Tag Archives: ICT

Stolen National ID Data ~ Questioning The New Vision’s Agenda

The headline on the front page of the Sunday Vision screamed, PANIC AS NATIONAL ID DATA IS STOLEN. I dropped all I was doing to quickly get myself a copy of the news paper. Being one of those people that have continuously cautioned our government over its handling of electronic data, I was only too eager to see what had been done wrong this time round.

vision_headline

The screaming Sunday Vision Headline

The title of the article gives one the impression that the folks at the National Identification and Registration Authority (NIRA) were caught napping on duty.

In the article, a one Norbert Kamwebaze was allegedly paid twice for work he did for Roko Construction with the second payment being dished out to an imposter who presented an ID card to Roko that had all his details save for a difference in the face.

The article starts off with a clear indication of the agenda the authors had; “Panic has gripped members of the public after it emerged that confidential data that Ugandans submitted to NIRA could have landed in wrong hands….” Using a very basic example, we have had forgery of permits for a long time in this country where someone lifts all the information of a legitimate permit and only changes the face to reflect his. Why has there never been any doubt cast on Face Technologies over our data? I was irked by the quick conclusion being insinuated in the article yet the details of the story indicate that suspicion should first be cast elsewhere.

Let us look at the issues raised so far and what they mean;

  • Mr. Kamwebaze was contracted by Roko construction to do a job for UGX 51 Million Shillings

  • Upon completion of the job, he was paid in full but not before producing proof of his identity by presenting a National ID which was duly photocopied.

  • Mr. Kamwebaze proceeded to bank the cheque on his account in Barclays bank and it was cleared.

  • A few days later, another person bearing a similar ID appeared at Roko for payment and was issued a cheque for payment.

This is where the story gets an interesting twist. Roko as a company has decent accounting systems in place with well set processes and procedures. I have done work for them before and know that the point persons one deals with when it comes to finances are limited and they usually know even off head who has been paid. The issuance of cheques follows some fairly lengthy procedures and this makes me wonder how a second cheque could have been issued without internal connivance. Is it possible that by coincidence all those who handled the first payment issued were never available when the impostor turned up?

  • The double payment was discovered by the Roko top management.

This is already a pointer that the lower level staff have some serious questions to answer.

  • The impostor opened up an account with the same bank, Barclays using the same bio data as Mr. Kamwesigye, went ahead to ensure the account had the same bank balance as that of the legitimate Kamwesigye and two days later, deposited the cheque of 51 Million. Upon maturity, he withdrew all the money.

This raises some interesting questions. They are:

  1. Could it be that the banking software used by Barclays has no ability to detect duplicates? How could two accounts with similar bio data exist yet having different photographs? Shouldn’t a flag have been raised internally at least first with the Systems Security team?

  2. How did the impostor get to know the details on the legitimate Kamwesigye’s account including bank balance? Was he working with an insider in Barclays? Could there have been collusion between Mr Kamwesigye and this alleged impostor?

Back to the National ID, no where in the article does it indicate the trail to NIRA. There is a presumption that the NIRA database could have been hacked to get this information but this does not appear to hold much water considering that there are still many other ways one would have accessed this ID information. Based on my assessment, these are the first areas of suspicion before casting NIRA in bad light:

  • The impostor could have worked with staff at Roko who availed him the ID information since they already had a photocopy and considering that he picked his money after the real claimant had already got his.

  • The real Mr. Kamwebaze could have connived with the impostor and come up with the new ID that the impostor used.

  • The impostor could have tracked Mr. Kamwebaze and been able to get access to his National ID without his knowledge. Thereafter, he hatched out his plan.

At this point, unless further information is availed showing complicity by NIRA, I am inclined to believe that this was more of social engineering than hacking into the National ID Database.

It is on this note that I would like to register my disappointment with the New Vision for falling prey to the sensationalist headline approach typical of the reckless Ugandan tabloids.

One positive though the article brings out is the need for our public institutions to guard against data pilferage. Remember, the weakest link in any IT systems is the human being. Employ professionals who know what they are doing and are willing to stand by a pre-set code of ethics. We shall minimise the likely occurrence of such.

Eid Mubarak to my Muslim brothers and sisters.

James Wire is a Technology and Small Business Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Advertisements

Hon. Anite, you’re a Minister. Get out of your Slumber

Abraham Lincoln once said, “it’s better to remain silent and be thought a fool than to speak out and remove all doubt.”

I could hardly believe my ears and eyes when I read and heard allegations that the State Minister for Investment and Privatisation, a one Hon. Evelyn Anite had blurted out statements in line with the fact that all Ugandans shall be required to have a simcard of the rabied Uganda Telecom.

Before I start on Uganda Telecom, I would like to register my disappointment in the level of intellectual ability depicted by some of the ministers in our government. I now realise why a minimum education requirement was put in place for anyone who wants to be a member of the Parliament. However, today, I propose that the education requirements for Ministers be elevated even much higher than a Senior 6 certificate.

This is not the first time I have been uneasy about the kind of chit chat this Hon. Anite turns into public speeches. Matters are even made worse when one learns that she holds a sensitive docket whose aim is to promote investment in this country.

Why should Ugandans be forced or required to have UTL Sim Cards? In her wisdom, she calls upon our nationalism as a way of reviving the ailing entity. Now here are some questions for her in this regard:

  • Where was Nationalism when the top four managers were earning a combined salary of US$ 95,500 (UGX 343 Million) monthly?

  • Where was Nationalism when a one Emmanuel Kasule was paid UGX 50 Million before he even begun working for UTL?

  • Where was Nationalism when the Uganda Police and lots of other Government agencies raked up unpaid bills in billions?

  • Where was Nationalism when a decision was hurriedly made to sell shares to UCOM without following due process?

  • Where was nationalism when the share holding structure was further altered to favour UCOM by reducing on that of the government?

  • Where was nationalism when UCOM continued having lee way over management issues in the business despite the expiry of an earlier agreement?

  • Where was Nationalism when Lap Green acquired the UCOM shareholding under unclear circumstances?

Hon Anite, your simplistic trend of thought is inexcusable for someone who has had a parliamentary stint. You have since enjoyed the perks of not only being a parliamentarian but also a ruling party member only for this to be later followed up with a ministerial position. Most of what you seem to share in this docket is either extracts from peers you relate with or smatterings of information that you collide with.

