Journalists and security experts have raised concerns over the latest directive by the Nigerian Communications Commission (NCC) to ensure that all mobile phones in Nigeria are registered through its Device Management System (NCC-DMS).
The NCC issued the directive on Tuesday, stating that the new policy would help manage and regulate mobile devices accessing communication networks in the country. It also said all mobile network operators (MNOs) in the country must comply with this policy under the ‘Type Approval Business Rule 2024’.
However, journalists and experts have expressed their concerns about how the NCC’s mandatory registration of mobile phones’ international mobile equipment identity (IMEI) could further enforce a clampdown on press freedom by the federal government.
Kehinde Adegboyega, a human rights journalist, told us on Thursday that the compulsory registration of mobile devices in the country could pose a potential threat to journalists, especially in light of constant arrests by State Security Services (SSS).
He said it also raised concerns about the tracking, surveillance and monitoring of journalists.
“The DMS by the NCC could facilitate increased surveillance of journalistic activities under the guise of combating phone theft. IMEI registration centralises sensitive information, which could be misused for tracking and monitoring journalists’ movements and communications. This poses a potential risk to press freedom, particularly for investigative journalists or those critical of the government,” he told this news platform.
“Frequent arrests and harassment of journalists in Nigeria already indicate a troubling trend towards restricting press freedom. In this context, the DMS policy may exacerbate these issues, as it provides the government with greater tools for monitoring and possibly silencing dissenting voices. The registration of IMEIs could make it easier to identify and target journalists, potentially leading to more arrests and intimidation.”
Adegboyega further said that another risk posed by the centralised database was the Nigerian government’s weak data protection system, which could erode trust.
“The Nigerian government has faced several data breaches involving sensitive information like the National Identification Number (NIN). If the NCC fails to protect the IMEI database adequately, it could lead to similar breaches, exposing the sensitive personal data of millions of Nigerians, including journalists. Given past incidents, the likelihood of mismanagement or weak data protection measures is concerning, which could erode public trust in the system,” he said.
He explained that a data pool enables the government to track journalists in real-time, leading to misuse by state actors: “The misuse of such a database could also threaten the safety of journalists, activists, and other vulnerable groups by making it easier for authorities to monitor their activities.”
Nnamdi Anekwe Chife, a security expert, told this news platform on Tuesday that it was acceptable for the government to build a database of registered devices in the interest of national security.
However, he said, it also has the obligation to respect citizens’ privacy and data.
“In the interest of national security, the government can build a database, as it is mandated to combat and curtail terrorism, kidnapping, and other violent acts,” Chife said.
ANNOUNCED AND DENIED IN 2021
The NCC first announced that Nigerians would have to submit the IMEI of their mobile devices for registration in 2021. At the time, the commission said the directive would be to “curtail the counterfeit mobile phone market, discourage mobile phone theft, enhance national security, protect consumer interest, increase revenue generation for the government, reduce the rate of kidnapping, mitigate the use of stolen phones for crime, and facilitate blocking or tracing of stolen mobile phones and other smart devices”.
However, the federal government denied issuing the directive but said the DMS it was setting up would capture Nigerians’ IMEI without them having to submit it.
On Monday, a news platform reported how the Bola Tinubu-led administration had been targeting journalists, pressure groups and civic organisations demanding accountability.
The report highlighted how several journalists and activists, including Joe Ajaero, the president of the Nigeria Labour Congress (NLC), had been picked up and detained by the SSS.
In March, the same medium also alerted Nigerians to a data breach in which XpressVerify, a private website, sold the NIN and personal data of Nigerians—data that ought to be managed by the National Identity Management Commission (NIMC).
Following the exposé, NIMC admitted it had licensed partners who could access its database but distanced itself from XpressVerify.
When contacted the NCC on Tuesday afternoon to inquire about the motivation behind the new policy, whether it was connected to the reports from 2021, and what plans it had to ensure that journalists would not suffer as a result of the policy, the operator who answered the call directed us to the public complaints unit.
Afterwards, a representative of the NCC’s public complaints unit asked us to get in touch with the technical standard and network integrity unit.
“Get in touch with the technical standard,” a male voice who didn’t reveal his name said. When we asked how to reach the unit, he said he would call back but had not done so at press time.