Key portions of an Act, delineating the powers of authorities to intercept communications, are expected to come into force within the next few months.
This legislation gives law enforcement agencies wide-ranging powers to intercept the e-mails, cellphone and fixed-line calls of suspected criminals and, in some cases, they will be able to do this without an order from the courts.
The Regulation of Interception of Communication Act 70 of 2002 was promulgated in January last year, but has been held in abeyance while regulations pertaining to each section were finalised.
The regulations have been the subject of negotiations involving the Justice and Intelligence departments, as well as key players in the telecommunications industry.
“Key components of the Act will come into force within the next two to three months,” said Anthony Brookes of the Internet Service Providers Association. He added that all telecoms companies would have an additional few months to install interception equipment and become compliant with the law.
Negotiators were edging towards a final draft, although Internet service providers (ISPs) were still concerned that they would be paying for the costs of interception and that there was a general lack of international standards to guide the process, added Brookes.
A senior manager at a cellphone operator agreed that “mega-millions” were involved. But he said competition in the industry was so fierce that companies would probably eat into their own profits, or cut costs elsewhere, rather than burden consumers.
He added that cellular operators were even more concerned with the “administrative nightmare” the requirements of the law would create.
“We will be required to capture the names, identity numbers and physical addresses of even the most causal pre-paid clients. This is onerous considering many of them do not even have a fixed address.”
The government has denied the legislation will give it “Big Brother” capabilities. It has pointed out that, although the Act makes the process more regulated and efficient, interception is already possible with a court order.
The government believes it strikes the correct balance between security concerns and rights to privacy. However, the Act does appear to facilitate a dramatic increase in the number of people with access to sensitive information. Employees at ISPs and phone companies will probably operate hardware and software that probes their own networks.
Corruptible “techies” will now have access to communication in a convenient “intercepted” form. The traffic will be sent to a “central interception office” manned by yet more personnel.
The legislation will also increase the amount of data available.
It stipulates that e-mail and phone log records be stored by telecoms companies for several years.
Heinrich Augustyn from the Department of Justice said the Act included strict penalties for those who abused their access to intercepted communication. “Provision is also made that a telecommunication service provider’s license may be revoked if it’s found guilty of an offence which relates to the unauthorised furnishing of intercepted information.”
In general, interception will only commence once the courts have issued an “Interception Direction”.
It is up to law enforcement officials to convince a judge that the person whose communication will be intercepted has committed or potentially could commit a serious crime. However, there are two exceptions where “any police officer” is allowed to initially bypass the courts.
The first exception is where a person could be saved from bodily harm or death. The second is for the purpose of determining the location of someone who is in grave danger, such as a kidnap victim. Under these circumstances an officer may initiate interception and explain his decision to a judge at a later stage. Augustyn said the exceptions where justified. “A balance needs to be struck between life-and-death situations on the one hand, and the privacy and confidentiality of information on the other,” he said.
It appears the technology being introduced will make it difficult for an ISP to activate a unilateral intercept without the Interception Centre. But Brookes said it was not impossible.
“In any jurisdiction where there is interception legislation in place, Britain for example, there is an annual report that demonstrates there are a significant number of abuses that take place. We’ve spent the last two years going through these processes with the government and I’m reasonably comfortable with the efforts they’ve gone to, to try and safeguard the process.”
Michael Silver, general manager for the Trust Centre at the South African Post Office insisted the law was designed to protect privacy rather than undermine it. He pointed out that without the legislation the Constitutional Court would be constantly asked to intervene and determine whether the interests of security should come before privacy.
“Since 9/11 many courts have in fact emphasised the former. The law now takes away the vagueness about what’s allowed,” he said.