13 June 2014
How serious is state surveillance of telephone calls in South Africa? The problem is we don’t know, writes Right2Know’s Murray Hunter.
Last Friday, a year and a day after Edward Snowden first blew the whistle on mass surveillance of citizens, the Vodafone Group, Vodacom’s global parent company, came clean on government surveillance of its networks, publishing a country-by-country breakdown of how many times Vodafone companies helped law-enforcement agencies to listen in on their users in the last year.
It was a step in the right direction for Vodafone, but will disappoint South Africans: We live in one of six countries, along with Egypt, India, Qatar, Romania and Turkey, where it is illegal for Vodacom —or MTN, Cell C and Telkom— to admit when their users’ data, calls, SMSes or emails have been intercepted. This is because of the strict secrecy provisions in Rica, the law regulating communications surveillance in South Africa.
While Rica forces telecoms companies to give the state access to their users’ communications when ordered to do so, it is illegal for the companies to tell us when that is happening, before, during or after the fact. (Parliament is meant to publish the aggregate statistics – more on that later.)
What kind of monitoring do we mean? In terms of Rica, a network operator or internet service provider must be able to give real-time access to communication —allow the state to ‘listen in’ on what a user is saying over the phone or in an SMS or email, as it is happening— as well as “communication-related information”, such as the user’s location, who they are calling, and the time and duration of the call.
But why should we be concerned about that? If Rica is a crime-fighting tool, and can only be used with a judge’s permission, surely it can’t be that bad?
While any law of this kind must find a difficult balance between privacy and legitimate crime-prevention, Rica leaves much to be desired.
Rica requires law-enforcement officials to approach a ‘designated judge’ if they want permission to intercept someone’s communications. The designated judge, currently Judge Joshua Khumalo, issues an “interception direction” that authorises it. The bar is even lower if officials only want a user’s metadata – this can be authorised by a magistrate or high court judge. The relevant telecommunications provider – be it a network operator like Telkom, Vodacom or MTN, or an internet service provider like MWeb – must comply. In fact, Rica makes it illegal to provide a telecommunications system that is surveillance-proof or that does not store its users’ data.
The Rica judge needs only to be satisfied that there are “reasonable grounds to believe that a serious offence has been or is being or probably will be committed”, a legal hurdle that has been criticised for being fairly low, considering it authorises a violation of the Constitutional right to privacy. It is also possible to use emergency regulations which allow law-enforcement to seek the judge’s permission after intercepting the person’s communication.
It’s also a system that’s open to abuse. Several concrete cases have come to light in which the Rica process has been manipulated to spy on political adversaries. It has emerged that Sunday Times journalist Mzilikazi wa Afrika was bugged under Rica when he was reporting on a massive leasing scandal involving former police commissioner Bheki Cele in 2010. Later, it emerged that Cele himself may well have been bugged for at least three months at around the same time.
And of course, leading figures in the Scorpions had their phone calls listened to while they were finalising corruption charges against Jacob Zuma during his ascendency to the Presidency. This is what led to the creation of the ‘Spy Tapes’.
Though Vodacom and its competitors can’t tell us about surveillance, Parliament’s intelligence oversight committee is meant to. When they finally released three years of backlogged statistics on surveillance, we discovered an apparent 170% increase in the use of Rica to intercept users’ communications between 2008 and 2011.
Judge Khumalo suggested to MPs that this could be due to SAPS Crime Intelligence Division making better use of surveillance to fight crime, but the increase coincides with a period of deep dysfunction in Crime Intelligence where the oversight committee has stated that its effectiveness was compromised. So if they were investigating less effectively, how were they surveilling better than ever? Or rather, whom?
Judge Khumalo also told Parliament that the emergency provisions in Rica were used over 3,200 times in one year to trace users’ locations using their phones. These are meant for life-and-limb emergencies, and the judge is only notified after the fact. As this statistic has never been given for previous years, it’s impossible to know how it has been used over time, but the Mail & Guardian has quoted anonymous crime-intelligence sources who claim to have used the emergency-location services to spy on their rivals and love interests, and bypass the Rica process entirely.
Some may find this outlandish, but with public oversight of the surveillance system so hampered, and the checks-and-balances as compromised as they are, these are worrying signs.
But if the trade-off is between privacy and security, is Rica helping to fight crime? The law was passed in 2002, at a time when people were definitely more concerned about tackling crime than tackling state-securitisation. But how many actual arrests come from Rica interceptions? A debate about Rica’s usefulness and appropriateness is difficult without this information.
In the last year, Snowden’s actions have sparked a global debate about privacy and the extent to which technology has brought state and corporate surveillance to the centre of our lives. It is leading to promising reforms in law, policy and public perception. Most recently, it has led to the drafting of a new set of international principles to protect human rights in an era of mass surveillance, against which laws like Rica are left severely lacking.
But our problems go beyond Rica. If there is one lesson to be learned in the post-Snowden moment, it is that surveillance tools very easily become avenues for abuse, no matter what their original purpose. The damage can be limited through greater transparency and effective public oversight, but as long as they exist, they risk being abused.
On South Africa, however, that debate has yet to happen. Privacy is often treated as a ‘luxury’ when many people are still struggling for bread-and-butter issues. But privacy is a basic political right that is central to freedom of thought, expression and association. In times of upheaval and social conflict, often driven by struggles for socio-economic rights, people’s ability to organise may be put under increasing pressure, and privacy will be one of the first freedoms to crumble.
Murray Hunter is a spokesperson for the Right2Know campaign