authorities not to violate personal liberties ...
Kunadawa wrote:
Mon Sep 18, 2017 2:25 am
If you recall, Apple refused to unlock the San Bernadino terrorists phone. This could have pertinent analogies to IEBC reluctance to 'open the server'

Tim Cook says Apple's refusal to unlock iPhone for FBI is a 'civil liberties' issue


https://www.theguardian.com/technology/ ... -liberties

Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests