Law enforcement agencies are spying on at least 70 000 phone numbers each year, exploiting a loophole in South Africa’s surveillance policies that allow them to access phone records through a less rigorous process.
Civil rights organisation Right2Know Campaign (R2K) surveyed statistics from MTN, Vodacom, Cell C and Telkom, which revealed that government accesses sensitive communications information from tens of thousands of people every year using a loophole that bypasses South Africa’s primary surveillance law, the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA).
Jane Duncan, founder of the Media Policy and Democracy Project, said statistics show South Africans’ privacy is routinely being violated. Yet there is very little sense of how this is bringing down crime.
“Privacy is not sufficiently protected in processes followed,” she said.
RICA requires law enforcement and intelligence agencies to obtain permission from a special judge, appointed by the president, to intercept a person’s communications.
“RICA sets high standards, with a specialised judge appointed that reviews applications,” said Duncan.
But instead of using RICA, the government is turning to Section 205 of the Criminal Procedures Act which gives officials access to phone users’ metadata in phone records. This reveals who they have communicated with, when, and where.
The Criminal Procedures Act is not nearly as protected as RICA and definitely creates a loophole, Duncan explained.
Data from the four mobile phone companies shows that law enforcement received call records for a minimum of 70 960 phone numbers every year, from 2015 to 2017.
In contrast, the most recent statistics from the RICA judge’s office show that in 2014/2015, the judge issued 760 warrants for interception. At a minimum, in the same year magistrates issued 25 808 warrants in terms of Section 205 of the Criminal Procedures Act.
These statistics confirm for the first time that the vast majority of ‘authorised’ surveillance operations are happening outside the RICA judge’s oversight.
Policymakers have wrongly assumed that information about a communication – such as the identity of the person communicated with, when, and the location – is less sensitive than its content, R2K said.
In order to apply for this warrant, applicants need to provide strong reasons because RICA is cognisant that such interceptions could threaten peoples’ right to privacy, it said.
Obtaining a warrant through Section 205 of the Criminal Procedures Act is far less rigorous, and R2K said as a result a loophole developed where Section 205 allows law enforcement officials to bypass the RICA judge.
According to this law, any magistrate can issue a warrant that forces telecoms companies to give over a customer’s call records and metadata.
Policymakers are wrong to assume that the metadata is less sensitive or private than the contents of the communication: metadata can reveal as much as, if not more, about a person’s contacts, interests and habits than what they say over the phone or in a text message, R2K stated.
Duncan said that despite RICA’s protection, case studies such as cops who spied on two Sunday Times journalists showed that abuses even happened there.
According to evidence before the court, South African Police Force intelligence officials received a warrant to monitor these phone numbers by lying to the RICA judge – they told the judge these were the phone numbers of suspected criminals who were under investigation. Under RICA, it is an offence to supply false information to the RICA judge.
“How much easier is it to abuse the Criminal Procedures Act, with even fewer checks and balances?” Duncan asked.
R2K said that when a person’s communications information is handed over using the Criminal Procedures Act, they are never notified, even if the investigation is dropped or if they are found to be innocent.
By Yolandi Groenewald for Fin24