Kenya: Report says that Safaricom is a helpful hand in the breaches of incepting intelligence for the Security Organization!

The international Non-Government Organization Privacy International dropped another gem today with a report on the surveillance and on how the Kenyan Authorities get their ability to get intelligence and how they use the communications platforms to get knowledge. The worrying way is how the Safaricom and the Kenyan Authorities together spies on the population.

This report through different methods and also interviews, as much as people who have worked on the inside has told stories how the Security organization has used the giant Kenyan Telecommunication Company Safaricom. All should be done with court orders, still there are proof now of internal squabble inside Safaricom where there are even undercover agents inside the company. Take a look at key points of the report!

Court order to require Intelligence:

“In practice, if not in law, Kenya’s surveillance regime appears bifurcated. The NIS intercepts both communication content and acquires call data records without warrants to gather intelligence and prevent crime, and police agencies acquire communications data with warrants to prepare criminal cases. If it’s ‘just’ for intelligence, explained one police ATPU investigator, then warrants are not sought: “For the sake of investigations, the DCI [Directorate of Criminal Investigations officer] attached to Safaricom will just give [it to] you… When you take someone to court, you have to make it proper now.” Safaricom stated to PI that they “only provide information as required by courts…and upon receipt of relevant court orders.” (Privacy International, P: 16, 2017).

Internet Providers and NIS:

“One internet service provider recalled the difference between his experiences with the police and with the NIS: “A [police] agency comes to me, and they give me the Occurrence Book (OB) number of the case they are investigating…. The NIS has unfettered access to data.” The NIS simply contacted this operator for the data it required. “They will say ‘give us [data for] whenever X calls Y over this time period’, for example…In instances involving terrorism, no warrants are produced. We have to comply or there is the threat that our licenses [will] be revoked.” A Communications Authority of Kenya (CA) officer confirmed his account: “they’ll get their license revoked [if they do not comply]… If I were them, I’d comply too” (Privacy International, P: 17, 2017).

Safaricom CID Connection:

“The major telecommunications providers have at least one law enforcement liaison, a police officer of the Directorate of Criminal Investigations (CID) on secondment. This analysis focuses on Safaricom, by far Kenya’s most popular mobile service provider with over 60% of the market share. At Safaricom, around ten CID officers sit on one floor of the Safaricom central bloc. They provide information to all police branches” (Privacy International, P: 20, 2017).

“The reported presence of NIS officers undercover in Safaricom and possibly other telecommunication network operators presents serious concerns as to whether any civilian authority or mechanism would be able to effectively oversee the process of communications interception. “The way we know they are here is that they’ll be present, seconded from somewhere else, but then suddenly they’ll disappear,” explained one CA employee. “And then you hear your colleagues saying ‘didn’t you know, that guy was NIS?’ They keep very much to themselves. You’ll even find your boss some time suspecting you of being NIS.” According to sources, by building rapport with civilian officers, NIS are able to informally access communications data. “Of course [the NIS officer in Safaricom] will liaise with the Safaricom engineer… Once there is information that he needs, or that our office needs, he gets in, he talks to the engineer, he is given access,” explained a current NIS officer. “Because in Safaricom, every time you log into the database to check for a certain number, you have to put your code there. … It depends on the rapport he has with the engineers…. They trust him.” (Privacy International, P: 21, 2017).

The use of Safaricom and the surveillance shows the problematic relationship between the government and the private telecom company. That the State Security Agents are not using warrants getting intelligence and private intercepts online shows how little the value of the citizens are. When the government security agents can breach public space without court orders and when they have undercover agents inside the biggest telecom in Kenya, shows how they breach the public sphere to get access and intelligence from the inside. This is a worrying side. Peace.

Reference:

Privacy International – ‘Track, Capture, Kill: Inside Communications Surveillance and Counterterrorism in Kenya’ (15.03.2017)

Press Statement: Privacy International’s initial reaction to EU export control proposal (30.09.2016)

PI Research Officer Edin Omanovic said:

“The European Commission has proposed sweeping updates [PDF] to trade regulations in an effort to modernise the EU’s export control system and to ensure that the trade in surveillance technology does not facilitate human rights abuses or internal repression.

Privacy International welcomes the intentions of the proposed changes in terms of protecting human rights as it does all such moves. More than half of the world’s surveillance companies identified by Privacy International are based in the EU. Since 1979, when it was revealed that a UK company had provided the necessary wiretapping technology to the genocidal regime of Idi Amin in Uganda, there have been calls for safeguards over the trade in surveillance technology. Recently, Privacy International has reported the export of various surveillance technology used in human rights abuses in Uganda, Ethiopia, Egypt, Colombia, Morocco, Central Asia, Bangladesh,Macedonia, and Pakistan.

A previous version of the proposals was obtained and published last month by Euractiv. Privacy International at the time published an analysis of the leaked proposals as they related to surveillance technology, below. Since then, industry and national governments have been lobbying the Commission, which is in charge of formulating policy in the EU, to make changes. The eventual proposals only differ slightly however, with the main change being that the definition of “cyber-surveillance” technology has been narrowed. The actual annex which contains a detailed list of what technology has been subject to control has also been published. In addition to spyware used to infect devices, mobile phone interception tech, and mass internet monitoring centres, the Commission has proposed to add unilateral EU categories. Currently these are listed as telecommunications monitoring centres and lawful interception retention systems.

The proposals encapsulate the best and worst aspects of the European Union. Their stated intent reflects Europe’s commitment to fundamental rights, and — as a regulation — it will be binding on all member states, massively magnifying the effect of any legislation. However, they come five years after initial calls for reform made during the Arab Uprising, when it was revealed that the spying apparatuses of numerous authoritarian states largely relied on European surveillance technology. The policy making process has been marked by technical and bureaucratic complexities detached from individuals, making it vulnerable to the interests of industry, powerful national governments, and civil society.

Privacy International will be working to analyse the full implications of the proposal and to ensure that effective safeguards are eventually implemented, and encourages everyone to do so.”

Besigye Address to the Media after Release from Police Custody (Youtube – Interview!)