Prosecutors in the USA accuse two Vietnamese of hacking into 8 email providers, in order to unleash spam which generated USD2mn of revenues via the marketing websites of a Canadian conspirator. You can read the full story on our new website, Commsrisk.
17 03 2015
The Malawi Communications Regulatory Authority (MACRA) has announced its long-delayed national telecoms revenue assurance system will be implemented soon. Whilst MACRA calls it their Consolidated ICT Regulatory Management System (CIRMS), critics in the press and public have dubbed it a ‘spy machine’. Opponents of MACRA argue that the centralized collection of CDRs may be used to infringe the privacy of Malawi’s 6 million phone subscribers.
The project to acquire a CIRMS system was initiated in 2008, and MACRA purchased equipment in 2010. However, progress was halted due to a protracted legal battle which saw the High Court uphold an injunction that prevented MACRA from collecting CDRs. MACRA appealed to the Supreme Court, who finally overturned the High Court’s ruling in September 2014.
Many aspects of this row are similar to those found in other African countries. MACRA and the Malawi government argue that more control is necessary to assure taxes paid by telcos. These taxes include international termination fees and Value Added Tax. They also say their system will benefit telecoms customers. The Minister of Information, Civic Education and Tourism, Kondwani Nankhumwa, reportedly stated at a recent press conference:
In contrast, telcos state that other audits have shown no evidence of underpayment of taxes. Both sides have had plenty of time to rehearse their arguments; I see no substantial changes since I first covered the topic in 2011.
MACRA says the CIRMS system will cost USD14mn, and this will be covered by the amounts raised from international termination fees. In their press release, they state:
It is frustrating to see governments and regulators make claims like these without bothering to show any supporting evidence. You do not need to examine every CDR in the country to do a tax audit. If taxes are being cheated, a competent auditor should be able to find sufficient evidence from sample checks. MACRA’s persistence with this project suggests their decisions are driven by dogma instead of data. If they are wrong in their calculations, then every penny of the USD14mn cost will ultimately be paid by ordinary people, through higher call charges.
As for the argument that a central repository of CDRs will encourage a higher quality of service, I find that laughable. What magic does the regulator think it will do with all those CDRs, other than adding them up and reconciling them to the amounts of money they have received?
MACRA themselves state that:
There is a reason this project is unique. It is because governments and regulators in other countries see no reason to collect every single CDR for every single call. If others do not have a system like this, how can Malawi’s authorities make extraordinary promises about improving services as well as gathering more taxes?
Awareness of the perils of CDR collection has moved on since MACRA initiated their project, even if MACRA’s arguments have not changed at all. The world can turn its eyes toward the example set by the USA, whose authorities also needed to justify blanket collection of CDRs. In that case, the leak of secret court orders revealed that the NSA was gathering huge swathes of call data. The subsequent justification offered by the NSA was that the data is needed to identify relationships between potential terrorists. In other words, the NSA gathers CDRs for the purpose of surveillance. Meanwhile, Malawi’s government says they will implement a comprehensive centralized database of CDRs, but they will not use it for surveillance purposes. Does this sound even remotely plausible? If they cannot audit a tax return without such an extensive data gathering operation, why would they deny themselves the opportunity to use the same data to fight terrorists, combat organized crime, or spy on customers for any other reason they see fit?
I do not doubt that Malawi’s government and regulator are legally entitled to do what they are doing, even if it took years of courtroom battles to confirm that. But they should treat Malawi’s citizens and phone subscribers with more respect, giving a proper explanation of why Malawi needs this system when other countries do not.
The Wearable Technology Show 2015 showcased new devices which will collect vast amounts of new data, most of which will be stored in the cloud. Attendees recognized the risks, but the novelty of the tech was matched by an immaturity in knowing how all those risks will be managed. For an in-depth analysis of the new devices and the risks posed, read my conference report at Commsrisk.
Wikimedia are the lovely people who gifted the world lots of free public internet resources like Wikipedia, Wiktionary, and Wikimedia Commons, a database of media contributed by anybody and everybody. Imagine my surprise when I searched Wikimedia Commons for images associated with espionage, and saw the old logo of everyone’s favourite Israeli assurance company…
Further investigation revealed that the image was added to the ‘espionage’ category by one of Wikimedia’s bots. Are Wikimedia’s clever bots programmed with intelligence that the rest of us should know about?
In case you have any doubts, I am allowed to reproduce this old logo, even though it is the copyright of cVidya, because they have licensed me, and everyone else, to do so. It seems the genius who uploaded the image file also gave it a Creative Commons Attribution-Share Alike 3.0 Unported license. In short, I can copy and adapt the image so long as I give credit to Dr. Gadi Solotorevsky, Chief Technical Officer of cVidya, and his fellow dimwits. That is a great advantage to me, because it means I can legally use cVidya’s logo when making fun of them, without having to rely on the more nebulous legal protections relating to fair use or parody. And because Gadi is the kind of person who likes to share other people’s intellectual property, he has licensed the new cVidya logo in the same way.
When I think of companies that spend a lot of time and money trying to promote a positive reputation, whilst doing lots of stupid things that simultaneously undermine that reputation, cVidya always comes to mind. Even if they do engage in espionage, they should be vigilant about how their name is used, for fear that negative associations will frighten customers. And whilst uploading logos to a resource like Wikimedia might seem a clever way to get free advertising, companies that claim expertise at assuring valuable content need to be thoughtful about safeguarding their own intellectual property. Creative Commons licenses are wonderful things, but anyone considering using one should remember a CC license can never be revoked.
Vittorio Colao, Vodafone Group CEO, has been praised for talking about security and privacy during his speech at Mobile World Congress. But did he say enough? And was it undermined by what DT CEO Timotheus Hottges said afterwards? Read the full article at the new home of talkRA, Commsrisk.