Hon Anite, if you want to appeal to our sense of nationalism, you need to present a package not these one off requests. We need to see you in government as being practising nationalists before we can kowtow.

As a UTL sim card holder, I have a lot of frustrations that I can share which will just show you that the entity, while being in the 21st century is actually being run with a 20th century mindset. During Sim Card registration, as Africell, Airtel and MTN were using electronic methods to register us, I walked to the UTL outlet at Game and the first thing they asked me was to go photocopy my National ID, write my number on the same paper and then wait till the photocopy is taken to the head quarters. I refused and as a result abandoned my line. I cant allow to be associated with such incompetence under the guise of nationalism.

It is now over two months since the Hon Nandala Mafabi probe into UTL, a lot of wrongs were unearthed but to-date, no action has been taken against the culprits. So much for nationalism.

While I may want UTL to continue existing for sentimental and nationalistic reasons, your very government’s inaction towards wanting to see it succeed has made me and many others give up on that side of things. Truth be told, we now don’t care afterall we are having some decent services from the other players. I do enjoy my data with Africell, Voice with MTN and occasionally Airtel’s Pakalast.

By the way, even if you legislated that we own UTL simcards, will you force us to use them? Does UTL have the capacity to support over 20 million users in its current derelict state?

Like a glutton who after puking calls upon others to clean his vomit, we are being rallied to support a cause for a mess others deliberately created.

#Temutukooya (Don’t make us tired)

As it is, the hussle in our economy is so real that the last thing on our mind should be dealing with such dreams that are devoid of a serious thought process.

For God and My Country

Wire James

Twitter: @wirejames

Sim Card Verification exposes the joke that UCC has become

Only Dr. Stella Nyanzi in my view has the right vocabulary to effectively describe the Uganda Communications Commission (UCC) and its haphazard handling of issues.

Five years ago, the commission huffed and puffed about the need to register sim cards citing security as one of the key reasons it was being done.

mkts01px

Eng. Mutabazi being assisted during the launch of the registration exercise. Photo Credit – Daily Monitor, 2012

The Executive Director, Eng Godfrey Mutabazi is on record having said that, “In countries where SIM card registration has been taken seriously, a drop in crime especially cybercrime has been registered. We want to emulate this and see to it that such unlawful acts are done away with.”

 

Many of us supported the move and even used various fora to enlighten the general public about the importance of registration. The deadline set for 2013 passed and before we knew it another threat was issued to the telecoms companies to ensure that the process is completed in 2015. Interestingly, we were led to believe that the issue had been sorted once and for all.

To my shock, earlier this year, information from the Police begun pointing fingers at the use of unregistered simcards by criminal gangs. The UCC kept mum. Is it because the victims were largely lay men? It wasn’t until the investigations into the assassination of the Assistant Inspector General of Police, Mr. Felix Kaweesi (RIP) that the UCC was jolted out of its slumber.

With the kind of resources this institution commands, it is foolhardy for one to believe that they have a genuine reason for such a lapse in judgement. I strongly believe this is a sign of gross incompetence in the institution that is failing to offer the much needed direction for the ICT industry, preferring to concentrate on shutting down internet during election time as well as shopping for pornography tracking equipment. It seems like UCC is narrowing its attention to matters that involve procurement (this was actually intimated to me by a Member of Parliament) as they offer quick gains to the individuals involved there-in as well as satisfying the politburo’s demands. These two areas of engagement I presume form the basis for any contract renewal that the head of the institution is definitely interested in.

By failing to do the obvious, the Eng Mutabazi led outfit has slowed down the pace set by Mr. Patrick Masambu the former Executive Director of UCC who is currently the Director General of the International Telecommunications Satellite Organisation (ITSO). Despite the massive hurdles he went through to set up this institution, Mr Masambu defied all odds to leave a healthy and globally acclaimed institution in place.

The latest gaffe has been the press release by UCC that orders Telecommunication service providers to verify all SIM card subscriber details within seven (7) days starting 12th April 2017. The communique advises the public to visit the nearest authorised telecoms service centres as well as utilising the *197#.

I can only shake my head in disbelief because whoever came up with this decision at UCC is out of touch with reality. Do they think that they are managing a home? Do they realistically expect even 50% of the Ugandans to get sorted within one week? Which world are these !#%&^396$#@ living in? (Dr. Nyanzi the queen of metaphors please come to my rescue here)

Now to Eng Mutabazi and your team, do you really believe that:

  • All Ugandans are within 7 days reach of a recognised Telecoms Service Centre?

  • All Ugandans will have got the information to pursue this activity within 7 days?

  • All Ugandans will have the money and time to make it to the various centres within 7 days?

  • All Ugandans have National IDs?

  • All Ugandans are utilising their cell numbers within the boundaries of this country?

  • All Ugandans have time to repeatedly go to Telecoms service centres in a bid to repeat activities they had already engaged in?

Take the example of this guy

kaabong

Meanwhile, like you can see, he at least might be able to afford the entire exercise financially. What happens to the many that cant afford it and also reside where he is currently working? [Pointing my index finger onto my bald head saying “COMMON SENSE IS NOT COMMON”]

Meanwhile of the seven (7) days given, four of them are taken up by the Easter Holidays. For a country that is over 70% Christian, why do you think they will leave their celebrations to attend to an exercise that was caused by your incompetence?

When will you get out of this gambling nature that seems to have become a part of your operational manual? I do believe that UCC as an institution has some very brilliant minds, a number of whom are known to me personally but the way the institution is operating as a whole, makes any outsider think it is a bunch of jokers. This should be a wakeup call to the appointing authority, at this rate, the efforts to attain Middle Income status are likely to be sabotaged by an inefficient Communication and Technology Sector whose regulatory agency seems to be operating in a reactive rather than proactive manner.

This seven day deadline is simply a poorly thought through decision that only serves to lay bare the incompetence of the institution we are meant to look upto for guidance. Could it be time for a total purge?

Let me go pick my orange tree seedlings and plant before the rains cease. I think I have had enough of this circus.

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Other Articles of Interest:

Transacting Online? Uganda’s Laws protect you

Nalule ordered for a TV set on one of Uganda’s e-commerce sites after being offered an attracitve deal. She went ahead to pay fully and wait for its delivery. From a two day delivery promise, it turned out to be a 7 day delivery. To make matters worse, she noticed that the product delivered had some slight variations from what was advertised online. Her attempts to question the variations were silenced by the smooth speaking delivery guy.

