Despite being praised for bringing banking to the poor, Kenya's mobile phone-based money transfer system, M-Pesa, can be used to identify undiscerning users, Nairobi-based ICT expert Grace Githaiga tells DW.
DW: M-Pesa has been praised for bringing banking to the poor, but what are some of the privacy issues arising as a result of its widespread use in Kenya?
Grace Githaiga: One of the privacy issues arising out of M-Pesa in Kenya is the whole question of protection of data. For you to be able to withdraw or use the M-Pesa platform, you must register your details so they want your identity card number, they want your address, sometimes even physical address, so when you transact, whichever transaction you undertake whether it's withdrawal or depositing of money [...] those details are left with the M-Pesa agent and usually the details are recorded in an open book.
Where is this information stored? Is it stored electronically or on paper?
When you transact with an M-Pesa agent, the information is stored so it's a hard copy. But what is not clear is whether the data is returned to the service provider. It is not clear what that data is used for. But the second issue of privacy that has arisen out of the use of M-Pesa is, for example, when spouses are cheating on one another.
How does it work if someone is cheating or there's some sort of weird communication between two people?
What people are doing is that when they are cheating on their spouses, they store the number of their lovers with the name unknown or they give the name of their lovers as a private number. And so spouses, when they start suspecting each other and they see that there's this private number that keeps calling or is being called, what they will do is just send the minimum M-Pesa amount. Say 50 shillings, less than a dollar, they will send to that number. And once you send that money into that account, then it sends you back a report to tell you that money has been sent to so and so, this is their number, and how much money you have sent and what is your balance right now after sending, and so that's how you know, you get to know who this person really is.
So basically M-Pesa is a way of identifying someone?
Precisely. Now, the person who receives the money, their privacy is intruded upon because they have no right to reject this money and now their details have been revealed to a party [with whom] they are not concerned.
And what are some of the solutions that M-Pesa is trying to come up with to combat some of the issues surrounding privacy?
It's really not clear but we know that [...] this is being debated. But so far, nothing has changed, so that still remains.
What about Kenyans, what are they doing? How should they use M-Pesa in a way that doesn't infringe on their privacy?
Unfortunately, that is the situation now, so all that Kenyans can do is complain. However, we actually have a data protection bill [...] It hasn't become law yet, but that tells you that there's debate around data protection, and some of these things are going to be raised in that bill.
Grace Githaiga is an associate at the Kenya ICT Action Network (KICTANet), a platform for people and institutions interested and involved in ICT policy and regulation.