Category Archives: ICT

Articles on Information and Communication Technology. I also write about Astronomy in this section.

MTN’s “Unlimited” Limited Internet

I’ve been on the wrong side of various service providers as a result of my open expression of experiences while consuming services. It therefore came as a surprise when MTN Uganda called me up and requested that I try out the MTN Unlimited Internet Premium service.

Unlimited is a term that essentially means unrestricted, unconfined, boundless or infinite. So, in the real sense of the word, this service is not really unlimited. The package offers you internet access of upto 3 Gb on a daily basis. So, there is actually a limit only that it’s quite high for the average Joe to fully consume.

Being one with a mobile office, I rely a lot on mobile internet services to render my services. I must admit that I was one of those who were skeptical about this MTN offer until I tried it out.

In my days as a kid, I always demanded stuff like sweets from dad and mom whenever the opportunity presented itself. Today, my children demand data !!!! It is so serious that even when I claim not to have data, they mobilise resources among themselves and load a data package to see them through for a day or so. The kind of game apps they access can strain the regular data packages. This is another reason why I gladly wanted to test this service. How easy is it to deplete the 3Gb allotted daily?

I gave my family the challenge to deplete the daily allotted data and this meant unrestricted use of the internet. Where I used to limit them watching videos and TV shows online, this time round, they had a blank slate. They could hardly believe their ears. We all tried and worked towards this feat without success.

My initial observations show that it’s an always on service with much less downtime than my traditional data provider.

Consuming 3Gb of data is no mean feat especially if you’re not the type to always be at the computer. I tried watching all sorts of videos, encouraged my children to play online games, watch online study lessons, chose to upgrade software but alas, still failed.

This data service works well for urban connectivity, however, in rural settings, there are still challenges. I’m writing this article on a sojourn in Butaleja district and have had to do without internet while in my gardens and at home. Most urban dwellers can do with just about any service provider since their services are usually decent in such locations. It takes one a journey to rural locales to establish whether your data service is worth its salt. MTN Uganda has to find ways of improving 3G coverage nationwide.

There has always been this talk of lost data and I blogged about it before. It’s still a big problem apparently. I can authoritatively state that six (6) out of ten people I have interacted with have complaints about unexplained data loss. As a matter of fact, I personally transitioned from buying monthly data bundles to daily ones simply because of the ease of monitoring my data consumption. Imagine loading 1Gb of data for a month and by the third day it’s finished.

If you’re a power user and want to save yourself the data loss gymnastics, then I strongly believe opting for this “Unlimited” MTN Service is ideal. The cost of UGX 330,000/= monthly for the Premium option however leaves me wondering whether it is pocket friendly enough. However, there is the Basic option that goes for UGX 179,000/=. Maybe, I will consider subscribing for the latter.

Overall, my experience tells me, the MTN “Unlimited” Internet is worth having for the internet savvy.

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Advertisements

Hon Tumwebaze, Uganda should venture into Outer Space

I am one of the numerous Ugandans who expect little in terms of cutting edge knowledge and proactive initiatives from our distinguished Ministers. A good number of them are viewed as partaking of political rewards as dispensed by the Fountain of Honour.

After being entertained by pedestrian reasoning from the likes of Hon. Anite Evelyn one would be hard pressed to expect anything better from the current lot of ministers. However, I was taken back when I came across a statement that Hon Frank Tumwebaze made in the Parliament of Uganda in response to a query by Hon. Cuthbert Abigaba. I must admit that I’ve had to eat my words and change my attitude abit. I now believe there are some ministers and Members of Parliament worth their salt in Uganda.

The Minister had been tasked to share plans that the Government of Uganda has to tap into the vast opportunity provided by the Upper Air Space. In his response, he made an effort to point out a number of issues that got me and my fellow amateur astronomers excited. While it definitely fell short of many things, we agreed on one thing, it’s a good start and commendable line of thinking.

The use of the term Upper Air Space would literally restrict the kind of information the minister shared, if we are to go by some of the definitions out there. However, I would like to believe that what Hon. Abigaba wanted to know about was basically our plans as a country to tap into the opportunities offered by Outer Space.

The Minister’s full statement is available here in which he points out a number of issues that are being considered both as a nation and Africa as a whole.

According to Wikipedia, Outer space is defined as the near vacuum that exists between celestial bodies. Celestial bodies are natural bodies located outside of the earth’s atmosphere like the Sun, Moon, Jupiter, Mars, the numerous stars and planets that litter the sky etc. Scientists refer to the point of separation between the Earth’s atmosphere and Outer Space as the Karman Line. This is located 100km from the earth’s surface.

Karman-Line

Depiction of the Karman line. Image courtesy of Derekscope

Countries like the USA, Russia, China and India are already trailblazing in the space exploration arena and some people have been left asking why we mind so much about investing money in space exploration when hunger and poverty are still rife in our countries.

Uganda has largely been passive in this endeavour and this can be attributed to the overwhelming need to address survival basics for our citizens as well as a general lack of guidance in this regard. A discussion on outer space should not be restricted to satellites and communication technologies. We need to be looking beyond that. Like the explorers of yester-years who traversed the world by ship searching for distant lands and peoples, the opportunities outer space offers us today are;

  • Better monitoring and management of planet earth. We can be in position to track a lot of aspects about this planet including among others weather. This monitoring will definitely help us better manage the resources at our disposal as well as right the wrongs that have been done over the years.