It eventually took a visit by a tech savvy friend for her to come to the realisation that she had been offered a previous model of the advertised TV set. Cursing herself, she just vowed never to buy stuff online and always go to the shops instead.

Nalule’s tale is not new at all. You might already have been a victim or know someone that has been. The bigger problem here is the failure of the victims to know their rights under the law. Uganda has laws that cater for such occurrences.

So, you ask;

  • How do I know that the online supplier is legitimate?

Whenever you reach any Ugandan e-commerce site, some of the basic information you should expect to find as a consumer is;

  1. full name and legal status of the person (company).

  2. the physical address and telephone number of the person (company).

  3. the registration number, names of directors and place of registration.

  4. the full price of the goods or services, including transport costs, taxes and any other fees or costs.

  5. the return, exchange and refund policy of the person.

  6. where appropriate, the minimum duration of the agreement in the case of agreements for the sale, hire, exchange or supply of products or services to be performed on an ongoing basis or recurrently.

Failure to locate such key information should trigger your alerts.

  • What precautions are in place to ensure I do not make mistakes while purchasing online?

Ugandan e-commerce sites need to offer you the opportunity to;

(a) review the entire electronic transaction;
(b) correct any mistakes; and
(c) withdraw from the transaction before placing an order.

  • In case I have already transacted (paid up) online and I realise that the e-commerce site did not give me adequate information to make the right decision. Can I cancel?

As a consumer you may cancel the transaction within fourteen days (2 Weeks) after receiving the goods or services under the transaction.

  • From the time I used the online services of [company X] I keep getting spam (unsolicited0 messages on email and my phone. What can I do?

Your rights in this case are;

  1. The messages should not be sent to you at a cost.
  2. You should be given an option to cancel the subscription to that mailing list at no cost.
  • I have problems with delivery. The supplier never delivers on time.
  1. Unless there is specific agreement between you and the supplier, you are expected to receive your goods or services within thirty (30) days. Failure to do so, you are entitled to cancel the order by giving a seven (7) day notice.
  2. If the supplier realises for one reason or another that they cannot supply you with the goods or services, they should inform you before the expiry of the agreed time and make any refunds for payments made within thirty (30) days.

Uganda’s legal system is steadily being upgraded to become compliant with the advancements in technology. As we consume technology enabled products and services, we shouldn’t do so in ignorance of our legal rights as consumers. Take time and inform yourself more about the relevant laws and regulations. Find more about them archived here.

Follow @wirejames on Twitter.

IDLELO 7 – Uganda’s Open Source Moment

The year was 1997 when as a student at Makerere University, I had the privilege of hobnobbing with a select group of ‘internet techies.’ One of them whom I later got to know was Kiggundu Mukasa had just returned from the USA after spending some time there studying and working. He was the first local advocate of Linux (an Open Source Operating System) and using the software CDs he had returned with, he very willingly shared with those who were already technically astute. Individuals like Paul Bagyenda and Terah Kaggwa are some of the very first I know of that toyed around with Linux in this country.

Our meet-ups used to be in Baghdad (Wandegeya) at the site of the current KCCA market and that is where the first unofficial Linux User Group (LUG) meetings took place. The inspiration that some of us got as a result of the open sharing that used to take place skewed our minds into embracing Free and Open Source Software (FOSS) as the future for this nation and Africa at large.

Being convinced about a cause is one thing while having others buy into the same cause is another. The resistance faced while spreading the FOSS gospel then was so stiff that hadn’t it taken firm determination, Uganda would not be the Open Source beacon of hope that it is today. From Government to the private sector, IT professionals were sceptical of anything Open Source and while some of their reasons were valid, others bordered on mere fear for change of the status-quo.

Over the years, numerous developments have gradually altered local perceptions about FOSS and these include;

  • The increasing clout of FOSS products/companies like Fedora, SuSe, MySQL among others in the IT world.

  • Exposure by many IT professionals to FOSS systems starting with those that got a chance to pursue their studies out of the country.

  • Increasing grip that Proprietary Software companies were having on Software Licensing compliance.

  • The enactment of laws that rendered activities like software piracy illegal.

  • The growth of e-government

  • The limited operational budgets at the disposal of many Government organisations.

  • The Internet Service providers that majorly offered firewall and mail server systems based on FOSS.

  • The existence of a vibrant Linux User group that at one point used to carry out school outreach programmes.

  • Coordinated efforts of FOSS promotion with other African countries through the pan African FOSSFA organisation.

In November 2002, during an ICT Policy and Civil Society Workshop in Addis Ababa, Ethiopia, it was agreed that a framework for Open Source Solutions be developed. This process later led to the formation of the Free Software and Open Source Foundation for Africa (FOSSFA) a year later. Come 2004, the first ever African Conference on the Digital Commons was held in South Africa where it was later dubbed IDLELO (meaning common grazing ground). This event is carried out every two years and attracts participants who are actively participating or interested in the FOSS world. IDLELO is to Africa what OSCON is to the USA.

Twelve years later, from the 22nd to 24th of August 2016, Uganda will proudly host IDLELO 7. What makes it even more interesting is the level of Government involvement. After shouting ourselves hoarse for nearly a decade, the local FOSS community had given up on ever seeing the Government of Uganda play an active role in promoting FOSS. However, over the last two years, the National IT Authority of Uganda has warmed up to the idea of integrating FOSS in the Government plans for e-government. A FOSS policy is in advanced stages of being approved thanks to this same organisation pursuing the matter. The financial and logistical support NITA-U has extended to the event clearly shows that this time round, the Government is serious about going in bed with Free Software.

It is therefore a very exciting and emotional moment for many that have seen the baby strides FOSS has taken to gain a foothold in Uganda. Hosting the Who is Who of Africa’s FOSS world is likely to alter our path for the better and for good.

To the delegates coming over, Ugandans are known for their hospitality and we are certain that you will leave a piece of your life in Kampala.

Hubasangaliye

Tubaaniriza

Twabashemererwa

Wajoli i Uganda 

Follow @wirejames on Twitter

Hon. Minister Sir, This is what I wanted to say

In Uganda, it is out of the ordinary for a Government minister to engage the citizenry in a consultative manner. In most cases it is a one way engagement where he/she is telling the citizens what to or not to do. This is why I was taken aback when I received the call inviting me to the ICT & Communications Stakeholders’ dialogue convened by the Ministry of ICT and National Guidance that took place on the 7th of July 2016.

