New Privacy International investigation today exposed the role of Kenyan government surveillance in facilitating torture and extrajudicial killings.
The investigation is based on unprecedented testimony from dozens of current and former law enforcement, military and intelligence personnel.
Its new investigation about state surveillance in Kenya, it highlights that a pretext of counter-terrorism is leading to gross human rights abuses and a cycle of arrests, torture and disappearances.
The report, entitled ‘Track, Capture, Kill: Inside Communications Surveillance and Counterterrorism in Kenya’ shines a light on the techniques, tools and culture of Kenyan police and intelligence agencies’ surveillance capabilities.
It specifically details the routine unregulated intelligence sharing between government agencies.
PI executive director, Dr. Gus Hosein said communications surveillance is being carried out by Kenyan state actors, essentially without oversight, outside of the procedures required by Kenyan laws.
Intercepted communications content and data are used to facilitate gross human rights abuses – to spy on, profile, locate, track and ultimately arrest, torture, kill or ‘disappear’ of suspects, Hosein claims.
Hosein in his 9, 000 word document claimed his investigations in the country revealed that intelligence gained by intercepting phone communications, primarily by the National Intelligence Service (NIS), is regularly shared with units of the police to carry out counter-terrorism operations, particularly the GSU-Recce company and Anti-Terrorism Police Unit (ATPU).
“These police units have well-documented records of abuses including torture and extrajudicial killing,” claimed Hosein in his investigation.
He said, “Despite constitutional and other privacy protections, telecommunications operators regularly hand over customer data to both intelligence and law enforcement agencies”.
He disclosed that sources who spoke with PI felt that they cannot decline agencies’ requests. The report reveals that the NIS appears to have direct access to communication networks across Kenya.
Direct access means an actor has backdoor access to phone communications that flow through service providers.
In this case, it is unlikely that the network operators had knowledge of the state’s interception, says Hosein in his investigation report.
He adds that NIS officers use various techniques to access both call content and call data records, including using mobile interception devices. The report, whose details is the work of research carried out in February, indicates that law enforcement agents are present within telecommunications operators’ facilities with the providers’ knowledge.
“NIS are also informally present in the telecommunication operators’ facilities, apparently undercover, according to current and former telecommunications, Communications Authority and NIS staff interviewed by Privacy International.
The investigation details both the ‘above the board’ and informal practices. Agency and company responses to requests for comment by Privacy International are included in the report.
In advance of the August 2017 Presidential elections, the reports reveals that, the Communications Authority has launched several disturbing initiatives, including a project to monitor social media content, whose potential capacities are discussed in the report.
The report by PI lifts the lid on the Kenyan government’s uncontrolled powers of surveillance, by collecting unprecedented testimony from current and former law enforcement, military, and intelligence personnel.
“The spectre of highly intrusive surveillance can create a chilling effect on freedom of assembly and speech in the run up to elections. In these times of uncertainty and insecurity in Kenya, the practice of communications surveillance must be reformed to uphold the rule of law, and instill public confidence that the government respects the constitution and fundamental human rights,” says Hosein.
At Safaricom, PI revealed that around ten CID officers sit on one floor of the Safaricom central bloc.
They provide information to all police branches. Safaricom also has civilian investigators who sit within the Ethics and Compliance Department of Safaricom, according to PI investigations.
These investigators’ primary responsibilities are to follow up fraud and misuse allegations on behalf of Safaricom, and to assist their law enforcement colleagues in cases in which criminal action may have occurred.
Through an interface, Safaricom officers can query a database that collects information from Safaricom’s call data records, SIM registration, mobile money, and subscriber registration databases.
Law enforcement liaison officers are separately able to input requests into a query queue; the interface will render data according to the priority/time it was submitted, according to police investigators and Safaricom staff.
Standard call data records list the phone numbers of the initiating and receiving devices, the location of the base transceiver station (BTS), the type of communication (whether call or SMS), and the duration of the call.
Safaricom stated to PI that “only authorised Safaricom staff have access to systems and tools that can access confidential customer information and this access is controlled and monitored.”
Officially, law enforcement requests for data to Safaricom require a letter of justification, written by an investigating officer, signed by his or her superior, and provided in hard copy or emailed to the Safaricom law enforcement liaison, according to current and former police investigators.
The reason does not, however, have to be detailed – often a statement of the category of crime under investigation will suffice.
Responding to Privacy International, Safaricom CEO Bob Collymore stated that Safaricom “ha[s] no relationship with NIS as relates to communication surveillance in Kenya; and we do not have any officers or other representatives of the NIS who are employed, formally or informally, at Safaricom.”