17 JULY 2024 – WINDHOEK

In today’s digital era, the risk of cyber-attacks is a significant concern as bad actors aim to exploit vulnerabilities present in our online interactions. There are several ways in which individuals can inadvertently become targets for these threats, whether through negligence, lack of knowledge, or simply by oversight.

Cybercriminals utilise a variety of tactics to target individuals, with common techniques that are consistently used. It is crucial to be aware of these methods in order to safeguard yourself and your organisation.

This article delves into techniques that make individuals vulnerable to cyber-attacks and provides practical advice on how to enhance personal protection in a constantly evolving interconnected world. Let us explore the most common ways people are targeted and how they can secure their personal information.

1. Phishing Scams

Phishing scams are a common way for people to get hacked, so it is important to prioritise security measures and stay vigilant. Look out for warning signs such as suspicious links, unexpected attachments, requests for confidential information, and urgent language in messages. Always verify sender addresses, domains, message typos, and urgent requests before taking any action.

Vishing involves fraudulent phone calls or voicemails from seemingly reputable companies in an attempt to obtain personal information. Never give out personal or banking details over the phone unless you initiated the call, and always contact your service provider to verify the request or report any suspicious calls. Remember, your bank will never ask for your passwords or pins over the phone.

Smishing refers to phishing attacks through text messages. These messages may lead you to a phishing website or download harmful software onto your device. Always verify any suspicious texts with your service provider before clicking on any links. For example, be wary of texts claiming to be about a delayed delivery with a link to track it. Stay cautious and always verify the legitimacy of any messages before taking any action.

 

2. Weak Passwords

Protect yourself from cybercriminals by using strong, unique passwords for each account and enabling multi-factor authentication. Cybercriminals can crack weak passwords in a matter of minutes or seconds, giving them access to valuable personal information and financial assets. Do not fall victim to these malicious actions – take proactive steps to safeguard your online accounts.

3. Social Engineering

Not all attacks require advanced technology or complex software to be successful. Sometimes, hackers can exploit simple deception to trick individuals. This is the concept behind social engineering, which involves using deception and psychological manipulation. To protect yourself, remain vigilant, question the identity of individuals, and approach any requests for money or personal information with caution. Additionally, refrain from sharing too much personal information on social media and always ensure your security and privacy settings are enabled on all platforms.

4. Outdated Software

Failing to update your systems leaves them vulnerable to cybercriminals who can exploit security weaknesses to steal data or introduce malware. It is essential for organisations to regularly apply critical security patches to all systems and applications. Follow your workplace’s update installation policy and enable automatic updates on your personal devices to ensure you are always protected from potential security threats.

In conclusion, it is crucial for individuals to stay informed and vigilant about the common ways in which they can become targets of cyber threats. By taking proactive measures such as updating passwords regularly, being cautious of phishing emails, and securing personal information online, individuals can significantly reduce the risk of falling victim to cyber-attacks. It is important for everyone to priorities their online security in order to protect themselves and their personal information in an increasingly digital world.

ENDS

Issued By:

Ms. Cornelia Shipindo
Manager: Cyber Security
Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Stakeholdercomms@cran.na

25 JUNE 2024 – WINDHOEK

In today’s interconnected world, digital literacy is a fundamental skill required in all areas of life. As an Authority, we recognise the transformative power of digital literacy. It extends beyond basic technology use to include critical navigation, evaluation, and creation of information on digital platforms.

Digital literacy encompasses various competencies: using digital devices like computers, smartphones, and tablets; navigating the internet; utilising software applications; and engaging with social media platforms. It also involves critical thinking to assess online information, understand privacy and security concerns, and use digital tools ethically and responsibly.

Digital literacy empowers individuals by providing tools to access information, communicate effectively, and participate in the digital economy. In Namibia, enhancing digital literacy can bridge gaps in education, employment, and social inclusion. For students, it opens doors to educational resources and online learning. For job seekers, it means access to job portals, online applications, and remote work opportunities.

The global economy is increasingly digital, and Namibia must keep pace to remain competitive. Digital literacy is crucial for entrepreneurs and small business owners to market products online, manage e-commerce platforms, and leverage digital tools for growth. For the broader workforce, digital skills are now a prerequisite for many jobs, from basic computer literacy to advanced technical skills in fields like cybersecurity, data analysis, and digital marketing.

Digital literacy also plays a vital role in governance and civic participation. With the rise of e-government services, digitally literate citizens can access public services more efficiently, participate in online consultations, and engage with government initiatives. This improves transparency, accountability, and fosters a more inclusive and participatory democracy.

In healthcare, digital literacy can significantly enhance patient care and health outcomes. Telemedicine, electronic health records, and online health resources require both healthcare providers and patients to be digitally literate. During the COVID-19 pandemic, digital tools enabled remote consultations, online health monitoring, and the dissemination of crucial health information, underscoring the need for digital literacy in managing public health crises.

Despite its importance, several challenges hinder the widespread adoption of digital literacy in Namibia:

Limited Access to Technology

Many Namibians, particularly in rural areas, lack access to digital devices and reliable internet connections. This digital divide exacerbates existing inequalities and limits opportunities for those without access to technology.

Lack of Training and Education

Many schools and communities lack the resources or qualified instructors to teach digital literacy effectively, leaving individuals without the skills needed to navigate the digital world.