That morning, I decided to pen down issues I thought I needed to share but midway my attempt, the little devil in me reminded me that it was going to be business as usual hence I might not even get a chance to air my views. I proceeded to send some Whatsapp messages to my Wawa buddy Simon Kaheru.

Screen Shot 2016-07-08 at 09.03.21

As you can see, he lambasted me for being negative and that is when I realised that just maybe, this is likely to be Business Unusual this time round. Given two minutes to make my submission, I realised that I had a herculean task and hence had to summarise in a manner that would make the creators of WinZip envy me.

Hon. Frank Tumwebaze, this is what I had to share after being fervently reminded that it was a dialogue NOT a finger pointing and popularity seeking contest.

Uganda may have made strides in the ICT sector over the years but like any other industry, we are always on the road, seeking moving on to the next best thing. As a result, my views on the industry currently while not exhausted by this submission are;

Get the National Fibre Backbone closer to the people. The National Data Backbone rollout by government is an impressive feat and should be applauded. Despite the hiccups faced in it’s initial stages, the team at The National IT Authority, Uganda (NITA-U) was able to turn around a nearly failing project into the deployment success it currently is. Steps were taken to have a private sector company manage it’s commercialisation but to-date, we are yet to see and feel it’s effect directly as citizens. While it may be interconnecting some critical government infrastructure that we rely on already, as well as offering capacity to some large corporates, as a resident of a village in Mukono Town Council, I would like to see it impact me directly. Short of working out ways in which we can see real value as lay men, it will remain a white elephant to us.

Case in point, Smile Telecom and Roke Telekom have some pretty decent internet access offers, however, because they have to roll out their networks from scratch as they extend the services from town to town, this has slowed their growth. Why can’t we win over some of these providers to use this backbone as a backhaul thereby allowing them to concentrate on final delivery of services in the various towns? The argument might come up that “They haven’t approached us” or “we failed to agree” but this is not the attitude of a proactive mindset. It always helps to engage and find out what middle ground one could achieve. So, the company contracted to manage this fibre needs to offer more services than merely maintaining the proper functionality of the cable. It should be able to advise the government on how to better utilise the resource, attract more customers through well packaged incentives.

By offering good backhaul links between the towns, this fibre has the potential to create a spinout of numerous Virtual Service Providers who can effectively offer services in their local areas and hence widen the catchment area of internet and e-government usage in this country. Imagine if the fibre has a termination point in Kumi and a one Ejalu sets up a local WiFi network in Kumi town with backhaul access to Roke Telekom in Kampala via the National fibre, he can provide not only a much cheaper service than the grossly expensive bundles that our Telecoms have made us accustomed to but also has the opportunity to customise its delivery through the use of open source software as well as language translations to suit the locals. The future of most services is localisation.

Certification of ICT Practitioners. NITA-U has come up with a proposal to regulate all ICT practitioners in the country just like is done in the Legal, Engineering and Surveying sectors. This is being met with alot of resistance from industry players.

However, in my personal opinion, this resentment is probably as a result of uncalled for Fear, Uncertainty and Doubt (FUD). The government needs to come out and sensitise the affected parties about the intentions of this initiative as well as make modifications where necessary.

The ICT industry is not as straight jacket as the Legal, Architectural, Survey and Engineering domains that are pre-defined out of the box. Many, including yours truly are self trained practitioners who spent sleepless nights utilising internet resources to gain skills. To be told that you need to have a certain certificate before being allowed to offer an IT service is a threat to our very existence. However, more of this is covered in this article I wrote on the need for certification.

Outsourcing. Through NITA-U, the government has made efforts to promote this sector of ICT Business. Truth be told, not much has been achieved and this could be attributed to the misguided belief that business opportunities will come from outside the country as opposed from within.

The Indian BPO industry honed its skills from the pro-active approach taken by the government to outsource services for some of their work to local businesses right from the local government level up to the national. A similar approach would help our companies too.

It is no secret that most government departments in Uganda need digitisation of their records. Secondly, there are numerous citizen centered services that the BPO sector could run on behalf of Government agencies e.g. The immigration department could have a tracking system for Passport management run by a private company to respond to various passport related queries instead of the massive human traffic that makes daily pilgrimages to their offices giving a semblance of a busy environment.

The Uganda Revenue Authority had a similar problem when it used to centrally manage all lodging of paperwork by clearing agents and various tax payers until they came up with an IT solution that allowed third party service providers to plug into the system and offer the same services. The traffic at their head office reduced very significantly.

Local Content. Local Content refers to the percentage of locally produced materials, personnel, financing, goods and services rendered to an industry and which can be measured in monetary terms.

Just like the Oil Industry, it is high time a local content policy for the ICT industry in Uganda was effected. I know NITA-U is working on this but it’s important that we bring it to the fore. During the run up to the previous elections, the discontent by many arose from the fact that most opportunities in the country are seen to be bypassing the local providers in preference for foreign. With all ‘big’ jobs naturally gravitating to foreign owned companies, this has left many brilliant ICT professionals with nothing to do locally as well as led to the closure of many a business venture.

Take a stroll around Africa and you will be amazed at the number of projects Ugandan ICT professionals have implemented. During a consulting gig for the Common Market for Eastern and Southern Africa (COMESA), I felt very proud when the head of the ICT department praised the Ugandan consultants they had used claiming they always did a great job. Why then can’t these very resourceful Ugandans be appreciated back home in preference for foreign journeymen way past their sell by date in their home countries? Yesterday, a friend intimated to me that a reknowned financial institution in Uganda flew in expatriates to install a Cat6 Cable Network in their offices. It is such instances that make me resort to Tamale Mirundi’s expletives “Ngalabi Za Mitwe” (Drum heads).

The cry by Government officials that we are not yet skilled enough is hogwash because we would not be hired by international agencies if that was the case.

I propose that an inventory be done of ICT practitioners in this nation complete with their areas of specialisation and businesses (if any). A move towards empowering them either through selective bidding (locking out foreign entities) or ensuring a procurement structure that enforces partnership of foreign entities with local businesses in order to undertake projects would be welcome. We need to start sieving the deal makers from the real solution providers and this is where accreditation through certification might come in handy.

