Informer
JF-Expert Member
- Jul 29, 2006
- 1,599
- 6,669
Serikali, kupitia Mamlaka ya Mawasiliano ya Kenya imeamuru kampuni za simu kuwaunganisha kwenye mitambo yao (computers).
Kawaida ni kuwa Serikali inaweza kusikiliza mazungumzo ya faragha na kupata taarifa binafsi lakini kisheria wanatakiwa kuwa na sababu maalum na kupata warrant kutoka kwa jaji.
Katika barua iliyovuja kutoka kwa kampuni za simu, imeonesha kuwa Serikali inataka kupata access kwa maongezi, ujumbe na hata miamala ya kifedha. Hii imetafsiriwa kama hatua ya kutaka kuwadukua wananchi hasa kipindi hiki cha kuelekea uchaguzi.
UPDATES:
Mamlaka ya Mawasiliano ya Kenya imezikemea kampuni za simu za mkononi kwa kuvujisha barua kuhusu serikali kutaka kufanya kinachodaiwa kuwa ni udukuzi kwa wananchi wake.
Katika barua iliyovujishwa kwa wanahabari, Mamlaka iliamuru kampuni za simu za Safaricom, Airtel na Orange Telecom kuwaruhusu kuingia kwenye kompyuta zao wakitumia kifaa maalum.
Kifaa hicho maarufu kama 'black box' kinasemekana kuwa kinanakili data na kuzituma kwenda kwenye kanzidata iliyopo kwenye Ofisi kuu za Mamlaka.
Mkurugenzi wa CA, Francis Wagusi amesema kuwa hawajafurahishwa na kampuni hizo kuvujisha barua hiyo na kusema kuwa kama hawataki wangewaambia wao badala ya kupotosha umma na kusema kuwa wanataka kudukua taarifa nyeti za wananchi.
=======
In Summary
- The government, through the Communications Authority of Kenya, has ordered mobile phone companies to allow it to tap their computers.
- Usually, governments can listen to private conversations and access personal data, but by law they need to have a good reason and get a warrant from a judge.
From Tuesday, the government wants to be allowed to listen to your calls, read your text messages and review your mobile money transactions.
The government, through the Communications Authority of Kenya, has ordered mobile phone companies to allow it to tap their computers.
The tapping into these computers will be done by a company contracted by the agency.
Though the reason given for the tapping is tracking counterfeit devices, the minute it starts, 40 million Kenyans will lose their privacy.
GAIN ACCESS
Usually, governments can listen to private conversations and access personal data, but by law they need to have a good reason and get a warrant from a judge.
Additionally, Kenya has no data protection law, so people who gain access to others’ personal information can abuse it.
The authority has already written to mobile phone service providers setting up dates for the plugging of the snooping device, with some as close as Tuesday next week.
It will involve the third party company getting hooked up to all routers at Safaricom, Airtel and Orange Telkom, effectively opening up private communication data to an entity other than those licensed to hold them and the government.
LETTER TO OPERATORS
The Nation has obtained a copy of a letter addressed to one of the operators, asking it to authorise the third party to install the link that would open up SMS, call and mobile money transfer data to the third party as the plan takes shape quietly.
“Kindly facilitate our principal contractor, M/S Broadband Communications Networks Ltd, to access your site and install the link at the data-centre or the mobile switching room.
"The link should terminate close to the core network elements that shall integrate to the DMS solution.
"The DMS block diagram and integration requirements for this setup was shared with your technical team on January 17, 2017,” read the letter signed by the authority’s director, licensing, compliance and standards Christopher Kemei on behalf of the director-general.
UNCLEAR ROLES
Broadband Communications Services Ltd was awarded the Sh207.2 million tender to design, supply, deliver, install, test, commission and maintain the device in September 2016.
Before the hook-up, the authority and the contractor were to survey all the operators’ sites and a January 31 letter announced the intended visit.
But in a strange twist, the regulator later converted the survey into the actual installation, heightening suspicion.
Of bigger concern to the operators is that the company contracted by the authority, which does not legally bear the responsibility to protect customer confidentiality, will get a direct access to call data before transmitting it to the regulator, splitting responsibility between three parties and leaving users exposed to intrusion of privacy.
FAKE DEVICES
A source privy to the system said the need to tell fake devices from genuine ones will only need a control on the unique 15 digit code called International Mobile Equipment Identity or IMEI.
