Safaricom launches sh. 90 million VC Fund- the questions….

Yesterday, Safaricom launched sh. 90 million Venture Capital fund, aimed at local startups seeking to scale. You can read the story I did here or Kachwanya’s take that the fund is a game changer or this one from Techmoran.

You can also read a recent posts, some of them deal with terms such as vulture capital, which I will discuss below. Read it.

These stories assume that many people know what VC is but for the sake of those not used to tech jargon, here is what Wikipedia defines VC: “Venture capital (VC) is financial capital provided to early-stage, high-potential, growth startup companies. The venture capital fund earns money by owning equity in the companies it invests in, which usually have a novel technology or business model in high technology industries, such as biotechnology and IT.”

The launch by Safaricom is no mean feat, its better than the others who have the money but don’t do anything about it. But please don’t be fooled to think that Safaricom is doing it as CSR, no, there is the foundation for that; this is business.

For the keen observer, the fund is not targeting the startups with fancy ideas but no market traction, I think Safaricom has learnt from the professional startup gurus who have hoped from one competition to another for the last four years, usually regurgitating same ideas and “winning” the money in the process. The fund is targeting early stage startups who are seeking to scale, just like its defined.

This works well for Safaricom, because if you have a mobile app that is already having subscribers, gaining traction and all you need is the platform to scale, then you have an opportunity. So, if you want a share of the sh. 90 million- starting from 6m to about 23m per startup, then you better launch the product already.




If you speak to many companies seeking to scale, 6million can go along way, especially if the company was bootstrapped. For the companies that start with VC money, the story is different; theirs is a different struggle.

When I heard that Safaricom was setting up a VC fund, I had all these questions that most of us have, given the experience in the kenyan market.

1. Safaricom has previously been accused of stealing ideas once startups, individual developers pitch them, is this a way of redressing that, and making it a legitimate way of taking ideas into products that the market can take?

2. There has been a problem of Vulture Capital or predatory capital, how will Safaricom ensure that it doesn’t fall into this category?

3. Safaricom recently partnered or bought out MLedger (no clear story), did it motivate this venture or what role did this play?

4. There are very few successful exits in the local market, how is Safaricom planning around that?

5. Safaricom has been working with the local hubs, what role will the relationship play or how will it change?

6. Safaricom has been working in the innovation space for a few years, what are some of the lessons?

What did Safaricom have to say about my questions?

Here are the answers from Nzioka Waita, Director – Corporate Affairs

Safaricom has previously been accused of stealing ideas once people pitch them, is this a way of addressing that?

In a lot of instances, the ideas we receive are concepts that people have pulled off the Internet and thus not worth the paper they are written on. There is no case of any serious developer having engaged with us and having had their IP stolen or compromised because we simply don’t do such things. The Spark Venture Fund is being set up to provide funding for companies that are at late seed to early stage growth stage. The idea is to provide them with much needed capital so that they can continue to grow and provide solutions for the market.

There is a problem of vulture capital or predatory capital how will Safaricom ensure that it is not in this category?

We are a local company keen to support and nurture other local companies to grow. We do not see the issue of vulture or predatory capital becoming an issue.


Vulture capital


Safaricom recently bought out a start-up, did that motivate this venture or what role did the acquisition have?

Last week we announced that we had launched the product M-Ledger, a M-Pesa accounting tool, in partnership with Dynamic Data Systems. We invested in their IP and now offer the app for free on both our app store and on the Android store. Our involvement included assisting Dynamic Data to develop and commercialize their solution for the market. This was a classic case of having a solution that meets a critical market need and we are keen to partner with other companies who are willing to deliver the same kind of proposition.

There are very few successful exits in the market how is Safaricom planning around that?

The reason there are few documented cases of exits is because typically there are few companies worth buying because they have not matured enough to consistently meet the markets needs. That is what we are looking to turn around. We aim to create successful businesses with a bias in ICT mobile application development. If these businesses are successful and serving market needs adequately there will be no shortage of exit opportunities to bigger PE funds or other types of investors.

Safaricom has been working with local hubs what role will that relationship play or how will it change

We hope to extend that relationship and remain a close partner for the local hubs.

Safaricom has been working on the innovation space for the last few years, what are some of the lessons?

Innovation is part of our DNA and over the years we have tried various strategies to try and create a viable innovation ecosystem in Kenya. It’s been a long journey – with several hard lessons learnt along the way about how to do it – but we see this fund as the opportunity to push Kenya’s technology start-up into its next phase of growth by providing it with the funding that they would typically not be able to source.


