When a national comms regulator publicly denies doing something then you have good reason to suspect they were doing it. That is how I interpret an unorthodox statement from the Nigerian Communications Commission (NCC) about them not supplying personal data including phone numbers to telemarketing businesses.
The telemarketers also falsely claim that they obtain telecom consumers’ phone numbers from the Nigerian Communications Commission. Otherwise, they claim that the Commission gave them access to the numbers through the Subscriber Identity Module (SIM) Registration Database. These claims are not true.
Shakespeare once observed that ‘the lady doth protest too much’. If the NCC was a lady, it could be accused of doing a whole lot of protesting regarding its innocence. It is usually taken for granted that government agencies should obey the law. When they repeatedly insist that they obey the law then you have to wonder when and why it stopped being taken for granted.
The Commission fully abides by the principles and rules guiding the protection of privacy as a right of all consumers and users of telecommunications services.
The denial of guilt is not proof of guilt, or else we would all be guilty of everything. However, I am left bemused by the NCC saying it obeys the law without offering a single example of how it obeys the law. For example, any organization that stores personal data is at risk of hackers or insiders making that data available to people who are not entitled to receive it. Data breaches also occur by accident. But the NCC’s statement just says over and over that they do not leak data, without describing a single security measure, privacy control or audit review which might justify the conclusion that no personal data has ever been exfiltrated from their database.
Instead of providing any reassurance, the NCC statement also emphasized that they would punish any telemarketers who obtain personal data ‘without regulatory approval’. Why would they ask for regulatory approval unless the NCC was the source of the data? If the NCC is worried that personal data is being extracted from their systems without approval then they have already demonstrated that their controls cannot be trusted to prevent the abuse of that data.
…any telemarketer involved in harvesting telecom subscribers’ phone numbers and other personal details through dishonest means and using such for commercial purposes without regulatory approval is hereby strongly warned to desist from this illegal act, as anyone found guilty shall be arrested and prosecuted in keeping with the law.
The NCC’s statement was signed by their Executive Vice Chairman and CEO, Professor Umar Garba Danbatta. This hardly inspires confidence because there are so many obvious mistakes in the statement itself. For example, it is conventional to first make an arrest, then prosecute in a court of law, before concluding somebody is guilty of a crime, though the NCC’s statement reverses the order. Their declaration concluded by asking consumers to report illegal telemarketing. If telemarketers tell consumers they obtained their phone numbers from the NCC then consumers have no reason to believe the NCC will do a better job of acting on complaints than they did when trusted with personal data.