The Nepal Telecommuni-cations Autho-rity is poised to award a $7.66 million contract for developing and commissioning a mobile device system aimed at tracking and blocking grey market phones to a joint venture that includes a Malaysian firm facing a lawsuit over the country’s biggest data breach.

On Tuesday, the telecom regulator expressed its intent to award the contract for the Mobile Device Management System to a joint venture of Malaysian firm Nuemera, OSI of India and Namaste Global Communication of Singapore.

Nuemera Sdn Bhd landed in controversy in 2017 following revelations that a phone blocking system it developed under an outsourcing model for the Malaysian Communications and Multimedia Commission was found to be the source of a data leak that affected 46.2 million subscribers in Malaysia.

While Nepal Telecommuni-cations Autho-rity Chairpe-rson Purusho-ttam Khanal says that the selected contractor has a ‘good track record’ in building such systems, a report by Malaysian human rights defender Lawyers for Liberty shows that the Malaysian Companies Commission had classified Nuemera as dormant company in 2017. Moreover, the company had no record of building such systems prior to developing the faulty Public Cellular Blocking Service which was exploited on the dark web.

In Malaysia’s biggest data leak, personal details such as emails, billing addresses and mobile numbers of subscribers of at least 12 telcos, other virtual network operators and medical organizations were compromised from 2014-15.

The source of the data breach was found to be the Public Cellular Blocking Service developed and operated by Nuemera to block stolen or lost mobile phones. The Mobile Device Management System being built by the telecom regulator also serves the same purpose, apart from denying service to unregistered phones.

The system will track mobile phones based on the registration number or IMEI and deny telecommunication services to sets that have been reported lost or stolen, have invalid registration numbers or are not registered for use in Nepal, said the authority.

The regulator’s intention to award the contract to the joint venture including Nuemera violates the Public Procurement Regulations, 2006 which bars public entities from selecting contractors with a record of poor performance.

However, Chairperson Khanal said that Nepal’s tender requirement had no provisions for disqualifying international contractors that are facing lawsuits in their home country. “Moreover, Malaysian authorities have already cleared the company of the charges,” said Khanal. But no such record has been found. Khanal declined to comment further saying that the deal with Nuemera-OSI-Namaste was still under evaluation and should not be discussed.

Before selecting Nuemera-OSI-Namaste, the Nepal Telecommunications Author-ity had disqualified the lowest bidder, a Belgian-Nepali joint venture, after finding out that it included Mobillion Trade International, a local partner of telecom operator Ncell.

“We launched an investigation of Mobillion on suspicion of conflict of interest, and found out that one of the firms was tied to mobile network operator Ncell as its local distributor of top-up cards,” said an anonymous source at the authority.

Mobile phone dealers have long complained of a drop in sales because of a widening grey market. The move to implement the Mobile

Device Management System comes as a counter measure aimed at bringing the devices under the registration net which will make it easier for authorities to monitor them.

The system will be synced to a database called Equipment Identity Register that contains records of legal and illegal mobile devices in the country. The device management system is also expected to identify cloned, low-cost copy versions of branded phones with fake registration numbers.

The Mobile Device Management System Bylaws, 2018 have classified mobile devices as compliant and non-compliant. “Compliant mobile device is a device meeting the following criteria: Having valid IMEI/ESN/MEID number; not in the stolen/lost list; type approved by the authority; and registered in the Mobile Device Management System and imported into Nepal,” state the Bylaws.

As per the bylaws, the authority can allow the selected firm to operate and maintain the Mobile Device Management System for five years.