#MondayBluesCurrent NewsZimbabwe Telecoms Sector

#MondayBlues: Can the Zim Gvt TTMS Spy On Calls?

0
Potraz Unveils the TTMS

 

After More than 4 years  of near launch attempt of the much highly sought  Telecommunications Traffic Monitoring System (TTMS), the  government of Zimbabwe today has officially unveiled a system that technically has been on trial run for some months now.

In 2021 the Central Intelligence Organisation (CIO) and the Office of the President OPC were allegedly involved and have been pushing N-soft for the tender deal after Global Voice Group (GVG) was awarded the tender forcing the President to settle the dispute, and ultimately GVG won the bruising battle.

The TTMS system is now being implemented  by GVG, a Spanish based organisation that is legally registered at  del Príncipe de Vergara, 15, 28001 Madrid, Spain. The deal was done on a Build, Operate and Transfer (BOT) basis, meaning they invest their own capital operate for 5 years while sharing revenue in a 60%-40% in favor of Potraz.

By Toneo

The revenue to be shared predominantly is on international calls,  where in the past  days before VOIP based apps like Whatsapp, Facebook , Facetime etc, many people would rely on GSM voice calls for clarity, its not very certain whether the company will get back its investment over the time, due to call decline.

The media today was however invited to the official commissioning of the centre, one that  has been raising eyebrows for years as many suspected that the system could be abused to monitor phone calls by government, spying on individuals who are perceived to be anti-state, especially ahead of the 2023 general plebiscite.

Human rights  groups and media defence organisations like MISA Zimbabwe have also raised concerns over such capacity, fearing that  state  may discern on the citizens using the system, once  its  up and  running, such fears in Zimbabwe are genuine, as  state  has often failed to separate the political party from the  state.

However as we toured the official site today, I had the privilege to  have  a look into part of the recently launched system, the server side not the core network. We were allowed to view the server system that is up and running, skeptical as we were here is what we managed to witness

What exactly is housed at the Potraz HQ

So when we visited the Potraz system, they are housing a basic monitoring system, with one room displaying multiple screens, which have various user level access, and monitoring tools that are running in the building. The  last screen of particular interest was showing total number of international calls as the time. While they had stated it’s a live system, I could not tell whether the system was real time or it continuously fetches data for display at certain intervals.

Minister Muswere at The TTMS

The  other wing of the room had some 6 servers installed, approximately 4 racks, the team did not want filming in that area, for security reasons, they said. The servers had  clear distinct roles,  one was for the  actual TTMS monitoring  traffic, the  other was for security cameras, and backup server, the other was a power  UPS  system.

Who runs and maintains the system.

When  had a  tour around the system, I inquired who exactly is running the system,  was it the government if Zimbabwe? Potraz employees or the GVG team, well a Potraz executive said that they have set up an entirely new TTMS team that is deployed to that area, and they work with GVG  team.

Who Is GVG?

 

Global Voice Group (GVG) is a private organisation that assists governments to increase efficiency, revenue, and transparency and compliance, through intelligent big data solutions applied to vital sectors of the economy, including telecoms, fin tech and the whole mobile and digital ecosystem.

GVG has been known to collect and analyses big data and turn it into actionable information.

GVG has remarkable footprints on the African continent where it has offered ICT and RegTech solutions to governments and regulatory bodies in Guniea, Lesotho, Tanzania, Ghana, Senegal, Congo, Gabon, Uganda and Rwanda.

We are yet to come up with any scandal or public  information of  human rights  infringement they may have done.

They are many service providers contracted by governments for purposes of snooping and hacking into personal conversations, this company has not been flagged by any human right watch

Was there any presence of possible state security

No, the place was just another Potraz wing, manned by civilians, if  it happens to have any suspicious security tight  features of the sought, Trust TechnoMag for such, as of  today and  the past months, it did  not resemble any such feature.

 

Here is  what  Potraz  said about the system.

But in layman understanding the  Traffic Monitoring and Revenue Assurance System (TTMS), is an electronic system that would enable it to independently monitor and account for national and international telecommunication traffic. Potraz said it will also be in a position to increase revenue assurance, combat network fraud and enforce billing integrity across all communication networks available in the country.

So this system must collect only total traffic of calls and network activity to ascertain revenue generation, both for  local calls and international calls .

The guys with GVG also stated that they do not have access to the actual traffic, the network data packets, but rather only working on the signals that initiates and ends connections. They stated that they are connected to the network layer system, but the  routers that are connected to are those that only  initiates and terminate connections, for the purposes of checking billing and quality of  traffic.

Potraz team however said that they have network access to all the operators via a virtual private network and are  only tapping into the STP Signalling, from the  MSC routers, without any access to the actual calls.

But What did the mobile Network Operators Say

NetOne and Telecel both confirmed that the network does not give Potraz  access to the actual voice calls that enable snooping. However being state-owned enterprises, they are also bound to nondisclosure and official secrets act, for this, we give them a benefit of doubt.

