Press Statement By Mr. Francis W. Wangusi,MBS Director General, Communications Authority of Kenya (CA), On Misleading Media Reports on The Regulatory Tool for Curbing Counterfeit Devices on Mobile Networks

Abstract
The Communications Authority of Kenya (CA) issued a press statement clarifying the purpose and operational scope of its regulatory tool for curbing counterfeit mobile devices, specifically the Device Management System (DMS). The statement by Director General Francis W. Wangusi aimed to dispel misleading media reports alleging that the DMS was intended for surveillance and accessing private user data. The CA affirmed that the DMS is designed solely to identify and block counterfeit, substandard, non-type approved, and stolen devices from accessing mobile networks, thereby safeguarding network integrity, consumer quality of service, and national security. This clarification underscores the Authority's commitment to its statutory mandate under the Kenya Information and Communications Act, 1998, to ensure a secure and compliant telecommunications environment.
Introduction
The proliferation of counterfeit mobile devices poses significant challenges to regulatory authorities, network operators, and consumers alike, impacting service quality, revenue generation, and national security. In response to these persistent concerns, the Communications Authority of Kenya (CA) has consistently sought to implement robust regulatory frameworks and technological solutions. However, such initiatives often face public scrutiny and, at times, misinterpretation, necessitating clear communication from the regulator.
It was against this backdrop that Mr. Francis W. Wangusi, MBS, the then Director General of the Communications Authority of Kenya, issued a pivotal press statement addressing what he termed "misleading media reports" concerning the Authority's regulatory tool for curbing counterfeit devices on mobile networks. The statement specifically targeted claims that the Device Management System (DMS) was intended for monitoring and accessing the private data of mobile phone users. This article delves into the CA's clarification, examining the legal underpinnings of its anti-counterfeiting efforts and the broader implications for the Kenyan telecommunications sector and its consumers. The CA's response highlights the critical balance between deploying technological solutions for market integrity and upholding the fundamental right to privacy within Kenya's evolving ICT regulatory landscape.
Background
The regulatory framework governing the telecommunications sector in Kenya is primarily established by the Kenya Information and Communications Act, 1998 (No. 2 of 1998) (KICA). Under Section 23 of KICA, the Communications Authority of Kenya (CA) is mandated to ensure that consumers are protected from substandard ICT apparatus and enjoy quality communications services. This mandate extends to regulating the type approval of communications equipment, a crucial mechanism for ensuring that devices meet prescribed technical standards, are compatible with local networks, and do not pose risks to users or infrastructure.
The challenge of counterfeit mobile devices in Kenya is substantial, leading to degraded quality of service, network optimization issues, and significant security threats due to the untraceable nature of such devices. Historically, the CA has deployed various systems to ensure that only authorized and genuine communications devices are in use. The type approval process, which is mandatory for all telecommunications equipment imported or distributed in Kenya, serves as a primary line of defense against non-compliant products, guaranteeing network protection, consumer safety, and market integrity. The ongoing efforts to combat counterfeiting are also complemented by the broader national framework established by the Anti-Counterfeit Act, 2008 (No. 13 of 2008), which prohibits trade in counterfeit goods and established the Anti-Counterfeit Authority (ACA) to enforce anti-counterfeit measures across various sectors.
Analysis
The core of Mr. Wangusi's press statement was a direct rebuttal of allegations that the Device Management System (DMS) was a tool for state surveillance. The misleading media reports claimed that the CA intended to use the DMS to monitor and access private data, including voice calls, SMS messages, and mobile money transactions, in blatant breach of law. The CA unequivocally denied these accusations, clarifying that the DMS's sole purpose is to manage the menace of counterfeit, substandard, non-type approved, and stolen devices.
The DMS operates by populating a 'whitelist' of genuine devices based on their unique International Mobile Equipment Identity (IMEI) numbers. Once deployed, this system facilitates the denial of service to all illegal communication devices within the country, including SIM boxes, counterfeit, substandard, non-type approved, and stolen devices. The Authority emphasized that the system does not access a subscriber's personal information but rather queries a database to determine if a device is genuine or blacklisted, with mobile operators then responsible for blocking blacklisted devices. This mechanism aligns with the CA's long-standing practice of utilizing IMEI numbers for device verification, as evidenced by its free mobile messaging service (*#06# to 1555) that allows consumers to ascertain the authenticity of their devices.
The legality of the DMS has been a subject of contention, with digital rights activists raising concerns about potential surveillance and privacy violations. However, after several years of court appeals, Kenya's Supreme Court granted the Communications Authority of Kenya permission to proceed with the DMS program, affirming its legal basis. This judicial endorsement provides a strong foundation for the CA's implementation of the system, despite ongoing privacy debates. Furthermore, the CA's efforts are part of a broader, multi-agency approach to combat illicit devices, including collaborations with the Kenya Revenue Authority (KRA) on a Mobile Device Declaration System to ensure tax compliance for imported and assembled devices, also leveraging IMEI numbers. This demonstrates a comprehensive strategy to regulate the device market from various angles, including intellectual property protection, technical standards, and fiscal compliance.
While the CA maintains that the DMS is strictly for device authentication and not surveillance, the persistent concerns from privacy advocates highlight the critical need for transparent implementation and robust data protection safeguards. The Data Protection Act (No. 24 of 2019) in Kenya provides a framework for the protection of personal data, and any system collecting or processing IMEI numbers, which can be linked to device usage and potentially identify individuals, must strictly adhere to its principles. The Authority's commitment to consulting with mobile network operators and consumer protection organizations during the deployment of the DMS is crucial for building trust and ensuring that the system operates within legal and ethical boundaries.
Conclusion
The Communications Authority of Kenya's press statement on the Device Management System serves as a vital clarification of regulatory intent amidst public apprehension. For legal practitioners, the statement reinforces the CA's unwavering commitment to its statutory mandate under the Kenya Information and Communications Act, 1998, to ensure a market free from counterfeit and non-compliant mobile devices. The Supreme Court's affirmation of the DMS's legality provides a clear judicial precedent for the Authority's actions, solidifying the legal framework for combating illicit devices.
Practitioners advising mobile network operators, device importers, manufacturers, and retailers must emphasize strict adherence to the CA's type approval regulations and the impending operationalization of the DMS. Due diligence in verifying device authenticity via IMEI numbers and ensuring compliance with all technical specifications and tax obligations is paramount to avoid penalties and service denial. While the CA has sought to allay privacy concerns, ongoing vigilance regarding data protection compliance, particularly under the Data Protection Act, remains crucial. The multi-agency approach, involving the CA, KRA, and ACA, signals a comprehensive national strategy against counterfeiting, requiring all stakeholders to stay abreast of evolving regulations and collaborative enforcement efforts to foster a secure, compliant, and high-quality telecommunications environment in Kenya.
Citations
- 1.Communications Authority of Kenya, "Press Statement By Mr. Francis W. Wangusi,MBS Director General, Communications Authority of Kenya (CA), On Misleading Media Reports on The Regulatory Tool for Curbing Counterfeit Devices on Mobile Networks"
- 2.Kenya Information and Communications Act, 1998 (No. 2 of 1998)
- 3.Anti-Counterfeit Act, 2008 (No. 13 of 2008)
- 4.Data Protection Act, 2019 (No. 24 of 2019)
How does this affect your business?
Get an AI analysis of this article grounded in your jurisdictions, practice areas, and any policy documents you've uploaded to Wansom.