Tuesday, October 18, 2011

An Overview of the Draft Quality of Service Regulations 2011

Good news coming from the Communications sector as the Nigerian Communications Commission (NCC) finally publishes a draft copy of the Quality of Service (QoS) Regulations. The QoS regulations will establish the quality of service standards and or parameters and associated measurement, reporting and record keeping tasks imposed on categories of Communications licensees pursuant to Section 104 of the Nigerian Communications Act 2003 (NCA). QoS according to the International Communications Union (ITU) is the “collective effect of service performance which determine the degree of satisfaction of a user of the service”. In other words the QoS will provide an indication of what customers experience when using a particular network or service. The QoS parameters, (also known as QoS metrics, QoS indicators, QoS measures or QoS determinants) are used to characterize the quality level of a certain aspect of a service being offered and ultimately the customer satisfaction. These QoS parameters primarily relate to services and service features and not to the technology used to provide the services. For mobile telephony services, typical examples of parameters reportable are; call set-up time; blocked call ratio; billing accuracy and dropped call ratio. Most parameters are in principle applicable to service provided via telecommunications networks however others are only applicable to specific services depending on the technical aspects of the provision of those services, e.g. broad band internet. It is important to note that these parameters are end-user/customer orientated in that they can be personally perceived by the customers themselves.

Licensees under the Communications Act 2003 are required under the regulations to report, measure (these parameters in accordance with the defined measurement method) and submit the measurements to NCC for publication within the stated period. Only two services are subject to reporting in accordance with the reporting parameters under these regulations. They are; Wireline Services (fixed wireline telephone services for end users) and Wireless Service (which are mobile/wireless telephone services for end users and mobile internet/data services. The targets or key performance indicators (KPIs) have been defined by the regulations as the “a value that is reached by a given parameter where the relevant service identified in these regulations…. In other words, the KPIs are the range of values to be obtained for a particular service to be regarded as satisfactory.

The reporting period when Communications licensees are required to perform QoS measurements, reporting and record keeping is every month starting from the 1st day of a calendar month to the last day or as NCC may determine while the geographical areas for which QoS measurements are to be reported and recorded by are thirty-eight (38) in all. They are; a specific geographical area (1), the various states of the federation (36) and the Federal Capital Territory (1) which are to be taken separately unless the prior written approval of NCC is obtained for two or more reporting geographic areas to be combined into one reporting area. The measurements taken and reported are to be submitted to NCC with one week after the end of the reporting period. Where so directed by NCC, Communications licensees will publish the measurements within one month after the end of the reporting period. Communications licensees are also required to retain the QoS data including all measurements and related records for a minimum of twelve months after the end of the reporting period.

It is important to note that these regulations impose on Communications licensees the obligations to resolve a consumer complaint within the time stated. Where this obligation is not met, then the consumer has a right to be compensated and NCC may impose a fine on the offending Communications licensee. A Communications licensee will also be sanctioned where the rate of occurrence of a particular complaint exceeds the maximum number allowed under the regulations.

NCC may decide to publish all or part of the QoS measurements received from Communications licensees and such publishing must be done within two (2) months after the end of the relevant reporting period. The regulations also empower NCC to investigate some or all the QoS data received or retained by Communications licensees.

It is an offence under the regulations where a Communications licensee; fails to perform QoS measurement and record keeping, fails to attain the target set for a parameter and the service, fails to submit the QoS data within the time specified, submits or publishes false or misleading information about the QoS measurements and obstructs or prevents an investigation or collection of QoS information by NCC. The regulations empower NCC to take one or more of the following enforcement measures against communications licensees who commits any of these offences. These enforcement measures are; requiring that the licensee submit and publish additional information about its QoS measurements including (but not limited to) implementing a remedial action plan to improve its QoS KPIs, issuing directions pursuant to its power under S. 53 of the NCA including but not limited to effect that consumers been compensated for its QoS, imposing fines on licensees in accordance with the regulations.