  • Explore alternative planets/locations for settlement. Have you ever imagined that one day man shall be an interplanetary specie? Just like you have Ugandans living in Uganda and others in the U.K, we cannot rule out a time when we shall have humans living on Mars or dwelling in floating cities in space. Earth as we know it might eventually become hostile hence the need for us to establish alternative locations of abode in the universe where we can set up ourselves afresh in the event of a catastrophe on mother earth. You might for example not be aware that 50Km above the surface of the planet Venus, one finds an atmosphere that is very earth like. This could be one good candidate for a space colony through the use of floating cities.

  • The Solar System that we are a part of is just one of the millions of solar systems in the Milky way Galaxy. The Milky way Galaxy is just one of billions of Galaxies in the universe. Have you ever considered the possibility of other intelligent life forms existing elsewhere in the Universe? Sincerely, do you really believe that God only placed man in this universe? We may have been the only ones he made in His own image but we cannot rule out many other human like beings He created that are not necessarily in his image.

If we are to remain relevant to the future, as a nation we need to stand up and be counted. We have to join the Space agenda as fast as possible. Uganda has entry points that can be utilised to get into this arena if only we took time to educate ourselves more on this subject matter.

Located at the Equator with a big water body in the form of L. Victoria, Uganda is an ideal location for a Spaceport (used to launch rockets to space).

The earth is always continuously spinning on its axis. This spin can act as a boost when launching rockets into space. The experience is similar to someone giving you a push before you dive into the swimming pool. The strength of the push determines how fast you get into the pool. Due to the oval nature or the earth, in the 24 hours it takes for it to spin on its axis, a spot nearer to the North or South Poles moves a shorter distance than one at the equator.

earth_rotation

Earth’s rotation.

An object at the equator in Uganda already has a rotation speed of 1670 Km/h as opposed to one in Norway at about 800Km/h. Since the surface of the earth is travelling faster at the equator, a launch in the same area implies that the rocket takes off at a faster speed and reaches orbit much quicker. This has a lot of implications towards minimising the cost of launches.

The presence of Lake Victoria as a water body is ideal. These water bodies are favoured near launch sites because they tend to offer a good backup of water supply in the event that a fire erupted at the spaceport. Remember rocket launches are basically controlled explosions. Something could go wrong at the launch pad. SpaceX had a pre-launch explosion in September 2016. John Young (American Astronaut) once said, “Anyone who sits on top of the largest hydrogen-oxygen fueled system in the world, knowing they’re going to light the bottom, and doesn’t get a little worried, does not fully understand the situation.”

Uganda being on the Eastern side of the African continent is also another compelling factor. Most space launches (at least for geostationary orbit satellites) tend to take on the easterly direction during launch. With the Indian Ocean not too far, the stages that eject during flight can drop into the ocean.

Today, our Mpoma Satellite Earth Station is largely idle. It could easily be revived and used to track satellites most of which are largely cycling around the equator.

On the Human Resource front, as a country, Uganda has been acknowledged for having a large youthful population. This coupled by the high numbers of technology graduates being churned out of school is another mouth watering opportunity that awaits exploitation. These brains can be put to use in an elaborate space programme.

ISRO, the Indian Space Research Organisation has not engaged in any major inventions but simply utilised already available knowledge in the public domain to make leaps in the Space arena. They have sent probes as far as Mars at a fraction of the cost of NASA to study more about celestial bodies. This is encouraging news and implies that Uganda can easily follow suit.

For starters, Uganda’s Space Agency can count on the massive backlog of satellite launches to make money that would then fund other activities in this regard. A thorough strategic plan is required prior to taking this leap of faith.

Once again, Hon. Tumwebaze, I thank you for the insight you and your team has shown. I believe there are Ugandans out there ready to work with you to turn this Outer Space fantasy into a reality and appease visionary MPs like Hon. Cuthbert Abigaba. Please join the Uganda Astronomers’ WhatsApp group or the Facebook Page for starters so we can engage from both a civil and technical perspective.

“The probability of success is difficult to estimate; but if we never search, the chance of success is zero,” Giuseppe Cocconi and Philip Morrison’s paper ‘Searching for Interstellar Communications’ that was published in September 1959

Let us start NOW!!!

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Other Articles of Interest:

Stolen National ID Data ~ Questioning The New Vision’s Agenda

The headline on the front page of the Sunday Vision screamed, PANIC AS NATIONAL ID DATA IS STOLEN. I dropped all I was doing to quickly get myself a copy of the news paper. Being one of those people that have continuously cautioned our government over its handling of electronic data, I was only too eager to see what had been done wrong this time round.

vision_headline

The screaming Sunday Vision Headline

The title of the article gives one the impression that the folks at the National Identification and Registration Authority (NIRA) were caught napping on duty.

In the article, a one Norbert Kamwebaze was allegedly paid twice for work he did for Roko Construction with the second payment being dished out to an imposter who presented an ID card to Roko that had all his details save for a difference in the face.