ICANN cancels morocco meeting

Whenever there is meeting taking place in Africa, the Internet Corporation for Assigned Names and Numbers (ICANN), is always jittery. If the meeting is in South Africa….well…. its much more comfortable. But anywhere else…. a myriad of issues crop up.

If you are wondering what is ICANN…. here are some interesting articles I have dome in the past.

For the latest episode, let us just call it western paranoia against Africa. Please read the statement here and it doesn’t even give a reason. But we all know its because of Ebola. Apparently, ICANN has no faith that by next February, the three West African countries will have contained the spread.

Yes, ICANN has a right to decide where they hold their meetings but why pretend to care about Africa while you lead the chorus of those feeling that Africa has nothing to contribute in the whole ICANN agenda?

The argument is that Americans feel that they will be quarantined in February next year, if they make a point of visiting morocco. The insurance companies will also not cover them, if the meeting is held in any African country.

“Community concerns that would prevent maximum participation at its next global meeting (ICANN 52, 8-12 February 2015), a critical one given the ongoing discussions around the IANA Stewardship Transition and ICANN Accountability, has prompted ICANN to postpone the meeting in Marrakech, Morocco and to relocate to Singapore on the same dates,” says the statement from ICANN.

Ahead of the statement, Fadi made a call to selected ICT and ICANN big wigs in Africa, explaining the decision and how the meeting will coincide with the internationalisation of ICANN, if you believe Africa has anything to benefit from that.

Aside from ICANN bias, I think it serves Morocco right. They can’t refuse to host CAF Nations Cup for fear of Ebola, then they were ready to host ICANN, yet there will be participants from all over the region.

Its bad for West Africa, a region of 17 countries that has been banded together as carriers of Ebola virus but you would expect more. But again, if the West boycotts, then the meeting may not take place at all because African voices at ICANN are generally missing.


Of free wifi…. Kahenya’s thoughts

If you have been following debate on free wifi in counties……a guest post by @Kahenya

Most first time Western tourists in India tend to assume that a snake is charmed by the sound of the charmer’s flute. I partly blame Robert Browning’s legend, the Pied Piper of Hamelin for this effect and indeed, you would be surprised by the number of grown adults who fall prey to childrens’ anecdotes. Never mind that at any time, day or night, for next to nothing cost wise, they could open a resource like Wikipedia and confirm the actual facts. But, this is Kenya, where we waste a wonderful tool like the mind for votes and money. As I write this, I’m discussing priorities with a certain bird who owns a parrot named Sparkles, who is pointing out what is painfully obvious. This one time, I will not blame the President and his Deputy because there are other “managers” employed to ensure that our priorities stay on track. But they don’t. Food and water security, general security, health care, education, better wages for civil servants, better equipment for public facilities, better roads, cleaner public toilets and many more things are our priorities, but free WiFi? This is backed by our version of the proverbial European tourist in a pinstripe suit who constantly gets bitten by his own snake cause he does not understand the underlying principles of charming it.

I must berate the principals involved, for failing to understand a rational principle that is universal and actually very easy to get. <strong>THERE IS NO SUCH THING AS FREE WIFI</strong>. There never has been, and there never will be free WiFi. That as a concept does not exist. Its been tried by many municipals, and it has always failed, globally, for one simple reason. Cost. Don’t bother pointing out Guifi or others without thinking Fon and recognising their environment and the actual real world factors that exist.

Let me explain this in the simplest way I can for Eggbert. Someone, defined by the constitution as a legal entity, could be a human being with red blood that breathes air, or an organization like a Registered Company, NGO, SACCO, Women’s Group etc has to pay using legal tender, in many cases real money, in our case, the Kenya shilling, usually sporting the face of a late or retired President, available in paper format or metal hardware, transferable in its physical form, or using a mobile device, a cheque, an electronic service offered by a merchant provider or a bank countywide, to another legal entity for services rendered. Commerce. Isn’t it brilliant? It says that for services delivered, payment must be rendered and whether you choose to use a 56K modem or WiFi, there is <strong>ALWAYS</strong> an associated cost. Hotels, restaurants, airports and other legal entities again as defined by the constitution, offer free WiFi to their customers. But it isn’t free. While you are busy drowning yourself in worldy pleasures that again, you must pay for in some form of legal tender, they deduct a certain percentage of your bill to cover the cost of connectivity. Even if its 1 Shilling per hour per user, the shilling being legal tender for Kenya as earlier mentioned, it is still a cost that must be covered. There is not a single legal entity on Planet Earth that is willing to lay expensive infrastructure, in this case fibre optic cables, WiFi access points among other things, pay for access, salaries, other fees, taxes and so on, just so that they can willingly give free access to the masses cause they feel charitable. That is a bunch of big brown bollocks, simplified and legally defined from its Anglo-Saxon heritage as testicles. Airports deduct it from the tax they levy on your ticket. But that is only half the story.