Cultural and Language Barriers

Cultural and language differences can also pose barriers. Digital content is often available in dominant languages, excluding those who speak indigenous languages. Additionally, cultural attitudes towards technology can influence how individuals perceive and use digital tools.

To address these challenges and enhance digital literacy in Namibia, a multi-faceted approach is needed:

Infrastructure Development

Expanding digital infrastructure is fundamental. Efforts must be made to provide affordable and reliable internet access across the country, particularly in underserved rural areas. Public-private partnerships can play a significant role in this endeavour.

Education Integration

Integrating digital literacy into the national education curriculum from primary school through to higher education is crucial. Schools should be equipped with the necessary technology, and teachers should receive training to teach digital skills effectively. Community centres and libraries can also serve as hubs for digital literacy training.

Support for Vulnerable Groups

Special attention should be given to vulnerable and marginalised groups to ensure inclusivity in digital literacy initiatives. This includes designing tailored programmes for older adults, providing assistive technologies and support for people with disabilities, and addressing gender disparities in digital access and literacy.

Collaboration with Stakeholders

Enhancing digital literacy requires collaboration between various stakeholders, including government, private sector, civil society, and international partners. By working together, these stakeholders can pool resources, share expertise, and develop comprehensive programmes that address various aspects of digital literacy.

Digital literacy is a cornerstone of modern society, and its importance cannot be overstated. For Namibia to thrive in the digital age, we must prioritise developing digital literacy skills across all sectors of society. By addressing the challenges and implementing strategic initiatives, we can empower our citizens, enhance economic opportunities, improve governance, and advance healthcare. As we move forward, let us commit to creating an inclusive digital future where every Namibian has the skills and knowledge to participate fully in the digital world.

As an Authority, we are dedicated to promoting digital literacy and bridging the digital divide. Together, we can embrace the digital future and ensure that every Namibian is equipped to navigate and thrive in the digital age.

ENDS

Issued By:

Hilya Mhani

Manager: Consumer Relations and Advocacy

Tel: +264 61 222 666

Email: Stakeholdercomms@cran.na

19 JUNE 2024

In today’s digital age, maintaining security and privacy is more important than ever. With the constant threat of cyber-attacks and data breaches, it is essential for individuals within organisations to play their part in keeping information safe. While technology can help to a certain extent, human error is still a major factor in many security breaches. That is why following proper security protocols and being aware of potential threats is crucial in ensuring the safety of everyone involved.

Here are five simple actions you can take to play your part.

1. Following Policy
Policies are created to ensure the security of all individuals affiliated with an organisation. They serve as rules to reduce expensive errors and recognise potential threats to systems, data, and individuals. Adhering to policies is a simple and important step that all employees, regardless of their position, can take to protect the organisation.

2. Locking Workstations
No matter the employee’s position or location, it is crucial to always lock workstations and devices when they are not being used. This quick and easy step helps safeguard the access given to you and prevents unauthorised use of your logged on profile. Furthermore, it is important to use strong, unique passwords on all devices and never share them with others.

3. Keeping a Clean Workspace
Do not underestimate the significance of keeping a clean and organised workspace. While it may not appear to be a security concern, a cluttered desk can result in errors like misplacing ID keys or important documents. Maintain an organised workspace and securely store any items containing confidential information.

4. Avoiding USB Devices
Cybercriminals often opt for simplicity by distributing malicious software on USB drives in easily accessible locations. Another tactic is mailing infected drives to organisations, hoping someone will unwittingly plug them in and infect their computer. To safeguard against these attacks, only use authorised USB devices or those that you personally own, including charging cables.

5. Reporting Incidents
An incident is defined as any suspicious or abnormal occurrence. For instance, stumbling upon a USB drive out of the blue is considered an incident that requires immediate reporting. Why the rush? Delaying the reporting of an incident can escalate the potential damage. Reporting promptly enables organizations to swiftly assess the situation and minimize any potential harm.

Remember, people are a crucial part of cybersecurity defense. By following these simple actions and being vigilant in maintaining security and privacy, individuals can help protect themselves and their organisations from potential threats. Together, we can all play our part in maintaining a safe and secure digital environment.

ENDS

Issued By:
Ms. Cornelia Shipindo
Manager: Cyber Security
Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Stakeholdercomms@cran.na

18 JUNE 2024 – WINDHOEK

The International Telecommunications Union (ITU) defines Type Approval as a technical evaluation process to ensure that telecommunications equipment meets specific regulatory standards. In Namibia, this process is overseen by the Communications Regulatory Authority of Namibia (CRAN). CRAN is mandated to regulate telecommunications equipment intended for import into Namibia and ensure such equipment complies with Type Approval standards. Section 80 of the Communications Act (No. 8 of 2009) states that CRAN must prescribe reasonable technical standards for telecommunications equipment to prevent harm to electronic telecommunications networks, public health, and safety.

The current Type Approval Regulation, dated 21 August 2023, and published in Government Gazette No. 8180, requires the following entities to seek Type Approval Certificates:

• Manufacturers
• Importers
• Distributors
• Individuals

The purpose of Type Approval is to ensure that telecommunications equipment complies with Namibian and international standards to prevent radio interference and avoid health and safety hazards. Type Approval is issued for any telecommunications equipment that transmits, receives, or uses radio frequencies and is connected to any electronic communications network, such as cell phones, laptops, computers, radio communications equipment, and digital set-top boxes.

