Eyeball harvesting put State data office in spotlight

Kenya was recently the centre of focus with two major occurrences that once again put the country’s preparedness to dangers that leverage cyberspace to compromise the integrity of data.

It took the intervention of media for the Interior Ministry to move in and suspend a project distributing WorldCoin cryptocurrency projects locally.

The State made the move so as to assess potential risks to public safety associated with WorldCoin’s operations triggering investigations into the intended use of collected data.

The discourse around WorldCoin, which is backed by a company called Tools for Humanity, is articulated in its white paper, which from my perspective means the company’s operations adhered to the nature of its offerings, and the aim was to distribute free cryptocurrency tokens valued at around Sh7,000 ($49.09) which is openly acknowledged.

Worldcoin managed to snap up an estimated 350,000 Kenyans before the government moved in.
In its whitepaper, the project aims to establish a “globally inclusive identity and financial network, owned by the majority of humanity.” This basically entails assigning a distinct digital identifier known as a World ID, to every human being, which is closely linked to a cryptocurrency called WLD, in short.

It also intends to facilitate the online authentication of human beings amid the proliferation of artificial intelligence (AI) bots. Alongside this, the initiative envisions to contribute to a universal basic income in a global economy marked by disruptions caused by AI.

Prior to its formal launch in Kenya, WorldCoin had encountered allegations of deceit, exploitation, and crypto-colonialism in regions such as Sudan, Indonesia, Ghana, Chile, and Norway. So, did the intelligence network and the data control office drop the ball?

The situation underscores the urgency in addressing our vulnerabilities as a nation. Regrettably, this situation coincided with Anonymous Sudan, a collective of hackers, claiming responsibility for a series of Distributed-Denial of Service attacks on critical online services within Kenya.

These cyberattacks targeted government websites, newspapers, and other platforms. According to Anonymous Sudan, hackers reportedly targeted eCitizen which hosts crucial services like driver’s license renewals and visa applications.

The attackers even claimed that launching the cyber offensive was relatively straightforward, urging Kenya to fortify cybersecurity defences.

In response, Kenya swiftly opened a regional office in Mombasa through the Office of the Data Protection Commissioner (ODPC), meant to enhance efforts in safeguarding data of Kenyans countrywide. The newly operational Mombasa office, alongside two additional regional offices in Kisumu and Nakuru, will definitely serve as a focal point for delivering data protection services in the coastal region.

However, they must also be positioned as centres for information, guidance, and support to businesses and individuals, thereby reinforcing efforts towards decentralised data privacy and protection.

The pivotal role of the office within Kenya’s data and digital transformation agenda necessitates preparedness and responsiveness to avoid being caught off guard, as witnessed in the two incidents.
The Data Protection Act of 2019 entrusts the ODPC with exclusive responsibility of overseeing the protection of personal data managed by both public and private data controllers and processors.

The crucial role of ODPC office, particularly in an era where more Kenyans rely on digital devices to access digital services and engage in socio-economic activities, cannot be gainsaid.

Given the challenges Kenya has faced, there is a need for the ODPC, Communications Authority, and law enforcement officers to quickly adopt a more proactive stance and widen their surveillance. The question is, what are the actual dividends from the scanned eyeballs?

— The writer is the Business Editor, People Daily