The number, usually found behind phone batteries, is given to every handset and whenever it is connected to a network, the number can be accessed in a database Equipment Identity Register.
“When your phone is reported stolen or is not type approved, this number is marked invalid and that is exactly what the regulator would need to do in dealing with fake phones.
"What is going to happen is an invasion into privacy of Kenyans who do not know what is going on,” said the source.
Although the regulator has listed the Anti-Counterfeit Agency, Kenya Bureau of Standards, Kenya Revenue Authority and the National Police Service as key players in the snooping, it is not clear what their roles would be.
KRA has made previous attempts to access M-Pesa transaction records to catch tax cheats, a move Safaricom, which has 26.6 million customers, resisted, citing the need for proper legal backing.
AGENCIES HACKED
Efforts to get a response from the CA over the plan that may compromise data privacy were futile.
An email, SMS and calls to Director-General Francis Wangusi were not answered.
The telcos are said to be plotting joint resistance to the plan, with several meetings having been held in a bid to come up with a common voice to protect customer data.
Safaricom will see its 26.6 million customers lose privacy.
Airtel Network Ltd has 6.7 million subscriptions, Telkom Kenya Ltd, 2.9 million while Finserve Africa Ltd and Sema Mobile Services Ltd subscriptions stand at 2.2 million subscribers, according to the latest statistics.
Private communication data sitting with the regulator would probably be unsafe from outside parties.
The Communications Authority, whose website was hacked in January alongside that of the National Environment Management Authority, also leaves the public exposed to such breaches in a country where cybercrime is on the rise.
A hackers group calling itself AnonPlus defaced the CA homepage by posting a manifesto promising to “defend freedom of information, freedom of the people and emancipation of the latter from the oppression of media”.
Consumer Federation of Kenya Secretary-General Stephen Mutoro said the move is against the Constitution and will expose the telcos to lawsuits for breach of confidentiality.
========
The Communications Authority of Kenya has scolded mobile phone companies for leaking a letter on it allegedly spying on Kenyans.
In the letter leaked to the media, CA ordered mobile phone companies Safaricom, Airtel and Orange Telecom Kenya to allow them tap into their computers with a device.
The device that insiders call "black boxes" is said to be copying the data passing through them to another database on the CA head office.
With this, it is believed the government will gain access to the texts and mobile phones transactions of individuals.
But CA director general Francis Wagusi denied the claims and lashed out at mobile operators for misleading the public.
"If they were not happy they could have come to us instead of leaking the letter. We consulted them," an agitated Wangusi told the media on Friday.
Wangusi said they have been into consultations with the mobile operators and the stakeholders since last year and nobody complained of the same.
"To tell us that we are installing this device for accessing confidential data, is a total white lie. We at CA are very disturbed by this. Releasing this information is intended to mislead the public," he said.
"They would have come to us. They were aware and they were part of the team who required solutions on this."
He said the mobile operators were fighting the authority since they were trying to prevent it from finding some of the illegal trades they carry out.
"We have received reports of mini telephones mobile operators have. We have illegal sim boxes and the operators are jittery that when we put this device, it will switch off the illegal sim boxes," he said.
Wangusi said contrary to the reports, Device Management System manages entry of illegal devices and prevents illegal access of information.
"We are protecting you. The DMS facilitates denial of services that are counterfeits and stolen phones. It black lists stolen phones from entering the country," he said.
He said the authority does not have the time to listen to all the over 3 million talk minutes from over 35 million Kenyans.
"Who will have time to listen and read all the text messages? We are the best protectors and nobody can protect you like the CA," he said.
Wangusi maintained that all mobile operators will be required to connect to the DMS.
CA chair Gituku Ngene said he was shocked by the news and reiterated that they cannot access confidential data with the device in place.
"Who has the time to start listening to each person? CA is totally independent and we cannot be used by the government," he said.
Ngene said the media must avoid being used by politicians ahead of August 8 polls.
"Get clear facts before you jump into headlines ... it cause a lot of fears to the public," he added.
Earlier in the day, Kenya Human Rights Commission asked citizens to participate in a campaign against the government for infringing on Kenyans' privacy by tapping phones.
The rights group in a statement said it will start the chat through Twitter using the hashtag [HASHTAG]#MobilePrivacyIsMyRight[/HASHTAG] from 12 noon.
In a letter to the mobile operator CA asked to be allowed to install the device.