Now let’s wade into the technical excrement that again shall be simplified. WiFi operates on 2.4GHz and 5GHz, frequencies, both are heavily used and getting scarce by the minute. This means that proper planning, and that is more than drawing a stick diagram on an iPad, must be undertaken, to ensure that everyone enjoys this finite resource without experiencing interference. Which means, as you rollout your WiFi network, you must appreciate that you are not the sole operator as well as there being enough spectrum for the hundreds of thousands of smartphones and tablets, but let’s start with the few in Kenya. Eventually it will be saturated and more frequencies will have to be made available for WiFi but until then, we deal with this. Now WiFi competes with many other technologies, like scientific research devices, wireless remote controls, legally defined as an object that controls an electronic appliance, Bluetooth that you use for your wireless headsets and for sharing media and many other variants. Sadly, the current Eggbert backed WiFi networks are so poorly rolled out, that the burn through all the spectrum, and deliver very little. The solution? Bring Canadians, legally defined as people from Canada with leaf logos on their passports, to build this failing concept of a free network, for a fee, cause believe it or not, they too believe in commerce, and know only too well how to capitalise on our ignorance. Meanwhile you award winning unemployed degree carrying Kenyans with a passport that bears a chicken that carries an axe, herded by 2 spear carrying lions acting as bodyguards cause chicken get hijacked on the highway, are just way too stupid to plan and rollout a WiFi network. Including that Indian guy with an MIT degree. And that is the height of ignorance that this free WiFi concept is bringing out.

Eggbert, you and the rest of the governors need to stop wasting Kenyans’ time with censored free WiFi that will eventually be abandoned cause of cost and poor implementation and let the Kenyans, who understand what needs to be done, do their thing. WiFi is a paid for service. I did not make that rule. You have a less than pedestrian understanding of WiFi as an enterprise and commercial solution, your motivations for the rollouts are completely wrong, you are playing off a flawed playbook, you haven’t done any realistic research and the field failure of Nakuru is resolute proof of how little you understand of your so called docket, and I think you need to get your excrement together and get out of the way. You can’t charm this snake, so accept and move on.

Disclaimer, I’m not here to defend Able’s commercial interest, that’s for the market to decide, and we are now 40k strong in commitments for our upcoming paid service. Also, this is not personal. Well, maybe a little.


Venture Capital and growing businesses

In the past four years, the tech space in Africa has grown beyond South Africa. It has provided investors and developers choices beyond South Africa, which for a long time had been seen as the source of tech innovations.

It is hard to talk about tech innovation without talking about capital; innovative ideas need dedicated time and people must meet basic needs. Whether its shoestring budget, borrowing from relatives and friends or taking a bank loan, funding is key.

For those in the tech space, venture capital is the buzz word. It is what start ups run to for growth and scaling services and products. Its not that the money is readily available but if you have all the factors working for you, you may find it easier than others. You can read past articles on venture capital and financing in Kenya, don’t miss the one on race and VC funding.

@whiteafrican has also written extensively on this topic and you can check out his articles.

For a latest look at the VC lessons, please read this piece I did on the sale of Movirtu to Blackberry and how the founders were left unhappy.

For the sake of this piece, let us deal with VC for growing companies, not start ups. You know the ones that have survives past the start up phase and can make money? Yeah, those.

There have been some successful engagements with VCs, where local founders make money but why are some cases filled with bitterness and bad blood when VCs take over? Look at the case of Wananchi Group since the days of Joe Mucheru….. yes, VC money helped scale company operations but what happened to founders? They were not exactly very happy with being elbowed out.

In my interview with him, TLcom founder says that VC brings in the money and must align it with a proper team. No one can argue with aligning your money with a team that brings in results and given the kind of money they made, it seems to have paid off.