With the break neck competitions currently experienced in the Communications sector, it may seem fair to argue that QoS is the resultant effect of the ongoing tariff wars between incumbent licensees, but then cheaper tariffs should never be sacrificed at the expense of poor QoS and in the same breath Communications services should be affordable by all. The QoS standards are indeed coming at a time when the QoS levels and Network Performance are both at its lowest. These standards will serve as a consumer protection measure on one hand, by enabling the average customer to make informed choices about the quality and price of a particular mobile telephone service and on the other hand, improve competition by ensuring that measurements accurately reported and published will discourage mobile network operators from service quality that falls short of the benchmarks, what remains to be seen is how far NCC is willing to ensure that licensees abide by the strict letters of these regulations.

Wednesday, September 28, 2011

IMPROVING THE TRUSTWORTHINESS OF ONLINE TRANSACTIONS IN NIGERIA

The Cashless Lagos initiative currently led by the Central Bank of Nigeria (CBN) is set to go live on the 1st of January, 2012. The next couple of weeks will also see the CBN sensitizing stakeholders in Lagos on this new initiative for a cashless economy and the safe and secure options for making electronic payments. An electronic payment in its simplest sense is the making of payment(s) via an electronic terminal or platform and forms an integral part of the e-commerce ecosystem. The importance of e-commerce seems to be hinged on the prediction of JP Morgan senior analyst Imran Khan that global ecommerce revenue is expected to grow nearly 19 per cent in 2011 to the tune of $680 billion.

Electronic payment systems can be grouped into four broad categories: online electronic cash system, electronic cheque system, smart cards based electronic payment system and online credit card payment system (which is the main emphasis of this article). Each payment scheme has its advantages and disadvantages for the customers and merchants. These payment systems have a number of unique requirements: e.g. security, acceptability, convenience, cost, anonymity, control, and traceability. Online credit card payment system seeks to extend the functionality of existing credit cards for use as an online payment tools. According to Laudon and Traver 2002, this payment system has been widely accepted by consumers and merchants throughout the world, and by far the most popular methods of payments especially in the retail markets. This form of payment system has several advantages, which were never available through the traditional channels of payment. Some of the most important are: privacy, integrity, compatibility, good transaction efficiency, acceptability, convenience, mobility, low financial risk and anonymity.

But this payment system has raised several problems before the consumers and merchants. Irrespective of the convenience offered by this form of payment, it is still fraught with a lot of security challenges. Recent experience has shown that cyber criminals have evolved in response to the current trend for making payments online by engaging in phishing attacks such as website spoofing. Web site spoofing occurs where the cybercriminal masquerades as a known entity by setting up a phony website very similar to the website operated by the entity and attempts to obtain valuable information such as the credit card details from the online consumer. In response to this threat, trusted entities in the website community established the Extended Validation (EV) Certificate. An EV certificate is a type of public key certificate issued to a website operator according to a specific set of identity verification criteria. These criteria require extensive verification of the requesting entity's identity by the issuing “trusted third-party” certification authority before the certificate is issued. A website secured with the EV certificate is important in two ways; it identifies the legal entity that operates the web site by providing a reasonable assurance to the online consumer that the web site the consumer is accessing is controlled by a specific legal entity identified in the EV Certificate by name, address of place of business, jurisdiction of incorporation or registration and registration number or other disambiguating information and prevents a a-man-in-middle attack by facilitating the exchange of encryption keys in order to enable the scrambling of debit/credit card details when exchanged between the online consumer and the web site, however the primary purpose seems to be in establishing the legitimacy of a business claiming to operate a web site.

