INVESTIGATION has revealed how All Progressive Congress (APC) may have been privileged by a breach of data privacy of Nigerians ahead of 2019 general elections.
The ruling party, through its Campaign Call Centre located in Abuja, has been found to unduly access data of the prospective electorate and using it to find and canvass votes for President Muhammadu Buhari.
Findings by The ICIR revealed that the APC may have collaborated with the Nigerian Communication Commission (NCC) and the Independent National Electoral Commission (INEC) to access personal information of potential voters without their consent.
The information gathered is used to locate a prospective voter and the area he or she had registered to vote, and then solicit a vote for President Buhari.
One of such callers who identified herself as Lily reached out to a staff of the International Centre for Investigative Reporting, ICIR on January 25 asking him to vote for President Buhari.
The caller disclosed that she got the detail of the ICIR staff through the assistance of NCC.
Caller: “My name is Lily, I’m calling you from the APC campaign call centre Abuja. The President will first love to wish you a happy new year and want to know the issue affecting you in your area.”
Out of curiosity, the respondent queried whether the caller knows his residence and his number, she responded, giving the actual area council, “Yes sir, Kuje Area”.
The respondent queried further if the caller was at Kuje, “No! I’m calling from the campaign call centre, central area, Abuja,” she noted.
“We have your details sir,” Lilly stressed, adding that the APC campaign office got respondents details from the NCC.
Audio Recording of Lily
The caller then continued to persuade the respondent to vote for president Buhari in order to “continue with the good works he is currently doing.”
Voters’ education and persuasion of electorates are no violation of any law, but what is condemnable is acquiring people’s data without their consent. In 2015 while it was still an opposition party, the APC did same but met large public criticism.
“When I pretended as if I did not know what NCC means, the caller spelt out the name in full: Nigerian Communication Commission (NCC),” The ICIR staff said.
“I then wondered why would the NCC breach its law and give out private information of citizens, such as address, to the campaign office of the ruling party.”
In recent times, Nigerians and civil society organisations have repeatedly condemned the influx of unsolicited calls, messages including emails majorly from online businesses, thus demanded legislation to curtail the trend.
But years after the demands, the ruling government that has the responsibility to protect citizens’ privacy appears to be a major defaulter.
Experts have also condemned the act, describing it as an invasion of privacy which the government should take seriously.
Barr. Lauretta Ugwoke, in her remarks, condemned the act, so long there was no consent of the rightful owners. The database, she explained further were not public documents and as such should not be obtained without due process.
“Such documents are not public documents. If they are not public documents, then it is an invasion of privacy. They are not supposed to be used but if they are public documents, it is open for anybody to obtain. If the due process is followed, it can be obtained.
“But once they are not public documents, that means you have invaded somebody’s privacy by doing that and whoever did that can be sued actually. If you are able to get the evidence of who and how they obtained such information.”
On unsolicited emails, “Actually, I don’t think there is any law in place now stopping you from sending such information into peoples email. Even though you are invading somebody’s privacy actually but in Nigeria presently, there is no law against it right now.”
A few days after The ICIR staff’s encounter with APC call centre, another campaign staff in the APC office called with the number 07054958451, and here is the conversation that took place.
“President Buhari will like to know if you are in need of anything in your location sir, such as electricity, water, power, jobs.”
Responding, the recipient said the social amenities were not readily available. The caller identified herself as Precious Ezelioha. She enquired further if the respondent has decided to vote in 2019, “I am still contemplating,” the respondent stated.
Audio Recording 2
Caller: “Were you able vote in 2015,”
Respondent: “Yes I voted.”
Caller: “Who did you vote for?”
Respondent: “I voted for my candidate.”
Caller: “Okay sir. So this year, you don’t know who you are supporting?
Respondent: “Not that I don’t know but now that you are calling me, I will not want to express who I’m voting for.”
Caller: “No..no…It’s okay. It’s your right. But I will like you to vote for President Muhammadu Buhari.” Respondent: “Okay!’
Caller: “Yes Sir.”
Respondent: “Why do you want me to vote for President Buhari? ”
Caller: “Because he needs your vote to continue what he has already started. He needs your vote to make Nigeria a better place. Your votes count, so he needs your vote….”
Respondent: “You asked of what we need in my area but you did not ask of the location?”
Caller: “I’m calling Kuje. Are you not staying in Kuje?”
Respondent: “I am in Kuje. How do you know?”
Caller: “I know. We call based on location and local government….I got your number, you registered for voters’ card…”
Respondent: “So you got my number from the polling unit I registered?”
Caller: “Yes. Everything is there. We are trying to call Kuje people to find out what you guys need”.
Respondent: “It’s a good development. As you these, it means you are concerned.”
Caller: “President Buhari is working you might not see the result now but trust me he is working. I believe in the next two years, Nigeria will be in a very good condition so we need your votes.”
Respondent: “Definitely! But is it from the INEC office you got my phone number?”
Respondent: “So they gave you people access to their database to extract voters’ data?”
Caller: “It is for your own importance; it is for your benefit so we are trying to find out your needs,” she added.
In his reaction, the respondent further queried why the electoral commission would release public contact for campaign purpose, and asked if there will be other benefits aside from the calls. She responded saying, “For now it’s just calling, don’t worry, we will get back to you on that….”
Nigeria’s effort to building citizen’s database
The last administration of President Goodluck Jonathan witnessed series of government initiatives meant to capture public data of the citizens in the country. The essence, which varies was mainly to develop a comprehensive database, such that the nation can reliably provide authentic data for planning, security purpose and national development.
Among the several initiatives are National Identification Number (NIN), being administered by the Nigerian Identity Management Commission (NIMC). The Independent National Electoral Commission (INEC) also developed its database with over 70 million people registered as at then, currently 84.2 million after gathering biometric information of individual voters to produce the Permanent Voters Card (PVC).
