The Right2Know Campaign recently published its Big Brother Exposed report, which detailed how activists and community leaders have been “monitored and harassed” by South Africa’s intelligence agencies.
Media reports further showed that the SA Revenue Service spied on South Africa taxpayers and senior government officials, including former prosecutions boss Vusi Pikoli.
These “big brother” spying reports are of concern to many South Africans – including Internet users who have asked what local Internet service provider records can show about their subscribers.
Many people are also concerned about the extent to which their online activities can be shared with authorities.
MyBroadband asked some of South Africa’s top ADSL service providers to shed some light on this issue.
What information ISPs proactively record
MWEB CEO Derek Hershaw said they keep track of header traffic for limited periods of time. “We only use it at an aggregated level and it helps us with network optimisation,” he said.
Afrihost director Greg Payne said they do not record which websites their Internet users go to, but they do keep track of the IP address they have been allocated by Afrihost for their ADSL session.
Web Africa’s head of products Greg Wright said they only monitor usage – and not websites visited – for billing purposes and to establish usage trends. “Our upstream provider [Internet Solutions] may do things differently,” said Wright.
Cybersmart CEO Laurie Fialkov said they only record what they are required to record by RICA, which is mostly mail logs and AAA records.
Openweb CEO Keoma Wright said all accounting information that is received from SAIX on a session basis is kept for billing and usage information. “This is generally kept for 6 months,” said Wright.
He added that Openweb does not log any information about users’ online activity, like websites visited.
What information they provide to authorities
South African authorities can request information about a subscriber’s details, including their online activity, if they have a valid subpoena.
MWEB’s Hershaw said that, in terms of the Criminal Procedures Act, an ISP can be asked to provide any information its has on a subscriber.
“It’s usually confirmation of the name, address, and contact details of a subscriber,” he said. “We are sometimes given an IP address with a date and time stamp and asked to confirm which user it was allocated to at that time,” said Hershaw.
In terms of RICA, an Internet service provider can be instructed to intercept e-mail communication.
If a warrant is issued, they can only really provide personal information – info about a customer they would obtain for billing purposes, said Web Africa’s Wright.
Afrihost’s Payne said if they receive a summons requesting information, they would provide the name of the subscriber using the IP address in question at that point in time.
Cybersmart’s Fialkov said with a valid subpoena they have the ability to intercept communication and send it to an “interception centre”.
He said this is required by law, but that a South African interception centre does not exist yet.
“We also have the ability to intercept a customer’s traffic when a subscriber requests it. This is done for support purposes on customer permission,” he said.
Fialkov said the authorities usually request details of a subscriber who was using an IP address at a certain time.
Openweb’s Wright said law enforcement agencies can access user data, if they have the necessary authority.
“The most commonly used is Section 205 of the Criminal Procedure Act, 1977, which allows for the likes of SAPS to obtain user data/information to be used as evidence by a magistrate’s court order,” he said.