As per the Constitution, Chapter Four, part two on the Bill of Rights, every person has the right to privacy, which includes the right not to have the privacy of their communications infringed.
As constitutional declarations go, this is straightforward and unambiguous. No one, however, appears to have told the Government that this right exists in the Supreme Law of the Land. The Government has directed the Communications Authority of Kenya (CA) – the telecommunications industry regulator – to begin installing communication interception devices on telecom operators’ networks.
A local company, Broadband Communications, has been given the go-ahead to supply, implement and operationalise these devices onto Kenyan telecom operators’ networks. The firm is working with a Lebanese company – Invigo Off-Shore Sal of Berytech Technology Centre, Beirut, Lebanon.
The telecom operators have received letters from the CA ordering them to allow the installation. The devices to be installed are called “Device Management Systems” (DMS), and will have extensive spying functionalities. These were laid out in the tender documents put out by the CA in April 2016. A look at each of these functionalities amid the prevailing political and security environment makes for worrying reading.
The CA required that the DMS must have the ability to identify all active devices on mobile networks, associate them with a particular user, and block these devices from accessing any mobile network in Kenya. This blocking will be carried out by restricting mobile network and internet access to devices that are on a government-controlled “white list”.
Any device that is not found on that electronic white list will automatically be denied service. Devices can be identified quite easily using a combination of the IMEI (International Mobile Equipment Identity) number and the TAC (Type Allocation Code) number of a given mobile device.
Susceptible to duplication
It is also possible to identify individual subscribers using a unique code called the International Mobile Subscriber Identity (IMSI). This is a highly sensitive code, because it carries the very real risk that third parties might use it to eavesdrop on communications.
The DMS will use a triple data set code made up of IMEI+Mobile number+IMSI to track a given user. Since mobile phone SIM cards must be registered before they can be used, this mechanism allows the CA and the Government to track not just the phone handset and the SIM card, but also the person using that combination – in real time.
The DMS also has the ability to make copies of all information in a mobile device at any given time. All information received, processed and sent by a mobile communications device will be susceptible to duplication by the Government and its agencies. This, without a court order, is obviously in contravention of constitutional provisions.
The CA has not indicated in what circumstances this extreme measure will be resorted to, but again this is Kenya and not Norway. It should therefore be quite clear that the Government and its agencies will use this tool more or less as and when they see fit.
We go to the polls this year. Kenya rarely has the sort of quiet, boring elections typical of other countries in the region. Even more important, the current government is up for re-election against what seems, for now at least, destined to be a united opposition.
That has grave implications for freedom of expression in the country, as well as for privacy of communications. In January this year, CA Director-General Francis Wangusi declared that should the CA spot any ‘unauthorised use’ of the country’s internet facilities during the general elections, the CA would shut down the internet in Kenya.
However, shutting down the internet alone is not enough to stop people organising themselves using mobile phones. As the Arab Spring showed, particularly in Tunisia and Egypt, crowds can be organised very successfully using SMS messaging and ordinary phone calls.
This is why the DMS will also include functionality that allows it to copy all the contents of a mobile communication device. That way, the Government can identify who is sending what messages to whom – and where they are. The implications are chilling.
The DMS will also have the ability to intercept and make copies of the communications of foreign phones that roam onto Kenyan mobile networks, and will allow the CA to totally block them from accessing any mobile network in Kenya.
One last option is available: the use of SIM boxes. These are software and hardware kits that allow foreign calls coming into the country to appear as if they were coming from a local phone, thus denying the Government the ability to identify the caller.
Alas, the DMS will have the ability to block and trace SIM boxes too, allowing the Government to shut them down permanently. Kenyans will thus not be able to send or receive SMS or make or receive calls with any sort of privacy. The Government will always be listening in.
—The writer is an information systems professional based in New Zealand