Facebook deepens consumer data mining in Kenya with ‘firmware’

Tuesday April 10 2018

Uche Ofodile, regional head Africa, Express WiFi by Facebook. FILE PHOTO | NMG

Uche Ofodile, regional head Africa, Express WiFi by Facebook. FILE PHOTO | NMG 

By OCHIENG' RAPURO
More by this Author
By JENNY LUESBY
More by this Author

Global social networking giant Facebook, which is facing a storm of international protest over its data mining and consumer data protection, is collecting additional citizen data beyond its users through the Wi-Fi Express programme it launched last year in Kenya, Tanzania, Nigeria, India, and Indonesia, the Business Daily has learned.

It has emerged that the company, which has in recent weeks suffered a mass user withdrawal following exposés that it has been acting as a gateway to those who want to collect data on millions of users, such as data firm Cambridge Analytica, may be mining even deeper into consumer data in the developing world where laws are weak or non-existent and regulators are lacking the knowledge and technology to monitor its activities.

With eyes now focused on the scale of Facebook’s data gathering and data selling through its own platform, the company’s Express Internet service, which has been rolled out in thousands of hotspots, including more than 1,000 in Kenya, is thought to have deepened the company’s data gathering capacity with unknown consequences to consumers.

Facebook Express falls within the suite of services that Facebook launched under the Internet.org initiative – starting with Facebook Basics, a service that gives free access to Facebook and some extras, such as weather forecasts.

Facebook Basics was later banned in India as a Facebook-selected microcosm of the Internet that raised the spectre of up to half the country’s population sitting solely within a commercially controlled Internet space.    

By end of last year, Facebook had rolled out a new service again, initially solely in Kenya and Nigeria, but subsequently in India, Tanzania and Indonesia, called Facebook Express.

The new service is a standard paid-for Wi-Fi service, launched as a ‘feel-good’ peoples’ Internet.

It is not the cheapest in Kenya, but is at the cheaper end of the country’s fiercely competitive data market, offering, for instance, 3GB of monthly data for Sh500.

In launching Wi-Fi Express, Facebook did not want to get into the ISP business itself, and instead offered to supply ISP partners the equipment for their Wi-Fi access points.
Each access point costs around $250 (Sh25,000) and around another $200 (Sh20,000) to install.

In return for these free access points, the local ISPs permanently branded their Wi-Fi as ‘powered by Facebook.’

But it is the software in the access points that has raised eyebrows among many in the ISP community.

Nearly all of the world’s Wi-Fi access points are sourced from one of two market leaders: Microtiq and Ubiquiti, and come with an operating system, called firmware.

When Facebook set out to source the equipment for thousands of access points, it made a purchase from Ubiquiti on condition that it would be allowed to insert its own software, or, as one industry insider described it, ‘little black box’, into each access point.

Facebook did not divulge the nature or purpose of the insertion, and Ubiquiti refused to insert it. Facebook then went to the lesser known supplier Cambrian, which agreed to insert the black box into the access points.

The potential loss of sales then forced Ubiquiti to follow suit and agree to the insertion.

Thus, the Wi-Fi Express access points — paid for, but not operated by Facebook — have now been rolled out to thousands of hotspots, at bus stations, markets, and meeting areas.Ordinarily, ISPs must always have the capacity to extract data from any Internet access point on a court order.

For this reason, the standard firmware enables website blocking and access to user browsing records and to substantial user data.

In Kenya, many, but not all, ISPs supply this user data to the authorities on request, although some refuse to pass on users’ data unless served by a court order.

Facebook normally only receives all the data entered by Facebook members via Facebook, which accounts for around 20 per cent of most ISP’s data. Thus, the additional purpose of Facebook’s black boxes in the access points it has provided is being viewed by some as deeply worrying.