A recent development in website assurance is the use Trustmarks. Trustmarks are electronic labels or visual labels indicating that an e-merchant has demonstrated its conformity to standards regarding e.g. security, privacy and fair business practices. E-merchants hope that, by displaying the trustmark on their websites, online consumers will trust their certificate practice and be more likely to divulge their personal data and transact with them. Against this background, it is worthwhile to mention that the guidelines on electronic banking introduced by the CBN in 2003 is silent on the obligations of financial service providers to ensure that websites used for e-banking are protected with EV certificates or even any forms of secure socket layer (SSL) encryption technologies. The closest this guidelines comes to mentioning this obligation is by requiring that banks Ensure that adequate information is provided on their websites to allow potential customers to make an informed conclusion about the bank's identity and regulatory status of the bank prior to entering into e-banking transactions and that ISPs should exercise due diligence to ensure that only websites of financial institutions duly licensed by the CBN are hosted on their servers. ISPs that host unlicensed financial institutions would therefore be held liable for all acts committed through the hosted websites. However the circumstances under which the information provided by the banks on their websites is deemed to be adequate and that due diligence has properly been exhibited by ISPs has unfortunately not been made any clearer under the Guidelines. In my view, such operators of websites capable of processing online transactions owe it as a duty of care to their numerous online consumers to ensure that as a minimum their websites are “trusted” and that transactions processed on it are secure. On this score, the need arises for our federal legislators to pass the cybercrime bill which was unfortunately killed in the last legislative session. Recently the demand for a Cybercrime Framework has been renewed by the charismatic IT evangelist Gbenga Sesan through an e-petition on the www.change.org website. A cybercrime regime will go a long way in complementing the efforts of website operators in assuring their websites and will also work decisively to intervene where phishing attacks and other forms of cyber nuisance are committed in cyberspace.

Monday, August 1, 2011

Adenuga moves to take over NITEL for US $450 Million: Competition issues at stake in the Communications Market

Over the weekend, it was reported by the Thisday newspaper that Dr. Adenuga, the Chairman and owner of Globacom Limited, Nigeria’s second national carrier has made a proposal to the Federal Government of Nigeria to acquire controlling interest in Nigerian Telecommunications Limited (NITEL) for USD 450 Million, through a Special Purpose Vehicle. This particular acquisition is likely to throw up myriads of competition/anti-trust issues that will require the intervention of Nigerian Communications Commission (NCC).

Section 90 of the Nigerian Communications Act, 2003 (NCA) empowers NCC “to determine, pronounce upon, administer, monitor and enforce compliance of all persons with competition laws and regulations, whether of a general or specific nature, as it relates to the Nigerian communications market”. The basis for NCC’s intervention is to prevent communications’ licensees from engaging in anti-competitive practice having the effect of “substantially lessening of competition” (SLC) in any aspect of the communications market (Section 91 (1), NCA). Section 26 of the Competition Practice Regulations 2007 (CPR) made under the NCA also empowers the NCC to review all mergers, acquisitions and takeovers in the Communications market. Transactions coming within the ambit of NCC’s review procedures are; transactions that involve the acquisition of more than 10% of the shares of a Licensee; or any other transaction that results in a change, in control of the Licensee; or any transaction that results in the direct or indirect transfer or acquisition of any individual licence, previously granted by the [NCC] pursuant to the Act (Section 27 CPR a-c). In other words for the review powers of the NCC under section 27 CPR to be activated first there must be the existence of a transaction that falls within the definition of the above listed transaction and secondly, the question of whether or not the transaction will lead to a SLC situation. The NCC is not required to attempt the second question if it is of the opinion that the transaction does not meet the specification of Section 27 CPR. However neither the NCA nor the CPR provides further guidance that will aid in answering these questions.

As already stated, a transaction must meet any of the three criteria above to constitute a transaction requiring the NCC to apply its review procedures. In the particular instance, Adenuga’s intention to acquire NITEL is the most obvious example of the application of Section 27 CPR and meets the jurisdictional threshold of both subsections a and b.