The processing time for Type Approval certification is 40 days as per the Type Approval Regulation. However, the Authority endeavors to issue the certificates within a reasonable time, depending on the volume of applications received.

In February 2023, CRAN and the Namibia Revenue Agency (NAMRA) signed a Memorandum of Understanding (MoU). This followed an agreement between CRAN and the Ministry of Finance: Directorate of Customs and Excise in 2016, aimed at harmonizing the implementation of laws governing the importation of telecommunications equipment into Namibia. The MoU establishes a framework for cooperation between the two parties in areas of common interest for effective and efficient performance of their respective mandates.

The MoU aims to:
•Promote cooperation and coordination regarding the importation of telecommunications equipment into Namibia.
•Collaborate on capacity-building initiatives.
•Establish a working committee to discuss and recommend solutions to challenges impacting the successful implementation of the Type Approval regulatory framework.

Anyone seeking Type Approval must submit a complete application, including all supporting documentation and payment of applicable fees, before importing the telecommunications equipment. Equipment will not be cleared by Customs without a Type Approval certificate. It is best to apply for type approval before importation to avoid delays and that the Authority will not carry any storage costs due to delays in obtaining necessary certifications.

The Type Approval process consists of the following methods:
•Standard Application process
•Simplified method
•Renewal method
•Temporary Importation method
•Reconsideration method

The regulations also specify telecommunications equipment exempt from Type Approval, such as laptops, servers, smart televisions, and tablets without SIM slots. A list of approved devices is available on the CRAN website.
Telecommunications equipment temporarily imported into Namibia for prototypes, testing, and trials, as described in Regulation 5 (3) (a, b) of the Regulations, does not require a Type Approval certificate. However, clients must apply for temporary importation.

It is crucial for all parties involved in the importation of telecommunications equipment to familiarise themselves with the Type Approval Regulations, obtain the necessary Type Approval documentation, or contact CRAN’s Type Approval Team for further assistance at ta@cran.na or 061 222 666.

Namibia’s Type Approval regulations align with international practices followed by ITU Region 1 regulators and standardisation processes prescribed by the ITU. Besides Namibia, South Africa and Botswana also implement Type Approval, and vendors and suppliers generally operate in these markets without issues.

  ENDS

Issued By:
Ms. Loide Nuutushi
Officer: Equipment Approval
The Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Stakeholdercomms@cran.na

As Namibia joins the Fourth Industrial Revolution (4IR), the Information and Communication Technology (ICT) industry starts to have a significant impact on the country’s economy, promoting equality of opportunity, industrial development, economic growth, and poverty eradication. The Namibian government has put laws in place to encourage the growth of ICT due to its importance to economic development.

Through the Communications Regulatory Authority of Namibia (CRAN), the Ministry of Information and Communication Technology (MICT) oversees Namibia’s information technology, telecommunications, broadcasting, media, and postal sectors. CRAN was established in terms of Section 4 of the Communications Act
(No. 8 of 2009) (the Act) to regulate the communications industry in Namibia. The communication industry consists of, but is not limited to, telecommunications, broadcasting, and postal service providers.

As in many other countries, regulatory investigations are essential to the ICT industry in Namibia. CRAN often caries out these investigations to make sure that laws, rules, and industry standards are being followed and they serve several important purposes including:

❖ Monitoring Compliance: Regulatory investigations assist in keeping track of how well ICT businesses, service providers, and operators abide with the applicable rules and regulations. This guarantees that operators follow laws
that support ethical competition, consumer protection, and the effective operation of the industry.

❖ Consumer Protection: Investigations are frequently conducted to safeguard the interests of consumers. Regulatory agencies may look into complaints about billing disagreements, service quality, or other problems affecting ICT
users. They do their best to guarantee that customers get the services they paid for and that their rights are protected.

❖ Fair Competition: Investigations by CRAN are meant to restrict anticompetitive behavior in the ICT industry. CRAN may look into claims of unfair commercial practices like collusion among players in an industry or monopolistic activity. Fair competition encourages innovation and is advantageous for consumers.

❖Spectrum Management: Spectrum is a valuable and finite resource in the ICT industry, particularly in telecommunications. To ensure effective use and equal access for various service providers, CRAN may look into the distribution and exploitation of spectrum.

❖Policy Development: The results of regulatory investigations may be used to build or amend Namibia’s ICT laws and regulations. The information and insights gained from these studies may help policymakers respond to technological improvements and shifting market conditions.

❖Dispute Resolution: In disagreements between various ICT industry parties, CRAN frequently acts as the mediator or arbitrator. Investigative procedures can assist in resolving disputes and conflicts, so avoiding the need for expensive litigation.

❖Promoting Innovation: Regulatory investigations can provide a level playing field that fosters innovation and investment in the ICT Industry by enforcing rules and standards. Both the industry and customers gain from this.

❖Penalties and Enforcement: Enforcement actions and sanctions may result from regulatory investigations against operators that contravene the Act or its regulations. These fines may serve as deterrents and as incentives for conformity.

