The article in the Daily Nation today raises significant issues around how Mobile Network Operators (MNOs) interact with the Government.
From the outset, it is critical to note that in the licensing of the operators, they are required to at all times to cooperate with security enforcement agencies by providing information. That is part of Service Level Agreement (SLA) signed between MNOs and the regulator, Communications Authority.
The protection they have is that they can only provide that information when it is ordered by a court of law.
When their permission is applied for, courts consider whether it is necessary and important for that information to be obtained. Judges and magistrates are often well aware that the information could be used to apprehend murderers, kidnappers, rapists, and similar perpetrators of the most heinous of crimes.
The question then becomes: Can the operators (MNOs) be blamed for misuse of information provided?
(a) Yes – If they give out sensitive/private information to unauthorized persons or without court orders.
(b) No. Because the provision of that information is a key condition for them to obtain a licence.
The article in the Daily Nation is more on the abuse rather than tracking and cell tower triangulation, data processing and the source.
The article also raises a number of questions on journalistic integrity and responsibility, which we have listed at the bottom of this article.
Background
Rapid advances in technology over the last two decades have made communication and commerce much easier and are powering the next industrial evolution.
Tracking and tracing perpetrators of heinous crimes, such as kidnappers, rapists and murderers, is an easy and reliable tool for law enforcement agencies.
Various technologies such as GPS, Wi-Fi signals, and cell tower triangulation are often deployed by authorities to access crucial location data from mobile phones.
Call Data Records (CDR) assist in determining a suspect’s movements and location.
Ordinarily, this innovation is pertinent in crime prevention and investigation efforts across the world. Law enforcement agencies track individuals through cellular data.
By obtaining CDR from Mobile Network Operators (MNOs) like Safaricom, security agencies analyze which cell towers a suspect’s phone is connected to at specific times.
In the process, the investigators can connect the dots and trace the path of the suspect used over a particular period.
With better internet speeds, this process can, with matching interceptors connected to MNO switches, provide realtime CDR data.
Such CDR data is used to aid police probe by correlating the location information with other evidence, such as witness testimonies, or CCTV footage. It is about linking the suspects to the crime scene or as an accessory in line with the Evidence Act, Cap 80.
That way, police can secure strong evidence to sustain convictions in court.
Geolocation services available on smartphones apps have revolutionized the way law enforcement agencies track individuals in real-time.
Many smartphones come equipped with geolocation features that, when enabled, allow authorized personnel to access a suspect’s precise location at any given moment.
Allegations around the use or abuse of the ability to track individuals via their phones are an obvious cause for alarm, especially when many individuals who have gone missing have died.
Privacy issues
The Constitution emphasizes the strict observance of privacy of communications, stating in Article 31 that every person’s right to privacy includes the right not to have information relating to their family or private affairs unnecessarily required or revealed; or the privacy of their communications infringed.
This constitutional article is best clarified under the Data Protection Act, 2021 which establishes the Office of the Data Protection Commissioner (ODPC) which binds all.
The rights to privacy as envisaged under Article 31 may however be limited under specific issues such as national security subject to Article 24 of the Constitution. Security (Amendment) Laws Act, Computer Misuse and Cyber Crimes Act comes into play.
All said and done, it is crucial for law enforcement agents to balance the need for public safety and crime prevention with the protection of individuals’ privacy.
Implementing clear guidelines and oversight mechanisms is essential to ensure that location tracking is conducted within legal boundaries and respects the rights of individuals.
The Issues
(a) Transparency of when and how geolocation data is accessed is paramount to maintaining public trust.
(b) Use of CDR and other data law enforcement agencies must be transparent about their use of geolocation services, ensuring that such capabilities are employed ethically and in accordance with the law.
(c) Balancing security imperatives with individual privacy rights remains a significant challenge for law enforcement and policymakers. Striking the right balance is essential to ensure that location tracking is conducted responsibly and in a manner that upholds both public safety and civil liberties.
It is our hope that Public Editor at DN, Mr Peter Mwaura can address the questions below, in the public interest
Call for clarification
- The DN article fails to disclose and explain who UK Declassified are – if the article is published elsewhere and if, for instance,Namir Shabibi and Claire Lauterbach were commissioned by NMG (given how the by-line reads “XXX and Nation)
- The DN article fails to confirm if MNOs have control over the data – once it leaves the MNO. This is to answer to the issue of “edits/irregularities”
- The DN story remains speculative with no tangible detail on “The findings raise concerns about possible usage of customers mobile phone records to aid rampant abductions and extrajudicial killings reported in the country …”
- The disclaimer at the end negates the entire story. Perhaps itought to have been either highlighted or come earlier – because the headline has indicted MNOs and Safaricom in particular
- The DN story failed to focus on the real issue – abuse of the CDR/privileged data by police. Blaming MNO yet say “globally, CDRs are used as evidence including in murder and enforced disappearances …”
- The story appears to accuse Safaricom inaccurately – “By contrast, when it comes to aiding the Kenyan government, Safaricom promptly turns over data on its subscribers CDRs …” MNOs have a duty to cooperate with the Government of Kenya as a condition to licensing.
- The authors failed to point out if all the CDR data produced by the MNO were unprocedural
This article has been published by COFEK after we received a lot of anxious calls from our members and the general public. We appreciate the various experts we spoke to in developing this article. We invite more comments from security experts: hotline@cofek.africa