advertisement
Communications Authority directs mobile operators to suspend SIM cards unduly registered
Mobile operators in Kenya have until end of this week to review subscriber registration database and subsequently suspend all SIM…
Mobile operators in Kenya have until end of this week to review subscriber registration database and subsequently suspend all SIM cards whose registration status do not comply with Simard Regulations stipulated by the Communications Authority of Kenya (CA).
The Authority has warned that failure to heed the directive will prompt a penal action against Mobile Network Operators (MNOs) and subscribers for flouting laws on SIM card registrations.
“We are urging MNOs to review their respective subscriber registration databases and confirm that SIM cards that are unregistered, partly registered, improperly or un-procedurally registered, fraudulently registered, and SIM cards with multiple ownerships are immediately switched off and no longer reside on their network going forward from their networks,” Engineer Francis Wangusi, CA Director General.
advertisement
The Communication Authority of Kenya had in May 2015 issued an update on the status of adherence to the Kenya Information and Communications Regulations, 2015, which require Mobile Network Operators to register all SIM-cards prior to activation. This followed the rampant hawking of SIM cards which is a contravention of the law.
“We are urging MNOs to review their respective subscriber registration databases and confirm that SIM cards that are unregistered, partly registered, improperly or un-procedurally registered, fraudulently registered, and SIM cards with multiple ownerships are immediately switched off and no longer reside on their network going forward from their networks.”
Engineer Francis Wangusi, CA Director General
The Authority directed mobile operators to suspend all SIM cards whose registration status were not in compliance with the SIM card registration Regulations. Despite this directive, the Authority continued receiving reports, which were also corroborated by law enforcement agencies, that there were still some unregistered SIM cards that were still active on the mobile networks. These reports were contrary to returns from the Mobile Network Operators that claimed total compliance with the SIM card registration obligations.
advertisement
CA warned: “Failure to which immediate regulatory action shall be instituted in line with the provision of the Kenya Information and Communications (Registration of SIM cards) Regulations, 2015.”
SIM card registration is aimed at enhancing national security by making it possible to trace details of subscribers engaged in criminal activities such as hate speech, mobile money conman-ship, extortion or demanding for ransom in kidnapping cases.
In light of the gravity of this matter, the Authority subsequently undertook an exercise to verify the extent to which the operators had adhered to the SIM card regulations. This included market surveillance and forensic audit of the operator data.
advertisement
- Market Surveillance
The market surveillance revealed that a number of agents do not request for identification documents at the point of purchase of the SIM cards. There is also little or no verification of the identities of SIM card buyers vis-a-vis the documents they have presented. It was further noted that hawking of SIM cards was still rampant, and in some cases, the agents were charging buyers an additional fee for registration.
Following the afore-cited findings, the Authority, in partnership with other government agencies, and pursuant to Section 27 of the Kenya Information and Communications Act, 1998 and the Regulation 4 and 11 of the Kenya Information and Communications Regulations 2015, undertook a forensic audit on subscriber registration by the mobile operators.
- Forensic Audit
The audit focused primarily on determining whether all the subscribers were properly registered in accordance with the law. It also sought to establish the completeness and accuracy of the registration data.
The audit revealed that while all the MNOs had data access security policies in place, there were a number of non-conformities with the SIM card registration regulations. In cases where subscribers used passports as a form of identification, various anomalies were noted, especially in the numerical length of the Kenyan passports.
According to the findings, it was evident that operators are not in control of the agents. This was occasioned by weak controls in management of SIM sales agents. In most cases, a dangerous trend was noted where the databases that had records which appeared to have been populated from other secondary sources. Other SIM cards were found to have multiple registrations with different identity details, with potential use for criminal purposes.
- Findings
On overall, the audit showed that the data in the subscriber databases of the MNOs was incomplete and inaccurate, pointing to the need for a verification system to help enhance authenticity of the data. It was also noted that the agreements between the operators and agents are purely commercial and do not place any obligations on the agents with respect to adherence to the SIM card regulations. This is a dangerous trend that jeopardises the security of citizens in the country and must therefore stop.
- Recommendations
a) To review their respective subscriber registration databases and confirm that SIM cards that are unregistered, partly registered, improperly registered, fraudulently registered, and SIM cards with multiple ownership are immediately switched-off and no longer reside on their network going forward from their networks. Failure to which immediate regulatory action shall be instituted in line with the provision of the Kenya Information and Communications Regulations, 2015.
b) To ensure agents verify identification documents with the Integrated Population Registration System when subscribers present them at the time of registration.
c) To submit to the Authority, details of agents and sub-agents that deal in sales and subscriber registration on their behalf. The details required include the company registration details, number of outlets and locations in which they operate, duration in which such agents have been in operation, contacts details, ownership details, among others.
The Authority has also initiated discussions with the Ministry of Interior and Coordination of National Government on possibility of accessing the Personal Identification Secure Comparison and Evaluation System for online verification of passport details.