The original article from the Daily Nation and the analysis that has followed is so poorly done, it remains difficult to say what’s true and what isn’t.
GSM networks are known to be insecure and privacy should be an assumption especially against government surveillance.
In fact courtesy of the Snowden leaks, we know that as far back as 2009 our American friends were actively monitoring Kenyan mobile networks under the NSA program MYSTIC.
Source: Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas
According to the NSA documents, MYSTIC targets calls and other data transmitted on Global System for Mobile Communications networks – the primary framework used for cell phone calls worldwide.
The operation in Kenya is “sponsored” by the CIA, according to the documents, and collects “GSM metadata with the potential for content at a later date.”
Regarding an Internet shutdown, blacklisting devices sounds like a crude implementation. It would be easier to enforce at the DNS level or even at the Internet Exchange Points. In Uganda they made it even simpler by sending “instructions from above” to the ISPs.
TL;DR don’t assume privacy on an insecure network and the Communications Authority should share the specifications of this mystery system.