The second question is the application of the SLC test. The term “substantial lessening of competition” is not defined in the NCA but NCC published copious guidelines in the CPR which clarifies the meaning of SLC and determines whether particular conduct will constitute a SLC situation.

Where competition exists, Communications’ licensees contend with each other to grow their subscriber base, NCC is required to consider the instant transaction in terms of the effect it will have on the competition. In a fully competitive market, no one single operator will have market power and hence will not be able to influence market conditions, but must however respond to this competition by offering better prices or quality of service or quantities to attract customers.

An acquisition giving rise to a SLC situation would have a significant effect on the competition in the long run and therefore put more burdens on operators to improve upon their competitive edge. Such transaction would obviously impact negatively on consumer welfare. Irrespective of the commercial rationale for the transaction from the perspective of each of the parties, it still remains a possibility for the acquisition to give rise to a SLC situation through coordinated effects, especially as both GLO and NITEL (if acquired by Dr. Adenuga) may recognize their mutual interdependency and decide that they can reach a more profitable outcome if they coordinate their effort to limit the competition between them, this is even more probable as both companies are the only two companies holding a National Carrier License in Nigeria. Such coordination may be explicit or tacit and may take the form dividing market or by allocating contracts among themselves in a bidding competition. In practice this coordination is detrimental to consumers by eg. limiting production or stifling innovations. In such a case, NCC is required to consider the impact of this acquisition on the likelihood and effectiveness of the coordination.

NITEL also occupies a Dominant position in the communications market since it has control of essential network facilities or similar infrastructure built for and paid for by the Federal Government which gives it numerous competitive advantages over other operators. Access to these essential facilities is required by competing Licensees and that cannot, for commercial or technical reasons, be duplicated by competing Licensees. The holding of a dominant position is not prohibited but it is the abuse of a dominant position that is capable of a SLC situation. A conduct may be in breach of the NCA, the CPR and a communications license condition. For instance discriminating in the provision of interconnection or other communications services or facilities to competing Licensees... under Section 8 (b) of the CPR for example, NITEL may provide interconnection to GLO within a week but delay this interconnection to other operators for months. This conduct would be clearly breaching the communications license condition prohibiting undue discrimination and may also be an abuse of a dominant position contrary to Part V prohibition of the CPR. It is also important to note that agreements relating to any acquisition may still be anti-competitive especially if it is capable of resulting to any of the state of affairs enumerated under Section 13 of the CPR.

Evidence of such detrimental effect will play a key role in determining whether or not a SLC condition actually exists. NCC’s review to determine whether or not there exists a SLC situation is premised on the identification of the relevant market and the competitive effect of the acquisition. Finally, NCC as the sector regulator tasked with promotion of fair competition and protection against the misuse of market power or other anti-competitive practices, pursuant to Part 1of Chapter VI of the NCA would be required in the circumstance to apply mitigating measures such as denying approval for the acquisition/transaction, to recommend that component units of NITEL be acquired, to restructure the transaction, or give conditional approval where regulatory oversight would be used to check mate anti-competitive practices to prevent a SLC situation.

Monday, July 25, 2011

An Innovative way of Improving Quality of Service in Mobile Telecommunications Service with the Nigerian Sovereign Wealth Investment Fund

With a teledensity of 64.70 per cent and a total connected lines (GSM and CDMA) of 115,140,681 (and still counting), network congestion has continually been the bane of poor quality of service (QoS) levels in mobile telecommunications services in Nigeria, Africa’s largest telecommunications market. This article seeks to propose an innovative way of applying the Infrastructure Fund created by the Nigerian Sovereign Wealth Authority Act to fund projects expanding mobile network capacity by building additional base stations. This investment decision would not only be consistent with the statutory objective of assisting the development of critical infrastructure in Nigeria that will attract and support foreign investment, economic diversification and growth, but would have the resultant effect of improving the QoS levels currently experienced in mobile telecommunications service in Nigeria.