National ICT Strategy. It is said that one human year equals four technology years. In other-words, every three months that elapse equal to one technology year. As a nation we are good at making plans, policies and the like, however, in some cases these are driven by the need to achieve simplistic quick gains without looking at the long haul.

We also tend to have a disease of implementation. When the good plans are made, either the resources (not only money) required to see them through are not availed or government departments attempt to outmuscle one another for implementation rights.

What we need is a well rounded strategy with a multi-disciplinary and long term perspective. ICT is an enabler, so any plans should take into consideration our aspirations in the Health, Education, Agriculture, Manufacturing, Transport, Tourism and other sectors. How can we can use ICT to address corruption, traffic jams, trade, manufacturing, illiteracy, security, travel, piracy, climate change among others. The desire for shortcuts will keep us heading back and forth in an unending loop only to take us back to the starting point.

Hon. Minister Sir, this is what I never had a chance to share in detail. I am glad you have read it in it’s entirety now. By the way, you asked where the developer of Me2U is. I would like to gladly tell you that he is very alive and plying his trade from Entebbe with a largely foreign clientele that keeps him busy. Not wanting to soil his career with the intricate dynamics involved in getting local business (especially government), he opted for the foreign strategy. Otherwise he is one of the most deeply rooted nationalists I know of in this country.

For God and My Country

Follow @wirejames on Twitter

To Certify or Not, NITA-U in the Dock

She broadcast the message onto one of Uganda’s largest online platforms for IT professionals, the I-Network Uganda and it read:

Please find link to read and know about Regulations that support the Certification process. These Regulations include: the National Information Technology Authority, Uganda (Authentication of Information Technology Training) Regulations 2016 and the National Information Technology Authority, Uganda (Certification of Providers of Information Technology Products and Services) Regulations, 2016.”

Within minutes, responses to the thread were flowing in. One of those that briefly summarised the general mood went as follows;

They do not account for experience.

They do not account for online courses.

They do not account for interning/mentoring.

They do not account for self taught prodigies and IT savants (PC whisperers).”

What are these regulations all about? The National Information Technology Authority – Uganda has come up with regulations that it wants passed in order to regulate the ICT industry. These regulations affect Individual and Corporate service/product providers as well as Training institutions. Information Technology is one of those industries that has largely grown organically with very minimal regulation.

On a fora dominated by more youthful ICT practitioners, comments were as follows;

Eh! Above requirements in document are going to bite all experienced players in contrast to those who have proffessional qualifications.

It might also spur employment of jobless professionals by the experienced players. Either way, I am emigrating.”

Shouldn’t the SMEs and startups put on evil smiles? All those ‘experienced’ chaps getting kicked out are theirs for the taking”

An unregulated market is how everyone loses out : Profit flight, Uganda being a supermarket for everyone to come and sale, Low levels of skill, Low tax bases, Those kinds of things

On I-Network, a forum dominated by middle aged first and second generation ICT practitioners, the discourse was dominated by such responses below;

I perused through the document and I kept desiring to throw up my breakfast. I request clarification on the documents shared above. Are they specific to individuals and organisations that intend to work with government or do they include people relating with private businesses. The documents seem to only aim to make the Authority relevant and to also increase its revenues through an unnecessary six month certification (taxation).

We appreciate the initiative by NITA-U to protect customers’ interests but I think rather than making it mandatory and making it criminal if you are not certified by NITA. An even more prudent approach is make it optional and spend all the resources educating customers on how to look out for a “suitable” IT solutions supplier. This is achievable and requires less resources to implement.

There is a reason that training is done . You have been doing the work but you don’t have the qualifications to do the work. ‎As a regulator there should be precedence as to what qualifies someone to do/offer a service. We can’t continue to run on try and error because it has worked in the past. If you haven’t studied the subject what principles do you use to do the work

Very interesting debate and dialogue going on here. I am still struggling with the ‘spirit’ of these regulations? How will these regulations enhance competence that is so lacking? So if my University is certified as a service provider and continues to churn the products it is delivering what is the value of this certification?

Let’s look at this as trying to streamline and provide some customer protection. It’s not a surprise that most people that don’t support this are service providers. May be tell us what you are trying to run away from.”

These regulations can form the start of the MRA’s (Mutual Recognition Agreements) for the ICT sector in Uganda. I hear the issue of the professionals with no formal education. What is needed is to work with NITA and have this category amended. Because as we stand today those people would not be able to get a work permit anywhere outside Uganda. Our ability to cover them in the proposed regulations would create a starting point for this category.”

I took time to read through the proposed regulations and from those targeting Service Providers and noted the following:

Part II 3(a) A person shall not provide information technology products or services unless that person is certified in accordance with the Act and these Regulations.

I believe this is a good provision. We are always complaining of poor service provision in our industry and being undercut by people who hardly have a clue about what to deliver. It is not strange finding a Fish Processing firm winning tenders in ICT only to later subcontract the work to a little known firm with the skills but then again pay them measly sums.

There are individuals who have specialised in these brokerage services and always win tenders due to their underhand methods of operation. Fifteen years ago, the Electoral Commission was involved in phoney dealings with a self styled Computer Expert, a one Frank Katusiime that saw the organisation spend over 3 Million dollars on ICT related consultancies that saw some consultants bag US$ 2000 per day. Do we want to maintain the status-quo?

We have lots of youths who have various ICT qualifications but are lacking work to do. This is an opportunity for them to team with the money bags to either run businesses together or work for them in order to ensure that their operations are compliant.

The only amendment I would propose to this regulation is that it should be paraphrased as;A person shall not commercially provide information technology products or services unless that person is certified in accordance with the Act and these Regulations.” This will give a breather to my 15 year old son who is already interning in my business operations learning how to fix computers and software.

Part III 7. (2)Without limiting the general effect of subregulation (1), a person intending to provide information technology products or services shall-

(a) in the case of a legal person, be registered in accordance with the law;

(b) abide by the standards for the provision of information technology products or services;
(c) demonstrate financial viability, where necessary;
(d) put in place and maintain a sound quality management system;

(e) have in place policies and procedures to govern the provision of information technology products or services;
(f) where applicable, employ competent and qualified staff to provide information technology products or services;

(g) provide appropriate infrastructure and equipment required to provide information technology products or services.

