Tag Archives: Telecoms

The disregard for Data Privacy in Uganda

Posted on April 6, 2017 | 1 comment

In the late 90s, as a Systems Administrator for Starcom, one of the pioneer Internet Service Providers in Uganda, I had the privilege of managing the Email server and in the process got to know which email accounts were used by StateHouse as well as the Kabaka of Buganda. Out of pure professional ethics, not even once did I snoop to find out what kind of communication they were undertaking. As the overall administrator of the server, I had unlimited privileges that I could have chosen to abuse at will or in exchange for a few pieces of silver. That was then.

Close to eight years ago, I got to learn about this couple. They were so much in love with one another until the entry of the other girl turned things around. Rita couldn’t stomach it any longer and quit the relationship. Meanwhile, her boyfriend had other ideas. After failing to convince her to reverse her decision, he turned to stalking her. Philip had friends who worked for the Telecom company that his ex girlfriend was subscribed to. With their help, he tracked down her phone interactions in a manner that eventually proved disastrous to her new relationship. To-date, these scenarios are still common with telecom employees willfully playing the role of Judas. I have been told that for as little as UGX 50,000/= one can get phone records for any person of interest without needing a Police or Court order.

When it comes to the banks, someone I will call Mark has had banking records involving his credit cards and other transactions given to his wife without his approval. How she accesses the information is still a mystery to him. The bank in question is a leading international bank whose professionalism you would ordinarily not put to question. He is now scared because if his wife can easily get such information, then what happens in the event that someone who has ill motives makes a move for the same?

The case of Bank connivance in the death of an Eritrean Businessman in Uganda is very telling. The Inspector General of Police came out decrying the presence of a Mafia Network in the banking system. Airtel was recently too accused of abetting number plate theft. These are matters not to be taken lightly.

There has been a fresh demand by the Uganda Communications Commission to ensure that sim card registration is adhered to. In a recent press release, the to-do list had among others a requirement that, database reconciliation/verification to be done by operators in liaison with NIRA (National Identification and Registration Authority). This has caused a lot of concern. The depth of information that NIRA has about individuals is so much and if shared carelessly with other providers whose lackluster approach to confidentiality is well known, the threat on individuals is likely to be made worse. Whereas thugs have always had only phone records to contend with, now they are likely to have residential information, next of kin thereby making it easier for them to plan kidnaps for ransom.

I have a bone to pick with UCC for the haphazard manner in which some interventions are undertaken. After huffing and puffing about sim registration and fines to Telcos that do not comply, many of us were under the impression that this matter had been settled as far back as 2015. It is a shame (a very big one) to realise that it had to take the death of a high profile individual for the same institution to bring this matter to a close. I cant shake my head enough to show my disappointment. However, that is a story for another day.

Now that private data is being aggregated with the potential for sharing it with providers in future, what should be done to ensure that we minimise its abuse?

  • Enact a Data Protection law

This is a law that prohibits the disclosure or misuse of information held on private individuals. The cases cited in this article can easily be pursued legally once the appropriate laws are in place. The Data Protection and Privacy Bill 2014 already has the desired provisions. These include;

Section 27 Unlawful obtaining and disclosure of personal data

(1) A person shall not knowingly or recklessly –

(a) obtain or disclose personal data of the information held or processed by a data controller; or

(b) procure the disclosure to another person of the information contained in personal data.

(2) A person who contravenes this section commits an offence and is liable on conviction to a fine not exceeding one hundred and twenty currency points  or imprisonment not exceeding five years or both.

Section 28 Sale of personal data

(1) A person shall not sell or offer for sale personal data of any person.

(2) A person who contravenes subsection (1) commits an offence and is liable on conviction to a fine not exceeding one hundred and twenty currency points or imprisonment not exceeding five years or both.

NB: Please note that One Currency Point is equivalent to UGX 20,000/=

  • Limit the amount of information shared with third parties

UCC should ensure that going forward, NIRA does not share all users’ information with the Telcos or any other third parties. This can be made possible through the use of software interfaces which limit the kind of access one can have to the National ID database. This is something within the means of NIRA to achieve in a short a time as one week.

Other than that, I look forward to the day when employees as well as companies whose staff are involved in illegal use of private consumer data are made accountable for their ill deeds. Many are suffering out there silently having been victims of this unprofessional conduct. Others have had to pay for it with their lives. We cannot afford to wait any longer.

James Wire is a Small Business and Technology Consultant based in Kampala, Uganda

Follow @wirejames on Twitter.

Email lunghabo [at] gmail [dot] com

Other articles of interest:

1 Comment

Posted in Technology

Tagged , , , , , , ,

The MTN NightShift Robbery – #MTNDataBlackHoles

Posted on February 3, 2016 | 9 comments

Two years ago I took keen interest in Astronomy and even went ahead to purchase a telescope just to fulfill my dream of being a self taught astronomer. However, it’s until I joined a WhatsApp group of Astronomers that I begun walking the talk. In the process, I have learnt a lot and one of the most peculiar things I have found about our universe is the Black Holes.

