POTRAZ’s subscriber database might not track you, but it can identify you

Recently, POTRAZ published an interesting call to tender in the press.

The tender called for:

Eligible bidders for the supply, installation and commissioning of a National Central Subscriber Information Database System (NACSID) and associated hardware and networking infrastructure

A National Central Subscriber Information Database System?

In simple terms, it is a National Directory of registered mobile subscribers.

All information provided to mobile network operators on sim card registration will be recorded in this directory.

The database of subscribers will be pooled from existing databases of licensed mobile network operators in Zimbabwe.

The mobile operators already had our information since POTRAZ enforced its Statutory Instrument 95 of 2014,requiring that:

No service provider shall activate a SIM-card on its telecommunication network system or provide a telecommunication service unless the customer details have been registered

According to the same SI, where the client is a natural person, registration of a sim card requires: full name; permanent residential address; nationality; gender; subscriber identity number; national identification number or passport number.

From what we have gathered so far, the establishment of a National Directory has been in POTRAZ plans for the past two years.

So now POTRAZ is finally making steps to implement its plans and establish its own centralized database.

POTRAZ expressed its intentions of establishing a “Central Subscriber Information Database” in which “all subscriber information shall be stored” in its Statutory Instrument 95 of 2014.

POTRAZ main reasoning for establishing a database included the ability to:

  • monitor service providers’ compliance with the provisions of regulations
  • assist with the operation of the emergency call services or assisting emergency services
  • assist law enforcement agencies or safeguarding national security
  • assist with the provision of mobile-based emergency warning systems
  • authorize/allow for research in the sector

On the issue of access to subscriber database, POTRAZ outlined that access to any subscriber information stored in the service provider registers and central database shall be prohibited except on the following grounds-

  • the operation of the emergency call services or assisting emergency services
  • assisting enforcement agencies or safeguarding national security
  • the provision of mobile-based emergency warning systems
  • undertaking approved educational and research purposes
  • assisting the Authority to verify the accuracy and completeness of information held by licensed operators

The only relief to subscribers being that:

any person who is aggrieved by any unlawful use of his or her personal data shall have the right to seek legal redress

There are two issues we have identified as possible causes for concern:

  1. In POTRAZ’s reasoning for establishing their own database, they state that they intend on assisting law enforcement agencies or safeguarding national security.
  2. The information in the database is accessible to any enforcement agency or entity safeguarding National Security.

Based on the information contained in the SI, POTRAZ is not integrating with existing MNOs they are just receiving a copy of their records and plugging into a stand-alone database.

Service providers shall, on a monthly basis or at such regular intervals as the Authority may from time to time specify, transmit to the Authority all subscriber information captured in their subscriber registers within the preceding month or such period as stipulated by the Authority in accordance with these regulations.

The Authority shall set up mechanisms that will enable data controllers to conduct periodical compliance audits to verify the accuracy of data submitted by service providers.

POTRAZ will not be able to track you, just identify you.

With this National Directory, POTRAZ can simply receive a request from an approved source, identify you on all mobile networks, and provide them the information you produced on SIM registration.

The Police, for example, can now simply approach POTRAZ with your ID or name, get information from POTRAZ of what lines you are registered with, take this information to MNOs and proceed with their investigation from that point on (voice call recordings, text message logs tracking etc) based on the Interceptions of Communication ACT without all the red-tape involved in approaching a MNO.

Although this could be a major concern to most subscribers, the database does have a benefit.

There is a depressing lack of research and statistics in the telecommunications industry in Zimbabwe.

Having a centralized database will help ease research into the state of Telecoms in Zimbabwe, we have long suspected we are being misled by some of the facts and figures we receive from Mobile Network Operators reports with the SI stating that:

Persons seeking to use statistical subscriber information for approved research purposes are required to apply to the Authority, specifying the reason for which they seek to use the information.

Please share what you think of POTRAZ having a National Database of Subscribers, its intentions and how it could impact you in our comment section

You can download POTRAZ’s Statutory Instrument on SIM registration and establishing a National Database here .

 

 

 

 

 

 

 

 

 

 

 

,

8 comments

  1. Eddie

    Has any other country implemented such a system?

    1. Macd Chip

      UK, US, Canada, l can say almost all western countries, their secret services have access any databases within their borders and beyond

  2. Muzukuru

    Yes we will be able to research what parties people are supporting, whether they support the right or wrong party, who is abusing this social media thing and all that.

  3. justin

    Chembere in Chief running scared

  4. tinm@n

    South Africa has its RICA act to govern interception of communications ( https://en.m.wikipedia.org/wiki/Regulation_of_Interception_of_Communications_and_Provision_of_Communication-related_Information_Act,_2002 )

    The Data is supposedly accessible to law enforcement only, but accusations have been made that data is sold by individuals to commercial entities.

  5. Steve Song

    This database, combined with an IMSI sniffer, is possibly the cheapest, most invasive tool for the violation of privacy…. ever. Imagine flying a helicopter over a demonstration with an IMSI sniffer and being able to identify every single person who participated in the demonstration. https://manypossibilities.net/2012/09/35-reasons-to-worry-about-privacy-in-africa/

  6. Zanu yakadhakwa

    Saka ndikariba database iroro ndaita mari zve

  7. Macd Chip

    Right move, we as a country need! But with the corruption is going on Zim, the database can be a dangerous tool.

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.
Exit mobile version