This regulation serves the purpose of facilitating the industry to address;

a) Fly by night business operators who have no interest whatsoever to observe the laws of the land hence operating but in an unregistered manner thereby defrauding the state of money through tax dues.

b) Unprofessional service providers that have no intention whatsoever to offer services in accordance with generally accepted standards.

c) Reduction of the prevalence of those service providers who are merely brokers. They specialise in clinching the deal and then pass it on to other financially capable players whose service provision may be questionable.

d&e) Unprofessional market players since having a professional setup in place is conducive when it comes to effective customer care.

f) The rampant joblessness of our youths many of whom have high qualifications.

Part III 8. (4)For the avoidance of doubt, the Authority shall assess every application to ascertain that the application-
(a) complies with applicable administrative, legal and technical
requirements issued by the Authority from time to time;
(b) demonstrates experience in the provision of information technology products or services;
(c) complies with applicable standards relating to the provision of
information technology products or services.

I foresee this netting those Fish Processing businesses that pose as ICT vendors. They have to pass all the hurdles indicated here. This provision while kind of scary for the small business or start-up, it should be looked at as a necessity. The small businesses in ICT have an opportunity to up their game, conform and then have a field day.

Part III 9. Grant or refusal of certification

(1)The Authority shall within forty five days after the receipt of an application grant or refuse certification.

.

(4)Where the Authority rejects or refuses an application for certification, the Authority shall give reasons and the registrar shall notify the applicant of the rejection or refusal within thirty days after the decision.

The commitment to a speedy handling of applications is a good sign since it shall not keep practitioners second guessing their status for mote than two months. If this is implemented as is, then few will complain of the process. However, after interacting with some NITA-U officials, I learnt that their goal is to set up an online engine that shall enable all applicants engage in the registration process without having to leave their offices. The engine shall have ensure full transparency of the process as the applicant will have frequent feedback on the status of the application. This addresses the fears expressed by some of having to make visits to the NITA-U offices from up-country.

Part III 11. Suspension or revocation of a certificate

(1)The Authority may suspend or revoke the certification to provide information technology products or services where the Authority is satisfied that–

(a) the person is operating in contravention of the Act or these Regulations;

(b) the capacity of the person to provide information technology products or services has diminished in a manner that affects the certification.

The beauty of this regulation is that it will be a continuous check for quality service provision as well as ethical behaviour. If customers are empowered to report unscrupulous registered albeit bogey providers, using this regulation could render them redundant.

Part IV 18. Products not in conformity with standards

Where the Authority refuses an application because the information technology products do not conform to approved standards for information technology products, the Authority shall take appropriate action including seizing and destroying the products at the cost of the applicant.

Scary as it may seem, this one serves to deter especially those that are into importation of fake products expecting to dupe our gullible consumers. The act of destroying all the stock is to ensure that it is not offloaded onto the black market.

I do hope that this regulation can be amended to exclude local innovators’ products that are testing the market. My proposal is to paraphrase it as; Where the Authority refuses an application because the information technology products do not conform to approved standards for information technology products, the Authority shall take appropriate action including seizing and destroying the products at the cost of the applicant. This shall however, not apply to local innovations that are a Work In Progress.

Part V 20. Persons providing information technology products and service prior to coming into force of these Regulations

(1) A person providing information technology products or services immediately before the coming into force of these Regulations shall apply for certification in accordance with the Act and these Regulations.

(2) The application under subregulation (1) shall be made within 90 working days after the coming into force of these Regulations.

Current players have been given upto three months to apply and that too is a fair deal since they definitely need some time to compile their paperwork as well as beef up their teams if compliance necessitates so.

Application Form

This deserves separate attention as it has generated a lot of debate and created fear among those practitioners who have no formal qualifications to justify them as ICT professionals.

Part 5 reads as:

EXPERTISE/ STAFF AND QUALIFICATIONS

(c) Indicate the qualifications in information technology of the staff as follows —

(i) Ph. D. holders

(ii) Masters

(ii) Bachelors

(iv) Diploma

(v) Certificate

(vi) Other Professional Certification

There are many competent ICT practitioners that are self taught and lack formal qualifications. I was one of those for a long time till I begun raking up various professional certifications with the aim of proving to those considering to engage me that I knew what I was doing. However, many have not toed my line and are not about to. They now are faced with the possibility of being stripped of a lifeline.

After my investigations with the NITA-U officials again, I realised that they have already catered for this group only that they could have erred by not indicating it in the application form. They plan to use the Skills Framework for the Information Age (SFIA).

SFIA offers a skills based description approach to Information and Technology roles being handled by professionals. It gives individuals and organisations a common language to define skill, abilities and expertise in a consistent way. As opposed to the theoretical curriculums that many institutions are bound to give you which are then based upon to judge your level, SFIA looks at what you can do and through a well defined process, you get rated.

The output of the SFIA analysis is categorised in seven levels:

  1. FollowWorks under supervision; Has minimal influence; Performs routine activities; Uses basic information systems.
  2. AssistWorks under routine direction; Interacts with many and may influence immediate colleagues; Performs a range of varied work; Demonstrates a rational and organised approach to work.
  3. ApplyWorks under general direction; Interacts with and influences department / project team members; Performs a broad range of complex and non routine work; Demonstrates an analytical and systematic approach to problem solving.
  4. EnableWorks under general direction within a clear framework of accountability; Influences team and specialist peers internally; Performs a broad range of complex technical or professional work activities; Demonstrates an analytical and systematic approach to problem solving.
  5. Ensure, Advise Works under broad direction and tasks are usually self initiated; Influences organisation, peers, customers, suppliers and partners in areas of own speciality; Performs an extensive range and variety of complex technical and/or professional work activities; Advises on available standards, methods, tools and applications relevant to own speciality.
  6. Initiate, Influence Has defined authority and responsibility for a significant area of work including technical, financial and quality aspects; Influences policy formation on the contribution of own speciality to business objectives; Performs highly complex work activities covering technical, financial and quality aspects; Absorbs complex technical information and communicates effectively at all levels to both technical and non technical audiences.
  7. Set Strategy, Inspire, MobiliseHas authority and responsibility for all aspects of a significant area of work, including policy formation and application; Makes decisions critical to organisational success and influences developments within the IT industry at the highest levels; Leads on the formulation and implementation of strategy; Has a full range of strategic management and leadership skills. Understands, explains and presents complex technical ideas to both technical and non-technical audiences at all levels up to the highest in a persuasive and convincing manner.

