After More than 4 years of near launch attempt of the much highly sought Telecommunications Traffic Monitoring System (TTMS), the government of Zimbabwe today has officially unveiled a system that technically has been on trial run for some months now.
In 2021 the Central Intelligence Organisation (CIO) and the Office of the President OPC were allegedly involved and have been pushing N-soft for the tender deal after Global Voice Group (GVG) was awarded the tender forcing the President to settle the dispute, and ultimately GVG won the bruising battle.
The TTMS system is now being implemented by GVG, a Spanish based organisation that is legally registered at del Príncipe de Vergara, 15, 28001 Madrid, Spain. The deal was done on a Build, Operate and Transfer (BOT) basis, meaning they invest their own capital operate for 5 years while sharing revenue in a 60%-40% in favor of Potraz.
The revenue to be shared predominantly is on international calls, where in the past days before VOIP based apps like Whatsapp, Facebook , Facetime etc, many people would rely on GSM voice calls for clarity, its not very certain whether the company will get back its investment over the time, due to call decline.
The media today was however invited to the official commissioning of the centre, one that has been raising eyebrows for years as many suspected that the system could be abused to monitor phone calls by government, spying on individuals who are perceived to be anti-state, especially ahead of the 2023 general plebiscite.
Human rights groups and media defence organisations like MISA Zimbabwe have also raised concerns over such capacity, fearing that state may discern on the citizens using the system, once its up and running, such fears in Zimbabwe are genuine, as state has often failed to separate the political party from the state.
However as we toured the official site today, I had the privilege to have a look into part of the recently launched system, the server side not the core network. We were allowed to view the server system that is up and running, skeptical as we were here is what we managed to witness
What exactly is housed at the Potraz HQ
So when we visited the Potraz system, they are housing a basic monitoring system, with one room displaying multiple screens, which have various user level access, and monitoring tools that are running in the building. The last screen of particular interest was showing total number of international calls as the time. While they had stated it’s a live system, I could not tell whether the system was real time or it continuously fetches data for display at certain intervals.
The other wing of the room had some 6 servers installed, approximately 4 racks, the team did not want filming in that area, for security reasons, they said. The servers had clear distinct roles, one was for the actual TTMS monitoring traffic, the other was for security cameras, and backup server, the other was a power UPS system.
Who runs and maintains the system.
When had a tour around the system, I inquired who exactly is running the system, was it the government if Zimbabwe? Potraz employees or the GVG team, well a Potraz executive said that they have set up an entirely new TTMS team that is deployed to that area, and they work with GVG team.
Who Is GVG?
Global Voice Group (GVG) is a private organisation that assists governments to increase efficiency, revenue, and transparency and compliance, through intelligent big data solutions applied to vital sectors of the economy, including telecoms, fin tech and the whole mobile and digital ecosystem.
GVG has been known to collect and analyses big data and turn it into actionable information.
GVG has remarkable footprints on the African continent where it has offered ICT and RegTech solutions to governments and regulatory bodies in Guniea, Lesotho, Tanzania, Ghana, Senegal, Congo, Gabon, Uganda and Rwanda.
We are yet to come up with any scandal or public information of human rights infringement they may have done.
They are many service providers contracted by governments for purposes of snooping and hacking into personal conversations, this company has not been flagged by any human right watch
Was there any presence of possible state security
No, the place was just another Potraz wing, manned by civilians, if it happens to have any suspicious security tight features of the sought, Trust TechnoMag for such, as of today and the past months, it did not resemble any such feature.
Here is what Potraz said about the system.
But in layman understanding the Traffic Monitoring and Revenue Assurance System (TTMS), is an electronic system that would enable it to independently monitor and account for national and international telecommunication traffic. Potraz said it will also be in a position to increase revenue assurance, combat network fraud and enforce billing integrity across all communication networks available in the country.
So this system must collect only total traffic of calls and network activity to ascertain revenue generation, both for local calls and international calls .
The guys with GVG also stated that they do not have access to the actual traffic, the network data packets, but rather only working on the signals that initiates and ends connections. They stated that they are connected to the network layer system, but the routers that are connected to are those that only initiates and terminate connections, for the purposes of checking billing and quality of traffic.
Potraz team however said that they have network access to all the operators via a virtual private network and are only tapping into the STP Signalling, from the MSC routers, without any access to the actual calls.
But What did the mobile Network Operators Say
NetOne and Telecel both confirmed that the network does not give Potraz access to the actual voice calls that enable snooping. However being state-owned enterprises, they are also bound to nondisclosure and official secrets act, for this, we give them a benefit of doubt.
