Consumers Federation of Kenya Secretary General Stephen Mutoro. [Photo: Govedi Asutsa/Standard]
If you own a mobile phone, you have a reason to worry.
This is after the Government asked mobile telephone service providers to allow it to plant gadgets on all networks in the country that have the ability to listen, read and track down the more than 30 million Kenyans who own mobile devices.
The Government, through the Communications Authority (CA), will start fixing the gadgets on the networks run by Safaricom, Airtel, and Telkom Kenya from next week.
The authority, which is the industry regulator, asked operators to allow its agents on their sites to install the links at their data centres or mobile switching rooms.
Insiders say the devices have the capability to gain access to all information transacted on your phone, including the times and dates of the communication, the exact location where one is placing the calls, as well as the duration of the calls.
They can also link to short messages, mobile money transactions such as M-Pesa, as well as points of sale and customer care services.
This is the latest push by the authorities to get access to private information after the controversial security (amendment) laws and is likely to arouse suspicion among Kenyans, especially as it comes just a few months before the August election.
The devices that insiders call “black boxes” will mirror or copy the data passing through them to another database sitting at the CA head office.
“The black box will have access to all information on our network. With the system, they will tell where you are, who you have called, and how long you will have stayed at a place. If you paid by mobile money, say M-Pesa, they can tell how much you were charged, and so on,” a source said.
This has triggered fears that the copying of data and personal information will flout privacy laws.
The Consumer Federation of Kenya (Cofek) said government agencies, among them the Kenya Revenue Authority (KRA) and the Kenya Bureau of Standards (Kebs), will also be allowed access to the information.
KQ cancels Sh2.3b McKinsey contract
Cofek is threatening to sue the operators and the communications regulator if they implement the system.
“This system will compromise consumer privacy and monitor calls and text messages while exposing consumers to higher billing and occasion poor quality services,” Cofek Secretary General Stephen Mutoro said.
He added that if the authority has its way, it will open up private data to the staff of many agencies, including the Anti-Counterfeit Agency, Kebs, KRA, the Kenya Industrial Property Institute, and National Police Service.
“Should operators give in to the pressure, they should be ready for an avalanche of class action suits for compensation arising from leakage of private data,” Mr Mutoro added.
Operators had earlier rejected a plan to hand over M-Pesa records to the taxman.
“KRA will now have this information through the backdoor instead of the government following the correct path of legislation through Parliament,” an insider who has sat in some of the meetings with the authority said.
The authority has written to the operators to be allowed to attach the gadgets on their networks.
“We have now commenced the Device Management System (DMS) project installation and integration. As you are aware, DMS shall integrate to your core network systems,” a letter from the authority to one of the operators reads. The letter seen by The Standard is dated February 6, 2017.
According to the letter, the authority wants the mobile operator to allow Broadband Communications, the company contracted to fix the gadgets, to start working from February 21.
The fact that the contractor is a private company has also raised another concern over privacy of consumer data.
But CA says consumers have nothing to worry about as the new system will only be used to switch off counterfeit phones on the networks.
You might also like: Our officers don’t hide in bushes anymore – NTSA boss
“The system aims at preventing access to mobile services by illegal communication devices. The system does not access subscriber personal information details and, therefore, cannot access personal data,” Rachel Alwala, the authority’s spokesperson, said in an email.
The authority said the project is expected to identify all mobile devices in use in Kenya using a combination of serial numbers called International Mobile Equipment Identity, Mobile Network Identification Code also called International Mobile Station Identity, and Subscriber Number, also called Mobile Station International Directory Number.
CA further explained that the identification will be done for the purpose of pinpointing counterfeit, substandard, and simbox devices, stolen phones, and models that have not been approved to work in Kenya.
Ms Alwala said the system would isolate and deny services to such devices as they have the potential of being used by those with criminal intent to compromise security.
“Such devices potentially compromise quality of service, the health of users, and the environment. All mobile operators will be required to connect to the DMS and ensure that blacklisted devices do not have access to mobile services,” she added.
Players in the industry who understand how the system works say it will be able to monitor all the billing information and call records from the operators.
Mobile operators are fighting the system, fearing that it could open them up to litigation should the private information of their consumers leak through a third party.
Safaricom, which has the biggest number of subscribers in the country, confirmed yesterday that it had received the letter from the authority.
“We are aware that industry players have met and are strategising on how to deal with the request,” Safaricom Corporate Affairs Director Steve Chege said.
Mr Chege had earlier told members of the Kenya ICT Action Network that one of the objectives of the monitoring system was to get access to customer information.
KRA acquires system to curb tax evasion