For those who thought you were affected, do you now realise that using the SFIA approach you can still get high ratings for your experience based skill-sets? You can learn more from the SFIA 5 Framework Reference.

The Ugandan ICT industry in my view needs some form of regulation if it’s to nurture players with serious potential as opposed to the fly by night deal makers that currently typify it. With lots of innovative individuals as well as local businesses attempting to break in, the spirit of this move by NITA-U is aimed at not only protecting the consumer but in the process giving genuine players an opportunity to blossom.

@wirejames

Is Uganda’s Lands Information System really Computerised?

Lands_UgandaOn two occasions I have seen this advert  by the Ministry of Lands, Housing and Urban Development (MLHUD) inviting the general public to verify land title information in the new computerised land titles. They typically organise Land Registration Open Days, pitch camp in a specific location and expect every Wire, Mugwanya and Nabweteme to run to them and find out more about the status of their land.

The Ministry under “The Design, Supply, Installation and Implementation of National Land Information System Infrastructure (DeSINLISI)” project is undertaking measures to modernise land administration in Uganda. Alot has been done in the back-end as regards computerisation of the records and compared with the past, what we have currently is relatively impressive.

There is this famous story of a Muhima elder who boarded a bus for the first time to visit his son in law. Upon entering, he left his walking stick at the door of the bus (customarily, he is used to leaving the stick at the entrance of the house before he enters). When the bus reached it’s destination, he disembarked and expected to find his walking stick still there. The old man threw a tantrum when he couldn’t see his beloved walking stick. The Ministry of Lands is behaving in a similar manner. By embracing computerisation, they are staying stuck to habits that thrived in a non electronic era.

When I go to a restaurant and settle down, I usually have a menu that details all the available food and drinks they can offer. The food I want can only be prepared by the chef in the Kitchen. There are two options for me to get what I want:

Option 1 – I walk to the Kitchen and tell the chef what I want and wait till he has prepared it then walk back to my table with the food.

Option 2 – I get attended to by a waiter who takes my order, communicates to the chef and then later delivers my food at the table without me having to walk up and down.

The Ministry of Lands seems to be stuck to Option 1 in its understanding of how it should deal with the consumer (general public) even after computerisation. Like the legendary Muhima elder, they have embraced technology but are letting the very things that contributed to the inefficiencies in the past linger on. Why do I have to go to their offices anymore if indeed they now have an electronic system in place?

When designing computer systems, the new trend is to use the approach indicated in Option 2. The presence of a waiter in a restaurant makes the entire customer experience so great and thus increases the likelihood of customers patronising that place. In computer terms, the waiter that makes our lives simple can be referred to as an API (Application Programming Interface). With the system that has been developed for Uganda’s Lands Registry, all that is required now is for the National Lands Information System (NLIS) to come up with an API that can then be used by independent developers who are more than willing to come up with Phone and Web Apps that facilitate interaction with the Lands Registry. There is no longer a need for any sane Ugandan to walk to the National Theatre during the Land Registry Open Days, spend close to three hours just to establish information that could reach them on their phone with ease.

API_DiagThe National Land Information System (NLIS) can then focus on ensuring that it has a well functioning credible database and working with other partners in the private sector, it then ensures that the dissemination of the information is achieved swiftly. The dissemination of this information can be at a fee which is paid by those trying to access Land Information through avenues like Mobile Money or any other third party dealers that may have been identified.

The wins for the Ministry here are;

  • Increased access by the masses to the Land Registry

  • Increased revenue generation from the online land search activities that are now conducted by many more people than before. A revenue share model can be worked out with the participating private companies developing Applications just like the Telecoms have with the content providers.

  • Lands Information System extension at no greater cost to the Ministry since the private sector players will do this in order to generate more revenue.

  • Focus on the core database systems and ensuring that there is ultimate integrity of the information shared.

My plea to the team handling the NLIS, is that it’s time you focused on the customer and ensured that there is more inclusiveness. Avoid the traditional disease in most Uganda Government departments of desiring too much control of installed systems even when it’s to the detriment of the masses. Cede some ground and you will not only benefit as indicated above but also help spur innovation and entrepreneurial growth among the fledgling youthful software developers that are all over our streets.

Follow @wirejames on Twitter

#Anonymous to Hack #Uganda

160115192610-anonymous-2-540x304

Anonymous hacktivists Image courtesy of CNN

We are Anonymous,

We are Legion,

We do not Forgive,

We do not Forget.

That is the introduction to the press release by Anonymous, the globally acclaimed Hacktivist group that pursues anyone and everyone they deem as being unfair to society. In a February 17th 2016 press release published on the Anonymous Video Network, they state;

“Operation Africa is an ongoing operation by several activists within Anonymous who have begun cooperating. The focus of the operation is the disassembly of corporations and governments that enable and perpetuate corruption on the African continent. This consists of organisations responsible for child abuse labour as well as internet censorship within the continent and globally. We are fighting alongside other operations such as OP Nigeria as well as Anonymous SA to help free the continent from exploitation as well as the plague of exploitation that has been occurring for centuries…. No Longer will we stand by and watch these blatant abuses of power occur. We will continue to fight for their liberties until all our brothers on the continent are freed from the shackles of corruption and greed.

We will not sleep

We will stop at nothing

We are Anonymous

They should have expected us”

A follow up of this threat on the Anonymous Website reveals that Uganda is one of the countries they are initially targeting. The concerns these hactivists have regarding Internet Censorship and Corruption hit the Bull’s Eye when it comes to my country.

In the run up to the elections of February 18th 2016, I was taken back when I saw the display of military hardware that the Government had just imported and the subsequent chest thumping by the security agencies. In this day and age, it is important to know that the threats are changing. It seems like we are speeding past the era of physically confrontational armed rebellions that involve spending days and nights in bushes and spilling blood. Field battles while fighting for a cause are being replaced by online activism.

Why should we be concerned about the threat that Anonymous extends?

Other than defacing some random websites here and there, this group has the ability to inflict serious damage if they put their minds to it. I know the Uganda Police has put up a cyber crime unit but it’s abilities are still wanting due to numerous reasons.

