The Communications Authority of Kenya has denied claims it is facilitating government snooping on consumer devices and mobile communications.
Recent local media reports speculated that surveillance and observation systems are being implemented to give the government access to user phone records and call, SMS and mobile money information.
Claims from local media suggested that 40 million Kenyans will immediately lose their privacy, and any rights to it thereafter. These claims have been further exacerbated by the absence of consumer-specific data protection laws, which suggest zero government accountability to securely store the information it gains from subscriber devices.
According to the Daily Nation, operators were being instructed by the Communications Authority to allow site, network and data center access to a third-party contractor.
Responding to a request for comment, the Authority sent Connecting Africa a document prepared in response to the media speculation. In that document the Authority details its methodology behind the move and denied any suggestion that the system being implemented by mobile operators will be used to extract subscriber data.
Instead, the Authority says the technology being integrated into Kenyan networks is the latest in a series of long-running device management system (DMS) deployments that seek to identify counterfeit devices connected to the country's networks. This is part of an attempt to protect against lost revenue for operators, avoid tax evasion and prevent the use of SIM boxes that the Authority says are "used by unscrupulous people to illegally divert and terminate telecommunications traffic … and not only poses a security threat but also loss of revenue."
A letter signed by the Authority's director general, Francis W. Wangusi, makes several significant claims to dispute recent media reports:
- "The DMS has capability to isolate and deny services to the illegal devices as they have the potential of being used by those with criminal intent to compromise security."
- "It is important to note here that the system is deployed in a manner that facilitates mobile network operators to make reference to the database of all genuine devices (a whitelist) to solely verify the status of the phone device before providing service to the user. This is contrary to reports that the system will be extracting subscriber data for use by third parties."
- "All mobile operators will be required to connect to the DMS and ensure that blacklisted devices do not access mobile services. This process was initiated with the understanding of the operators through a consultative process from the conceptualization stage."
- "The system does not access subscriber personal information details, and therefore cannot access personal data as claimed in a section of the social and local media."
The key messaging coming from the Authority is that recent media speculation is wide of the mark. It claims its intentions are pure, and are purely in the best interest of the Kenyan public.
"As I conclude, I wish to assure the Kenyan public that the Authority remains committed to effective regulation of the sector and protection of public interest in order to maintain confidence in the use of ICT services in the country," concluded Wangusi.
— Tim Skinner, Editor, Connecting Africa