One of the lessons is how to negotiate exit and share valuation. It seems there needs to be a big deal of legal input needed from the initial stages. Ben White argued a more complex point that I think those looking for funding need to understand before entering into any unions. How do you safeguard your interests and make sure your shares are not watered down? You can imagine starting a company, growing it and only to receive a fraction of the salary of the CEO in return for the shares and your efforts growing the company.

This may be the only known case, there must be other cases of Vulture Capital- where a founder realises its easier to just accept and move on.

So, the new lesson is that if you ever plan to seek funding, make sure you retain a lawyer from the word go. If not, make sure you have a relative or a lawyer who will sit with you and go through all the scenarios. There is no marking scheme, you can go through and still be messed up but at least, having a lawyer is better than having none.



Kenyan Companies embrace outsourcing

About eight years ago, I had a conversation with one of Kenya’s leading technology technocrats about outsourcing. This guy has been there since the days of Kenya Posts and Telecommunication, so when he spoke about anything technology, he commanded the room/space.

On the topic of outsourcing, he was so well versed that as a journalist I liked hanging around because I would learn something new. I have never been afraid to seek knowledge and he was happy to have the audience.

The internet defines outsourcing as an allocation of specific business processes to a specialist external service provider. Most of the times an organization cannot handle all aspects of a business process internally and decide to pass on the task to an expert.

This was at the height of discussions on new fiber optic connections to the Eastern coast of Africa and people were busy discussing big money projects. My questions related to how people who have no big money backing could benefit from the technology developments.

He spoke about companies outsourcing technology services. At that point, it sounded remote and unattainable. That time ISPs had internal installation teams. The internet connections were few and expensive. Of course all big ISPs currently outsource their technical implementation services.

Fast forward. I was impressed when sitting at a catch up or gossip session with my friends and they spoke about an IT graduate who had decided to serve small companies that were willing to pay her 10k a month. She had 10.

Of course, the outsourcing trend has caught on within the corporate circles but according to her, these were the SME bracket ones. Whatever the level, the point was that most companies had started appreciating the benefit of outsourcing.

Outsourcing was a big buzzword when the ICT Board was formed and we were fighting for the World Bank Money on BPO services. We all sort of know what happened to that. That time we were competing with India, Mauritius and South Africa as outsourcing destination, now we are just happy to beat Ghana, now that our economy is rebased.

So, why would you outsource services to an individual or company?

  1. To concentrate on your core business- if your core business is selling, let someone else handle IT services, your business will run much more better and smooth.
  2. Swiftness and expertise- most likely the person will sort you out or knows someone who can.
  3. Reduced operational and capital expenditure- think about insurance and tea that internal teams will consume :)
  4. Increased efficiency
  5. Reduce labour costs


So, for the graduates will to explore the market, there are opportunities for those who seek them :)


Kenic has a new CEO….. 7th in 7 years…

Abdalla Omari is the new Kenic CEO.  At this point I will stop counting coz it means the annual tradition of the board is; lets get a new CEO.

Usually, when people join new organisations, they are asked what they will do to improve the status of the organisation. I imagined these are some of the questions Omari had to answer.

I know I ask some annoying questions that at times people choose to ignore, like the immediate former CEO did. So I just copy pasted the questions, which mainly dealt with growing the registry, stability and resilience.

He gave me one of those answers you give when you want to put people off, like when they bother you too much. Here is the response;

“We are currently in the process of reviewing our Strategic plan. The Strategic Plan review will capture the intended strategies on marketing and price sensitivity challenges which you have raised. The moment the SP document is finalized, we will publish it on our website for all the stake holders to read.
I have studied our Technical report on downtime, and seen the latest downtime was in August 2014, after a period of over one year (that is Sept 2013). We are finalizing the process of setting up 3 redundant sites to address any future challenge of the same. This project should be complete in the next 2 weeks.”

Either the guy has no idea. I don’t get how the review of a strategic plan has anything to do with your leadership skills of steering a registry. How will you help that plan if you have no experience in running registry operations? I get it, I am told you don’t need to understand how to run a registry to make it efficient and sustainable; apparently even a farmer can run a ccTLD.

So, who is Abdalla Omari? Here is the CV….


-       M.B.A- Maseno University

-       Bachelors In Management and Leadership- University of Free State, South Africa

-       C.P.A part three

-       Currently pursuing a PhD in Business Management


I have been a General Manager for Avtech Systems Ltd, for around 5 years, before joining KENIC. Avtech Systems Ltd (, is an ICT based organization which specializes in Electronic Security, Video Conferencing facility set up, Broadcasting Station setup, and audio vision solutions.