The article starts off with a clear indication of the agenda the authors had; “Panic has gripped members of the public after it emerged that confidential data that Ugandans submitted to NIRA could have landed in wrong hands….” Using a very basic example, we have had forgery of permits for a long time in this country where someone lifts all the information of a legitimate permit and only changes the face to reflect his. Why has there never been any doubt cast on Face Technologies over our data? I was irked by the quick conclusion being insinuated in the article yet the details of the story indicate that suspicion should first be cast elsewhere.

Let us look at the issues raised so far and what they mean;

  • Mr. Kamwebaze was contracted by Roko construction to do a job for UGX 51 Million Shillings

  • Upon completion of the job, he was paid in full but not before producing proof of his identity by presenting a National ID which was duly photocopied.

  • Mr. Kamwebaze proceeded to bank the cheque on his account in Barclays bank and it was cleared.

  • A few days later, another person bearing a similar ID appeared at Roko for payment and was issued a cheque for payment.

This is where the story gets an interesting twist. Roko as a company has decent accounting systems in place with well set processes and procedures. I have done work for them before and know that the point persons one deals with when it comes to finances are limited and they usually know even off head who has been paid. The issuance of cheques follows some fairly lengthy procedures and this makes me wonder how a second cheque could have been issued without internal connivance. Is it possible that by coincidence all those who handled the first payment issued were never available when the impostor turned up?

  • The double payment was discovered by the Roko top management.

This is already a pointer that the lower level staff have some serious questions to answer.

  • The impostor opened up an account with the same bank, Barclays using the same bio data as Mr. Kamwesigye, went ahead to ensure the account had the same bank balance as that of the legitimate Kamwesigye and two days later, deposited the cheque of 51 Million. Upon maturity, he withdrew all the money.

This raises some interesting questions. They are:

  1. Could it be that the banking software used by Barclays has no ability to detect duplicates? How could two accounts with similar bio data exist yet having different photographs? Shouldn’t a flag have been raised internally at least first with the Systems Security team?

  2. How did the impostor get to know the details on the legitimate Kamwesigye’s account including bank balance? Was he working with an insider in Barclays? Could there have been collusion between Mr Kamwesigye and this alleged impostor?

Back to the National ID, no where in the article does it indicate the trail to NIRA. There is a presumption that the NIRA database could have been hacked to get this information but this does not appear to hold much water considering that there are still many other ways one would have accessed this ID information. Based on my assessment, these are the first areas of suspicion before casting NIRA in bad light:

  • The impostor could have worked with staff at Roko who availed him the ID information since they already had a photocopy and considering that he picked his money after the real claimant had already got his.

  • The real Mr. Kamwebaze could have connived with the impostor and come up with the new ID that the impostor used.

  • The impostor could have tracked Mr. Kamwebaze and been able to get access to his National ID without his knowledge. Thereafter, he hatched out his plan.

At this point, unless further information is availed showing complicity by NIRA, I am inclined to believe that this was more of social engineering than hacking into the National ID Database.

It is on this note that I would like to register my disappointment with the New Vision for falling prey to the sensationalist headline approach typical of the reckless Ugandan tabloids.

One positive though the article brings out is the need for our public institutions to guard against data pilferage. Remember, the weakest link in any IT systems is the human being. Employ professionals who know what they are doing and are willing to stand by a pre-set code of ethics. We shall minimise the likely occurrence of such.

Eid Mubarak to my Muslim brothers and sisters.

James Wire is a Technology and Small Business Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Ransomware, avoid being a victim

To-date, no one knows what she did on that laptop but the Executive Director of a leading government entity under the Ministry of Finance got her computer locked up by ransomware. All her information was encrypted and she eventually had to fork out millions of shillings to regain access.

Many of us are conversant with viruses and how they affect our computers or phones. However, they are just one category of crooked software that the bad guys use to mess up technology consumers.

Ransomware is malware (malicious software) that has the tendency to block you from accessing your files or data on that electronic gadget of yours. To regain the access, it requires you to pay a ransom fee.

Ransomware has been with us for a number of years but only gained prominence recently when the largest syndicated attack was launched. WannaCry has been the most prominent ransomware to-date that has had a significant impact on global computer systems. It begun on 12th May 2017 and within hours of rolling out, over two hundred thousand (200,000) machines across multiple countries had fallen victim.

How does it work?

Once the software infects a computer, it then proceeds to communicate to a central server using the very internet access on that computer. When in contact with the server, it requests for further instructions after which encryption commences on the infected computer using the instructions obtained. When the encryption is completed on all files, a message is displayed on the screen requesting for payment to decrypt the files with a threat to destroy this information if no action is taken.

Essentially, it needs all or some of the following;

  • A data network in order to spread from one computer to the other

  • A seemingly legitimate file/document through which it can be propagated

  • Email

  • A vulnerable computer operating system

What are the tell-tale signs of Ransomware?

Ransomware manifests in some or all of the following ways;

  • Encryption of all types of data/files

  • Display of hijack message to alert you

  • Request for payment in BitCoins

  • Transfers data to the central server eg passwords and email addresses

among others.

How can I avoid becoming a victim of Ransomware?