CRAN is required to conduct investigations into any behavior that violates section 122 of the Act in order to effectively regulate the ICT sector. According to Section 123 of the Act, CRAN is free to designate any of its employees as inspectors to carry out the Act’s powers. In addition, Section 124 enables CRAN to designate anyone with specialist knowledge in a given field as a special investigator to look into any violations of the Act or its regulations.
To execute the mandate of investigations, Section 125 of the Act outlines the powers and functions of an inspector appointed under the Act. Inspectors play a crucial role in ensuring compliance with the provisions of the Act, particularly in matters related to electronic communications, broadcasting, and postal services. Some of the key roles and responsibilities of an inspector are:

❖Investigation and Inspection: An inspector is authorized to investigate and inspect any books, telecommunication facility, any telecommunications equipment or any other object, to obtain any information required.

❖Gathering Evidence: Inspectors have the power to gather evidence related to potential violations of the Act. This may include collecting documents, interviewing witnesses, and conducting on-site inspections to establish facts related to alleged breaches.

❖Reporting: Inspectors are required to prepare and submit reports on their findings to CRAN. These reports may be used as the basis for further enforcement action.

❖Assisting in Regulatory Proceedings: Inspectors may be called upon to provide evidence or testify in regulatory proceedings, including hearings, investigations, or legal actions related to violations of the Act.

❖Securing Evidence: Inspectors may seize and secure evidence that is relevant to investigations, ensuring that it is preserved and can be used in regulatory or legal proceedings. This power to seize is set out in Section 126 of the Act.

❖Access to Premises and Information: Service providers are generally required to provide inspectors with access to their premises, equipment, and information necessary for conducting inspections and investigations. Inspectors, however, cannot enter premises used for dwellings to conduct an investigation.

❖Confidentiality: Inspectors are bound by confidentiality obligations regarding the information and evidence they gather during their investigations. They must handle sensitive information with care and in accordance with legal requirements.

❖Cooperation with Other Authorities: Inspectors may cooperate and share information with other law enforcement agencies or regulatory bodies when necessary to enforce compliance with the Act. Section 127 encourages co-operation as it directs that a CRAN Inspector while conducting investigations in terms of the Act, may request a police officer to accompany them.
It is important to note that the specific powers and procedures of inspectors may be further detailed in regulations or guidelines issued under the Act, and they are expected to carry out their duties with fairness and impartiality while upholding the law. Additionally, the exact roles and responsibilities of inspectors may evolve over time as regulations and industry practices change.

ENDS
Issued By:
Mr. Joel Shikoyeni
Officer: Investigations
Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666
Email: Stakeholdercomms@cran.na

As Artificial Intelligence (AI) technology advances, Namibia stands at the threshold of unprecedented opportunities to reshape industries and elevate the quality of life for its citizens. From expanding productivity in agriculture and manufacturing to revolutionising healthcare delivery and transportation systems, the potential applications of AI appear boundless.

However, amidst this wave of excitement and optimism, concerns about the security implications of AI cast a shadow. While AI holds the promise of driving progress and innovation, it also introduces new risks and challenges. The very characteristics that make AI so powerful, its ability to analyse vast amounts of data, identify patterns, and make autonomous decisions, also render it vulnerable to exploitation by malicious actors.

In this multifaceted landscape, Namibia must develop a comprehensive strategy to navigate the risks associated with AI deployment. This entails not only understanding the technical vulnerabilities of AI systems but also addressing broader issues such as data privacy, algorithmic bias, and the potential for AIdriven cyberattacks.

As AI technologies evolve, Namibia’s approach to safeguarding them must also evolve. This involves implementing robust cybersecurity measures to protect against data breaches and other security threats. Additionally, it necessitates careful consideration of the ethical implications of AI deployment, ensuring that AI systems are developed and used in a manner that is fair, transparent, and accountable.

Furthermore, Namibia must establish clear regulatory frameworks to govern the development and deployment of AI technologies, striking a balance between fostering innovation and protecting against potential harms.

Finally, ongoing research into AI safety and governance is crucial to staying ahead of emerging threats and challenges. By investing in research and collaboration, Namibia can position itself as a leader in the responsible development and deployment of AI technologies, driving positive outcomes for its citizens and society as a whole.

Now, let us explore how social engineers could potentially exploit AI to perpetrate their attacks. Here are a few scenarios to consider:

• Reconnaissance: AI is especially effective at mining social media and other online platforms to gather detailed information on potential targets. In the past, it could take weeks or months for a social engineer to perform that task. AI can do it in seconds.
• Impersonation: given that AI can create realistic video or audio recordings, attackers can use it to generate content that appears to come from a trusted individual saying or doing something they are not doing. This is known as a deepfake, a dangerous tool used to deceive the public.
• Voice Phishing: Another form of impersonation is voice phishing, where attackers attempt to scam people over the phone. With AI, this becomes even easier. A small sample of someone’s voice can be used to generate speech that sounds like a real person, which can trick people into believing they are talking with someone they know.
• Automation: Time is money. Through AI automation, social engineers can cast a wide net and increase the volume of their attacks. This process requires less effort on the attacker’s part and means they can target a greater number of people, increasing the chances of successfully scamming someone.

Moreover, those examples of AI powered attacks barely cover the scope of how social engineers use modern technology to leverage classic scams. Avoiding those scams requires everyone to maintain a heightened sense of awareness, especially when prompted to provide confidential information or money. If something is too good to be true then, it probably is. Whenever you encounter anything suspicious, trust your instincts and remain skeptical.