"Kindly facilitate our principal contractor Broadband Communications Networks Limited to access your site and install the link at the data center or the mobile switching room," the letter read.
Kawaida ni kuwa Serikali inaweza kusikiliza mazungumzo ya faragha na kupata taarifa binafsi lakini kisheria wanatakiwa kuwa na sababu maalum na kupata warrant kutoka kwa jaji.
Katika barua iliyovuja kutoka kwa kampuni za simu, imeonesha kuwa Serikali inataka kupata access kwa maongezi, ujumbe na hata miamala ya kifedha. Hii imetafsiriwa kama hatua ya kutaka kuwadukua wananchi hasa kipindi hiki cha kuelekea uchaguzi.
UPDATES:
Mamlaka ya Mawasiliano ya Kenya imezikemea kampuni za simu za mkononi kwa kuvujisha barua kuhusu serikali kutaka kufanya kinachodaiwa kuwa ni udukuzi kwa wananchi wake.
Katika barua iliyovujishwa kwa wanahabari, Mamlaka iliamuru kampuni za simu za Safaricom, Airtel na Orange Telecom kuwaruhusu kuingia kwenye kompyuta zao wakitumia kifaa maalum.
Kifaa hicho maarufu kama 'black box' kinasemekana kuwa kinanakili data na kuzituma kwenda kwenye kanzidata iliyopo kwenye Ofisi kuu za Mamlaka.
Mkurugenzi wa CA, Francis Wagusi amesema kuwa hawajafurahishwa na kampuni hizo kuvujisha barua hiyo na kusema kuwa kama hawataki wangewaambia wao badala ya kupotosha umma na kusema kuwa wanataka kudukua taarifa nyeti za wananchi.
=======
In Summary
- The government, through the Communications Authority of Kenya, has ordered mobile phone companies to allow it to tap their computers.
- Usually, governments can listen to private conversations and access personal data, but by law they need to have a good reason and get a warrant from a judge.
From Tuesday, the government wants to be allowed to listen to your calls, read your text messages and review your mobile money transactions.
The government, through the Communications Authority of Kenya, has ordered mobile phone companies to allow it to tap their computers.
The tapping into these computers will be done by a company contracted by the agency.
Though the reason given for the tapping is tracking counterfeit devices, the minute it starts, 40 million Kenyans will lose their privacy.
GAIN ACCESS
Usually, governments can listen to private conversations and access personal data, but by law they need to have a good reason and get a warrant from a judge.
Additionally, Kenya has no data protection law, so people who gain access to others’ personal information can abuse it.
The authority has already written to mobile phone service providers setting up dates for the plugging of the snooping device, with some as close as Tuesday next week.
It will involve the third party company getting hooked up to all routers at Safaricom, Airtel and Orange Telkom, effectively opening up private communication data to an entity other than those licensed to hold them and the government.
LETTER TO OPERATORS
The Nation has obtained a copy of a letter addressed to one of the operators, asking it to authorise the third party to install the link that would open up SMS, call and mobile money transfer data to the third party as the plan takes shape quietly.
“Kindly facilitate our principal contractor, M/S Broadband Communications Networks Ltd, to access your site and install the link at the data-centre or the mobile switching room.
"The link should terminate close to the core network elements that shall integrate to the DMS solution.
"The DMS block diagram and integration requirements for this setup was shared with your technical team on January 17, 2017,” read the letter signed by the authority’s director, licensing, compliance and standards Christopher Kemei on behalf of the director-general.
UNCLEAR ROLES
Broadband Communications Services Ltd was awarded the Sh207.2 million tender to design, supply, deliver, install, test, commission and maintain the device in September 2016.
Before the hook-up, the authority and the contractor were to survey all the operators’ sites and a January 31 letter announced the intended visit.
But in a strange twist, the regulator later converted the survey into the actual installation, heightening suspicion.
Of bigger concern to the operators is that the company contracted by the authority, which does not legally bear the responsibility to protect customer confidentiality, will get a direct access to call data before transmitting it to the regulator, splitting responsibility between three parties and leaving users exposed to intrusion of privacy.
FAKE DEVICES
A source privy to the system said the need to tell fake devices from genuine ones will only need a control on the unique 15 digit code called International Mobile Equipment Identity or IMEI.
The number, usually found behind phone batteries, is given to every handset and whenever it is connected to a network, the number can be accessed in a database Equipment Identity Register.