  1. Backup: Let us face it, the damage caused by ransomware boils down to denying you access to your data. If that is the case, then having a frequently updated backup of all your computer data will mean that no amount of threats can make you yield to the demands of attackers. You can simply set up your computer afresh and restore your data from the backup.

  2. Software Updates: First of all, ensure that you are running legitimate software on your computer (avoid pirated copies especially of Operating Systems). With legit software, you need to keep updating it as per the advisory of the company that supplies the software. There is always a good reason why they come up with frequent updates.

  3. Anti-Virus: It is advised that you make the presence of a recognised anti-virus software on your computer a must. Frequent database and engine updates are crucial too, considering that the suppliers of this software are always evolving it to meet the ever changing tactics of the hackers out there. Good anti-virus software has the ability to prevent some of these fishy emails or files from accessing your computer.

  4. Be slow to trust: In real life, we are always suspicious of that stranger who approaches us with a proposition on the roadside. Why then do we drop our guard and choose to trust any email we receive promising all sorts of things to us? Hackers are using Phishing Emails a lot lately to trick users into clicking certain links that then proceed to download the malicious software onto the computer. Other avenues are malicious website adverts and apps.

If you run an organisation, this is the time for you to have a comprehensive and regular Cyber Security training programme that will ensure that your staff are always aware about the dangers lurking out there on the internet and how they can grossly affect your operations.

Scenario1: You get to office one monday morning ready to complete a key business proposals due to be submitted before the end of day only to be met by a ransom notice on all the office network computers.

Scenario2: Your accountant is misled by an email into enabling macros as he tries to open an attachment that has been sent to him. The office accounting software runs off his computer and within a few minutes, the ransom notice pops up. Invoices can’t be generated or printed, all your accounting records are inaccessible and the tax authorities are demanding some overdue reconciliations.

These scenes can be real, but you have a choice to avoid seeing them happen. Do you have a need for guidance on this and other cyber security related matters? Do not hesitate to contact me on the email given below.

Let us fight Ransomware.

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Sim Card Verification exposes the joke that UCC has become

Only Dr. Stella Nyanzi in my view has the right vocabulary to effectively describe the Uganda Communications Commission (UCC) and its haphazard handling of issues.

Five years ago, the commission huffed and puffed about the need to register sim cards citing security as one of the key reasons it was being done.

mkts01px

Eng. Mutabazi being assisted during the launch of the registration exercise. Photo Credit – Daily Monitor, 2012

The Executive Director, Eng Godfrey Mutabazi is on record having said that, “In countries where SIM card registration has been taken seriously, a drop in crime especially cybercrime has been registered. We want to emulate this and see to it that such unlawful acts are done away with.”

 

Many of us supported the move and even used various fora to enlighten the general public about the importance of registration. The deadline set for 2013 passed and before we knew it another threat was issued to the telecoms companies to ensure that the process is completed in 2015. Interestingly, we were led to believe that the issue had been sorted once and for all.

To my shock, earlier this year, information from the Police begun pointing fingers at the use of unregistered simcards by criminal gangs. The UCC kept mum. Is it because the victims were largely lay men? It wasn’t until the investigations into the assassination of the Assistant Inspector General of Police, Mr. Felix Kaweesi (RIP) that the UCC was jolted out of its slumber.

With the kind of resources this institution commands, it is foolhardy for one to believe that they have a genuine reason for such a lapse in judgement. I strongly believe this is a sign of gross incompetence in the institution that is failing to offer the much needed direction for the ICT industry, preferring to concentrate on shutting down internet during election time as well as shopping for pornography tracking equipment. It seems like UCC is narrowing its attention to matters that involve procurement (this was actually intimated to me by a Member of Parliament) as they offer quick gains to the individuals involved there-in as well as satisfying the politburo’s demands. These two areas of engagement I presume form the basis for any contract renewal that the head of the institution is definitely interested in.

By failing to do the obvious, the Eng Mutabazi led outfit has slowed down the pace set by Mr. Patrick Masambu the former Executive Director of UCC who is currently the Director General of the International Telecommunications Satellite Organisation (ITSO). Despite the massive hurdles he went through to set up this institution, Mr Masambu defied all odds to leave a healthy and globally acclaimed institution in place.

The latest gaffe has been the press release by UCC that orders Telecommunication service providers to verify all SIM card subscriber details within seven (7) days starting 12th April 2017. The communique advises the public to visit the nearest authorised telecoms service centres as well as utilising the *197#.

I can only shake my head in disbelief because whoever came up with this decision at UCC is out of touch with reality. Do they think that they are managing a home? Do they realistically expect even 50% of the Ugandans to get sorted within one week? Which world are these !#%&^396$#@ living in? (Dr. Nyanzi the queen of metaphors please come to my rescue here)

Now to Eng Mutabazi and your team, do you really believe that:

  • All Ugandans are within 7 days reach of a recognised Telecoms Service Centre?

  • All Ugandans will have got the information to pursue this activity within 7 days?

  • All Ugandans will have the money and time to make it to the various centres within 7 days?

  • All Ugandans have National IDs?

  • All Ugandans are utilising their cell numbers within the boundaries of this country?

  • All Ugandans have time to repeatedly go to Telecoms service centres in a bid to repeat activities they had already engaged in?

