It just feels right to start this write up with a big congratulations to the National Information Technology Agency (NITA) for pulling off the maiden National ICT Week in grand style. The week, which fell between August 26 and 30, 2024, was marked with daily conferences and forums at the Ghana-India Kofi Annan Centre for Excellence (AITI-KACE), under the broad theme of “Driving Digital Transformation”.
Some of the key topics discussed during the week are digital inclusion, digital trust through PKI (public key infrastructure), digital innovations, capacity building, and effective collaboration within the digital space across both public and private sectors. The key takeaways were quite vast and we will take time and flesh some of them out in the coming days.
During the week, one whole day was dedicated to a conference on DIGITAL TRUST, which was opened by no less a person than the Minister of Communications and Digitalization, Ursula Owusu-Ekuful herself. The minister was very emphatic that Ghana’s digital transformation agenda hinged on three legs – mobile money interoperability for financial inclusion; digital address system for easy physical locations, and digital certification to ensure digital trust.
According to the minister, so far the first two legs have been well established and government is now working on getting the third leg – digital certification to build digital trust done. Simply put, digital certification is a mechanism to ensure easy authentication and verification of the identities of persons and businesses online with the view to building public confidence in the digital systems and platforms. This is important because, unlike physical transactions where we get to see the people and businesses we are dealing with, the digital platforms do not afford us the benefit of seeing those we are transacting with, and so the certification helps to authenticate their identities and claims, and therefore makes it easier for us to trust them and share our data with them and also do financial transactions with them without the fear of being defrauded.
The Minister spelt out a number of measures government has put in place to ensure digital trust within Ghana’s digital landscape and also to facilitate cross border digital financial transactions, which is critical to boosting intra-Africa trade within the context of the Africa Continental Free Trade Area (AfCFTA). Read some of the details of what the minister said here, which include the fact that NITA will soon start licensing and authorizing private entities to issue various categories of digital certificates for different use cases.
During the digital trust conference, there was a panel discussion which focused mainly on CONSENT. The panellists were a banker, a lawyer/IT security expert, and a fintech practitioner. There was supposed to have been a regulator on the panel but he did not join. Conspicuously missing from the panel was a consumer activist or simply someone who will speak on behalf of average consumers about the wanton abuse meted out to us by identifiable companies like telcos and their value-added service partners with regards to CONSENT, and the scam by players within the e-commerce space. In fact, I don’t know which other discussion would require a consumer activist more than one about CONSENT, which is 100% about the consumer/end user.
What even made the whole panel discussion look to me like a mere talk shop was that the moderator was more focused on giving herself a pat on the back for staying within the time she was given, rather than allowing the issues to discussed as thoroughly as it should. Indeed, she succeeded in whipping all the panellists, particularly the lawyer, in line to achieve her target of staying within time, and in the process denied the rest of us, particularly consumers the opportunity to be heard. In fact there was one question from the floor about consumer experiences, but there was no clear response to that question.
So, this article is aimed at stating what I, as a consumer, an activist and an industry journalist would want to see this whole digital trust agenda address. It is one thing licensing and authorizing entities to issue digital certificates to businesses and individuals for easy identification online, and it is another thing making it digitally easy for the public to know who the business owners of the companies licensed to issue digital certificates are, and who the owners of the companies issued with digital certificates are.
At the core of this whole drive to build digital trust is TRANSPARENCY. Without transparency, it will be difficult for people to trust and do business with anyone online. In fact, the whole ignoble enterprise of online fraud is the ability of fraudsters/entities to fake who they really are and thereby succeed in misleading people to divulge their sensitive and private data, which the fraudsters then use to commit crime against the owners. So it is important that any system designed to ensure digital trust captures transparency at its core.
What do I mean by transparency?
My point about transparency is that, any and every digital trust architecture must make it possible and easy for the general public to know exactly who the owners/investors of the businesses they deal with online are. So long as the actual owners/investors are not hiding in the shadows, the businesses are most likely to act with integrity because those owners will be called out if they mess with consumers. Again, keeping the identities of the owners readily available online will make it difficult for regulators to protect any of those businesses when they fall foul of the law. If they did, everybody would know that this particular business is being protected because it belongs to Mr. A or B, who is a politician or public official, or the crony/partner of a politician or public servant. So when we issue an ID authentication request online, the information that comes up should include the names of all the business owners and investors. This should be simple.
What is the basis for this call?
As a journalist and consumer activist, I have had the privilege of having some private conversations with people within various units of the telecoms and technology industry. In those conversations, some very telling information have been divulged to me on the basis of anonymity. Whereas I cannot name my sources or any characters, I can share the information in a way that helps public discourse and impacts government and institutional policies for the common good.
I have always been told that a lot of the mobile Value-Added Service (VAS) partners of the telecoms operators, who push paid subscriptions to us and steal our airtime are former workers of the telcos in cahoots with either politicians and or public servants in regulation to exact that crime on us. The CEO of one of the leading fintech firms in Ghana told me personally that “there is a lot of corruption within the mobile value added service space”.
He explained that “if you check the ownership of a lot of the firms in mobile VAS space, you will notice that these were former workers of telcos who realized that those of us in that space were making good money, so, they resigned and started VAS companies. And because they were once insiders at the telcos, they have all the links in there to easily push content to customers and bill them without the customers’ consent.” In fact, he gave me some names.