Some of the most hard hitting acts Anonymous could engage in and affect the Government of Uganda could be;

  1. Shutdown of all Government related Websites: The use of the internet to share information by the government is growing astronomically. Through the use of DDoS attacks they can put all targeted sites on their knees. Major corporations like CNN have been victims of this. Government agencies like Uganda Tourism Board that grossly rely on the internet to market the country’s tourism are likely to be badly affected. With numerous internet facing systems deployed by various ministries like Finance, Education, Agriculture, Justice among others, any service shutdown is likely to have a significant impact on operations as well as the general economy.
  2. Access Credentials: By breaking into the online systems and accessing user credentials of various Government officials, a lot can be unearthed about the internal operations and on a brighter side, it could even help the general public uncover the rot that could be going on in some agencies. In February 2016, the group hacked into the servers of the Broadband Systems Corporation a key service provider to the Government of Rwanda. They altered all system passwords and extracted numerous account credentials used by Government agencies to communicate. The exploits were sampled here.
  3. Internet Blackout: Just like they did in Turkey, the group has the capacity to shutdown internet services across the country thereby leading to loss of business for many. The efforts by UCC to limit internet access would pale in comparison to the kind of damage Anonymous can potentially inflict if they take this route. As I write this, the group has promised an April Fool’s day surprise for Donald Trump and believe me, they will deliver even as the FBI watches. Such missions are handled by the elite of the elite Anonymous hackers who are able to completely erase any traceability in the event that the authorities tried to locate them.
  4. Disabling .ug: By focusing efforts on the root servers of the Ugandan Top Level Domain, which controls all sites that end with the suffix .ug, any website with a similar ending gets affected and cant be accessed online. When the Turkey attack was done, over 400,000 sites were offline for a period of Seven (7) days. You cant send or receive email or even have your content on the website accessed due to failure to resolve the DNS. We dont want that to happen. Three days of Facebook Censorship in Uganda were enough to show us how critical and part of life the internet has become to our lives.
  5. Infrastructure Attacks: Anonymous has the ability to target critical banking infrastructure in the country as well as any other service providers like Electricity and Water utilities for as long as they have systems that are interlinked with one or two gateways to the internet. Just imagine if they got into the UMEME network and remotely manipulated the Yaka Software Systems by resetting all customer units to zero or better still provide free power to all customers? They could easily get access to national security installations and siphon out critical information that the Government is heavily dependent upon or even expose key security informants that have for long operated undercover. Access to the Civil Aviation Authority network could easily lead them into our Airport network thereby disorganising flight arrangements and putting flights at risk. After all, they are Anonymous, we should expect them!

I could go on and on about potential exploits by this group. It is therefore a pity that the Government is silent over these threats. Perhaps they have no choice and are just clueless over how to engage this elite group of hactivists, hence having to wait and accept fate like a lamb ready for massacre.

Interestingly though, we don’t seem to be very far from getting our own Ugandan version of hactivists likely to link up with Operation Africa. The Hackers Uganda team did participate in the resistance against the aborted giveaway of Mabira Forest to an investor to grow sugarcanes way back in 2011. They hacked the Uganda Investment Authority website and left a message of defiance.

Over to the Uganda Police and the various security agencies that litter our land, are you ready for this teargas proof approach to civil disobedience?

On twitter @wirejames

Muwema Vs Facebook

For a while now I have been debating over whether to write an article about the current Cyber Security threat the Government of Uganda is facing or the comedy that Counsel Fred Muwema has opted for. It was not until I came across this article giving Facebook 6 days to cooperate in regard to his intent to sue for defamation that I thought I needed to weigh in into this saga. Interestingly, while reading the article, I was entertained further when on the same page I saw an advert by one of Uganda’s leading comedians Pablo advertising his Good Friday Nyama Choma event. To be honest, Muwema’s threats and Pablo’s comedy make a good match.

In Point No. 8 of the letter Counsel Muwema allegedly wrote to Facebook, he states; “To this end I request for the Internet Protocol address of the subject user by the 29th March 2016 to be able to determine the user’s physical location, email, telephone, address and other useful identifier information.”

To take on such a battle with Facebook, Counsel Muwema reminds me of the time I visited the game park and saw a dog barking at an elephant. The elephant just went about it’s business and only occasionally looked through the corner of it’s eye to see what the source of noise was. For the attention the dog wanted, that is the best it could get from the elephant.

So Counsel, who told you that getting the IP address information is a guarantee of identifying the facebook user TVO? I will not blame you for thinking this way but probably my disappointment should be directed to the erstwhile technology advisers you surround yourself with.

For a highly marked Government critic like TVO, it would be foolhardy of one to expect him to use a pedestrian approach when engaging in what he does best. The precautions I expect such a person to take are beyond the ordinary since what he is doing is a matter of life and death and could see him (depending on where he is) either be incarcerated for life or extradited to Uganda to face incarceration.

In the world of VPNs (Virtual Private Networks) and Encryption, TVO has the ability to fool even Facebook about his whereabouts. One can be in Uganda but on accessing a site in the UK, you can utilise Internet protocol addresses from the Ukraine thereby making the UK servers believe and log your origin as the Ukraine.

Besides, what makes you think that TVO is one person? It could as well be a distributed team hence even getting the IP address may not help you uncover them. Advances in technology have made it more difficult to keep up to pace with tracking online users.

Have you heard of FreeNet, the Underground Internet? Off their website, the FreeNet project is essentially an internet within the internet, but with absolutely no censorship. The information hosted on Freenet is encryted and routed through many different nodes, which makes it incredibly difficult to track who is providing and requesting the information on its servers. Thus Freenet accomplishes absolute freedom of speech!

How about the Deep Web and Dark Web? Due to the love for privacy, anonymous browsers like the ToRBrowser are now in vogue lately allowing users to browse the internet surreptitiously and without being easily traced. When you make a request to find a web page, the request to find the intended destination is wrapped in layers of encryption or code – like the skin of an onion. Instead of going direct to the web page your request is bounced randomly across a network relay of computers all across the globe. As your request arrives at a new location a level of encryption is unlocked. All the relay computer sees are instructions to send the request on to the next location.

In real world language; bouncing across different locations makes it near impossible to trace the user. Meaning you become anonymous.

The TVO I have observed is not daft enough to utilise the internet plainly. I therefore want to take you out of your illusion Counsel by advising you to concentrate on matters other than taking on Facebook or hunting for TVO. If it is publicity you wanted, you have already got it.

My 2 Pence.

Follow @wirejames on Twitter.

Additional Research from:

Going Underground: the secret world of the Deep Web

FreeNet: The Underground Internet