Take the example of this guy

kaabong

Meanwhile, like you can see, he at least might be able to afford the entire exercise financially. What happens to the many that cant afford it and also reside where he is currently working? [Pointing my index finger onto my bald head saying “COMMON SENSE IS NOT COMMON”]

Meanwhile of the seven (7) days given, four of them are taken up by the Easter Holidays. For a country that is over 70% Christian, why do you think they will leave their celebrations to attend to an exercise that was caused by your incompetence?

When will you get out of this gambling nature that seems to have become a part of your operational manual? I do believe that UCC as an institution has some very brilliant minds, a number of whom are known to me personally but the way the institution is operating as a whole, makes any outsider think it is a bunch of jokers. This should be a wakeup call to the appointing authority, at this rate, the efforts to attain Middle Income status are likely to be sabotaged by an inefficient Communication and Technology Sector whose regulatory agency seems to be operating in a reactive rather than proactive manner.

This seven day deadline is simply a poorly thought through decision that only serves to lay bare the incompetence of the institution we are meant to look upto for guidance. Could it be time for a total purge?

Let me go pick my orange tree seedlings and plant before the rains cease. I think I have had enough of this circus.

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Other Articles of Interest:

The disregard for Data Privacy in Uganda

In the late 90s, as a Systems Administrator for Starcom, one of the pioneer Internet Service Providers in Uganda, I had the privilege of managing the Email server and in the process got to know which email accounts were used by StateHouse as well as the Kabaka of Buganda. Out of pure professional ethics, not even once did I snoop to find out what kind of communication they were undertaking. As the overall administrator of the server, I had unlimited privileges that I could have chosen to abuse at will or in exchange for a few pieces of silver. That was then.

Close to eight years ago, I got to learn about this couple. They were so much in love with one another until the entry of the other girl turned things around. Rita couldn’t stomach it any longer and quit the relationship. Meanwhile, her boyfriend had other ideas. After failing to convince her to reverse her decision, he turned to stalking her. Philip had friends who worked for the Telecom company that his ex girlfriend was subscribed to. With their help, he tracked down her phone interactions in a manner that eventually proved disastrous to her new relationship. To-date, these scenarios are still common with telecom employees willfully playing the role of Judas. I have been told that for as little as UGX 50,000/= one can get phone records for any person of interest without needing a Police or Court order.

When it comes to the banks, someone I will call Mark has had banking records involving his credit cards and other transactions given to his wife without his approval. How she accesses the information is still a mystery to him. The bank in question is a leading international bank whose professionalism you would ordinarily not put to question. He is now scared because if his wife can easily get such information, then what happens in the event that someone who has ill motives makes a move for the same?

The case of Bank connivance in the death of an Eritrean Businessman in Uganda is very telling. The Inspector General of Police came out decrying the presence of a Mafia Network in the banking system. Airtel was recently too accused of abetting number plate theft. These are matters not to be taken lightly.

There has been a fresh demand by the Uganda Communications Commission to ensure that sim card registration is adhered to. In a recent press release, the to-do list had among others a requirement that, database reconciliation/verification to be done by operators in liaison with NIRA (National Identification and Registration Authority). This has caused a lot of concern. The depth of information that NIRA has about individuals is so much and if shared carelessly with other providers whose lackluster approach to confidentiality is well known, the threat on individuals is likely to be made worse. Whereas thugs have always had only phone records to contend with, now they are likely to have residential information, next of kin thereby making it easier for them to plan kidnaps for ransom.

I have a bone to pick with UCC for the haphazard manner in which some interventions are undertaken. After huffing and puffing about sim registration and fines to Telcos that do not comply, many of us were under the impression that this matter had been settled as far back as 2015. It is a shame (a very big one) to realise that it had to take the death of a high profile individual for the same institution to bring this matter to a close. I cant shake my head enough to show my disappointment. However, that is a story for another day.

Now that private data is being aggregated with the potential for sharing it with providers in future, what should be done to ensure that we minimise its abuse?

  • Enact a Data Protection law

This is a law that prohibits the disclosure or misuse of information held on private individuals. The cases cited in this article can easily be pursued legally once the appropriate laws are in place. The Data Protection and Privacy Bill 2014 already has the desired provisions. These include;

Section 27 Unlawful obtaining and disclosure of personal data

(1) A person shall not knowingly or recklessly –

(a) obtain or disclose personal data of the information held or processed by a data controller; or

(b) procure the disclosure to another person of the information contained in personal data.

(2) A person who contravenes this section commits an offence and is liable on conviction to a fine not exceeding one hundred and twenty currency points  or imprisonment not exceeding five years or both.

Section 28 Sale of personal data

(1) A person shall not sell or offer for sale personal data of any person.

(2) A person who contravenes subsection (1) commits an offence and is liable on conviction to a fine not exceeding one hundred and twenty currency points or imprisonment not exceeding five years or both.

NB: Please note that One Currency Point is equivalent to UGX 20,000/=

  • Limit the amount of information shared with third parties

UCC should ensure that going forward, NIRA does not share all users’ information with the Telcos or any other third parties. This can be made possible through the use of software interfaces which limit the kind of access one can have to the National ID database. This is something within the means of NIRA to achieve in a short a time as one week.