ENDS

Issued By:
Ms. Cornelia Shipindo
Manager: Cyber Security
Communications Regulatory Authority of Namibia (CRAN)
Tel: +264 61 222 666 or Email: Stakeholdercomms@cran.na

 

 

As of 1 January 2023, Namibia will join 185 countries in the world, who provide mandatory SIM Registration. In preparation for the commencement of the registration process, the Communications Regulatory Authority of Namibia (CRAN) launched the National SIM Registration Awareness Campaign from 7 June 2022 to 31 December 2022. The purpose of the campaign is to educate consumers on the importance of SIM Registration. During the campaign, CRAN discovered that consumers, through the utilization of their mobile devices, face the following enormous challenges due to unregistered SIM cards.

Mobile money fraud
Consumers are frequently exposed to irrelevant or unsolicited messages, sent either online or directly from unknown mobile numbers for the purpose of fraudulently soliciting money from consumers or phishing. Consequently, many consumers have become victims of money theft from electronic money transfer services, using their mobile phones. This happens when fraudsters call consumers, either impersonating electronic transaction officials or pretending to be family members, with the intention to deceive them to send money or other personal details. In the absence of SIM Registration, the identity of these perpetrators is unknown and law enforcement is often constrained in bringing them to task. The introduction of SIM card registration will, therefore, lead to more effective and efficient identify verification processes, which enhances personal security and law enforcement.

Mobile and digital identity theft
The occurrence of cyber-crimes is on the rise, some of which is attributed to the lack of SIM Registration. One specific occurrence is identity theft. This normally occurs when individuals steal the information of consumers, using personal information such as transactional information. The information is used to make unlawful transactions, which results in consumers defrauded and losing money or other valuable goods. Therefore, the mandatory registration of SIM cards will boost consumer confidence in the utilization of electronic transactions, because authorities will have an additional legal tool against online fraudsters who use unregistered mobile numbers to commit identity theft.

Conclusion
SIM Registration is therefore, a timely development for Namibia, primarily designed to protect consumers, especially in the wake of the unprecedented rise in the utilization of e-commerce, fintech and other technology-based services and products. One of CRAN’s objects is to promote technological innovation and the deployment of advanced facilities and services in order to respond to the diverse needs of commerce and industry. CRAN believes that this objective cannot be fulfilled, in the absence of SIM Registration, which is one of the basic tenets of ensuring digital consumer identity and verification.

SIM Registration is thus the gateway for consumers to enjoy the fruit of innovation and other advanced facilities presented in the market. Consumer identity makes the customer more appealing to the service providers, in order to receive better services and products. It also eliminates the presence of unknown numbers, and hence lowers the probability of online related criminals.

CRAN thus urge all consumers to register their SIM cards, in order to enjoy the availability of a wide range of high quality, reliable and efficient telecommunications services as provided by our licensees.

Phillipus Shilongo
Legal Advisor: Adjudication, Enforcement and Litigation – CRAN

Namibia is one of the last countries in Africa enforcing mandatory Subscriber Identity Module (SIM) card Registration. Mandatory SIM Registration is a policy adopted by several governments, around the world as part of efforts to mitigate security concerns, address crime and enable the application of digital services. SIM Registration would allow the service providers to know the identity of the owner of a SIM card and that of a person making a call or sending a message .As a condition for the purchase or activation of a SIM card, the user will be required to provide personal data, such as residential address, as well as a valid identification document (ID), a point of contention that has some members of the public rightfully questioning the safety and security of their privacy.

The Government of the Republic of Namibia has issued a policy directive that all SIM cards in Namibia must be registered, in line with the provisions of Section 77 of the Communications Act. To this end, the Minister of Information and Communication Technology (MICT) has consulted with the Communications Regulatory Authority of Namibia (CRAN), Director-General of the Namibia Central Intelligence Service (NCIS) and all providers of telecommunications services in Namibia on the regulations setting out the framework for SIM Registration, which were published in the Government Gazette of 15 March 2021. The regulations will be operationalised and as of 01 January 2023, mobile operators will be required to register all their customers’ SIM cards and obtain relevant information before the sale and activation of SIM cards. Operators will have a period of 12 months to conclude the registration of existing customers. The information of new customers must be registered within 3 months from date of sale and unregistered SIM cards will be deactivated.

CRAN, in consultation with Telecommunications Services Licensees, approved two
toll free emergency numbers, 0800 100 100 and 911, for reporting COVID-19
incidences. This initiative was welcomed by Namibians and was well utilised nationally
by members of the public and so proved to be a successful initiative.

Established in terms of the Communications Act (No. 8 of 2009), the Communications Regulatory Authority of Namibia (CRAN) is an independent
regulator that manages, supervises, and promotes the provision of telecommunication services and networks, broadcasting, postal services and the use and allocation of radio spectrum in Namibia. The Regulations in terms of Part 6 of Chapter V of the Communications Act, as published in the Government Gazette of March 2021, mandates CRAN as responsible for setting up the conditions to ensure all active SIM-card owners in Namibia are verified and registered. These conditions are expected to be implemented by all telecommunications service providers countrywide.

CRAN commenced the SIM Registration awareness campaign in June 2022 and despite the concerns of privacy rights, the public are in favour of the regulations. CRAN’s awareness campaign included a roadshow across Namibia to engage with the public and educate individuals on the relevance of SIM Registration. The public responded positively and are curious about the process of SIM Registration, which must be communicated by service providers to their customers. People understand SIM Registration is also relevant to the administration and regulation of electronic financial services and e-governance that require identity verification for the delivery of a trustworthy service in a lawful manner.

