Kenyans can breathe a sigh of relief after the High Court quashed plans by the government to snoop on private telephone calls, read text messages and review mobile money transactions.
In a decision delivered yesterday, Justice John Mativo said the plan, which was to be rolled out in February last year, seeking to integrate Device Management System (DMS) of three leading mobile telephone companies and give the Communications Authority (CA) access to the information, is a breach of rights to privacy and consumer rights.
Consumer Federation of Kenya (Cofek) Secretary-General Stephen Mutoro welcomed the decision saying it is precedent-setting and asked the government to discard the plan and find a better way of dealing with counterfeit devices.
Mr Mutoro said the court has asserted the right to privacy, adding that the system is prone to abuse.
The move would have allowed the government to access information on the subscribers International Mobile Equipment Identity (IMEI), IMSI, among other systems.
Communications Authority, through its Director-General Francis Wangusi had argued that it was necessary to create an Equipment Identification Register (EIR) to detect all devices, isolate the illegal ones and deny them services.
He said CA would also have a chance of mopping-up illegal devices in the country.
In a January 31, 2017 letter, the government ordered Safaricom, Airtel and Orange-Telkom Kenya to allow Broadband Communications Services Ltd to tap into their computers.
Mr Wangusi explained that it was part of its efforts to deal with counterfeit devices and that CA had the mandate of monitoring compliance with the Kenya Information Communications Act (KICA).
He added that DMS is meant to stop proliferation of illegal devices.
Mr Wangusi further said the DMS can only access information on a mobile service provider network as part of the clean-up process.
The Government can listen in on a private conversation and access personal data but it can only do so for a good reason and after obtaining a warrant from the court.
Activist Okiya Omtatah, the Coalition for Reforms and Democracy (Cord) and Article 19- East Africa had moved to court to block the plan, saying it would amount to intruding into people’s privacy.
Mr Omtatah said the government had failed to justify the need for eavesdropping on private communication and that the claim of identifying counterfeit devices was a ploy to spy on calls, text messages and money transactions.
Safaricom, which has more than 26 million subscribers, said it was apprehensive of the system because Broadband Communications would have unfettered access to consumers’ call data records, local information, credit card and M-Pesa transactions.
Four bills, including the Cybercrimes Bill, Data Protection Act, and the Electronic Transactions Act are pending before Parliament and they are expected to provide a clear legal framework on how personal information such as identification, banking data and call records are stored, retrieved and disclosed to ensure that constitutional safeguards are enforced to protect the rights of individuals.
Through Mercy Ndegwa, the head of Regulatory and public policy corporate affairs division, Safaricom said CA had failed to address their concerns and its subscribers risked having their personal details, short message services, social media messaging and date exchanges being subjected to interference.
The company asked why CA was installing the system to nab counterfeits yet there were agencies such as the police, Anti-Counterfeit Agency and Kenya Bureau of Standards as well as Kenya Revenue Authority (KRA) that monitor standards.
KRA has made previous attempts to access M-Pesa transaction records to catch tax cheats, a move Safaricom opposed citing the need for proper legal backing.
Broadband communications said the hardware system had been delivered to CA and that suppliers were demanding payment.
It said the system will benefit Kenya’s economy by blocking use of illegal mobile devices, minimising theft of mobile phones, blocking use of counterfeit mobile devices, stopping sim-boxing and cutting revenue leakages from mobile operators.
According to the company’s project manager Chege Ng’ang’a, after installation, the system would be handed to CA, which will solely be responsible for it and its only job thereafter would be maintenance.
Mr Ng’ang’a said CA risked losing Sh188 million while Broadband was incurring a loss of Sh10 million as a consequence of halting the plans.
Justice Mativo said the regulation or policy guidelines introducing the DMS system were adopted in a manner inconsistent with the constitutional and statutory requirement.
“Privacy, dignity and reputation are facets of personality. Privacy includes at its core the preservation of personal intimacies, the sanctity of family life, marriage, procreation, the home and sexual orientation,” he said.