Other than that, I look forward to the day when employees as well as companies whose staff are involved in illegal use of private consumer data are made accountable for their ill deeds. Many are suffering out there silently having been victims of this unprofessional conduct. Others have had to pay for it with their lives. We cannot afford to wait any longer.

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Other articles of interest:

President Museveni, avoid Knee Jerk reactions on Installing Security Cameras

The death of Afande Felix Kaweesi (RIP) took us all by surprise and matters were worsened by the brutal and professionally executed hit. In the aftermath of this occurrence, President Yoweri Museveni was quoted by various media houses as having stated that installation of cameras along public roads should be done as soon as possible.

In the run up to the 20th Common Wealth Head of Governments’ Meeting (CHOGM) held in Kampala, Uganda in 2007, installation of security cameras was on the To Do list. One of the reasons given was that they would continue providing surveillance long after the event. Apart from seeing remnants of poles and housing units for cameras, that project died as fast as it was birthed. Money was spent procuring these cameras, installation was probably done but that is as far as things went.

Mr President, before you embark on another spending spree to procure new cameras, I have a humble appeal. Please do not follow the knee jerk reaction on this matter. Many of your people may be looking at this need merely as a procurement opportunity without internalising its overarching importance towards facilitating crime management in the city of Kampala.

As steps are taken towards implementing your directive, it is crucial that certain things are kept in mind. These include;

  • Needs Assessment and Budgeting – Apart from equipment costs, time and labour required can also be intensive. Product quality is also key as opting for low cost products without considering their abilities could lead to challenges like low quality images hence creating challenges during evidence collection, poor visibility at night or during the rain among others.

  • Planning for Infrastructure, Maintenance and other recurrent costs – In Uganda, we have a tendency to believe that initial costs are all that matters when acquiring technology. Plan ahead for costs of maintaining infrastructure eg Wireless connections to the data centre may require servicing, obstructions could occur near the cameras and have to be removed, cameras may have to be replaced and even outright vandalism of some cameras could occur. In cases of non networked cameras, there might be a need for a team of people to physically collect data from them periodically among other activities. This is where probably the CHOGM camera project went wrong.

  • Technology Integration – Our security forces already have different technologies in use. The Police for example has license plate recognition software which is used a lot to get ticket defaulters. The camera system installed should be able to integrate this and other technologies including facial recognition, gunshot detection, incident mapping, video analytic among others. That way, we shall avoid having silos of technologies that are not interoperable, a waste of tax payers money.

  • Policy Development – There needs to be policies in place to manage this surveillance. It is crucial to achieve a balance between protecting citizens’ privacy rights and enabling law enforcement officers utilise the technology in an effective manner.

  • Active Monitoring Vs Passive Monitoring – Active monitoring is real time monitoring where locations are observed continuously while passive is the opposite. The former approach is a lot more resource intensive but allows the security agencies achieve much more especially when it comes to preventing crime. However, does Uganda’s force have the capacity to actively monitor a widespread camera system covering the entire Kampala city? Maybe a mix of Active and Passive would work best. Certain areas considered hot spots could be monitored actively while for those that are less dangerous, a passive approach can be undertaken. This decision will also inform on the type of technology to be deployed where.

  • Integrating Camera systems with current practices – There are procedures and practices that the security systems are utilising to monitor and manage crime. These do not have to work in isolation with the Camera systems. Could there be a need to mount cameras on all Police Patrol cars for example? In danger spots, can patrol teams be deployed in areas where the camera coverage is poor or where they expect criminals to seek refuge from the cameras?

  • Cameras are not a replacement to normal security duties – It is important to ensure that there is no sloppiness that develops on the part of the security officials as a result of camera installations. The old school physical engagements of investigating, tracking and preventing crime still apply. These cameras should be viewed as the icing on the cake. Footage can be used to corroborate information, identify culprits and witnesses to be interviewed among others.

Any eventual decision on the kind of Cameras to use should not restrict itself to a particular model of cameras but instead opt for a variety of camera models with different abilities. There will however be a need to get assurances from the vendors about their interoperability with other vendors’ equipment.

Technologies that need to be integrated in the procured system should include among others;

Gunshot Detection Systems: They work by utilising a system of sound sensors installed all over the target area. By scanning sounds in the area, these sensors are able to decode whether it is from a gun or not and through a triangulation approach offer an approximate location where the shot was fired from. Integrate this with crime mapping software and you will easily know theneighborhood in question.

License Plate Recognition: This scans number plates of cars and can verify with any database to determine whether the car in question has uncleared tickets, has been reported stolen or any other issue as brought to the attention of the authorities.

Facial Recognition: Advances in technology now allow computer software to be able to match faces when compared with database entries. By integrating this software with the cameras, one should be able to quickly track offenders especially the repeat offenders.

There is a lot more to share on this but it is my hope that this time round, the Government of Uganda manages this project the right way in order to achieve its intended goals without financially haemorrhaging the public coffers.

For God and My Country !!!!

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter

Other Articles of interest:

Additional material from Using Public Surveillance Systems for Crime Control and Prevention by Nancy G LaVigne, Samantha S Lowry and others.

He Died!! Where did his Mobile Money go?