In essence, SIM Registration will also be used to address mobile fraud, act as a tool for e-service rollout and be an instrument that eases and enables digital surveillance and interception as part of investigations of criminal offences and counter terrorism efforts.

Protecting citizens’ rights remain a key priority in the registration process and the overall policy would ensure appropriate privacy safeguards and effective legal oversight to protect consumers’ personal data. The request of stored SIM card information will be done with due regard to the provisions of the regulations, which involves the issuance of an order by a Judge or Magistrate to authorise the obtaining of that information from a service provider. The
Communications Act also deals with disclosure of information and places a duty on telecommunications service providers to safeguard the integrity of such information.

The Namibian constitution stipulates that the right to privacy of communications may be limited in accordance with law and as is necessary in a democratic society in the interests of national security, public safety, or the economic well-being of the country, for the protection of health or morals, for the prevention of disorder or crime or for the protection of the rights or freedoms of others. The Namibian judiciary is full of ample jurisprudence certifying that the right to privacy is not absolute and can be limited by the provisions of another act. The limitations authorized by the Namibian Constitution are set out in the Namibian Central Intelligence and Service Act, the Criminal Procedure Act and the Combating and Prevention of Terrorist Activities Act, which clearly establishes the circumstances under which personal communications may be intercepted.

Many members of the public consulted during the roadshow, have fallen victim to cybercrimes and are keen to embrace financial technology. The Authority reiterates that any personal data stored by a service provider is protected by relevant regulations and the user’s right to privacy is at the core of implementing this legislation.

Any queries can be forwarded to communications@cran.na and the latest information is available on any of CRAN’s social media platforms: Facebook (@CommunicationsRegulatoryAuthorityofNamibia) and Twitter (@CRANamibia).

Geneva Hanstein
Legal Advisor: Corporate Advice & Legislative Drafting – CRAN

The Kiswahili word “Harambee” which translates to mean, “Pull together in the same direction”, was selected to call for unity and to encourage Namibians to work towards a common purpose through the enactment of the Harambee Prosperity Plan II. Covering the period 2021-2025, HPP II is a commitment by the Namibian Government to deliver better results and to build a more resilient economy to the benefit of all its citizens. The Communications Regulatory Authority of Namibia (CRAN) is fully prepared and committed to play its part in making the HPP II activities a priority in planning our short to medium term goals and strategic actions to accelerate national development towards Vision 2030 and prosperity for all.

Established in terms of the Communications Act (No. 8 of 2009), CRAN is an independent regulator that regulates, supervises and promotes the provision of telecommunication services and networks, broadcasting, postal services and the use and allocation of radio spectrum in Namibia.

As such, Pillar 4 of the HPP II which encompasses Infrastructure Development, as a catalyst for economic growth, social progression and a contributor to global competitiveness and investment attraction, falls under CRAN’s mandate. Goal 4, specifies Expanding Coverage for ICT through 3 Activities, namely:

1. Implement ‘Open Access Network’ infrastructure sharing regime in a bid to champion Universal Broadband Access by 2025.

2. Facilitate a safe and robust ICT ecosystem.

3. Attain 95% Digital Television broadcasting network to all Namibian households by 2025.

 

From CRAN’s point of view, the necessary measures have been put in place to support HPP II Pillar 4 as follows:

Activity 1 – Infrastructure Sharing Regulatory Framework

Goal 4 highlights the implementation of the Infrastructure Sharing regulations as a priority. Section 50 of the Communications Act (No 8 of 2009) imposes an obligation on dominant licensees to share infrastructure with other licensees or carriers.

Infrastructure sharing has a number of advantages to the communications market such as:

• The reduction in investment requirements for infrastructure investments;
• The promotion of competition;
• The release of capital for strategic investments and new services;
• Increase in services and products available to consumers; and
• The decrease in the barriers to market entry for new players.

CRAN’s Infrastructure Sharing Regulations, introduced in October 2016, satisfies this obligation by creating a regulatory framework for the non-discriminatory and non-exclusive sharing of passive and active telecommunications infrastructure by dominant licensees.

Passive infrastructure sharing refers to the sharing of infrastructure contained in the physical layer of the network such as ducts, poles, buildings, sites, masts, power supply, shelters, buildings, air-conditioning, etc. CRAN’s observation is that dominant licensees have generally welcomed the sharing of passive infrastructure, and no disputes have been declared in this regard. It is worth noting that the infrastructure that can be shared differs between fixed and mobile networks and that passive infrastructure can also be shared between telecommunication and broadcasting networks as well as utilities.

Active infrastructure sharing refers to the sharing of infrastructure contained in the active layer of the network, such as a facility or equipment used in the provision of a telecommunications service including all features, functions and capabilities that are provided by means of such facility or equipment.

Active infrastructure sharing is crucial for open-access sharing to reduce costs to the benefit of consumers and can only happen when a licensee can utilise the same radio network of another operator such as national roaming or a Mobile Victual Network Operator (MVNO).

CRAN has however noted that limited active infrastructure sharing is currently happening in Namibia and most disputes declared by licensees pertain to active infrastructure sharing. A grave concern noted here is that dominant licensees are not willing to implement active sharing, especially with new entrants in the market and CRAN has identified this as a risk to the attainment of Activity 1 of HPP II. To this end, CRAN will formulate a mitigation plan to enforce dominant licensees to comply with the framework on active infrastructure sharing.