During my tenure at Avtech Systems, the organization was among the Top100 finalists competition, for a straight 3 years. KPMG consultants and Nation Media group moderate this competition. In the Top 100 competition of 2012, Avtech System was number one, in the ICT category.

I have also been a Finance Manager for a manufacturing industry called Dimensional Structures Ltd, and a senior accountant for a leading travel organization called, Charleston Travel Limited/fcmtravel (

My experienced is wide from Management/leadership, accounting, finance and auditing”

And the story continues…

ICANN to host its regional talkshop in Nairobi next month

The Internet Corporation for Assigned Names and Numbers (ICANN) is set to host a talkshop next month. Why do I call it a talkshop? Because ICANN hasn’t held such a meeting to address key issues affecting Africa stake holders, they just dance around issues of Internet Governance.

If you are new to ICANN, you can read more about it here 

Let us first look at some of the issues the conference will be addressing next month. Here is what I got from their comms department.

“We will be hosting a panel on “Sustaining the power of Global Internet for transformative economic growth” based on the findings of the Boston Consulting Group (BCG) report commissioned by us on sources of e-Friction for the internet economy.  The meeting will focus on two main subject matters:

  • Introduce ICANN to the two business groups invited and display the different avenues for participating in ICANN and possibly IG going forward
  • Highlight the DNS industry as a business and motivate new and potential registrars be seek ICANN accreditation

Present will be a mixture of stakeholders from private business sectors, government officials and media, where avenues of collaboration and participation will be discussed.  Invitations are yet to be sent out. I hope you can make it.  The main speaker will be Chris Mondini, VP Stakeholder Engagement in N. America & Global Business, and will be joined by leading company executives to be announced at a later time. ”

Now, for those who may know Africa’s issues at ICANN, you will know that relegation of African domains is one of the key issues and has been dragging for ages. Redelegation is the process where a country gets back the operations of its country code Top Level Domain, like the way KENIC is in charge of .ke.

So, before we get to issues of Internet Governance, what is the status of redelegations?

“Re delegations have been a concern for close to 10 African countries in the last three years. We did have successful relegation in a few of them so far,  including : Mali, Botswana; Gabon;..Currently pending are Togo, Uganda, Guinea Bissau,Mauritius, Namibia (the worst scenario so far) , Zambia, and Cameroon.Some of the delay is due to incomplete submission of request or an ignorance of the IANA procedures by some requestors.”

So, for years, ICANN has known that countries have a problem or are ignorant on IANA rules, so, why not hold a conference on how to deal with IANA or address some of their problems? Why is it so easy to discuss IGF matters while for years, you can’t deal with relegation or at least pretend to care and hold a panel on how to answer those IANA questions. First, that IANA website can be a maze.

Most of the operational registries are manual

It is no contest that when it comes to tech, Africa adopts last. That is why the domain name business is still lagging behind. That is why you wonder, if most registries are stymied by manual operations, why are they discussing IGF matters, shouldn’t the priority be those ICANN experts to help with this? Yes, countries have a right to help, but if ICANN is to act like it cares about Africa, then let it do a better job at it.

There will be an argument that there is the annual DNS forum and the current training on DNSSEC, if the operations are manual, how does this help? It is like going to talk cyber security and benefits of e-commerce to a community that has no access to computers or the internet, what is priority?

ICANN even has a training scheduled on root zone signing, in a continent struggling with redelegations and manual operations. Here is what they have to say:

“One of the flagship projects in the Africa Strategy is Promoting DNSSEC adoption in Africa and to this effect we have already conducted 8 DNSSEC trainings in 8 countries in Africa, Kenya Included. In FY15, we have budgeted for another 5 countries. So, the DNSSEC Roadshow is about capacity building on the DNS security  which include 1)awareness building at country (cctld) level, 2) Training on DNS security an 3) Country root zone signing.”

L-root copies in Africa

If there is one thing about ICANN that has somehow worked, I think its the L-root copies. Maybe its because they partnered with AFRINIC, or maybe its because the L-root doesn’t require the country to have an IXP, just the telco is enough. I say somehow because if you ask me, most telcos in Africa should have it but again, the legal department at ICANN takes its time.

“As of today we are processing a number of L-Root requests (4) to add to the ones we have in Africa (9) ; Some of the delay depends on the necessary  due diligence to be conducted by  Legal department.”