Apparently, the INEC biometric registration and subsequent issuance of the PVC is to reduce fraud, increase transparency in the electoral process, especially the issue of under-age voting. More so, is the Federal Road Safety Corps (FRSC) database developed for eligible drivers, including the proposed database by the National Population Commission (NPC).
Eventually, the presidency had to wade in to see to the harmonisation of the data following the proliferation of data capturing activities from various public institutions.
However, most vital and compulsory among these was the CBN bank customers registration and GSM telecommunication users registration, as ordered by the Nigerian Communication Commission (NCC).
As at November 2018, the NCC already recorded a total of 248,115,152 connected lines from which 169,104,830 million are actively connected. This was an increase compared to 144 million active lines recorded in December 2017. The monthly subscriber operator data displays the number of subscribers and teledensity for mobile and fixed telephony services in the country.
Are there data protection laws?
Meanwhile, except Chapter 4, Section 37 of the Nigerian Constitution which guarantees the privacy of citizens telephone conversations, telegraphic communication etc and the NCC Nigeria Code of Practice Regulation (2018), there is currently no specific or comprehensive data privacy protection law in the country.
Part Vi of the NCC Act – Nigeria Code of Practice Regulation, which details protection of consumer information tasked operators to ensure the safety of personal data and make such data available to the regulator.
“(1) Every Licensee shall, at the point of registration of subscriber information pursuant to the Registration of Telephone Subscribers Regulations, provide the consumer with the terms and conditions under which personal data is to be held and processed.
“(2) A Licensee shall ensure that a consumer is kept informed of consumer data being processed by it and the purpose and duration for which the data is being processed.
“(3) A Licensee shall ensure that appropriate measures are taken by it to prevent unauthorised access to communication and data in order to protect the confidentiality of consumers.”
Aside, the The National Information Technology Development Agency (NITDA) Guideline also attempted to place restriction on federal, state, and local governments, including the private sector and other institutions of government from divulging private data.
“any information relating to an identified or identifiable natural person (data subject); information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”.
Data mining for political purpose isn’t new
Data mining is not a new trend. It is also not peculiar to Nigeria. In 2007 and 2015, prior to the emergence of the ruling administration, the PDP, was accused of contracting foreign lobbyist and data harvesting firm to mop-up data of eligible voters on the internet for political gain.
In connivance with an Israeli firm, the data miners were paid to also harvest data on the current president.
The firm, Cambridge Analytical was specifically fingered to have accessed data of over 50 million Facebook users across some nations, including Nigeria. Owned by Robert Mercer, the firm was blamed to have also influenced American election. Though, the Federal Government in April 2018, set up a committee to probe the matter but a year after, nothing is being heard about the resolution.
In the course of this investigation, The ICIR gathered that pro-Peoples Democratic Party (PDP) organisations, was also sending unsolicited emails to the public, canvassing for votes .
Names of recipients were clearly spelt out in the direct emails, copies made available to The ICIR. It was projected in form of voter’s education but with a picture of the PDP candidate affixed at the bottom.
“Honestly, I feel so bad knowing that a public or private institution shared my personal information without any form of consent, I didn’t sign up for any political party’s newsletter and as such should not receive such emails from them.
“The rate at which personal information is shared without the owners’ consent is increasingly alarming and there should be a law that protects customer personal data,” Wilson Atumeyi lamented.
But, Kasim Afegbua, spokesman Atiku Campaign Organisation, could not be reached for his reaction. Several calls to his phone were unsuccessful. Text message sent to him was not returned as at the time of filing this report.
The Director, Strategic Communication for APC Presidential Campaign Council, Festus Keyamo denied knowledge of the campaign centre. “I have no knowledge about that and I have no response about that.”
Mallam Lanre Issa-Onilu, spokesperson of the APC claimed the party could not have mined data illegally to campaign for Buhari’s re-election but asserted the use of legal means such as interpersonal campaign strategy. He also denied knowledge of the APC campaign call centre.
“I am not aware of that. Anything that is illegal, APC is not involved in it but if it is contacting voters, of course, we are using every platform to reach voters in very legal way. We are using our projects to illustrate why we should have a renewal of mandate. There is nothing illegal about that.
“But hacking into websites and other sources, that we are not supposed to do, you won’t find APC in it.”
He later acknowledged the centre, saying “we have many centres where we are interacting with the people…..if they are truly attached to the APC, then whatever they are doing is legal.”
Asked to speak on the source of data obtained by APC call centre from NCC and INEC, he said: “I have no response to that because I don’t know anything about that.”
He also declined knowing about the existence of APC call centre, and how they access voters’ data.
Rotimi Lawrence, chief press secretary to the INEC chairman terminated several calls made to him. He later requested for a text message which was sent promptly; in his response, he described the news as” a very serious allegation and whoever is making it should own up to it.”
“Since you are investigating, complete your investigation and confront me with your findings,” he added. The ICIR later disclosed the finding to him, but he is yet to respond as at the time of filing the report.
Spokesperson of the Nigerian Communications Commission (NCC), Mr. Nnamdi Nwokike, denied the claim saying the data was not in custody of the commission. He added that the NCC could not have shared subscribers data with the campaign call centre.
“I’m sorry, I’m not aware of that. NCC won’t give out data of Nigerians. We don’t have it. NCC wouldn’t do that.” He stated.
Beyond Nigeria, developed nations including the European Union have been developing measures and new laws to protect data of their citizens against invasion. A good instance is the European Union General Data Protection Regulation (GDPR) which came into implementation on 25th May 2018 and was widely accepted by the people.
But Nigeria has not enacted such law yet.