In short, CRAN has a regulatory framework for Infrastructure Sharing, it is now a matter of enforcing these regulations to comply with HPP II and for the benefit of consumers.

Activity 2 – Facilitate a safe and robust ICT ecosystem

As we all know, cyber-attacks have become the norm. The Authority, as the regulator of telecommunications service providers, is required to implement provisions and functions in forthcoming legislation to make ICT services more secure, reliable and trusted.

There is currently one Act, the Electronic Transactions Act (ETA), and two Bills, the Cybercrime Bill and the Data Protection Bill, that addresses the issue of a secure ICT network in Namibia.

The ETA provides for a general framework for the promotion of the use of electronic transactions within Namibia by:
– providing for the legal recognition of electronic transactions;
– providing for the admission of electronic evidence;
– providing for consumer protection in electronic commerce; and
– regulating the liability of service providers for actions of their clients;

However, not all parts of the ETA that would mandate CRAN to implement some of the services needed to fully realise digital signature in Namibia, are yet enacted.

The Cybercrime Bill will require the Authority to set up a National Security and Cyber Incidence Response Team (NSCIRT) for computer and/or information systems in Namibia. Its functions would be to endeavour to collect relevant information relating to security and stability, co-ordinate with other bodies to promote security and stability of information systems and to take all necessary steps to facilitate the detection of offences involving the use of information systems, amongst others.

The draft Data Protection Bill (from 2013), on the other hand, seeks to create provisions for the use, processing and collection of personal information in order to protect citizens’ right to privacy.

Thus, in order to facilitate a safe and robust ICT ecosystem in Namibia, there is a need to finalise the instruments that will enable the legislative framework and expedite the creation of the NSCIRT. CRAN is actively participating in the consultation process to ensure that the two bills currently being reviewed will address and consider all issues pertaining to keeping ICT safe from cyber-attacks.

Activity 3 – Attain 95% Digital Television Broadcasting Network to all Namibian Households by 2025

10 years ago, the Government, together with the Namibian Broadcasting Corporation (NBC) and the Authority, undertook the rather expensive Digital Terrestrial Television (DTT) project, a major technological advancement over the previous analogue television technology that existed.

In spite of this advancement, the NBC currently only has an 80% population coverage. Sadly, the roll-out of the DTT coverage was halted in 2015 as the NBC, due to financial constraints, was unable to even provide Set Top Boxes (STB) to their viewers.

The NBC then decided to move to a Direct-to-the-Home (DTH) digital television broadcasting solution which allows NBC, with the aid of satellite broadcasting systems, similar to MultiChoice Namibia, to broadcast its programmes to its viewers in Namibia.

As soon as NBC establishes this DTH satellite distribution network, a 100% geographical and population coverage will be attained. All that the viewer will need is access to electricity, a TV, a satellite decoder and a satellite dish to enjoy the DTH services provided by the NBC. The availability and distribution of these satellite decoders and dishes to its viewer will be NBC’s biggest challenge.

With this DTH technology, the NBC will not need to invest in building towers nor transmitters to achieve a 100% population coverage. Pending funding, the target to achieve 95% population coverage is thus easily attainable by 2025 as envisaged in the HPP II.

The Authority’s role will be to ensure that NBC acquires the necessary spectrum assignments once applied for by the NBC to implement the planned DTH solution.

Conclusion
The Authority plays a very important enabling role in many other pillars and goals in the HPP II. This is especially so when it comes to the implementation of e-Services like e-Governance, e-Learning, e-Health and e-Commerce. From an infrastructural perspective, CRAN has observed important additional ICT challenges in the low ICT literacy and understanding of the relevance of ICT, as well as high import taxes on ICT equipment. Issues which many may believe to be outside the realm of CRAN’s Mandate, but of relevance. There is much to be addressed.

Mrs. Emilia Nghikembua

Chief Executive Officer

CRAN

Established in terms of the Communications Act (No. 8 of 2009), the Communications Regulatory Authority of Namibia (CRAN) is an independent regulator that regulates, supervises and promotes the provision of telecommunications services and networks, broadcasting, postal services and the use and allocation of radio spectrum in Namibia.

It is not by chance that the Authority has reached a 10-year milestone with a lot to celebrate. CRAN opened its doors with only 5 employees in 2011 and now has a workforce of 63 employees and boasts a mere 2% staff turnover.

Through commitment and determination, by working together, both from within the Authority and with stakeholders, CRAN has seen the results of its Vision Statement “Access, quality and affordability for all”; its Mission Statement “To regulate the ICT and Postal sector for the socio-economic benefit of all Namibians; and Value Statement “Accountability, Passion, Teamwork, Respect and Innovation”, become a reality.

10 years is a relatively short time for an instrumental regulatory body such as CRAN to have substantial and significant milestones to celebrate but CRAN certainly has cause to celebrate. Since its inception, CRAN has issued 58 telecommunications service licenses, 14 Community Broadcasting Service Licences, 1 Signal Distributor and 20 Commercial Broadcasting Service Licences thus providing a wide array of services throughout Namibia. CRAN has also established a firm regulatory framework for the Digital Terrestrial Television (DTT) switchover process and formulated a comprehensive frequency-channelling plan, which other SADC regulators are using as a benchmark. SADC also adopted the Financial Model, developed by CRAN, for costing the Communication Regulator of Southern Africa’s five-year Strategic Plan. The Model was used as a basis for determining annual membership fees for each SADC member country. And most recently, CRAN established the regulatory framework for Digital Sound Broadcasting (DSB) paving the way forward for radio broadcasting to embrace a digital world.

