Kenya’s security and counter-terrorism agencies are pressuring mobile operators to gain access to customer data, then using that information to commit gross human rights abuses, according to a new report by UK-based human rights watchdog Privacy International
Intelligence agencies using the pretext of counter-terrorism are reportedly placing enforcement agents within telco operators’ facilities, circumventing the law or any protocol to access the information, giving government authorities the ability “to spy on, profile, locate, track – and ultimately arrest, torture, kill or disappear suspects”, according to the report, which is based on testimonies by intelligence and military officials, operators and regulators.
The report, asserts that telco operators regularly hand over customer data to both intelligence and law enforcement agencies, despite constitutional rights to privacy.
“Telecom operators end up handing over their customers’ data because they largely feel that they cannot decline agencies’ requests, in part due to the vagueness of the law and industry regulations. Several operators spoke of the threat - either direct or implicit - that their licenses would be revoked if they failed to comply,” the report states.
It also says law enforcement officers and National Intelligence Services agents are physically present in facilities owned by telcos, including Safaricom, which has a 60% share of the Kenya mobile market, and is 40% owned by Vodafone.
The report reprints an email from Bob Collymore, chief executive at Safaricom, denying the allegations. Collymore says while the company works closely with law enforcement officers “to safeguard the integrity of M-Pesa [its mobile money platform] transactions and to provide information required by courts in the administration of justice …. Safaricom “ha[s] no relationship with NIS as relates to communication surveillance in Kenya; and we do not have any officers or other representatives of the NIS who are employed, formally or informally, at Safaricom.” Collymore said the firm only provides information as required by courts and upon receipt of relevant court orders. “Only authorised Safaricom staff have access to systems and tools that can access confidential customer information and this access is controlled and monitored,” the email says.
This is part of our big data and human rights briefing. See also:
Protecting privacy in the digital age
Refusing to dance with dictators
Big data shines light on supply chains
Barclays executive banks on blockchain
Human rights Safaricom ICT Vodafone