Kenya is turning to spyware, again; African SIM cards and identities; Nigerian telcos want to be excluded from data regulation

and more infosec stories from across Africa.

CybAfriqué is a weekly newsletter covering news and analysis on cyber, data, and information security on the African continent.

Kenya is turning to spyware, again

In Kenya, the Supreme Court's decision to check counterfeiting by allowing regulators to install surveillance software on mobile phones has raised concerns about privacy and government surveillance. The Device Management System (DMS) is designed to detect counterfeits but telcos fear it will provide the State with a window to snoop on users. The Communication Authority of Kenya insists that the DMS can only access the unique identification number of mobile phones and assigned subscriber numbers. However, the Law Society of Kenya (LSK) and experts are saying this gives the State access to data like access to subscriber phone records, location information, and mobile money transaction details. 

Kenya has a history of turning to surveillance and spyware as a fix to almost everything. Earlier this year, the Kenya Revenue Authority proposed monitoring financial transactions in order to check tax evasion. In December 2022, the Kenyan Financial Reporting Center also proposed spying on the finances of politically exposed people to check corruption. In 2017, investigations revealed that law enforcement authorities were abusing surveillance meant to be used to fight terrorism. Kenya is among African countries where the Pegasus spyware has been discovered.  

African SIM cards and identities

Ghana is once again warning subscribers to reregister their SIM cards before the end of this month. In recent years, several African governments have taken steps to block phone lines of citizens who have not registered their SIM cards or are suspected of engaging in criminal activities.

One of the primary reasons why African governments are blocking phone lines is to address the growing problem of cybercrime on the continent. Many African countries are experiencing a surge in digital crimes such as mobile money fraud, phishing scams, and identity theft, which are facilitated by the use of unregistered or improperly registered SIM cards.

By requiring citizens to register their SIM cards with biometric data, authorities are hoping to make it harder for criminals to carry out these illegal activities. In some cases, governments have also required telecoms to share customer data with security agencies to enable them to track suspected criminals.

Nigerian telcos want to be excluded from data regulation

Nigeria’s telecom operators have called for their exclusion from the regulations proposed in the National Information Technology Development Agency (NITDA) Bill.

The NITDA Bill is intended to provide regulatory guidelines for the use of information technology in the country, including data protection and privacy laws. However, telecom operators say they are concerned that the bill's provisions will overlap with existing laws governing their operations and lead to unnecessary duplication and confusion.

The Association of Licensed Telecommunications Operators of Nigeria (ALTON) argues that telecoms are already subject to extensive regulation by the Nigerian Communications Commission (NCC) and that adding an additional layer of regulation under the NITDA Bill would be counterproductive and cause unnecessary burdens on the industry.

ALTON also contends that the bill's provisions on data protection and privacy are already covered by the NCC. 

The association believes that the NITDA should focus on its core mandate of promoting and developing the IT sector in Nigeria and supporting the growth of local IT companies. Telecom operators are calling on lawmakers to consider their concerns and to exclude them from the NITDA Bill's scope.

Big pictures

• The recent closure of Z-Library, one of the world's largest online shadow libraries, has sparked a debate about access to information and the impact of copyright laws on digital resources. The copyright-infringing website is popular among people in developing countries, including Africa, where access to educational materials is often a challenge.

  In addition to concerns about access to information, the reopening of the shadow library on the darkweb raises new questions about cybersecurity and digital safety. While the darkweb can offer users a greater degree of anonymity and privacy, it is also a hotbed for criminal activity and cyber threats. Users who access the site through the darkweb may be exposing themselves to additional risks, such as malware and phishing attacks, as well as potential legal consequences.

  This report by Aisha Bello enunciates more. 

• The conflict in Sudan is not just physical. There’s also the play of power across the country’s cyberspace. In this piece for Inkstick, I wrote extensively on my thoughts concerning cyberwarfare in the Sudan conflict. 

• Last week, we briefed talked about Anonymous Sudan, a new threat group claiming to be from Sudan but suspected to be Russian. In this report, Threatmon detailed everything about the group, their toolbox, and history of attacks. 

Headlines

MTN Ghana reconnected 1.95 million SIM cards after they reregistered - Regtech Africa.

Mastercard is launching a Web3 identification verification solution to curb bad actors - Regtech Africa. 

Benin Republic is updating its cybersecurity strategy - African Cybersecurity Magazine. 

South African hackers are targeting vulnerabilities in government infrastructures - TechCabal.

Nigerian court grants its advertising regulator the permission to summon Meta over a case of violating regulation that requires adverts to be screened by the regulator before they’re shown to the public - The Cable.  

Nigeria Information Technology Development Agency is urging countries to develop global cyber policies - The Punch.

African countries including Ghana, Gabon, Guinea, Rwanda, Tunisia and Zimbabwe have signed a declaration on data and digital identity interoperability - Biometric Update.

A fire incident at Zenith Bank’s data center is causing a network downtime - TechCabal.

150 African moderators for ChatGPT, TikTok and Facebook vote to unionize at Landmark Nairobi meeting - Time.

Quote of the week

Can @MTNNG and @NgComCommission explain if they are aware of the privacy concerns that come with resubscribing a phone number to another customer? How do you resubscribe a number connected to my National Identification Number, bank accounts and even Bank Verification Number to another customer just like that?

- Afolabi, a Nigerian whose SIM card was reregistered to another subscriber after he misplaced it and couldn’t retrieve it due to a cumbersome retrieval process. 

Chart of the week

Source: IdentityPass’ 2023 Need for Digital Identity Verification in Africa report.

Across the world

The Shanghai police is creating a surveillance system that track Uyghurs And foreign journalists visiting Xinjiang - IPVM.

When it comes to online scams, ChatGPT is the new crypto - Cyberscoop.

TikTok tracked a UK journalist via her cat's account - BBC.

Post Notes.

The original version of this issue stated that Kenya was among four African countries where the use of Pegasus has been discovered. This is wrong. The Pegasus spyware has been used in at least eight African countries, including Ghana.

Remember to share CybAfriqué with your friends and colleagues.

Until next Saturday!