3rd JUNE 2018
OCCUPYGHANA® PRESS STATEMENT
OCCUPYGHANA PRESS STATEMENT ON ISSUES ARISING FROM THE “KELNI GVG CONTRACT”
OccupyGhana® has followed the ongoing debate concerning the 27th December 2017 contract between the Ministries of Finance and Communications on the one part, and a company called Kelni GVG on the other part, to provide “a common platform for the purpose of revenue assurance, traffic monitoring, fraud management and mobile money monitoring” (“Contract.”)
After our review of the Contract, facts available to us and the law, our key demands, as citizens of Ghana, are as follows:
- The Finance Minister, if he has not done so already, immediately lays before Parliament for passage, the Legislative Instrument required to properly put in place the monthly Communications Service Tax returns required to be filed by the service providers;
- (i) The deployment of the Revenue Assurance Module under the Contract should be limited to access to the service providers’ billing systems and nothing more or less,
(ii) Detailed investigation and audit by an independent expert, of the mechanism to be deployed under the Contract, particularly the Revenue Assurance, Specific Voice and Geographic Location Modules, to ascertain and ensure that any snoop and tap capability that is prohibited by law, does not exist, and
(iii) Assurance by the Government that the Mobile Money Monitoring Module under the Contract is not a wholly unnecessary replication of a regulatory function that is vested by law in, and is currently being performed by, the Bank of Ghana; and
- Enforcement of the law on the use of Internally Generated Funds of the Ghana Revenue Authority and the National Communications Authority for their expenses only, and if considered necessary, make the two entities direct parties to the Contract so that they have a legal say in how the Contract is performed, in their own right.
These demands arise from three primary concerns, namely, (1) how the Communications Service Tax is to be collected and paid to the Government, (2) whether the deployment of the monitoring mechanism under the Contract breaches or has the potential to breach the privacy protections under both the law and the Constitution, and (3) whether the payment of contract sums under the Contract, not by the Government (which is the party to the Contract) but, directly by the Ghana Revenue Authority (“GRA”) and the National Communications Authority (“NCA”) also breaches both the law and the Constitution.
COMMUNICATIONS SERVICE TAX
The 2008 Communications Service Tax Act provides that users of electronic communications services should pay a 6% tax. The mode of tax collection is clear: “The tax shall be PAID TOGETHER with the electronic communications service charge payable to the service provider by the user of the service.” This simply means that the user pays tax on the value of the voucher/service at the point of purchase, irrespective of whether the distributor sells or the customer uses or does not use what is purchased. The service provider collects the tax and then pays it to the GRA.
The law then provides two processes for verifying/auditing the tax collection and payment. The first is by the service providers filing monthly CST returns with the GRA. The returns form is to be designed by the Minister for Finance to provide information that the Minister deems necessary for those auditing purposes, by way of regulations under a Legislative Instrument. We are informed that the Legislative Instrument is yet to be passed, ten years after the law was passed. We however understand that in lieu of the LI, the GRA has designed its own returns form that the service providers routinely file.
The second verification/audit process is by way of the service providers giving the Government “physical access” to some “node” in their billing systems or an equivalent point, described by some as “Real Time Monitoring.” While some industry watchers and actors fault the wording of the law in this regard and describe it as “vague,” we believe that the intention of the framers of the law is obvious: the Government must be given access to an equivalent point in the providers’ networks, but ONLY to where the latter’s billing systems are connected. We do not see how this simple understanding presents any problems.
We also note that the Contract has four Modules, namely (i) Revenue Assurance, (ii) Specific Voice, (iii) Geographic Location, and (iv) Mobile Money Monitoring. We think that the Revenue Assurance Module should be easy to implement, which would comply with the law, as long as all that the Government has access to are the billing systems. We are concerned that the Specific Voice Module (“traffic monitoring”) raises questions about the potential to monitor the content of communications in breach of the Constitution and statute. We also need to be convinced that the Geographic Location Module (“fraud management”) is really relevant to the work that the Government has to do, and does not breach the Constitution and statute. And we have doubts that with the launch of the mobile money interoperability platform that is monitored by the Bank of Ghana in real time, a parallel Mobile Money Monitoring Module is really required.
