On 23rd March the United Nations Human Rights Committee released its assessment on South Africa’s compliance with the International Covenant on Civil and Political Rights (ICCPR). The report includes a blistering attack on the Government for failing to respect the privacy of the communications of users and makes recommendations to reform the laws and practice of surveillance in the country.
The Committee’s findings repudiated the Government’s claims that its surveillance practices, based on the Regulation of Interception of Communications and Provision of Communications-related Information Act(or, RICA, as it’s commonly called in South Africa), are justifiable, given the country’s extremely high crime rate and the global terrorist threat.
RICA makes it illegal to intercept communications without a warrant from a designated judge (the “RICA” judge). Law enforcement and intelligence agencies are authorised to use the Act to assist investigations, providing they follow the procedures in the Act.
South Africa’s Parliament passed RICA into law along with other anti-terrorist laws in the wake of the September 11, 2001 attacks on the US. The world was in shock at the brutality of the attacks, and in South Africa, citizens were also crime-weary after a massive crime spike in the late 1990’s. As a result, many were more open to rights-reducing laws like RICA. But more people are realising that, in their freedom, they may have given an important element of their freedom away, namely the privacy of their communications.
In the past, when there has been political ferment in the ruling party, different factions have abused their access to the communications surveillance capacities of the state to spy on their perceived opponents. The full extent of these problems came to light in 2008 when a ministerial report into these abuses was leaked to the press (known as the Matthews Commission report).
The Matthews Commission proposed wide-ranging reforms to prevent similar abuses from occurring again. However, there is little reason to believe that these reforms have been implemented. One of the practices the Matthews Commission criticised was that mass surveillance did not fall under RICA. The UN Committee has amplified this criticism in its report.
There are two interception centres in South Africa: The Office for Interception Centres (OIC), which is established by RICA to undertake communication interception, and The National Communications Centre (NCC), which undertakes mass surveillance, and which isn’t established or regulated by any law. This lack of regulation and oversight renders such mass surveillance unlawful and unconstitutional. After the Matthews Commission report was released, the-then Ministry of Intelligence developed two Bills to regulate the activities of the NCC. However, once the Jacob Zuma Presidency assumed office, both Bills were shelved.
This means that the most powerful mass surveillance machine of the state is the one that is least regulated: an issue that should concern South Africans greatly, as the Government has a track record of abusing such power.
Other abuses have come to light, despite of the lack of transparency around government spying. Sunday Times journalist Mzilikazi wa Afrika, had his communications intercepted by members of the Crime Intelligence Division of the police, on suspicion that his frequent trips to neighbouring Mozambique meant that he was gun-running. Yet in fact, he was pursuing a story for the paper.
Perversely, the Inspector-General of Intelligence – tasked with oversight of South Africa’s intelligence services – declared the interception of wa Afrika’s communications legal, as the police had followed the RICA process. This situation arose because the grounds for the issuing of interception warrants in RICA are vague and speculative. This was another concern in the UN Committee report.
The Committee also expressed concern over weak safeguards, lack of oversight, and lack of remedies against unlawful interference. The RICA judge marks his or her own homework, in that s/he signs off on interception applications, while also being the sole party responsible to report on such decisions in an annual report to Parliament’s intelligence committee.
The Committee also noted that RICA is also weak on metadata protections. RICA requires communications service providers to retain all metadata (or what it calls communications-related information) for 3 to 5 years.
Blanket retention of metadata has become a hugely controversial issue. In 2014, the European Court of Justice struck down the European Union Data Retention Directive saying such retention was disproportionate to the aim it sought to achieve. South Africa remains out of step with this important development, and blanket retention of metadata persists.
Another controversial feature of RICA is the requirement of Subscriber Information Module (SIM) card registration. This is a de-facto violation of privacy because it limits the ability of mobile phone users to communicate anonymously. A growing body of international research also suggests that this measure is useless as a crime-fighting tool, which raises the question of why such a requirement persists in South Africa. More worrying, mass surveillance technologies can also be bolted onto the SIM registration database.
While the Committee did not pronounce on all issues of concerns, such as South Africa’s possible use of IMSI Catchers, and RICA’s lack of user notification, the Committee’s recommendations are a major advancement in the struggle for privacy of communications in South Africa. It is now up to civil society and popular movements to pick up the cudgels and ensure that abuses – to the extent that they exist – are stopped.
Many have argued that in the age of the internet of everything, privacy is dead. Those who make this argument, including in South Africa, appear not to be aware that the struggle for privacy is, in fact, alive and well, and even gaining ground. Happily, the Committee’s report on South Africa shows that reports on the death of privacy are greatly exaggerated, to paraphrase Mark Twain.
[Ed note: This piece first appeared as: Reports of the death of communications privacy are greatly exaggerated: reflections on recent UN Human Rights Committee’s findings on South Africa, by Privacy International.]