A black hole is a place in space where gravity pulls so much that even particles and light can not get out. As you may recall, gravity is the force that attracts one body towards another that has mass, akin to what makes us always naturally stay on the ground as opposed to floating all over the place.

Screen Shot 2016-02-03 at 15.48.36

Illustration of a Blackhole

Due to the intense gravitational force that blackholes have, whatever criss crosses their path is always devoured, unless of course if it can travel at a speed faster than light. It’s the reason they have earned themselves the name Cosmic Cannibals.They devour whatever they come across since theoretically, nothing can move faster than the speed of light.

Wondering what this lecture on Astronomy has to do with MTN Uganda? Well, read on.

As an avid internet user, I was one of those that enthusiastically embraced the advent of the Night Shift Data packages that were pioneered by the then Orange Telecom (Now Africell). When MTN Uganda introduced a similar package, I simply came on board since I always needed a backup in case one provider misbehaved.

What is Night Shift? This is a data bundle package that gives you 1GB data access to the internet between Midnight and 6am daily on the MTN network.

As a night shift user, you re expected to start operating from Midnight of any given day until 6am in the morning of that same day. This offer is very lucrative especially for the data greedy guys like me. At the cost of less than a dollar, I find it one of the best deals that give me a great opportunity to utilise my weekend night time within the confines of my home.

In the course of it’s usage, I usually finished my data package by 4am but when I started off going all the way till 6am, a worrying trend begun surfacing. Somehow after 5am, connectivity begun to get interrupted and for a while I blamed myself and my gadgets. Then I once heard from someone else complaining about a similar experience I was all too familiar with. That is when I decided to call up my skills as an ISP techie. At least I knew how to traceroute, ping, nslookup (made obsolete by dig) as well as sniff and decode traffic in Hex.

On the 6th of September 2015, while following up with MTN on the case of a user who had experienced a shock after the Night Shift service apparently ‘expired’, I received a report from MTN indicating the usage which revealed that she had used 332.844 Mbs and had a balance of 667.156 Mbs at the time of expiry. This got me fired up to verify whether it was a one off problem or a consistent con unknown to MTN customers.

I tested for a couple of nights and my findings were as follows;

  • 0000 to 0500 hours – Great connectivity, you surf the way you like without any interruptions. Downloads work like a charm.

  • 0500 to 0600 hours – Interrupted connectivity. The system is designed not to allow you to make complete downloads as you keep getting disconnected. Another feature at this time are the false triggers of the Bundle being used up (a big hoax).

MTN Uganda for sure is aware that for the average consumer, they will believe all they see and consider that the problem is on their part. Calling customer care, you are belittled by their kind of patronising language that brands you guilty until proven innocent. I once had to do the unusual and arrogantly assure one of the wannabe techies that I’ve been there done that when it comes to Internet Systems while he was still getting padded in diapers.

The Screenshots that follow attest to the extensive work I did to follow up the issue with MTN Uganda.

Screen Shot 2016-02-03 at 15.05.12

The anger levels were way up there.

Screen Shot 2016-02-03 at 15.05.32

Feeling helpless, I resigned to giving them a piece of my mind.

Screen Shot 2016-02-03 at 15.05.50

After the promise they made on the 12th of September 2015 to follow up, I received no response until I prompted them on the 4th of October 2015.

Screen Shot 2016-02-03 at 15.06.26

In this message, MTN admitted that they do have a problem. It therefore came as a shocker to me when I saw a recent post by a fellow tweep complaining about a silimar issue and I was CCed in the ensuing fray.

Screen Shot 2016-02-03 at 15.36.24

I then chose to remind MTN of their unfulfilled promise and they shocked me with the response below.

Screen Shot 2016-02-03 at 15.35.45

To be honest, either people think along parallel lines at MTN or there is someone very incompetent who seems to be content with mediocrity. This is when the likes of Mr. Eric Van Veen are greatly missed.

Now these are direct questions I have to MTN UGanda;

  1. Why do we lose our data inexplicably?
  2. Why is the loss consistent?
  3. Why have you failed to come out and address your customers on this issue?
  4. Are you having staff within the company who conveniently hide information from the top honchos?
  5. Is there an internal data thieving racket whose aim is to rob we the legitimate customers of our data bundles?
  6. Why are you foot dragging? Is it because the loss isn’t on your side?

Whatever that #DataBlackHole is at MTN Uganda, it’s definitely not a Stellar Mass Black Hole but a Super Massive Black Hole that makes a joke of the one at the center of our Milky Way Galaxy. As for now, I want to warn any MTN Night Shift customer to desist from using the service beyond 5am as you will risk entering the Event Horizon of that blackhole. Use up your data bundle before that time to avoid being cheated.

Over to you MTN Uganda

If you have been a victim of this, contact me with your details so I can prepare a protest letter to the Uganda Communications Commission on this issue.

 

9 Comments

Posted in Technology

Tagged , , , , , ,