Thus while we appreciate the Government’s probably well-intended aims under these contractual modules, it goes without saying that the modules may only be implemented in accordance with the law. The law as it stands now provides for the filing of monthly returns and giving access to billing systems only. Anything less than this would be in breach of the law. But, more importantly, anything beyond this would also arguably be in breach of the privacy protections afforded by the Constitution and statute.
And it is to this that we now turn.
We are very concerned about the privacy issues that this Contract raises. The privacy of communications and correspondence is guaranteed by Article 18(2) of the Constitution, subject only to the qualifications provided in either that Article itself or Article 21(4). It is in the light of these, and following concerns expressed when the idea of ‘monitoring’ international inbound traffic first came up, that the 2008 Electronic Communications Act was amended in 2009 to provide expressly that whatever “mechanisms or measures” are instituted “shall not have the capability to actively or passively record, monitor or tap into the content of any incoming or outgoing electronic communication traffic, including voice, video and data existing discretely or on a coverage platform whether local or international.”
Upon similar concerns being expressed with the introduction of this so-called “Real Time Monitoring” in the 2013 amendment of the 2008 Communications Service Tax Act, Parliament provided again that the “monitoring mechanism” also “shall not have the capability to actively or passively record, monitor, or tap into the content of any incoming or outgoing electronic communications traffic, including voice, video or data existing discretely or on a converged platform whether local or international.”
Parliament, as if to shore these provisions up and being cognisant of the provisions in Article 18(2) of the Constitution, also passed the 2012 Data Protection Act to provide what is arguably the widest privacy protections known to the law, of data, which the Act defines to include information that “is processed by means of equipment operating automatically in response to instructions given for that purpose,” “recorded with the intention that it should be processed by means of such equipment,” “recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system,” or simply “forms part of an accessible record.”
Our argument is that however laudable the government’s intentions are for entering into the Contract, and whatever assurances and pledges we receive that the government does not intend to snoop on or tap into our communications and correspondence, the law is simply that whatever mechanism is being deployed “SHALL NOT HAVE” snoop or tap capability.
We have seen a Press Statement issued by the Chief Executive Officer of the Ghana Chamber of Telecommunications dated 1st June 2018, and which says emphatically as follows:
“Our informed position is that the current architecture from the NCA and Kelni GVG does not conform to these design standards. The architecture does not provide our customers the privacy of their communication that the constitution guarantees…”
The said Press Statement then lists the following “challenges”:
“a. the current architecture seeks to connect beyond the equivalent point in the network where the network providers’ billings systems are connected; [and]
- The monitoring mechanism has the capability to actively or passively record, monitor or tap into the content of any incoming or outgoing electronic communications traffic such as voice. The proposed connection point will risk exposing content of voice traffic.”
If these statements are true, then the deployment of the mechanism with the statutorily prohibited snoop and tap capability, is a breach of the law and the Constitution. Then we would agree with the Chamber that
“The voice transaction damp(sic) for the revenue assurance tool should be enough without risking individual customer privacy. We are minded that the law does not talk about intent but capability, which the current architecture processes (sic).”
Having said that, we must however express our disappointment that the members of the Chamber, with such a strong and informed position on the matter, neglected or failed to commence legal action against the government to have this matter resolved once and for all by the courts within the 7-day limit imposed by law. That was a letdown.
However, moving forward, we must point out that in Ghana, the 2012 Data Protection Act protects both “data” and “metadata,” i.e. data that provides information about other data. This falls under the definition of “personal data” as “data about an individual which can be identified from the data or other information in the possession of or likely to come into the possession of the data controller.” Thus in Ghana, a person’s voice communications as well as the fact that the person communicated with another person from a certain location and for a certain period (which is the kind of information that the “Real Time Monitoring” would have access to), are entitled to the same level of privacy protection under our law.
As a matter of interest, while industry watchers are awaiting a decision of the US Supreme Court on whether the US government’s “acquisition of historical cell-site records created and maintained by a cellular-service provider violates the Fourth Amendment rights of the individual customer to whom the records pertain,” we in Ghana have no such problem.
Accordingly, any system that obtains both data and metadata has to comply with the law.
