Article 31 of the Constitution states, "Every person has the right to privacy, which includes the right not to have (a) their person, home or property searched; (b) their possessions seized; (c) information relating to their family or private affairs unnecessarily required or revealed; or (d) the privacy of their communications infringed."
But Article 24(1) also states, "A right or fundamental freedom in the Bill of Rights shall not be limited except by law, and then only to the extent that the limitation is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom, taking into account all relevant factors, including (a) the nature of the right or fundamental freedom; (b) the importance of the purpose of the limitation; (c) the nature and extent of the limitation; (d) the need to ensure that the enjoyment of rights and fundamental freedoms by any individual does not prejudice the rights and fundamental freedoms of others; and (e) the relation between the limitation and its purpose and whether there are less restrictive means to achieve the purpose.
The proposal by the Communications Authority––a proposal that seems to have been made to all telecommunications' services providers in Kenya since at least September 2016––that telecommunications' services providers shall allow a private contractor of the Communications Authority to install a "link at the data-centre or the mobile switching room" that shall "terminate close to the core network elements that shall integrate to the DMS solution", according to the Daily Nation, to "track countefeit phones" has met with suspicion that the purpose of the "link" is to spy on phone users by accessing their phone calls, text messages and other data without having to obtain a warrant from a court of law, an invasion of privacy that many will challenge.
Assuming that the alleged nefarious scheme by the Communications' Authority s true, can it actually do so? Article 31 can be limited if the limitation meets all the criteria set out in Article 24. Therefore, yes, the Communications Authority can, for lack of a better word, spy on you through your mobile phone.
Mr Wangusi, the chief executive officer of the Communications Authority, says that this "link" will be used to track counterfeit mobile phones. Few believe him. But if that were true, Mr Wangusi has not made any attempt to demonstrate that other less intrusive measures have failed. In 2012, the Communications' Authority's predecessor, the Communications Commission of Kenya, proposed to "switch off" millions of "fake" mobile phones that were in use in Kenya. Little, if anything, is known about the 2012 exercise, including whether or not it was successful and what the Communications Authority had done since then to prevent counterfeit mobile phones from being activated in Kenya.
In 2012, the big switch off revolved around the International Mobile Equipment Identity (IMEI) number, a fifteen-digit code, that identifies each mobile device that has been activated on any mobile network in the world. These IMEI numbers are entered into a global Equipment Identity Register (EIR) principally to help manufacturers track counterfeiters and sue them for intellectual property theft. The Communications Authority, hand in hand with telecommunications services providers, can still use IMEIs and the EIR to identify and track counterfeit phones. Why they need an advanced system with the potential of being used as a tool for violating Kenya's right to privacy remains unexplained.
The Communications Authority can limit Kenyans' right to privacy but before it does so, any Kenyan can challenge the Communications Authority's actions in the High Court. I don't believe Mr Wangusi and his other officers will be able to persuade a High Court judge that this "link" is "is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom" or that there isn't a "less restrictive means to achieve the purpose". I wonder if he ever will.