DN Today: Govt Spying

[ATTACH=full]84022[/ATTACH]
Hasn’t this been happening already?

2 Likes

Its already happening I always conduct my business on the phone knowing there must be a third party eavesdropping somewhere.

5 Likes

I thought they had to request for data from providers in case they needed it. Suddenly that’s not enough any more? Contracting a firm to collect data on their behalf… that’s a bit chilling.

1 Like

watu wa kusex talk tuko sawa…tutafanya worker wa io third party company wambao kaa saitan

15 Likes

This is really really bad! It is also not helping the way these reporters are telling the story! It sounds very scary to me. I always knew that they can spy on us whether we are aware or not. America spied even on as mightier souls as the fabled Angela Merkel! But they did it discreetly. I think I would be okay if they spied on me without letting me know it!

3 Likes

By EDWIN OKOTH
More by this Author
From Tuesday, the government wants to be allowed to listen to your calls, read your texts and review your mobile money transactions.
The government, through the Communications Authority of Kenya, has ordered mobile phone companies to allow it to tap their computers.
The tapping into these computers will be done by a company contracted by the agency.
Though the reason given for the tapping is tracking counterfeit devices, the minute it starts, 40 million Kenyans will lose their privacy.
GAIN ACCESS
Usually, governments can listen to private conversations and access personal data, but by law they need to have a good reason and get a warrant from a judge.
Additionally, Kenya has no data protection law, so people who gain access to others’ personal information can abuse it.
The authority has already written to mobile phone service providers setting up dates for the plugging of the snooping device, with some as close as Tuesday next week.
It will involve the third party company getting hooked up to all routers at Safaricom, Airtel and Orange Telkom, effectively opening up private communication data to an entity other than those licensed to hold them and the government.
LETTER TO OPERATORS
The Nation has obtained a copy of a letter addressed to one of the operators, asking it to authorise the third party to install the link that would open up SMS, call and mobile money transfer data to the third party as the plan takes shape quietly.
“Kindly facilitate our principal contractor, M/S Broadband Communications Networks Ltd, to access your site and install the link at the data-centre or the mobile switching room.
"The link should terminate close to the core network elements that shall integrate to the DMS solution.
"The DMS block diagram and integration requirements for this setup was shared with your technical team on January 17, 2017,” read the letter signed by the authority’s director, licensing, compliance and standards Christopher Kemei on behalf of the director-general.
UNCLEAR ROLES
Broadband Communications Services Ltd was awarded the Sh207.2 million tender to design, supply, deliver, install, test, commission and maintain the device in September 2016.
Before the hook-up, the authority and the contractor were to survey all the operators’ sites and a January 31 letter announced the intended visit.
But in a strange twist, the regulator later converted the survey into the actual installation, heightening suspicion.
Of bigger concern to the operators is that the company contracted by the authority, which does not legally bear the responsibility to protect customer confidentiality, will get a direct access to call data before transmitting it to the regulator, splitting responsibility between three parties and leaving users exposed to intrusion of privacy.
FAKE DEVICES
A source privy to the system said the need to tell fake devices from genuine ones will only need a control on the unique 15 digit code called International Mobile Equipment Identity or IMEI.
The number, usually found behind phone batteries, is given to every handset and whenever it is connected to a network, the number can be accessed in a database Equipment Identity Register.
“When your phone is reported stolen or is not type approved, this number is marked invalid and that is exactly what the regulator would need to do in dealing with fake phones.
"What is going to happen is an invasion into privacy of Kenyans who do not know what is going on,” said the source.
Although the regulator has listed the Anti-Counterfeit Agency, Kenya Bureau of Standards, Kenya Revenue Authority and the National Police Service as key players in the snooping, it is not clear what their roles would be.
KRA has made previous attempts to access M-Pesa transaction records to catch tax cheats, a move Safaricom, which has 26.6 million customers, resisted, citing the need for proper legal backing.
AGENCIES HACKED
Efforts to get a response from the CA over the plan that may compromise data privacy were futile.
An email, SMS and calls to Director-General Francis Wangusi were not answered.
The telcos are said to be plotting joint resistance to the plan, with several meetings having been held in a bid to come up with a common voice to protect customer data.
Safaricom will see its 26.6 million customers lose privacy.
Airtel Network Ltd has 6.7 million subscriptions, Telkom Kenya Ltd, 2.9 million while Finserve Africa Ltd and Sema Mobile Services Ltd subscriptions stand at 2.2 million subscribers, according to the latest statistics.
Private communication data sitting with the regulator would probably be unsafe from outside parties.
The Communications Authority, whose website was hacked in January alongside that of the National Environment Management Authority, also leaves the public exposed to such breaches in a country where cybercrime is on the rise.
A hackers group calling itself AnonPlus defaced the CA homepage by posting a manifesto promising to “defend freedom of information, freedom of the people and emancipation of the latter from the oppression of media”.
Consumer Federation of Kenya Secretary-General Stephen Mutoro said the move is against the Constitution and will expose the telcos to lawsuits for breach of confidentiality.
Big Brother could start tapping your calls, texts from next week | Nation

Be afraid, be very afraid

3 Likes

Hawa watu wako nyuma sana. Encryption apps zimejaa kila mahali.

You can’t encrypt calls and SMSs.

3 Likes

Wapi watu wa UTOPIA

Bwana ES, as an aside, this has been happening for a very long time, not even sure why its making news now, “insert name here” dont even talk to the telcos, they go directly to the root :D, if you know what i mean

Which encryption level are you talking about boss (BBM level??), i have seen 64 bit encryptions being broken as if it was a kindergarten puzzle game, and for your information, any encryption greater than that requires an export license under the munitions control cryptography export act. (@Deorro and @TerribleWaste can expound on this)

3 Likes

Calls and SMS encryption have existed for as long as smartphones have existed. A simple google search should give you a number of dozens to choose from.

that they exist is not under dispute, what i am disputing is the un-break-ability, if you dig deeper you will find that they are all using basic single block AES , this would have been a problem to crack in the era of 8 bit computing, however with the current computing power, think twice

for you to be safe you need a military grade encryption, however this will just help in flagging you down because 1 , its illegal, 2, you will have flagged your self as a person of interest and all resources will be directed to you

piece of advice, if you want to protect some piece of information, please hide it in plain sight or use misdirection (hope you know what that means)

4 Likes

Wacha nitafutwe kwa miguu.
http://s2.quickmeme.com/img/c7/c7dc12906e155542ce0e30dd3425a37ebf239c79f8480db14ed9d5a6738657e6.jpg

6 Likes

I am sure Kenyans’ messages will not be spied on coz coz someone somewhere will buy cheap stuff from China or blunder somewhere.

Military grade encryption already hit the commercial market. IOS, Android and a lot of applications nowadays employ different types of encryption.

Haha. Such low confidence in them, man.

But seriously, collecting ALL that data because you ‘primarily want to fight counterfeit gadgets’… yeah that seems a bit odd. And if they want to spy on people, they should at least acquire the ability to do so themselves… not just hire some company to do it for them.

1 Like

If its for security I really don’t mind them snooping, it’s not like I’m a navy seal or something, or they will tell my secrets to my friends

1 Like

The concern is that a private contractor will be having all this info without the express authorization of the individual.

2 Likes

:D:D:D
oh boy, please do your research again

if by military grade for IOS you mean the “Signal” by Moxie , please try again, that was cracked the same week all security experts declared that it was unbreakable :D:D:D

1 Like