For a continent where telcos are the major ISPs, the copies should be much more. Root server copies contribute to the resilience of the internet in a country. I will probably get a chance with AFRINIC to understand the actual hold up for these process.

So, do you still think our priorities are in IGF issues? Yes, when it comes to politics between ICANN and the ITU, ICANN will need countries on its side.

But does ICANN seriously have the issues of the continent at heart? Do they understand the priorities? Do we understand what ICANN means with its Africa Strategy?

Can you imagine if the current merry-go round about .africa happened to .EU or .asia? Or any domain that China or Russia have an interest in? Do you think ICANN would hide under their rules the way they are doing now?

Somehow I thought Fadi Chehade would be different as ICANN president, I remember listening to him talk about Africa when he was appointed and I thought, “this guy is too good to be true” years later I am looking at it and thinking, “this guy maybe all about talk, policy papers and nothing practical.”

He still has time to deliver whatever but if you are going to be concerned about Africa, start with the priorities!



Govt should centralise to improve security

In the last two weeks, a group calling itself Anonymous Kenya has terrorized government folks by hacking social media accounts belonging to Kenya Defence Forces, their spokesperson and the deputy president.

The response from government folks was just laughable. Just watch this KTN interview with Evans Kahuthu, the guy tasked with Information Security at the ICT Authority.  It was the week that the accounts were hacked, exposing the governments behinds and this guy dances on the fence with jibber jabber….. he didn’t say anything and the presenters/interviewers….well, that warrants a post on its own. I spoke to Evans later and he explained his challenges, off the record, but still, as an info sec rep in a government, this guy should have more teeth. Who should give him the teeth? Read on…

A lot has been said in the media and a lot of that is available online. But beyond all that, I thought it was better to look at the root causes, other than the symptoms.

When you talk to many folks in the ICT industry, a common theme that is emerging is the fragmentation of government ICT functions; yes the ICT Authority is supposed to be the more consolidated arm, but does it have all the powers? Listen to Evans and you will get it.




1. ICT Authority

When e-gov, GITs and the ICT Board merged to form the ICTA, the idea was that all govt functions would be consolidated into one major body that can now advise government and the county ICT reps on the technology directions. Now, I could go on and on but one key thing was that when the hackings happened, even the guys at ICTA weren’t aware of the passwords or who operates what.

It was clear that there was no audit or a centralised doc that can tell you the ICT hardware (servers, laptops etc), Software – think of all money paid to Oracle by government, and the attendant passwords. So when you say, why were we not Secure? Govt folks might ask, didn’t we invest in new locks?

2. Itumbi and his team

There is something about a duel between young and old people. The old guard thinks experience trumps technology, the young think the dinosaurs are hogging power and do not know what they are talking about. Itumbi and his digital team, are in charge or operate the social media accounts. They know their stuff and no one will tell them anything.

I asked whether the ICTA and team Itumbi have ever sat in a room together and I couldn’t get straight answers, so I assumed the answer was no.

So, the ICTA is in charge of ICT direction in this country but do they give advise or direction to team Itumbi? Whether they like it or not, its government security and it matters.

I am not sure what security precaution team Itumbi takes  but clearly, more synergy is needed at least not to have the Deputy President’s personal number exposed. There is no big deal but probably some people will add him to their Whatsapp group on neighbourhood security or something.

3. The Communications Authority

Now, the CAK is the big boy. You know the guy or girl in your school who would threaten or take your piece of bread in high school, yet they have theirs? Well, CAK insist that it can handle all matters tech in the country, even when its clear that that they should handle only policy stuff.

The CAK has been in a tug of war with ICTA to own the Cyber security master plan and the numerous master plans and road maps that this government has specialised in. It has been clear that they can’t handle. Why?



Picture this; in May 2012, a group that maybe the now anonymous Kenya set up KE-CIRT twitter account, which has the as their contact and has been tweeting on tech matters. After the hacks, the account was used to spew disparaging remarks and push the buttons of Anonymous group.

Do you think a government body would be spoiling for a fight with anonymous given the situation?

When I asked the folks at CAK, they said that thats not them bla bla but you are the custodian of KE-CIRT, how would you not know of an account operating in your name, now masquerading as the government body? From 2012? There has been no attempt to at least lock your accounts to avoid squatting?

You can imagine the commotion and phone calls as people tried to find out who was KE-CIRT and others saying how they are helpless and can only depend on Twitter Inc to help.

