Malawi CDR ‘Spy Machine’ Coming Soon

The Malawi Communications Regulatory Authority (MACRA) has announced its long-delayed national telecoms revenue assurance system will be implemented soon. Whilst MACRA calls it their Consolidated ICT Regulatory Management System (CIRMS), critics in the press and public have dubbed it a ‘spy machine’. Opponents of MACRA argue that the centralized collection of CDRs may be used to infringe the privacy of Malawi’s 6 million phone subscribers.

The project to acquire a CIRMS system was initiated in 2008, and MACRA purchased equipment in 2010. However, progress was halted due to a protracted legal battle which saw the High Court uphold an injunction that prevented MACRA from collecting CDRs. MACRA appealed to the Supreme Court, who finally overturned the High Court’s ruling in September 2014.

Many aspects of this row are similar to those found in other African countries. MACRA and the Malawi government argue that more control is necessary to assure taxes paid by telcos. These taxes include international termination fees and Value Added Tax. They also say their system will benefit telecoms customers. The Minister of Information, Civic Education and Tourism, Kondwani Nankhumwa, reportedly stated at a recent press conference:

… the machine will improve the quality of services…

In contrast, telcos state that other audits have shown no evidence of underpayment of taxes. Both sides have had plenty of time to rehearse their arguments; I see no substantial changes since I first covered the topic in 2011.

MACRA says the CIRMS system will cost USD14mn, and this will be covered by the amounts raised from international termination fees. In their press release, they state:

the benefits from utilizing the system outweigh the anticipated costs.

It is frustrating to see governments and regulators make claims like these without bothering to show any supporting evidence. You do not need to examine every CDR in the country to do a tax audit. If taxes are being cheated, a competent auditor should be able to find sufficient evidence from sample checks. MACRA’s persistence with this project suggests their decisions are driven by dogma instead of data. If they are wrong in their calculations, then every penny of the USD14mn cost will ultimately be paid by ordinary people, through higher call charges.

As for the argument that a central repository of CDRs will encourage a higher quality of service, I find that laughable. What magic does the regulator think it will do with all those CDRs, other than adding them up and reconciling them to the amounts of money they have received?

MACRA themselves state that:

… this project is unique with no off shelf (sic) alternative.

There is a reason this project is unique. It is because governments and regulators in other countries see no reason to collect every single CDR for every single call. If others do not have a system like this, how can Malawi’s authorities make extraordinary promises about improving services as well as gathering more taxes?

Awareness of the perils of CDR collection has moved on since MACRA initiated their project, even if MACRA’s arguments have not changed at all. The world can turn its eyes toward the example set by the USA, whose authorities also needed to justify blanket collection of CDRs. In that case, the leak of secret court orders revealed that the NSA was gathering huge swathes of call data. The subsequent justification offered by the NSA was that the data is needed to identify relationships between potential terrorists. In other words, the NSA gathers CDRs for the purpose of surveillance. Meanwhile, Malawi’s government says they will implement a comprehensive centralized database of CDRs, but they will not use it for surveillance purposes. Does this sound even remotely plausible? If they cannot audit a tax return without such an extensive data gathering operation, why would they deny themselves the opportunity to use the same data to fight terrorists, combat organized crime, or spy on customers for any other reason they see fit?

I do not doubt that Malawi’s government and regulator are legally entitled to do what they are doing, even if it took years of courtroom battles to confirm that. But they should treat Malawi’s citizens and phone subscribers with more respect, giving a proper explanation of why Malawi needs this system when other countries do not.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.