CIPIT has been conducting network measurements on Kenyan Internet Service Providers (ISPs) since June 2016 using assorted techniques. Between 6 – 10 February 2017, the data indicated the presence of a middle-box on the cellular network of one provider, Safaricom Limited (AS33771) that had not previously presented any signs of traffic manipulation. Middle-boxes assume dual-use character in that they can be used for legitimate functions (e.g., network optimisation) and can simultaneously be used for traffic manipulation, surveillance and aiding censorship.
In light of such dual uses, our report makes it clear that service providers operating middle-boxes must communicate to the public in a transparent manner the justification for such activity. This is especially relevant as government bodies announce plans to monitor the Internet during Kenya’s current electoral processes.
Our research brief presents the methodology we use to detect middle-boxes, illustrates how that methodology was applied on Kenyan networks as well as our findings from the ten months investigations. Finally, we contextualised these findings within the Kenyan political and legal processes.
Download the research brief here.
UPDATE 25 March 2017
Read Safaricom’s reply to our publication and our subsequent clarifications to the queries raised in the reply.
CIPIT Research Reveals Evidence of Internet Traffic Tampering in Kenya: The Case of Safaricom’s Network
