Nigeria Issues RFQ for National Phone Tracking System to ‘Fight Cybercrime and Insecurity’

Last week the Nigerian Communications Commission (NCC) issued a Request For Qualification (RFQ) from potential suppliers of a “single window Device Management System (DMS)”. The system will track all mobile phones and any other device with an International Mobile Equipment Identity (IMEI) number. The initial spin is that the DMS will be used to disconnect counterfeit and cloned phones though there is obvious potential for many other uses, some of which would intrude upon an individual’s privacy, depending on the specific capabilities of the eventual system. Prospective suppliers have until June 3 to respond to the RFQ.

This is how the NCC summarized the stated objectives for the DMS project.

Specifically, the proposed DMS will support capabilities for tracking of mobile communication devices to eliminate fake and substandard devices, provide detailed statistical information for stakeholders use, and support the fight against cybercrime and insecurity.

A more detailed document with the title of ‘Project Information Memorandum’ helps to clear up some of the confusing wording surrounding the RFQ as well as elaborating the intended uses for the DMS. The single ‘window’ appears to be a euphemism for a single control point, so the NCC only needs to use one interface to block any kind of phone from any Nigerian network. The memo also provides a comprehensive list of justifications for purchasing the DMS:

  • Curtail the counterfeit mobile phone market by permitting only registered IMEI number (sic) on the network
  • Discourage mobile phone theft, by making inoperable devices that appear on the network with a flagged IMEI number
  • Enhance national security by eliminating illegal devices
  • Facilitate blocking or tracing of stolen mobile phones and other smart devices
  • Increase revenue generation for the government
  • Mitigate the use of stolen phones for crime
  • Protect consumer interest
  • Reduce the rate of kidnapping
  • Serve as a repository for keeping records of all registered mobile phones’ IMEI and owners of such devices
  • The system will contribute to fair trade and competition in the market

The Nigerian government has long sought to tackle criminal gangs and terrorist groups like Boko Haram by preventing them using mobile phones to coordinate their operations, and this explains why one of the stated objectives is to reduce kidnappings. In 2015, MTN Nigeria was rocked by the announcement of a NGN1.04tn (USD5.2bn) fine because of perceived failures to stop the distribution of unregistered SIMs, though a change of CEO and prolonged negotiation ultimately saw the penalty reduced to NGN330bn (USD1.7bn). Shifting the focus from SIM cards to IMEIs signals a new phase in the way the Nigerian government wants to control who uses electronic communications.

Privacy activists are likely to be concerned by the vague reference to the DMS gathering “detailed statistical information for stakeholders use” as it neither elaborates what information will be collected nor the list of stakeholders who will receive it. A reference to statistics could imply that the government will only share anonymized information at a high level, making it impossible for recipients to draw any inferences about specific individuals. However, it does not take much imagination to see how a system that can be used to identify and monitor criminals and terrorists could also be used to track other people too.

The DMA project will require the NCC to use its statutory powers to compel all Nigerian network operators to provide the IMEIs for all their subscribers. This will further the progress the Nigerian government is already making towards ubiquitous monitoring by virtue of knowing the names, identification numbers, IMEI numbers, SIM and location of every Nigerian with a networked device. Nigeria’s laws already give government agencies the right to obtain all of this personal data without the consent of the subject when claimed to be necessary for national security. None of the documentation produced so far mentions any limits on the use of the DMS in order to protect the privacy of law-abiding Nigerians. However, the Project Information Memorandum does note there is a risk that the public will oppose this project.

There are around 200mn devices with active GSM connections in Nigeria, meaning this DMS system will have control over an unusually large number of phones. Nigeria’s population is growing more rapidly than any other country that already has a population of over 100 million, so this market has the potential to become especially lucrative for telecoms suppliers that establish a foothold. Current projections suggest Nigeria will overtake China to become the second most populous country in the world by the end of the century.

The notice for the DMS RFQ can be found here and vendors wanting more information can register here. The DMS Project Information Memorandum can seen without registration by looking here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.