R2K has filed PAIA requests with the network operators for information about how often they hand over sensitive customer information
Recently the Daily Maverick reported on a legal loophole that allows magistrates to authorise thousands of ‘surveillance operations’ every year, forcing telecommunications companies such as MTN, Vodacom, Telkom and Cell C to hand over sensitive information about their customers’ communications – their call records. All of this is happening parallel to the provisions of RICA1, South Africa’s main surveillance law.
We don’t know how often this loophole is used, but we need to know. This is why R2K has filed requests for information using the Promotion of Access to Information Act (PAIA) asking all major telecoms companies to disclose how often the loophole is used. PAIA states that a request for information must get a response within 30 days.
While there is growing awareness on RICA’s surveillance protocols, which states that someone’s communication may only be intercepted if authorised by a specially appointed judge (the “designated judge”), few people are aware that surveillance is also being authorised outside RICA – possibly at a far higher rate.
This loophole exists in s205 of the Criminal Procedures Act, which allows law enforcement officials to bypass the RICA judge and approach any magistrate for a warrant that forces a telecoms company to give over a customer’s call records and metadata if that person is under investigation. However, that person is never notified, even if the investigation is dropped or if if they are found to be innocent. A person’s call records contains incredibly sensitive information, and needs high levels of protection to enforce the constitutional right to privacy.
What has R2K asked for?
R2K has filed PAIA requests with MTN, Telkom, Vodacom and Cell C, asking them to disclose statistics of how many warrants they have received via s205 of the Criminal Procedures Act, for the years 2015 to 2017. These requests do not ask for any sensitive information or customer information – we only want to know how many times a year the network providers have been forced to hand over sensitive customer information using the s205 loophole.
These requests do not ask for information about warrants that have been issued by the RICA judge — RICA’s secrecy provisions forbid the telecoms companies from disclosing such information.
Why does this matter?
These R2K’s PAIA requests are one step towards some desperately needed transparency in the use of state surveillance in South Africa, and the role of the private sector.
There is growing evidence and growing fears that the South African government is abusing its surveillance powers, both through RICA and outside of it.
R2K has already pointed out that RICA does not do enough to protect people’s privacy — weak safeguards and a lack of transparency have enabled surveillance abuses. In fact, RICA now faces a legal challenge from investigative journalists whose phones were tapped by government agents.
This ‘loophole’ in the Criminal Procedures Act makes RICA’s weak safeguards even weaker. There is also evidence that the loophole has been used to enable illegal spying: Paul Scheepers, a former Crime Intelligence official faces charges in the Special Commercial Crimes Court for alleged use of fraudulent s205 warrants to spy on a variety of individuals, including lawyers, cops and a financial services regulator. If it can happen once, it can happen again.
R2K has demanded urgent reforms to RICA, which should include an immediate closing of this loophole. But there can be no meaningful reform process without transparency, both from government and from the private sector.
We call on MTN, Vodacom, Telkom and Cell C to take their customers into their confidence, and reveal how often sensitive data is handed over to government agencies.
For more information about communications surveillance in South Africa, see R2K’s Activist Guide on RICA and State Surveillance: www.r2k.org.za/rica-guide
R2K’s PAIA requests to the four network operators: