By Burnett Munthali
Seven Ghanaians have reportedly arrived in Malawi and spent four days at Mpingwe Peak installing a new surveillance system for the Malawi Communications Regulatory Authority (MACRA). Sources suggest that the system being set up could be the controversial Israeli spyware Pegasus, a military-grade cyber-surveillance tool feared for its ability to compromise private communications.
According to Ghanaian sources, among the team is Baba Halidu Musa, the owner of Bahamus Group, a company that controls Hashcom. There are growing concerns that this system, once operational, could be used to monitor and intercept private communications. The involvement of Ghana in this installation has raised suspicions, given the country’s previous association with Pegasus and its resale license from Israel.
A technology analyst has questioned why MACRA has remained secretive about the details of the new system and its cost, which stands at US$1.5 million. The expert insists that such an amount strongly suggests the acquisition of a military-grade surveillance system. “If Daudi Suleiman [MACRA’s Director General] cannot disclose the name of the system, then its price alone confirms that it is a high-level surveillance tool. We challenge MACRA to allow independent ICT experts to verify the system before its full deployment,” the analyst stated.
In Ghana, Pegasus was reportedly deployed by the National Communications Authority (NCA), which is equivalent to Malawi’s MACRA. Ghana was identified as one of the 26 countries where the Israeli surveillance firm NSO Group’s spyware was used to monitor private communications. The spyware is capable of bypassing encrypted messaging services and transforming any smartphone into a surveillance device, activating cameras and microphones remotely.
The Israeli government controls the sale of Pegasus, allowing its acquisition only by governments and their agencies. Reports indicate that Apple had previously notified individuals in Ghana that their devices were targeted by state-sponsored spyware attacks. The revelation that Ghana had been using Pegasus was particularly alarming, as the country is often viewed as a model democracy in Africa, with a history of peaceful transitions, robust political discourse, and relatively stable governance.
Ghana’s connection to Pegasus dates back to December 2015, when Infralocks Development Limited (IDL) secured a $5.5 million contract with NSO Group to acquire the spyware. IDL later resold it to Ghana’s NCA for $8 million. Notably, NCA is listed as a client of Bahamus Group, further linking the current Malawi installation to Ghana’s previous involvement in high-level surveillance operations.
With telecommunications experts now confirming the presence of Ghanaian technicians in Malawi, MACRA is under scrutiny for its lack of transparency. There are growing fears that the regulator has already acquired the spyware system and is merely trying to create a façade of following due procurement procedures. Critics argue that without independent verification of the system’s nature and capabilities, Malawians risk being subjected to extensive surveillance without their knowledge.
As the controversy unfolds, calls are mounting for MACRA to clarify the nature of the installed system, disclose its intended use, and ensure that it complies with national data protection and privacy laws. The government is now under pressure to prove that the installation at Mpingwe Peak does not pose a threat to civil liberties and digital privacy in Malawi.