An Econet Engineer who spoke on condition of anonymity however said that it its not news that Potraz wants to monitor the traffic quality, they have been engaging a company called Asteria to monitor quality of service and customer experience for years now, what matters for personal security is whether they have the actual voice traffic which is accessed via the user plan because they already have access to the control plan
What legal Limits does this system have
In terms of section 99(2) of the Postal and Telecommunication Act [Chapter 12:05],The TTMS shall be only section 3 states .
In order to ensure accurate revenue collection, the objective of these regulations is to provide for the conditions, requirements and procedures for monitoring of telecommunications traffic in Zimbabwe. Through the installation of a civil tool that will monitor and measure all forms of telecommunication interconnect traffic handled by telecommunications licensees, it is expected that this will— (a) ensure generation of reliable statistics for all incoming international calls and national traffic on limited call detail records;
(b) detect, track and block bypass fraud through an anti-fraud system and ensure the reduction of network traffic fraud;
(c) provide International Mobile Subscriber Identity (IMSI) details and SIM card profile for fraudulent SIM cards; (d) verify the international returns of telecommunication licensees for international telecommunications traffic. Function of telecommunication traffic monitoring system
- (1) The specific signalling information extracted by the TTMS by tapping into signalling links, shall the calling party number the called party number and the call duration.
(2) As such, without affecting quality of service of license, telecommunication traffic monitoring system shall—
(a) collect call detail records without any interception of contents of communications such as voice or SMS detail records;
(b) generate reliable statistics for both, local on-net and off-net within regional and international telecommunication traffic;
(c) provide terminal identification details;
(d) provide fraudulent SIM card profile;
(e) track and detect fraud through an anti-fraud system and services within international gateway traffic and cause the bypass fraud to be blocked.
As far as the law is concerned the legislation is very clear in what the TTMS can and can not do, the part I have bolded makes it explicitly clear
Is this system even necessary ?
Yes when we have poor quality of service, dropping calls and more importantly relying on mobile networks to report quarterly statistics was just retrogressive and prone to abuse, an independent system was and is very necessary.
What capacity does the system have.
Unless given express access to the core network, the system can not monitor real-time calls for every citizen, sources in the industry confirmed that all our mobile networks in Zimbabwe have not such a capacity to monitor and record all phone calls and SMS messages, unless of course one is an explicit target, then it’s a different game altogether.
Can the system be trusted?
That’s a difficult one to answer but we may want to use certain perimeters to come to a conclusion. First things first the law actually allows the government under the Official Secrets Act and Telecommunications act to gain access to any individual, via a court order, if they deem that the issue is of national security.
So TTMS or no TTMs, there is already a legal basis to request such information, its also standard even across highly democratic countries, so long as due process is followed, but in Zimbabwe however questions have arisen on who must determine that this is a breach or possible issue of national security.
Thus said the law is also very clear on procedures and processes of that, and must that be adhered to we must not be talking about.
The service providers are also part of the trust process, do we trust them with our information and how much of it can they give out.
Above all, we as citizens have the law to back bus should they be any violations, the perpetrators can be sued and I believe that should and must give us comfort, since the TTMS has no legal access to such content
How much was the system
GVG was set to do the project on a build, operate and Transfer (BOT) basis, as indicated by Potraz in its initial tender call for suppliers.
The initial tender was advertised at a tune of $18 usd million and back then with high voice traffic they had estimated thousands of monthly returns in revenues.
How much revenue share can they get
Back then Voice calls were a huge thing and 80% if revenue for all mobile network operators, today voice contributes less than 20% of the total revenue. Millions were being made per month for terminating international calls.
This even led to the rampant crime of sim box, traffic filtering where many players were introducing rogue gadgets to filter network traffic, and divert it to look like a local call for less payments, when in fact the caller is bringing in expensive internal traffic, which made many millionaires over nights.
This deal will however only see them sharing the 6 cents of the international calls.
I know most people do not enjoy reading, Zimbabweans are naturally not readers, and one is asking so what am I saying, after all these paragraphs, I must be burdened with summing it up in few words, just to help our readers and users of the telco services.
The system TTMS system must never be a cause of concern, Potraz at least have given us their guarantee, we can trust them for their professionalism, the law has our backing, They are not allowed to go beyond signalling and quality check.
Lets trust Econet, they have said they have given the government at least that much of access to sensitive and actual call access.
Lets trust GVG, my background check with the company states that it has not been aiding any rogue government in the past to crack and violate privacy issues, they are clearly focusing on their mandate, nothing of that sort has come out yet.
Lets trust technology, the ones they are using does not have that kind of capacity.
Till we meet again next week