It is clear that something needs to happen, I don’t have all the answers but something needs to happen now..

:) and the crowd say…….. we have heard that before!





Kenic has a new CEO

Kenic, the organisation tasked with managing the .ke domain, has a new CEO. Who may or may not know anything about heading a registry and how to make .ke more stable and resilient. For background on Kenic, you can read more here.

Emma Marube has the difficult task of heading the troubled organisation, as the Communications Authority ponders whether to privatise the entity or retain the multistakeholder model but offer competition on the second level. For example, if someone wanted to provide registry services, it may offer competition to but at the same time muddle the waters.

We all wish the registry well and we hope that it will be more secure. Most people stopped complaining about perennial outages because…..what will you do? Accept and move on….

I asked for a bio, just to know more about her….. and this is what I got.

“Our acting CEO is Mrs. Emma Bokea Marube. Prior to the appointment, she has been KeNIC’s Finance and Planning Manager. She holds a Bachelor of Business Management (Finance and Banking) and CPA. (K) Emma has also headed Finance and Accounting in several organisations.”
I followed it up with questions on what she had in store for us and how she is planning to steer the registry to prestige and envy that it once enjoyed in Africa ICT circles.
I got no response.
So we can assume that the new CEO knows or doesn’t know what she is doing. Kenic board has the reputation of hiring people who have no clue about running a registry, so I wasn’t exactly surprised when I got no comment.
We can also assume that she is moonlighting….. if this bio on this site is to be believed.
Moving on…..
The registry now has 76 registrars, holding domains from 27 as the lowest to 4186 currently held by Safaricom and 4788 held by EAC Directory. The desire for lower costs has seen Safaricom selling the domain at sh 500, which includes hosting. Others are selling the domain for as high as sh 3000 per year.

Cyber Security report by TESPOK, Serianu is just shoddy

Last year, was the first time I read the Cyber Security report by TESPOK and Serianu, a security company. I remember thinking “why is this report so hollow?” but I thought it was because it was the first year and they didn’t have the materials.

You can imagine the question I asked this time round, when I read this report on TESPOK website. You can read my story for the IT World.

So, what are my issues with the report?

1. Shoddy, sketchy work

If you read the report, the point where you find the statistics, is the honey pot side, which is a security system put in place at TESPOK to capture data from all the ISPs peering or exchanging content at the Kenya Internet Exchange Point.

If you read the other information on areas such as banking, the data is devoid of any statistics or any information that can add value. They may just as well have given this desk research to a journalist and they probably would have come up with a better write up.

The intro is written by a guy from Equity bank, who could at least have alluded to all the fraud and security issues that security experts say Equity Bank is vulnerable to. Not to admit but all that marketing rubbish of how they have the systems in place, even though we know it is a lie.

Some of that info may not be disclosed by if you are security experts, you will have insiders who will indicate how much, say, every bank or at least the major banks are losing to cyber threats.

In short, that report could have been consolidated by the folks at TESPOK, either they are just lazy or they feel that partnering with Serianu given TESPOK more credibility, its an industry body, they needed Serianu to just compile?


2. Advertising for Serianu

If you read the report, it has several pages advertising what Serianu does and very minimal or none of what TESPOK does. Again, I ask, who needed who? If TESPOK just needed to advertise Serianu, don’t call it research, call it an advertorial or white paper or something.


3. Naming and shaming ISPs

The report talks about ISPs that are prone to malware, again, this is from the Honey pot. The report names the 20 ISPs but doesn’t give their names. When will they ever learn if the information is hidden?

I know that exposing an ISP’s cybersecurity vulnerability affects its bottom line but they will improve if consumers are able to know which ISPs are most secure. Its more like touting yourself as a researcher in media and corruption, then instead of naming the most corrupt media houses, you just give us number one to ten then present the percentages, how does that help us?

Yes, ISPs are members of TESPOK and do not want to be shamed but if you want the ISPs to take the research seriously, then name them, make use of the honey pot and forget these essays that we can google and download.

The closest I got to identifying the ISPs was in the publication of AS numbers for the IPs considered lethal. With the AS numbers I identified Access Kenya, JTL, Safaricom, among others as the culprits.


4. Role of KE CERT

I think the best statement was towards the end, when the report says there is a need for a strong CERT in Kenya, this was like a kick to the CCK and their dismal efforts, which you can read on their website.


Of course this is just my opinion…….you can read the report and be the judge.