The communications regulator has received the nod of the Supreme Court to instal a device on mobile phone networks to detect counterfeits amid concerns it will give the watchdog access to other customer data, including calls, messages and financial transactions.
The apex court has dismissed a second appeal seeking to stop the Communications Authority of Kenya (CA) from rolling out the Device Management System (DMS), which telcos reckon will offer the State a window to snoop on subscribers.
The regulator denies that the DMS has the capacity to access the phone records, location, and mobile money transaction details of subscribers, insisting that the technology can only detect and record the unique identification number of mobile phones and assigned subscriber numbers.
But Safaricom raised concerns that the monitoring devices will give the regulator access to other customer data held by the telecoms operators.
The Law Society of Kenya (LSK), which filed the second appeal, failed to convince the apex court to suspend the installation of the DMS fearing that it will usher in the era of public control and eavesdropping on peoples’ privacy, by intercepting and recording of communication and mobile data.
“In view of the above, we determine that this court does not have jurisdiction to hear and determine the instant petition of appeal,” a bench of five judges of the Supreme Court said.
The Court of Appeal had allowed the CA to continue developing the DMS in 2020 but said the guidelines or regulations on its installation should be subjected to public participation.
The LSK, which was not a party in the case at the High Court and the Court of Appeal, sought to overturn the decision and halt the plans until the phone-snooping fears raised in the petition are addressed.
The court also dismissed an appeal filed by Busia Senator Okiya Omtatah, saying it had ‘no legs to stand on”.
Deputy Chief Justice Philomena Mwilu with Justices Mohamed Ibrahim, Smokin Wanjala, Njoki Ndung’u and Isaac Lenaola said they could not grant relief to a party who did not litigate those issues before the High Court and Court of Appeal.
In the appeal, the LSK argued that the Court of Appeal failed to address important issues that were raised in the matter.
The lawyers faulted the Court of Appeal judges for allegedly not addressing the question of the constitutionality of the DMS and the threat it wields to the right to privacy of millions of mobile phone subscribers.
The LSK said the case is a matter of great public interest concerning the right to privacy of virtually every mobile subscriber in Kenya.
The CA defended the installation of the device arguing it was meant to fight counterfeits through the creation of an Equipment Identification Register (EIR), which will detect all devices, isolate the illegal ones and deny fake ones services.
The agency argued that the purveyors of counterfeit devices had become more high-tech and started cloning genuine International Mobile Equipment Identification (IMEI) numbers to the counterfeit devices, which made detection harder.
In addition to the cloning of genuine IMEIs, the CA said it was faced with the challenge of SIM boxing, which became the next frontier for the war against counterfeit devices.
The CA said it had no intention of snooping on customers’ information and that the monitoring devices would be used to crack down on illegal mobile devices operating in the market without infringing on consumers’ privacy.
The rollout was stopped in 2018 but the decision was overturned in 2020 by the Court of Appeal saying the judge gave a narrow interpretation of the term access, to mean intrusion of privacy to communication.
The CA had in January 2017 written to Safaricom, Airtel and Orange (Telkom) demanding that a contractor it had hired be allowed into the operators’ sites to instal the snooping device, sparking public uproar.
The telecoms market regulator had defended the move on grounds that it would help weed out counterfeit phones from the local market.
Safaricom, which was enjoined in the case as an interested party, revealed that it had raised queries on the privacy of the data that the device would collect as well as security arrangements with the regulator but none was resolved.
The High Court had found that the CA has no mandate in combating the use of counterfeit goods in the Kenyan market, noting that the law has assigned that role to the Anti-Counterfeit Authority.
It also declared the CA’s move unconstitutional, as it gave no assurance that it won’t be used by third parties to access private information.