On his way home from work, he hired a bodaboda to help him swiftly navigate the traffic jam only to get involved in a nasty accident that saw him lose his life. Charlie (name not real), was an ambitious young man who was out to curve a better world for himself. In his business, he used a lot of Mobile Money (MM) transactions since they offered a lot of flexibility and security. When he died, no one knew about the financial status of his MM account nor his pin code. Not even his wife!!!

Such scenarios are common in Uganda. People die, lose phones with their simcards or travel out of the country only to return years later and the Mobile Money is no longer available.

Where does this Mobile Money go? This is the key question.

It is typical of the telecom companies in Uganda to reassign phone numbers that have not been in use for a while. This re-assignment is done in such a manner that any Mobile Money that was on that account gets erased too. I have a sim card from Airtel and once, due to a long period of inactivity, it was deactivated. Before the deactivation, I had deposited UGX 20,000/= on the Moble Money. Upon reactivation, when I inquired about the MM, all I was told was that I had to register afresh. No explanation was given for the absence of my MM previously deposited.

Imagine a telecom deactivating at least 300 sim cards per day. Of those, let’s say 50% have Mobile Money leftovers that average out to UGX 20,000/= on their individual accounts. This gives a total of UGX 3,000,000/= (Three Million) daily being taken over by the Telecoms company. In a month, this works out to UGX 90,000,000/= (Ninety Million) and a year, that adds up to a conservative estimate of UGX 1,080,000,000/= (One billion, eighty million).

This may not look like much money to the telecom company but a quick analysis reveals that it can pay the annual salaries of at least ten middle level managers with each earning in the region of Eight to Nine Million shillings. This same amount can be used to pay up for the lease on the cars used by the telecom.

While appearing as a small loss on the part of the customer, this money when aggregated becomes massive and this is where the telecom companies benefit unscrupulously.

In another scenario, someone deposits UGX 1,000,000/= (One Million) onto the MM account and does not use it for a period of two weeks. The telecom company earns interest off that money but the customer is only entitled to the principal amount deposited. This is another ugly scar rearing its head in the MM field. Every day, you have Billions of Shillings deposited onto the Mobile Money systems and they earn a hefty sum for the Telecoms companies even if they remain unused for a mere few days. Is it fair that the status-quo continues? Isn’t it time the consumer was given their due?

Well, some telecoms have come up with a spinoff savings scheme using MM but that is like dragging wool over our eyes as clients. Whether I enroll for the savings scheme or not, for as long as I have my Mobile Money on the phone, it is prudent that any interest earned by the telco be passed on to me too (at least a fraction).

Currently there is no serious modality when it comes to regulation of Mobile Money. Like loan sharks, the players set their rules and determine how the game is played. Apart from the requirement by the Central Bank for the Telcos to have bank accounts that backup the electronic money with actual cash reserves, there is nothing more. When MTN suffered an internal MM fraud setback some years back, it was a result of system manipulation that led to issuing of more electronic money than the actual bank reserves had.

In this era as we transition from paper to digital money, it is prudent that the Bank of Uganda wakes up to its responsibility. They need to move swiftly with the times, work with the Uganda Communications Commission and any other parties to ensure that we have a fair and forward looking environment that will see a greater adoption of MM.

Digital Money is a reality we are faced with and have to ready ourselves to embrace it fully.

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter

Transacting Online? Uganda’s Laws protect you

Nalule ordered for a TV set on one of Uganda’s e-commerce sites after being offered an attracitve deal. She went ahead to pay fully and wait for its delivery. From a two day delivery promise, it turned out to be a 7 day delivery. To make matters worse, she noticed that the product delivered had some slight variations from what was advertised online. Her attempts to question the variations were silenced by the smooth speaking delivery guy.

It eventually took a visit by a tech savvy friend for her to come to the realisation that she had been offered a previous model of the advertised TV set. Cursing herself, she just vowed never to buy stuff online and always go to the shops instead.

Nalule’s tale is not new at all. You might already have been a victim or know someone that has been. The bigger problem here is the failure of the victims to know their rights under the law. Uganda has laws that cater for such occurrences.

So, you ask;

  • How do I know that the online supplier is legitimate?

Whenever you reach any Ugandan e-commerce site, some of the basic information you should expect to find as a consumer is;

  1. full name and legal status of the person (company).

  2. the physical address and telephone number of the person (company).

  3. the registration number, names of directors and place of registration.

  4. the full price of the goods or services, including transport costs, taxes and any other fees or costs.

  5. the return, exchange and refund policy of the person.

  6. where appropriate, the minimum duration of the agreement in the case of agreements for the sale, hire, exchange or supply of products or services to be performed on an ongoing basis or recurrently.

Failure to locate such key information should trigger your alerts.

  • What precautions are in place to ensure I do not make mistakes while purchasing online?

Ugandan e-commerce sites need to offer you the opportunity to;

(a) review the entire electronic transaction;
(b) correct any mistakes; and
(c) withdraw from the transaction before placing an order.

  • In case I have already transacted (paid up) online and I realise that the e-commerce site did not give me adequate information to make the right decision. Can I cancel?

As a consumer you may cancel the transaction within fourteen days (2 Weeks) after receiving the goods or services under the transaction.