On the 10th of May, 2011, the Senate passed the Nigerian Sovereign Wealth Investment Authority Bill into Law, this was subsequently followed by passage of the same Bill by the House of Representatives on the 19th of May, 2011. The Bill now an Act establishes the Nigerian Investment Authority which is statutorily charged inter alia with the mandate to enhance the development of Nigerian Infrastructure by establishing the Nigerian Infrastructure Fund. The Nigerian Infrastructure Fund is part of the Nigerian Sovereign Wealth Investment Fund and is primarily set up to support through investment predicated financial returns the development of basic, essential and efficient critical infrastructure in Nigeria (such as mobile telecommunications networks) in order to stimulate the growth and diversification of the Nigerian economy and create jobs for Nigerians.

This article proposes that part of the Infrastructure Fund should be applied to funding projects expanding mobile networks by building additional base stations only in geographic areas where QoS parameters such as network coverage, service accessibility and service retainability are perceived by mobile telecommunications users to be low. The proposed structure would involve the grant of long term (say 25 years) soft loan to cover at least 70 per cent of the cost building these base stations to the project company or the Special Purpose Vehicle (SPV) set up by Mobile Telecommunications Service Providers in Nigeria. This SPV would be specifically incorporated to build-own-operate (BOO) the additional base stations throughout its lifecycle. In line with this arrangement, the project company would also be required to enter into a long term Infrastructure Service Agreement with the existing mobile telecommunications service providers (both GSM & CDMA service providers). This contractual arrangement is similar to an Offtake contract or Power Purchase Agreement (used for a project producing electricity) which assures; on one hand, the GSM & CDMA service providers (the purchasers) that these mobile networks will always be available and on the other hand, that the SPV will have a ready market to lease out the base stations on a long term basis at a preagreed price.

As this is a type of public sector funding, arguments against this approach would contend that it lacks the discipline inherent in private sector financing. Typical due diligence undertaken where a private sector lender is involved usually entails the careful evaluation of all the risks involved in the project and their proper allocation to parties other than the SPV. This practice is derived from the principle that risks should be allocated to the party best able to manage it; however the argument supporting this investment approach contends that the Infrastructure Fund would provide a form of low-cost public sector finance for mobile network expansion that retains the benefit of private sector management and control (since the SPV is constituted by both the GSM and CDMA service providers), this is beside the fact that long term investment like this would also improve upon the return for the Sovereign Wealth Investment Authority (as the major investor), taking advantage of the fact that debt is actually cheaper than equity. The major point argued is that why not have the project benefit from the best of both worlds by having the public sector provide the project with debt, in partnership with equity stakes to be held by the private sector investors in the SPV.

Improving the QoS of mobile telecommunications services by investing in the construction of additional base stations is likely to have an effect on deciding potential locations of foreign direct investments as the nature of an economy’s overall infrastructure plays a key role in its ability to respond to changes in demand and prices or to take advantage of other resources. In terms of economic growth, additional investment in telecommunications infrastructure would see an improvement of the GNP and the production of higher value added services and products driven by the secondary or tertiary telecommunications industries. As the economy grows and telecommunications services improves, there is likely to be a correlating increase in investments by foreign companies (such as Alcatel-Lucent, Nokia, Siemens, Ericcson) dealing in modern communications technologies.

No doubt it goes without saying that telecommunications services drive the development of new businesses, as evidenced by the enormous growth throughout the world in recent years of cellular and internet-based business models. In return, the growth of these business activities would drive demand for telecommunications services, thus forming a virtuous circle. Increasingly as businesses, especially private businesses develop in Nigeria, the need to address and develop the market for advanced telecommunications services will also arise. One consequence is a strong support to the development and transition of the economy as a whole which is given impetus by the rationale for investing with the Nigerian Sovereign Wealth Fund.

