RICA Surveillance Ruled Unlawful

With data holding the position of being the most valued asset any company has, the rise of the data economy has resulted in companies finding their greatest source of value comes from collecting, sharing and using data. The success that comes from this can be seen from companies such as Google, Facebook, and Amazon who have built their empires upon the data economy. However, this has led to data security and safety becoming a major concern and priority, particularly for the consumer.

Also, with new and constant security risks to privacy increasing daily, companies need to be more transparent than ever. However, with South Africa’s own RICA organisation (created to decrease organised criminal activity) being ruled as unlawful, due to a serious breach of data privacy, these kinds of breaches are bound to increase concerns.

Let’s break down what this unlawful ruling means for you, the consumer.  

What is RICA?

Before we delve into the ruling, it is important to understand what role RICA holds within the data economy of South Africa.

The Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 (“RICA”) came into effect on the 1 July 2011. This transpired against the background of a rise in organized criminal activity caused by sophisticated communication technology such as mobile telephones, satellite communications, email and other computer-related communications. The legislature found it necessary to enact an act to combat such crimes and further assist the prevention thereof.

As a general rule, RICA prohibits the interception and monitoring of direct and indirect communications. However, there are certain exceptions, including where the interception and monitoring take place with the consent of the parties involved or where it is carried out by law enforcement personnel in certain circumstances. RICA assists the investigation, detection and prevention of crime by law enforcement officers and agencies.

The schedule to RICA lists the different kinds of crimes the Act aims to combat which include, amongst others, high treason, sedition, fraud and money laundering. RICA sets out circumstances under which law enforcement personnel may apply to a designated Judge of a High Court for an interception and monitoring direction and entry warrants, and how such directions and entry warrants are to be executed. When RICA came into effect, it repealed the Monitoring Prohibition Act, 1992.

RICA imposes duties on a telecommunication service provider (“TSP”) and/or electronic communication service provider (“ECSP”) to obtain and retain certain information from their customers. For example, RICA requires that all customers on all the cellular networks in South Africa should register all new and existing cellular phone numbers and to provide to their service providers all information required by the Act. The information to be obtained includes, inter alia, full names, identity number and/or company registration numbers, residential and business or postal address, whichever is applicable and a certified photocopy of the person’s identification document on which his or her photo, appear.

The lead-up

In 2017, News 24's Investigative Unit Amabhungane applied to the High Court, challenging the constitutionality of the act after their journalist Sam Sole’s communications were intercepted and a target of state surveillance under Rica while he was reporting on the corruption investigation against the former president, Jacob Zuma

The unit says Rica is unconstitutional, as it has failed to safeguard the right to privacy, the right to freedom of expression and access to justice. With Karabo Rajuili from Amabhungane saying:

“The ability of journalists and particularly investigative journalists’ ability to do their job is based on their ability to communicate confidentially with sources and this is to make sure that the sources don’t become vulnerable when talking to journalists and protect them from potential harm.

When a warrant is issued by a designated judge, that judge should consider the fact that there is a journalist or anybody else who has got a duty of confidentiality in their work and that should be a factor that is considered as part of the judge’s consideration when granting an interception when taping the phone of a journalist.” 

Why RICA’s actions are unlawful?

Judge Roland Sutherland’s ruling declared that certain sections were invalid- such as interception and not those dealing with sim cards.

Judge Sutherland stated the legislation was inconsistent with the Constitution as it failed to adequately provide appropriate safeguards to deal with the fact that the orders were granted ex parte or in the interests of one side only. 

Thus, RICA was found to be inconsistent with the Constitution, with the effect of:

• Ending secret spying abuses, by ensuring that people whose communications were secretly intercepted by the state were informed within three months unless law-enforcement agencies convinced a judge to grant a postponement.
• Ensuring extra safeguards when the state applied for authorisation to intercept communications of journalists or lawyers.
• Ordering the state to stop mass surveillance activities, which it had been conducting through the National Communications Centre in Gauteng, without any legal regulation.
• Ordering parliament to drastically amend RICA within two years, to improve the independence and oversight of the ‘RICA judge’ who oversees surveillance requests, and to provide clear procedures for how state officials handled data that they had intercepted.

What's next for RICA?

The Right2Know Campaign, Privacy International, and the Legal Resources Centre have welcomed the Gauteng High Court ruling, with R2K adding,

"This is a major victory in the struggle against surveillance abuses in South Africa. But it is also just a step forward. The South African parliament has two years to adopt anew legislation. To meaningfully protect ordinary people against the climate of surveillance, much more is needed.”

Additionally, Judge Sutherland declared that the validity of the judgment is suspended for two years for Parliament to rework the legislation.

Transparency is fundamental

Maintaining transparency is how businesses can request consent, abide by their privacy policies, and manage the data that they’ve collected is vital to building trust and accountability with customers and partners who expect privacy.

With iTouch, being active partners with The MEF (Mobile Ecosystem Forum), with our very own Waheed Adam sitting on the board as executive chairman, both aim to provide transparency and protectors of consumer and data security.

Evidence of this seen is the MEF Enterprise Mobile Messaging Framework V20.0, which provides a comprehensive framework for opposing and decreasing fraud within one’s business and to protect clients and their data.

Let us help you reach your customers

Let us deliver your message to your customers with our range of communication solutions. As experts on the African continent, we can devise the perfect communications strategy for your business. We're a trusted partner for many companies as our enterprise messaging, and value-added services offer our clients a robust, scalable solution with global reach.

To find out more about our services contact us here

Sources:

• Varonis
• Polity
• eNCA
• Eyewitness News (EWN)
• IOL News