True to what he said, about a month, after I had embarked on my huge consumer advocacy campaign dubbed #StopTheAirtimeLoot, I met a management staff of one of the firms that run mobile VAS for the telcos. We had a meeting about a new license coming up at the time, and opportunities it presented for local industry players. In our conversation, she admitted to me that her company was now looking for new opportunities because their value added service business is virtually dead due to some public campaign against how they were doing their business.
Without knowing that I was the one who run the campaign against the airtime fraud schemes they called value added service, she admitted to me that her company, which is owned and managed by a former telco top manager, used to have seven value added service products which made them at least GHS90,000 each every month without stress. But since the #StopTheAirtimeLoot campaign, things have been streamlined by telcos upon an NCA directive triggered by campaign, and they have completely lost that revenue stream. That was a cool GHS630,000 that company was earning from moneys they stole from consumers and shared with the telcos WITHOUT OUR CONSENT. What is means is that the telcos even made more from the loot because they usually kept the lion’s share of the loot.
Until I met that lady for her to make that admission, I never knew her company, which belongs to a former telco executive I know personally, was involved in the airtime loot. There is something else I know about that company, which will make it obvious for everyone to figure out who they are and possibly what political connections they have. But what is important is the that this confirms that a lot of these so-called value added service providers are indeed former telco staff in cahoots with politicians and public servants.
Speaking of sensitive private conversations, someone in regulation also admitted to me that there are people working in regulation, who enjoy very juicy favours from some telcos on the regular, and those people always pick up arms and fight for the telcos anytime a matter between telcos and consumers come up. That explains why consumers have filed several complaints to industry regulators, particularly the National Communications Authority (NCA), but no sanctions have been enforced against any telcos, even when the offense was repeated several times. NCA in particular, is known for its high-handed approach to sanctioning telcos when it comes to quality of service violations and other stuff. But when it comes to the blatant abuse of consumer rights such as the airtime loot, NCA treats the telcos with kids gloves. All the NCA does is to forward the consumer complaint to the respective telco and allow them to fix it either by stopping the loot without a refund or sometimes with a small refund.
Speaking of sanctions, Section 31 of the Unsolicited Electronic Communication Code of Conduct states that a mobile network operator that violates the Code is liable to sanctions under Section 50 of the Electronic Transactions Act, Act 772 and Regulation 31 of Electronic Communications Regulations, LI 1991. Act 772 states a fine equal to 5,000 penalty units (GHS60,000) per violation. So if a telco or VAS player sends UEC to even just one million customers, the fine is GHS60,000 multiplied by one million and that is GHS6 billion, enough to collapse a company.
Clearly, the current sanctions regime is very deterrent, but NCA has no interest in enforcing those sanctions. They have simply refused to sanction even one telco or value added service provider to deter others. They only allow the offenders get away with just stopping the loot either with a refund to the affected customer or in some cases no refund. Obviously, there is no incentive to stop the loot because the punishment is not commensurate with the mega gains they make from the loot. Meanwhile, the law, which has all the characteristics to deter the looters is sitting on the law books without enforcement.
Another law coming
Currently, the NCA is embarking on public consultation for another set of guidelines to regulate network promotional messages (SMS adverts) that telcos usually send to consumers. In those guidelines, there is another sanctions regime, which is far, far less deterrent compared to what the original law says. We are not even sure if NCA will be committed to enforcing this new one, but it would appear that the NCA is seeking to write these new guidelines just to make the sanctions less deterrent so that offenders can just go ahead and commit the offense since the sanctions are not unbearable. That is just my hunch. So, it looks like when it comes to CONSENT, no one really cares about the consumer, and the sanctions regime is becoming less and less deterrent, arguably because the very people who are supposed to protect consumers are themselves complicit in the crime against consumers.
I think that if NCA is not willing to enforce the deterrent sanctions on service providers who violate the rights of consumers, maybe it is time for that role to be transferred to NITA. Data Protection Commission (DPC) is also supposed to protect consumer interest as it relates to consent. But like NCA, DPC is either protecting the abusers or is sleeping on the job. Their preoccupation is with collecting annual regulatory fees from institutions. So, we need NITA to use the digital trust channel to inject some transparency into the system.
e-Commerce
The other challenge that consumers will be very much interested in seeing any digital trust initiative address is within the e-commerce space. It is not uncommon to find that sometimes when you purchase a product online, what is delivered to you is not exactly what was advertised. And when that happens, the delivery/courier company whose staff comes and delivers the item, recuse themselves and say the transaction was between the buyer and the seller and had nothing to do with the delivery company. Meanwhile, we all know the delivery companies only get paid when the buyer pays, so how could they recuse themselves from responsibility?
I am of the firm view that the digital trust circle will only be complete in that kind of scenario when a system is put in place to ensure that before a merchant ships an item to a buyer, the delivery company gets to see what was advertised and what is being shipped to them to deliver to the customer. In fact, the system must establish a three-way communication between the seller, the buyer and the delivery company for them to share notes and confirm the exact item the buyer ordered so that they can all be sure of what is being shipped before it is shipped. This will prevent a lot of the stress buyers go through having to deal with scam merchants, who make it a practice to advertise one thing and ship another thing. It will also save the delivery companies from having to deal with distressed and angry customers, and also prevent the situation where scam merchants put delivery companies in their mess.
So, whereas I take off my hat for NITA for the bold and laudable initiative towards ensuring digital trust across the digital landscape in Ghana and beyond, I also think the digital trust architecture must take the foregoing into consideration to ensure that no one is off limits.