/ 2 January 2014

Social security debased by the profit motive

Net1's competitor Allpay claims Sassa's tender process was flawed because it changed its biometric verification requirements along the way.
Net1's competitor Allpay claims Sassa's tender process was flawed because it changed its biometric verification requirements along the way.

South Africans have become used to certain parts of the state being efficient and others being plagued by chronic inefficiency, to the point where many dread having to deal with them.

The South African National Roads Agency, supported by the government, has finally swung into action in Gauteng, bullying road users to buy e-tags and pay exorbitant toll fees.

On the same day that the e-toll system went live, thousands of commuters took to alternative routes to find their way to work. Many were frustrated by tens of out-of-order traffic lights, some of which had not been working for weeks.

Traffic officers, who should have been directing traffic at key intersections to prevent accidents, were nowhere in sight. Yet, over the weekend that followed, the guardians of traffic safety reappeared in their numbers to ticket motorists for the slightest misdemeanour, fattening the coffers of the Johannesburg City Council in time for the festive season.

Asylum seekers struggle to obtain paperwork timeously from the department of home affairs, yet the South African Revenue Service processes tax returns within 24 hours of receipt.

As a general rule, those aspects of the state that are revenue-generating are hyperefficient, and those aspects that are revenue-absorbing aren't. This speaks volumes about state capacity, as it implies that, with some political will, strong capacity could be spread across the state, rather than being confined mainly (but not completely) to its moneymaking activities.

To its credit, though, the government has made a concerted effort to fix possibly the most important department the poorest South Africans rely on, namely the department of social development. Like home affairs, it had become notorious for poor service, making a joke of the noble batho pele (people first) principles.

Privatisation
Millions of South Africans rely on social grants administered through the department; in fact, the expansion of this social safety net is one of the country's most important post-apartheid achievements. Yet, controversially, the grant system is not universal, in spite of there being strong arguments to do so.

When social grants were introduced on a massive scale in the early 2000s, they were administered through the provinces. This proved to be disastrous, as the provinces lacked the capacity to undertake this responsibility. As a result, the department established the South African Social Security Agency (Sassa) and centralised the grant-making system in Sassa from 2006 onwards. But it outsourced the payment system a year later: a form of privatisation, as this activity was undertaken by a private service provider, rather than Sassa itself.

Many grant beneficiaries assumed that their payment problems would be solved. Little did they realise that attempts to stamp out dodgy behaviour at micro-level would create space for dodgy behaviour on a much grander scale at the macro-level. In the huge media focus on the Nkandla scandal, little attention has been paid to a significant Constitutional Court judgment in late 2013 on the awarding of a massive tender, worth R10-billion.

This tender was issued for a service provider to pay social grants on Sassa's behalf, and the tender required the use of ­biometric methods to identify recipients. Fingerprints were required to register recipients, as were voiceprints and photographs, to prevent the sorts of fraudulent payouts to which token-based systems using PIN numbers apparently lent themselves. This information would be stored in a national database of recipients, which would be used to eliminate duplication.

Sassa shifted the goalposts during the tender process, requiring biometric solutions not only at the point of registration, but also at the point of payment. This change led to Cash Paymaster Services winning the tender, and a competitor, AllPay Investment Solutions, fell out of the running as its security solution for payment was PIN-based. As a result of this and other irregularities, the Constitutional Court declared the awarding of the tender to Cash Paymaster constitutionally invalid.

Bribery and corruption
By that stage, the Mail & Guardian had reported that advocate Norman Arendse, a member of the bid adjudication committee, had been offered a bribe by someone claiming to represent Cash Paymaster Services.

Furthermore, President Jacob Zuma's lawyer, Michael Hulley, played a major behind-the-scenes role in the awarding of the tender to Cash Paymaster, strongly suggesting political interference in the decision, and creating reasonable suspicion of corrupt practices in the awarding of the tender (although corruption has not been proved).

In this regard, Corruption Watch's recent call for the tender to be investigated by the Hawks should be supported. Cash Paymaster has been implicated in dubious deductions from grant beneficiaries for airtime bundles, leading to Social Development Minister Bathabile Dlamini condemning the company's actions.

According to Business Day's Rob Rose, they intended to use access to the database to sell other financial products, such as funeral cover, leading to the company skirting "the fringes of ethical behaviour".

No real debate took place about Sassa's decision to shift to biometric forms of identity verification, saved in a national database, and its implications for users rights to privacy.

Centralised risk
The systems benefits relative to its risks appeared to have been self-evident, yet citizens of other countries have resisted such centralised databases owing to the potential for abuse, both by increasingly intrusive surveillance states and by criminals.

In Israel, for instance, population-registry information was leaked online, fuelling public resistance to more recent government attempts to establish a biometrically based national database. Significantly, enrolment on this database remains voluntary, and for good reason.

The problem with centralised biometric databases is that their data security must be foolproof; identity theft of a biometric identifier can have devastating consequences for the victims, because – unlike PIN numbers – they cannot replace their fingerprints or voices. Yet identity theft is as possible in bio­metric ­systems as it is in token-based ­systems, as both information sets are stored digitally.

These dangers have led information security consultant George Tillman to argue that biometrically based security measures may leave organisations worse off than they were. According to Tillman, the "reality is that biometrics are a feel-good measure designed to give people the false impression that they are more secure than they were before, when in fact they are more at risk".

This means that the company that has access to these databases must be beyond reproach. If users have any concerns about the possibility of their information being leaked or misused, then they must be able to leave the system and have their biometric data expunged.

If this option is not available to South Africa's grant recipients, then their right to privacy will automatically be violated. In a bid to improve efficiency in the social grants system, the government has made several deeply flawed assumptions.

It assumed that centralisation and privatisation of the payment system would lead to greater efficiency; instead, these changes did not necessarily remove the potential for abuse, but merely centralised it.

Profit over public security
It is not just a matter of the department having made a bad tender choice: the very act of placing public functions in private hands means that social security inevitably becomes debased by the profit motive. South Africa's social security-dependent poor are a massive captive market for profit-seeking companies. In the name of efficiency, Sassa has entrusted the administration of millions of South Africans' livelihoods to a private sector that appears to be more concerned about lining its own pockets than serving the poor and vulnerable.

Furthermore, however well-intentioned, Sassa's state-of-the-art database may well be a monster in the making. It could create new and much more devastating privacy risks and security holes than the previous system, especially because its management has been outsourced. Private companies are always seeking to cut costs, including on security measures. Such a database also provides another building block for South Africa's growing surveillance state, as potentially it could be used for purposes for which it was never intended, such as to provide a huge data mine for the country's security services.

The 2008 financial crisis should have made governments rethink the basic tenets of neoliberal governance, including the assumption that applying private-sector principles and practices to the public sector will make it more efficient and effective. Yet it would appear that this mind-set shift has not happened, and there are vested interests in preventing this shift from taking place.

Only once the profit motive is removed entirely from the public sector – and public service rather than greed becomes its core value – will the state truly begin to respond to the needs of people. But that is likely to be a very different state to the one that currently exists, or it may not even be a state at all. – sacsis.org.za

Professor Jane Duncan is Highway Africa Chair of Media and Information Society, School of Journalism and Media Studies at Rhodes University.