How CA procured technology from Israeli firm to monitor Kenyans’ social media activity

A new report compiled by Privacy International, a UK-based charity which investigates the secret world of government surveillance and companies enabling it, indicates that Kenya’s communications industry regulator Communications Authority (CA) contracted an Israeli IT firm to provide it with technology to analyze social media.

The Privacy International (PI) report, titled “Track, Capture, Kill: Inside Communications Surveillance
and Counterterrorism in Kenya” and which was released this week, notes that the procurement of the social media monitoring project “gives further reason to be concerned by the CA’s plans” especially considering the country is heading to elections in a matter of months.

“In late 2016, the CA finalized a contract with Israeli ‘web intelligence’ firm webintPro, according to CA sources. The firm’s HIWIRE technology allows for the capture and analysis of open-source traffic, and is particularly adapted to analyzing social media. Some of the features of the system include the ability to map links between social media users, ‘real time’ surveillance of target objects, presumably individual users. Its virtual HUMINT (human intelligence) platform allows for analysts to proactively engage users online, “switch[ing] identities instantly” for “cloaked target engagement””, states PI, adding that WebintPro did not respond to its requests for comment.

Although PI was unable to confirm that the webintPro contract corresponds exactly to the social media monitoring initiative announced by the CA in January 2017, it notes that webintPro’s technology would be “most suited to the social media monitoring initiative, out of the three announced projects.”

The PI report is an investigation about state surveillance in Kenya, highlighting that a pretext of counter-terrorism is leading to gross human rights abuses and a cycle of arrests, torture and disappearances. It also brings to the fore the techniques, tools and culture of Kenyan police and intelligence agencies’ surveillance capabilities and details what it terms “routine unregulated intelligence sharing between government agencies.”

And it also points to possible collusion between the country’s telcos and government agencies when it comes to communications surveillance, stating that “intercepted communications content and data are used to facilitate gross human rights abuses – to spy on, profile, locate, track and ultimately arrest, torture, kill or ‘disappear’ suspects.”

“Intelligence gained by intercepting phone communications, primarily by the National Intelligence Service (NIS), is regularly shared with units of the police to carry out counter-terrorism operations, particularly the GSU-Recce company and Anti-Terrorism Police Unit (ATPU). These police units have well-documented records of abuses including torture and extrajudicial killing,” notes the report, adding:

“Despite constitutional and other privacy protections, telecommunications operators regularly hand over customer data to both intelligence and law enforcement agencies. Sources who spoke with PI feel that they cannot decline agencies’ requests.”

Coming top on the list of the government agencies with access to peoples’ private communications is the NIS which appears “to have direct access to communication networks across Kenya”. Direct access here means an actor having backdoor access on the phone communications that flow through service providers network, with the service provider having no knowledge of the state’s interception.

“NIS officers use various techniques to access both call content and call data records, including using mobile interception devices. Further methods are documented in the report… Law enforcement agents are present within telecommunications operators’ facilities with the providers’ knowledge. NIS are also informally present in the telecommunication operators’ facilities, apparently undercover, according to current and former telecoms, CA and NIS staff interviewed by Privacy International,” the PI report states.

Dr Gus Hosein, Executive Director of Privacy International said: “This report lifts the lid on the Kenyan government’s uncontrolled powers of surveillance, by collecting unprecedented testimony from current and former law enforcement, military, and intelligence personnel.

“Communications surveillance in Kenya is conducted outside any effective regulatory oversight. The National Intelligence Service (NIS) in particular is operating outside of any meaningful constraints on its far-reaching surveillance powers. Our sources informed us that sensitive surveillance data is shared with police units, including the GSU-Recce company and Anti-Terrorism Police Unit, and used in counter-terrorism operations in which suspects are routinely and gravely mistreated. Surveillance is facilitating the violation of rights guaranteed by the Kenyan constitution: freedom from torture; cruel, inhuman and degrading treatment; and the right to a fair trial.

“The spectre of highly intrusive surveillance can create a chilling effect on freedom of assembly and speech in the run up to elections. In these times of uncertainty and insecurity in Kenya, the practice of communications surveillance must be reformed to uphold the rule of law, and instill public confidence that the government respects the constitution and fundamental human rights.”