Liquid Telecom faults CCTV rule for public Wi-Fi

Liquid Telecom has poked holes in proposed rules that require hotels and other public places offering wireless Internet connection (Wi-Fi) to install CCTV cameras for monitoring their customers.

The telecommunications firm in its submission to the Communications Authority of Kenya (CA) says the regulations are not clear.

The telco particularly wants the CA to explain further the bit that requires operators to identify a user who wants to connect to their Wi-Fi.
Liquid also questions how CCTV images can be used to identify users and for how long the images must be stored and in what format.

“It is a device that attempts to connect to a Wi-Fi and not a specific person. Does it mean that a potential user must present him or herself and the operator identify the users physically?” Liquid Telecom posed in its submissions.

READ: Liquid Telecom takes over Nakuru free Wi-Fi contract

Also read: Liquid Telecom to spend $200m in Africa expansion

Liquid has 350 free Wi-Fi hotspots across the country. Some of them are, however, paid for by shopping malls, banks, or coffee shops in which they are installed as a way of enhancing customer experience.

The proposed rules are contained in the Cyber Security Regulations 2015. Wi-Fi service providers who flout the rule risk a jail term of up to seven years or a Sh3 million fine or both.

Record clients

Under the new regulations, the CA says, providers of Wi-Fi in public places should install Closed Circuit Television (CCTV) cameras to record clients.

The regulations also require that only registered mobile phone subscribers and genuine handsets are allowed into public Wi-Fi networks. But Liquid Telecom is questioning how a Wi-Fi provider will be able to tie a user to a mobile phone number.

“What is to stop a potential user giving third party’s number? Does the operator need to have access to the mobile phone number data base for verification,” the telco asks.

The Wi-Fi providers are also required to store data showing when a particular user hooked onto the network and when they logged out. The rules require that the data be kept for a year.

The information collected will be made available to the CA for further action.

Internet Service Providers (ISP) will also be expected to authenticate serial numbers of handsets used on their networks. They will ensure that only genuine mobile phones with a unique 15-digit International Mobile Equipment Identifier (IMEI) code are used.

“Any person who commits an offence under these regulations for which no penalty is expressly provided shall be liable on conviction to imprisonment for a term not exceeding seven years or a fine not exceeding Sh3 million or both,”  the rules read.