In this regard, we must register our disappointment also at the profoundly deafening silence of the Data Protection Commission in all of these matters. It is important that when such issues arise, statutory bodies entrusted with responsibility to protect our rights act proactively in investigating them, speaking out and making their relevance felt by educating the public.
PAYMENT OF CONTRACT SUMS
We note that neither the NCA nor the GRA is a party to the Contract. Yet they are “nominated” by the Ministry of Communications and the Ministry of Finance, respectively, as their “implementation agents.” And we are also informed that the money to be paid to Kelni GVG under the Contract (“Contract Sum”) is to be paid by the NCA and GRA in a 40% to 60% divide.
We are concerned that the payment of the Contract Sum is not part of the “expenses” of either the NCA or the GRA, and therefore cannot be paid directly out of the Internally Generated Funds of either entity. Both the GRA and NCA are established by law as bodies corporate “with perpetual succession and a common seal and may sue and be sued in its corporate name.” Granted that they are authorities of the State, they are considered separate and distinct from the Government. Each of them has a Board that is, by law, the “governing body of the Authority.”
Although each of them is statutorily under the supervision of a relevant Minister of state, the law is careful to set out and delineate in specific detail, the extent and bounds of that supervision. The general rule is that the Authorities and their Boards are bound by only written “Policy Directives” issued by the relevant Ministers. And it should be blindingly obvious that those “Policy Directives” cannot contravene the law or the Constitution.
The law is clear on what the moneys that either the GRA or NCA receives are to be used for. They are only to retain specific portions of those moneys specifically for their “expenses” only, and the remainder “SHALL” be paid into the Consolidated Fund. Any use of those moneys on expenditure that does not fall within the “expenses” of the entities is illegal. Any use of the government’s portion of those monies by any person including the Government itself without the moneys first being paid into the Consolidated Fund is a breach of Article 176 of the Constitution. We reiterate that neither the Ministry of Finance nor Ministry of Communications has the power to issue “Policy Directives” that breach these provisions.
We do not think that the Ministries of Finance and Communications “nominating” the GRA and NCA respectively as agents under a contract with a private entity falls under the power to issue “Policy Directives.” We do not think that simply on account of that contractual provision, the GRA and NCA become bound to make the payments of the Contract Sums under the Contract that neither of them is a party to. We do not think that paying the Contract Sums is part of the legitimate “expenses” of the GRA and NCA, non-parties to the Contract. We would add that there is a complete lack of privity of contract, and that the Contract cannot impose obligations arising under it on any person or even an agent, except the parties to it.
It is time to end the situation where successive governments deliberately turn a blind eye to the requirement for the payment into the Consolidated Fund of moneys that particularly the NCA is bound to pay, which then gives to government the illegal opportunity to spend those moneys completely “off-balance sheet,” on the blind side of Parliament and the Auditor-General, and in breach of the Constitution.
We would add that any such spending of monies that properly belongs to the Consolidated Fund, being contrary to law, becomes liable to the disallowance and surcharge powers of the Auditor-General under Article 187 of the Constitution. It must be noted that these powers have been interpreted by the Supreme Court on 14th June 2017 in OccupyGhana v. Attorney-General (Suit No. J1/19/2016) as follows: “the Auditor-General is bound to issue a disallowance or surcharge where there has been any item of expenditure on behalf of the Government that is contrary to law.”
OTHER RELEVANT ISSUES
In this statement, we have limited ourselves to what we perceive to be the legalities of the matter. We do not examine the larger issue of whether any of this is indeed the best practice in countries with more experience and success in telecom regulation. We are still examining that point.
We also do not address the issue of value for money. Although we note a reduction in the total contract sum from the previous or existing contracts, we believe that we can only conduct a fair and accurate review when we have seen and examined the Bill of Quantities and other relevant documents that were submitted by the winning bid. We are therefore applying to the Public Procurement Authority for those and may issue a statement on them after we have reviewed them.
It is in the light of the foregoing that we have made our demands, which we consider reasonable under the circumstances. We expect the Government to accede to these demands to forestall any need to resort to court to resolve the issues raised.
Yours in the service of God and Country