In 2017, Safaricom, a major telecommunications service provider in Kenya, refused to install a proposed Device Management System (DMS) by the Government of Kenya, citing concerns over state surveillance and privacy infringement. The company argued that it was highly probable that third parties may have access to calls and sensitive text messages. The DMS was to be the second phase of efforts initiated in 2010 to address counterfeit devices, following the switch-off of such devices by Mobile Network Operators, this would lead to a cat and mouse chase in courts.
6 years later, on April 28, the Supreme Court permitted the Communications Authority of Kenya to implement the DMS program on mobile devices allowing the regulator to access the unique identification number for each mobile device active in Kenya so that it can deny services to counterfeit devices.
While the government argues that the system is necessary to monitor and identify illegal mobile devices, critics worry about the potential infringement on Kenyans’ right to privacy.
The Motivation Behind the Move
The Kenyan government’s motivation for installing DMS is primarily to curb illegal international calls originating from Kenya.
The government argues that some Kenyans have access to SIM boxes to terminate international traffic, resulting in revenue loss for the country. Additionally, the government aims to tackle the problem of counterfeit mobile devices, which reportedly cost the country’s economy millions of shillings in evaded taxes every year.
According to the CA, All mobile operators will connect to the DMS to ensure blacklisted devices cannot access services, a process initiated through a consultative approach.
DMS is a Threat to Privacy (GOVT Surveillance
Despite the government’s seemingly good intentions, the plan to install DMS has been met with significant resistance. Digital rights activists and telecommunications experts believe the program is “excessive” and threatens Kenyans’ right to privacy. They argue that the government needs to find less intrusive ways to tackle the problem of counterfeits.
One of the major concerns is that the DMS could potentially give third parties access to sensitive information, such as financial details. This could put personal data at risk.
The implementation of DMS can pose significant threats to privacy. The system can be used to track consumer behavior and collect information about customers. People provide information about themselves all the time through their internet behavior and transactions — and even some offline activity. Extracting that information is called data mining. Although data mining has its benefits, it also raises concerns about privacy and control.
In the wrong hands, data mining can be risky for consumers. Bad actors can sell the information they glean or can use the information to blackmail or threaten others. In some cases, data mining that seems innocuous can actually pose a privacy concern. Social media companies, for example, collect a lot of data about their users. The companies can mine that data to pull out critical details about the individuals who use the networks, then sell that information.
While the Kenyan government’s plan to install DMS on phones may be well-intentioned, it’s not known for its secure systems just recently facing massive cyber attacks from hackers that took Government services down for nearly a week. The significant concerns about the potential infringement on privacy rights and how unsafe that dat will be should not be disregarded.
The CA has refuted the claims, saying the DMS does not access subscriber personal information and is designed to solely verify the status of phone devices, enhancing security without compromising privacy.
It’s crucial for the government to strike a balance between protecting its interests and respecting the rights of its citizens. As the debate continues, one thing is clear: transparency, public participation, and respect for privacy rights should be at the forefront of any decisions made.