“When your phone is reported stolen or is not type approved, this number is marked invalid and that is exactly what the regulator would need to do in dealing with fake phones.
"What is going to happen is an invasion into privacy of Kenyans who do not know what is going on,” said the source.
Although the regulator has listed the Anti-Counterfeit Agency, Kenya Bureau of Standards, Kenya Revenue Authority and the National Police Service as key players in the snooping, it is not clear what their roles would be.
KRA has made previous attempts to access M-Pesa transaction records to catch tax cheats, a move Safaricom, which has 26.6 million customers, resisted, citing the need for proper legal backing.
AGENCIES HACKED
Efforts to get a response from the CA over the plan that may compromise data privacy were futile.
An email, SMS and calls to Director-General Francis Wangusi were not answered.
The telcos are said to be plotting joint resistance to the plan, with several meetings having been held in a bid to come up with a common voice to protect customer data.
Safaricom will see its 26.6 million customers lose privacy.
Airtel Network Ltd has 6.7 million subscriptions, Telkom Kenya Ltd, 2.9 million while Finserve Africa Ltd and Sema Mobile Services Ltd subscriptions stand at 2.2 million subscribers, according to the latest statistics.
Private communication data sitting with the regulator would probably be unsafe from outside parties.
The Communications Authority, whose website was hacked in January alongside that of the National Environment Management Authority, also leaves the public exposed to such breaches in a country where cybercrime is on the rise.
A hackers group calling itself AnonPlus defaced the CA homepage by posting a manifesto promising to “defend freedom of information, freedom of the people and emancipation of the latter from the oppression of media”.
Consumer Federation of Kenya Secretary-General Stephen Mutoro said the move is against the Constitution and will expose the telcos to lawsuits for breach of confidentiality.
========
The Communications Authority of Kenya has scolded mobile phone companies for leaking a letter on it allegedly spying on Kenyans.
In the letter leaked to the media, CA ordered mobile phone companies Safaricom, Airtel and Orange Telecom Kenya to allow them tap into their computers with a device.
The device that insiders call "black boxes" is said to be copying the data passing through them to another database on the CA head office.
With this, it is believed the government will gain access to the texts and mobile phones transactions of individuals.
But CA director general Francis Wagusi denied the claims and lashed out at mobile operators for misleading the public.
"If they were not happy they could have come to us instead of leaking the letter. We consulted them," an agitated Wangusi told the media on Friday.
Wangusi said they have been into consultations with the mobile operators and the stakeholders since last year and nobody complained of the same.
"To tell us that we are installing this device for accessing confidential data, is a total white lie. We at CA are very disturbed by this. Releasing this information is intended to mislead the public," he said.
"They would have come to us. They were aware and they were part of the team who required solutions on this."
He said the mobile operators were fighting the authority since they were trying to prevent it from finding some of the illegal trades they carry out.
"We have received reports of mini telephones mobile operators have. We have illegal sim boxes and the operators are jittery that when we put this device, it will switch off the illegal sim boxes," he said.
Wangusi said contrary to the reports, Device Management System manages entry of illegal devices and prevents illegal access of information.
"We are protecting you. The DMS facilitates denial of services that are counterfeits and stolen phones. It black lists stolen phones from entering the country," he said.
He said the authority does not have the time to listen to all the over 3 million talk minutes from over 35 million Kenyans.
"Who will have time to listen and read all the text messages? We are the best protectors and nobody can protect you like the CA," he said.
Wangusi maintained that all mobile operators will be required to connect to the DMS.
CA chair Gituku Ngene said he was shocked by the news and reiterated that they cannot access confidential data with the device in place.
"Who has the time to start listening to each person? CA is totally independent and we cannot be used by the government," he said.
Ngene said the media must avoid being used by politicians ahead of August 8 polls.
"Get clear facts before you jump into headlines ... it cause a lot of fears to the public," he added.
Earlier in the day, Kenya Human Rights Commission asked citizens to participate in a campaign against the government for infringing on Kenyans' privacy by tapping phones.
The rights group in a statement said it will start the chat through Twitter using the hashtag [HASHTAG]#MobilePrivacyIsMyRight[/HASHTAG] from 12 noon.
In a letter to the mobile operator CA asked to be allowed to install the device.
"Kindly facilitate our principal contractor Broadband Communications Networks Limited to access your site and install the link at the data center or the mobile switching room," the letter read.