CRAN reached a milestone when 120% mobile penetration rate in the country was reached. This was achieved by CRAN establishing regulatory frameworks that created an environment that promoted fair competition as can be seen by the termination rates in Namibia that decreased from 1.06c to 0.10c for mobile and fixed operators alike between January 2009 and October 2016. And in accordance with Namibia’s Communications Act, a streamlined-complaints handling system was also implemented to further ensure fair competition and consumer protection in the telecommunications sector.

In addition, CRAN also facilitated the extension and digitising of the ICT infrastructure, and the introduction of the 4th generation (LTE) technology in the country. And with CRAN finalising the regulatory framework on numbering
plan and number portability for Namibia, once implemented, consumers will be able to move from one network to another with ease.

Consumer protection and advocacy is an integral part of CRAN’s mandate. CRAN launched Namibia’s first-ever National Consumer Advocacy and Protection Campaign in May 2013. CRAN has worked and continues to work to ensure that consumers receive the full benefits of competitive electronic communication services and are protected from exploitation or abuse. The Child Online Protection campaign provided information on how, why and what to do in instances where a Child’s rights and security are compromised. The campaign provided information to parents and guardians on how to protect their child from cyber bullying and provided general information on how to keep their child safe when online.

CRAN also issued a directive to all licensees to notify customers, in writing, 30 days prior to a customers’ Subscription Agreement lapsing, of the date upon which contracts are lapsing. The directive further regulated that in the event that an Agreement is not extended, in accordance with the provisions of the Agreement, continuity of service is maintained but is automatically transferred to a Standard Package. The decision was taken to ensure that customers do not pay for services that they are not receiving.

CRAN has undertaken several projects in-line with its mandate.

Campaigns

The Consumer Education Campaign, “OWN it! The Right to Connect’, aimed to empower, inform and engage consumers and sought to create awareness about consumers’ rights, responsibilities and obligations. The “Consumer is King” campaign aimed at creating awareness on consumer complaints procedures, CRAN’s mandate, the Communications Act and educated potential stakeholders on licence application procedures.

Partnerships

Another impactful achievement was the agreement, signed in July 2020, which saw CRAN’s successful conclusion and signing of a Memorandum of Understanding (MoU) with the Namibian Civil Aviation Authority (NCAA) that enables the regulations and governing relationship between the two entities pertaining to all communications on route, during approach, when landing and taking-off of aircrafts in the Namibian skies. CRAN has also concluded a MoU, with the then Department of Customs and Excise, to ensure that all telecommunication devices being imported into the country meet the prescribed minimum quality standards.

Good governance

Likewise, the signing of the Performance and Governance Agreement, in October 2020, between CRAN’s Board of Directors with the Ministry of Information and Communication Technology (MICT), which serves as a tool through which the Government of the Republic of Namibia holds public office bearers accountable, for terms as listed under the agreement, and allows for a continuous maintenance of checks and balances on the affairs of a public entity and brings about an ease in monitoring and evaluating performances of a State-owned entity, showcases CRAN Board Members’ undertaking to proactively account to robust, timely and transparent delivery on its mandate. Over the past 10 years, CRAN has complied with all statutory requirements including submission of annual reports and budgets to the line minister.

CRAN in Education

An important initiative to CRAN has been the growing utilisation of E-learning. The current pandemic has added a strain, on especially educational institutions, to provide access to digital resources to ensure learners are receiving education through online platforms. The year 2020 saw an increase in the demand for accessing information as it became a matter of importance for issues relating to health, education and communication. There has never been a greater need for the ICT sector to create an easier, affordable and quality access to ICT products and services to be the enabler of e-learning, information dissemination and for connecting people who could not meet face-to-face. CRAN has thus committed itself to adjusting its policies and regulations to provide for this need. In the interim, CRAN has initiated various partnerships with institutions of higher learning to build skills and capacity in ICT policy, regulation and management.

Expanding Boundaries

In its mantra of Pushing ICT Forward, in 2015, a new licence category, the Network Facilities Licence was introduced, which allows the licensee to construct, maintain, own and make available one or more network elements, infrastructure or other facilities that facilitated the provision of telecommunication. In the same light, in 2018, CRAN rolled out Regulations for Postal Services, which resulted in the award/issuance of NamPost with a Public Operator Postal Licence which eventually also led to the courier service providers.

Awards

CRAN received two awards in 2017. The first award was for the company that employed the most student interns in the country and was received from the Institute of People Management (IPM) while the second award was the Golden Key Award for being the most open and transparent public institution with universal access to information. This was awarded by the Media Institute of Southern Africa (MISA).

To conclusion, it is key to note that the Regulatory body has been able to achieve many of its mandates and undertake projects that otherwise might have been impossible through observance to governance by the Board of Directors. This, coupled with sound leadership by the Chief Executive Officer, Emilia Nghikembua, and supported by various heads of departments, has allowed for CRAN to be a success story to date.

Emilia Nghikembua

Chief Executive Officer