NITDA is Set to Regulate the Use of Free WIFI in Nigeria, But There’s No Cause for Alarm

Public WIFI usage could soon get a little bit complicated in Nigeria. The National Information Technology Development Agency (NITDA) is set to regulate the deployment and use of public WIFI services in all states of Nigeria.

Writing on its website, the agency says it will begin widespread implementation of the Public Internet Access (PIA) regulation framework. The PIA framework is a new regulation adopted by the agency in late 2018.
In the wake of data privacy issues that rocked Big Tech and the world in 2018, the agency designed PIA as a protection layer for users of public WIFI services.

If you're trying out the Sanwo-Olu "Free WiFi" at Leisure mall, Surulere, It's an Open AP, Remember to Use a VPN. People like me can decide to Wireshark and/or ssl strip just for the fun of it 😁 pic.twitter.com/CHN7fSRetQ

— Uche (@othreecodes) January 23, 2019

To be clear, public WIFI or Internet services are free internet services provided in places like airports, shopping malls, hotels and even university environments. Google and Facebook for instance have been increasingly providing free internet access through different means too.

But due to the unrestricted nature of these free internet services, there have been concerns about how much data they collect about users and how they store these data.

In a statement issued mid-January, the agency hailed various operators for making public internet services widely available. However, it concedes that “this service can be misused with great detriment to development of Information Technology and national security, in a manner that may be injurious to the citizens.”

Be careful with a FREE WIFI in public area,

Help to spread this info guys pic.twitter.com/VSfO4OlRmc

— Yezzar96 (@yezzar1996) January 17, 2019

In light of this, the agency has introduced minimum measures in order to safe guard these data and protect users while they browse.

“While Public Internet Access (PIA) services are generally free and convenient for the public, where personal data is inappropriately or insecurely shared, it may constitute risks to members of the public.”

What the Public Internet Access (PIA) Contains 

The PIA regulation mandates that only registered, verified and vetted providers can provide public internet access services in Nigeria.

PIA also requires that providers adopt an added layer of security for all users. In other words, users must be registered and authenticated using their phone numbers before any browsing session begins. Providers are also asked to inform users about the terms of service and fair usage policy.

WIFI providers are also mandated to observe the Nigerian Data Protection Guidelines. Interestingly, the guidelines force providers to hold on to user data for a minimum of three years. This sounds a bit off-putting, and actually gives providers more leverage to harvest and utilize user data for longer periods.

How Effective Will PIA Be?

Protecting user internet data is an extremely important task in today’s world. And the PIA regulation seems like a timely measure.

However some may feel it adds another layer of regulatory complexity to the delivery of internet services. But with many users being ignorant about the dangers of using public WIFI for important and secure transactions, the providers have a duty to provide minimum security for users.

Nonetheless, PIA will be controversial as the minimum holding period for user data is quite long. Besides, the objective of data protection is so providers can have less user data, not more.

Nevertheless though, NITDA is terrible with enforcement and truly lacks any real power to enforce much of its regulation. The agency has been a lone-wolf failing to integrate and join forces with other government bodies, so it will be hard to believe it will be able to enforce large scale data protection framework across the country.

Also, there’s no further information about the NITDA vetting process or how it will be done. Interestingly too, the PIA guideline was quite vague about the actual process of assessing and auditing various locations already offering public internet services.

So for now, there’s no way to be certain about how much impact this new measure will have on the country.

About NITDA

NITDA, an agency under the Ministry of Communication, is the body charged with directing and regulating information technology services in the country. After years of relative ineffectiveness, NITDA has been stepping up its charge over the country’s internet development.