  • From the time I used the online services of [company X] I keep getting spam (unsolicited0 messages on email and my phone. What can I do?

Your rights in this case are;

  1. The messages should not be sent to you at a cost.
  2. You should be given an option to cancel the subscription to that mailing list at no cost.
  • I have problems with delivery. The supplier never delivers on time.
  1. Unless there is specific agreement between you and the supplier, you are expected to receive your goods or services within thirty (30) days. Failure to do so, you are entitled to cancel the order by giving a seven (7) day notice.
  2. If the supplier realises for one reason or another that they cannot supply you with the goods or services, they should inform you before the expiry of the agreed time and make any refunds for payments made within thirty (30) days.

Uganda’s legal system is steadily being upgraded to become compliant with the advancements in technology. As we consume technology enabled products and services, we shouldn’t do so in ignorance of our legal rights as consumers. Take time and inform yourself more about the relevant laws and regulations. Find more about them archived here.

Follow @wirejames on Twitter.

Free MyUG WiFi? Kifeesi to go Online

Kifeesi is a renowned criminal gang in Kampala city that has baffled the minds of many. Their daring moves at carrying out broad day light robberies in the busy downtown spots without fear of the law enforcement officers have raised many eye brows. Like the ruthless Mungiki of Kenya, Kifeesi could easily be rated as a younger sibling or rather a Mungiki wannabe. NBS Tv did a good investigation on this gang here.

kifeesi

Kifeesi Criminals arrested. Courtesy picture from Eagle Online

Crime is crime. A criminal mind is always ready to operate anywhere for as long as the terrain is conducive. The recent announcement by the Minister of Information Communication Technology and National Guidance about the free offer of WiFi internet access in Kampala has been met with mixed opinions. Many urban dwelling Ugandans have taken on the use of the internet with a lot of zeal over the past five years. Facebook and WhatsApp seem to have the lion’s share of activity. Free WiFi is seen as “manna from heaven.”

unnamed-2Accessing the free WiFi in Kampala entails being within an area that has the signal hence allowing your phone or mobile gadget to connect. The hotspots have been spread in certain locations for starters with others to follow suit later. As a first time user, you are expected to submit some profile information and then get access thereafter. In keeping with the expectations of Hon. Father Lokodo the State Minister for Ethics and Integrity, no pornography shall be accessible.

Now to Kifeesi. I foresee a re-invention of Kifeesi as this WiFi takes root. A Kifeesi that will no longer be content about merely stealing your phone or robbing you of that pocket change. This Kifeesi is IT savvy. Their goal is to either;

  • Steal your online identity or

  • Con your online friends or

  • Rob your bank account or

  • Blackmail you or

  • Settle scores

How is the new Kifeesi likely to do it?

By identifying a public area that people frequent to access free WiFi, all they need to do is set up rogue WiFi hotspots that have eerily similar names like those of the official HotSpot provider. If the HotSpots by NITA-U are named MyUG (for example’s sake), Kifeesi can setup MyUG1 and then link that hotspot to the internet.

The unsuspecting public will innocently hook onto that hotspot and start chatting away using all sorts of social media utilities (encrypted and unencrypted). Before you know it, you’re availing Kifeesi a lot of information about yourself and others you interact with. What they do with that information is dependent on how much they are willing to go after you. Your login credentials to access various online services can easily be harvested and either sold on the online blackmarket or even used to rob you or endanger others.

Kifeesi Victim

Let us take the case of a one Natabo. She works for a leading bank and is a top level manager. She gets duped into using the Kifeesi WiFi. She quickly gets into her Facebook account, Instagram, Twitter and WhatsApp. As she interacts with her online community of friends, the Kifeesi hotspot is logging all her traffic to and from the internet while diverting it to a separate location for further analysis. After a “nice” time chatting online, she chooses to check her bank email before leaving and this involves logging into the system. Again, her information is logged.

This is phase one for Kifeesi and so far, some success has been registered. Now is the time to go to the next step.

Kifeesi in Action

With basic tools got online, the Kifeesi crew sifts through Natabo’s data and extracts all sorts of unencrypted information that it uses to build a profile of who she is. With sniffed logins and passwords, they are able to undertake further access to her numerous online accounts. The killer comes in when they access her bank email. There-in lies confidential corporate data on various key client accounts as well as the internal workings of the bank.

Kifeesi Next Steps

With the gathered credentials so far, Kifeesi can choose to trade the confidential bank information got from her email to the competition. This is one of the ways industrial espionage takes place of late.

Natabo’s friends can be duped using the various social media accounts into undertaking certain financial transactions under the guise of dealing with her.

Natabo’s secret chats, photo exchanges among others could easily be used to blackmail her into paying a ransom to Kifeesi or else she faces tabloid exposure.

Natabo’s friends could be lured into appointments that could endanger them. The end result would be robbery or even physical harm like rape.

And much more.

Exercise Caution

As you spring out to partake of the free MyUG WiFi, exercise caution. Do not just log onto any hotspot that remotely resembles the official hotspots in name. Ensure that you carefully study the WiFi to be connected to. This will reduce on your level of susceptibility to fraud.

By doing that, you and me can manage the emerging online Kifeesi.

Follow @wirejames on Twitter