Presentation at the ongoing Information Security and Public Key Infrastructure Conference at the Safari Park Hotel centered on Mobile Security identified two main tools for regulating mobile security: the soft tools and the hard tools. The soft tools were defined as those tools that are implemented by the Mobile Service Provider to provide security measures to mobile users. These tools may include the need to have PINs, Passwords and Registered SIM cards in order to safely and securely carry out mobile phone related transactions.
Another soft tool by the Mobile Service Providers are the awareness created by all stakeholders to users about the available control features, and generally the awareness regarding con artists and their mutating con tactics.
The other tools available for mobile security implementation surround the legal framework collectively referred to as the hard tools. These legal frameworks are the specific National Laws, Regional and International Treaties and Administrative Limitations. The National Laws may define the type of transactions not allowed via mobile networks, the regional and international treaties may be those targeting to harmonize various National Laws on Cyber Security whereas Administrative Restrictions are those requiring implementation of regulations like SIM card registration.
Most challenges experienced on mobile security are those surrounding the hard tools namely:
Jurisdiction challenges – This is the question on whether a judicial tribunal or court of law has jurisprudence on particular cyber or mobile security cases. There have been cases on cyber crime that have been dismissed mainly due to the reasoning that the particular court handling the case has no jurisdiction to handle the case. This scenario arises especially when the case being heard has intent formed in a territory outside the court’s jurisdiction yet the execution was done within the borders of the court’s jurisdiction.
Areas of laws – Although several countries Kenya included have come up with laws governing technology in general and cyber crime in particular, it is a matter of fact that these laws always play catch up. Currently the laws are addressing issues that have already been experienced but the technology world is constantly changing at a very high rate. The time required to make changes to current laws may mean that by the time the changes are ready for implementation, the technology world has mutated to an entirely new level.
Confidentiality – The tools used for disseminating information in the cyber space are basically privately owned tools like Email addresses, Social Media Accounts. These privately owned accounts become an issue when some parties who do not require particular information to be in public, decide to contact all broadcast channels not to air that particular information via court orders, but incidentally come to the realization that the very information not supposed to be in the public domain has gone viral in emails and in social media. The legal framework find such incidences very hard to handle.
Information gathering and presentation – This is a question on who gathers electronic evidential information and thereafter presents the same in the court of law. Typically the investigative police officer is required to gather information from crime scene and from first hand witnesses, seek expert opinions from parties like medical doctors, and present the information to court. However when it comes to collection and presentation electronic evidence, the ISP or mobile operator ought to be the one presenting the evidence before court due to laws regarding heresy.