Sunday, May 29, 2011

NaijaCyberHacktivism, Cyber threats and the failure of the National Assembly to Strengthen the Arm of the Nigerian Law

On the 1st of March, 2011 the Federal House of Representatives led by outgoing speaker Hon. Dimeji Bankole killed An Act To Provide For The Establishment Of The Cyber Security And Information Protection Agency Charged With The Responsibility To Secure Computer Systems And Networks And Liaise With The Relevant Law Enforcement Agency For The Enforcement Of Cyber Crimes Laws, And For Related Matters (HB 154), the reason been that the provisions of the Bill overlapped with the provisions of some existing legislations such as the Economic and Financial Crimes Commission (Amendment) Act 2007. HB 154 was supposed to provide the legal framework for the establishment of an independent Cybercrime Agency and would have legislated on various Cybercrimes and Cyber-Security offences. These offences are either committed against the integrity, availability and confidentiality of computer systems and telecommunications networks or using such networks to commit offences. In particular HB 154 sought to apply to; offences against the confidentiality, integrity and availability of computer data and systems (hacking, unlawful interception, denial-of-service attacks, system interference, etc); computer related offences (fraudulent electronic mail, spamming, impersonation, copyright infringement); content related offences (child pornography); data retention; lawful & unlawful Interception; designation of critical information systems; and admissibility of electronic evidence.

Fast-forward to May 25th, 2011 where the cyber activist group going by the name Naija Cyber Hacktivist group brought down the website of Niger-Delta Development Commission’s (NDDC) website in protest of the federal government’s planned expenditure of almost 1 billion Naira on the presidential inauguration of Dr. Goodluck Ebele Jonathan. This protest which took the form of a denial-of-service attack has once again brought to the fore the inability of our extant legal framework to combat cyber threats or security threats against computer or telecommunications networks. This denial-of-service attack is a type of system interference which seeks to make computer resources unavailable by saturating it with external communications request to prevent it from responding to legitimate traffic, translated to simple English, it generally means that this cyber attack will prevent an internet site or service from functioning efficiently or at all, temporarily or indefinitely.

It becomes important to mention that Section 13 of the already dead HB 154 criminalizes this type of conduct with a term of imprisonment not less than seven (7) years or by imposing a fine of 2 million naira; in particular it provided that:

Any person who without authority or in excess of authority intentionally denies or interferes with access to any computer or network so as prevent any—
a) part of the computer from functioning; or
b) denying or partially denying any legitimate user of any service of such computer or network;
commits an offence and shall be liable on conviction to a fine of not less than N2,000,000 or imprisonment for a term of not less than 7 years or to both such fine and imprisonment
.

The particular aim of this section was to bring within its ambit the intentional prevention of the lawful use of a computer system including telecommunications facilities by using or influencing computer data. We must also note that the protected interest here is the right of the network operator or us, the system users being able to have them function optimally (me continues to think how this provision or similar provisions embedded in HB 154 overlapped with any provision of the EFCC Act 2007). This prevention definitely refers to actions that will interfere with the proper functioning of the computer or network system and will usually take the form of imputing, transmitting, damaging, deleting, altering or suppressing computer data. No doubt the 24 hour unavailability of NDDC’s website and the current threat is serious enough to warrant the intervention of HB 154’s section 13.

However while not attempting to call any bluff here, we must note that we have been promised another dose of cyber attacks against the networks of all financial institutions, e-payment platforms, telcos and government if the federal government goes ahead with its planned expenditure for the presidential inauguration, we can only do but wait and see how the long arm of the Nigerian law intends to catch up with this category of cyber robin hood and his band of merry men when this promise is fulfilled.

On a last note, I end with a quote from Johnson and Post in Law and Borders-The Rise of Law in Cyberspace’, Stanford Law Review, 48, (1996): 1367, 1375 that:
the rise of an electronic medium that disregards geographical boundaries throws the law into disarray by creating entirely new phenomena that need to become the subject of clear legal rules that cannot be governed, satisfactorily, by any current territorially based sovereign