An Econet Engineer who spoke on condition of anonymity  however said that it its not news that Potraz wants to monitor the traffic quality,  they have been  engaging a company called Asteria  to monitor quality of service and customer experience for years  now, what matters  for personal security  is whether they have the actual  voice traffic which  is accessed via the user  plan because they already  have access to the control  plan

What legal Limits does this system have

In terms of section 99(2) of the Postal and Telecommunication Act [Chapter 12:05],The TTMS shall be only section 3 states .

In order to ensure accurate revenue collection, the objective of these regulations is to provide for the conditions, requirements and procedures for monitoring of telecommunications traffic in Zimbabwe. Through the installation of a civil tool that will monitor and measure all forms of telecommunication interconnect traffic handled by telecommunications licensees, it is expected that this will— (a) ensure generation of reliable statistics for all incoming international calls and national traffic on limited call detail records;

(b) detect, track and block bypass fraud through an anti-fraud system and ensure the reduction of network traffic fraud;

(c) provide International Mobile Subscriber Identity (IMSI) details and SIM card profile for fraudulent SIM cards; (d) verify the international returns of telecommunication licensees for international telecommunications traffic. Function of telecommunication traffic monitoring system

  1. (1) The specific signalling information extracted by the TTMS by tapping into signalling links, shall the calling party number the called party number and the call duration.

(2) As such, without affecting quality of service of license, telecommunication traffic monitoring system shall—

(a) collect call detail records without any interception of contents of communications such as voice or SMS detail records;

(b) generate reliable statistics for both, local on-net and off-net within regional and international telecommunication traffic;

(c) provide terminal identification details;

(d) provide fraudulent SIM card profile;

(e) track and detect fraud through an anti-fraud system and services within international gateway traffic and cause the bypass fraud to be blocked.

As  far  as the law is concerned the legislation is very clear in what the TTMS can and can not do, the part I have bolded  makes it explicitly clear

Is this system even necessary ?

Yes when we have poor quality of service,  dropping calls and more importantly relying on mobile  networks to report quarterly statistics was just retrogressive and prone to abuse, an independent system  was and is very necessary.

What capacity does the system have.

Unless given express access to the core network, the system can not monitor real-time calls for every citizen,  sources in the industry confirmed that all our mobile networks in Zimbabwe have not such a capacity to monitor and record all phone calls and SMS messages, unless of course one is an explicit target, then it’s a different game altogether.

Can the system be trusted?

That’s a difficult one to answer but we may want to use certain perimeters to come to a conclusion. First things first the law actually allows the government under the Official Secrets Act and Telecommunications act to gain access to any individual, via a court order, if they deem that the issue is of national security.

So TTMS or no TTMs, there is already a legal basis to request such information, its also standard even across highly democratic countries, so long as due process is followed,  but in Zimbabwe however questions have arisen on who must determine that this is a breach or possible issue of national security.

Thus said the law is also very clear on procedures and processes of that, and must that be adhered to we must not be talking about.

The service providers are also part of the trust process, do we trust them with our information and how much of it can they give out.

 

Above all, we as citizens  have the law to back bus should they be any violations, the perpetrators can be sued and I believe that should and must give us comfort,  since the TTMS has no legal access to such content

How  much was the system

GVG was set to do the project on a build, operate and Transfer (BOT) basis, as indicated by Potraz in its initial tender call for suppliers.

The initial tender was advertised at a tune of $18 usd million and back then with high voice traffic they had estimated thousands of monthly returns in revenues.

How much revenue share can they get

Back then Voice calls were a huge thing and 80%  if  revenue for all mobile network operators, today  voice contributes less than 20% of the total revenue. Millions were being made per month for terminating international calls.

This even led to the rampant crime of sim box, traffic filtering where many players were introducing rogue gadgets to filter network traffic, and divert it to look like a local call for less payments, when in fact the caller is bringing in expensive internal traffic, which made many millionaires over nights.

This deal will however only see them sharing the 6 cents of the international calls.

Conclusion:

I know most people do not enjoy reading, Zimbabweans are naturally not readers, and one is asking so what am I saying, after all these paragraphs, I must be burdened with summing it up in few words, just to help our readers and users of the telco services.
The system TTMS system must never be a cause of concern, Potraz at least have given us their guarantee, we can trust  them for their professionalism, the law has our backing, They are not allowed to go  beyond signalling and quality check.

Lets trust Econet, they have said they have given the government at least that much of access to sensitive and actual call access.

Lets trust GVG, my background check with the company states that it has not been aiding any rogue government in the past to crack and violate privacy issues, they are clearly focusing on their mandate, nothing of that sort has come out yet.

Lets trust technology, the ones they are using does not have that kind of capacity.

Till we meet again next week

@admin_techno

POTRAZ Donation Gets Ex-Minister Kagonye Jailed 16 Months For Criminal Abuse Office

Previous article

Watch Live: Liquid Intelligent Showcasing Various Security Protection Layers For Users

Next article

You may also like

Comments

Leave a reply

Your email address will not be published.

More in #MondayBlues