GET /api/v0.1/hansard/entries/1277153/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 1277153,
"url": "https://info.mzalendo.com/api/v0.1/hansard/entries/1277153/?format=api",
"text_counter": 98,
"type": "speech",
"speaker_name": "Mr. Eliud O. Owalo",
"speaker_title": "The Cabinet Secretary for Information, Communications and the Digital Economy",
"speaker": null,
"content": "In the course of this assessment, the office initially suspended the operations of Worldcoin for a period of 60 days, during which the company was to submit a data protection impact assessment in accordance with the Data Protection Act to enable the ODPC to ascertain the lawful basis and safeguards adopted by Worldcoin. Subsequently, the ODPC conducted a spot check in May 2023. It again raised concerns with the processing activities of the entity and subsequently wrote to the entity in May 2023, directing immediate cessation of processing of sensitive personal data, namely, irises, and facial data of data subjects. The office further directed that Worldcoin safely restricts the processing of any data that had already been processed, and advises the office of the safeguards placed on the restricted data. The next question is on whether or not the Government has established the ultimate objective of this exercise, and for what purpose the data was being collected. This is subject to ongoing investigations. The Government is currently undertaking investigations to establish the intended objectives of the exercise by Worldcoin. Based on the results of those investigations, we will remain ready and available to come back and report to the House in that regard. The next question seeks to ascertain whether or not prior public participation to inform the public of the risks involved in the exercise was undertaken. It is the responsibility of individually registered entities to undertake public sensitisation as opposed to that of the ODPC, subsequent to the registration. In this regard, we are not aware of any public participation carried out by Worldcoin. Consequently, the Government has issued statements cautioning the public on the operations of Worldcoin in this regard. The next question pertains to the source of the money that is being paid to participants who stand to benefit from the exercise by Worldcoin. Again, this is one of the components of the terms of reference of the multi-agency team that is currently investigating the source of the money. We believe that the objective will be determined through that exercise. The Member also sought comments from the Government on matters concerning cybersecurity attacks. In this regard, we state as follows. It is true that the eCitizen platform was temporarily affected by a threat that rendered it intermittently unavailable for three subsequent days. That service interruption was caused by a Distributed Denial of Services, commonly known as a DDOS attack, where the intended hackers sent a flood of service requests. That meant that there were higher than normal levels of requests through the IP address connections to the eCitizen servers with the intention of jamming the connection and making it non-responsive. The Government, through the Communications Authority of Kenya (CAK), coordinates the Kenya National Computer Incident Response Team, which is a multi-agency cybersecurity monitoring centre. This centre was instrumental in tracking the DDOS attack and providing relevant advisory support for purposes of intervention. There was an attempted attack but informed by the elaborate risk mitigation framework around the eCitizen platform that the Government has deployed and put in place, that attack was unsuccessful. Currently, we are glad to report that the eCitizen platform has now reverted to optimal capacity utilisation, and Kenyans are consuming services as before or as envisaged. The Government also has a standing multi-agency committee that proactively addresses cybersecurity threats and mitigates cyberattacks and risks. That committee entails membership from the Ministry of Information, Communications, and the Digital Economy, the Ministry of Interior and National Administration, the Konza Technopolis, the Kenya Airports Authority (KAA), the CAK, the ODPC, and the ICT Authority. What we are saying is that from the outset, in the course of rapid digitalisation, we were aware that we were likely to be exposed to cyber- attacks. Rather than waiting to be reactive, we put in place an elaborate risk mitigation framework in a proactive manner with a view to mitigating any risks that could occur. The electronic version of the Official Hansard Report is for information purposesonly. A certified version of this Report can be obtained from the Hansard Editor."
}