Right2Know recently revealed the number of warrants police serve on local mobile networks for call records each year.
Earlier this year, the organisation expressed concern that law enforcement was using a legal loophole to circumvent the privacy protections of RICA.
Legal experts have said that when police want call data records, they must apply for them in terms of RICA. An appointed judge may then grant an “interception direction”.
However, police have been bypassing this process using subpoenas issued in terms of Section 205 of the Criminal Procedures Act.
Section 205 warrants may be granted by a magistrate, rather than a judge, with reports suggesting that many magistrates simply rubber stamp the applications.
RICA judge has no oversight
To demonstrate its point, R2K lodged PAIA requests with local mobile operators to see how many Section 205 warrants they have been served with in recent years.
R2K said local law enforcement gets call records for a minimum of 70,000 phone numbers every year, according to the information it received.
The actual number is estimated to be higher, as only Vodacom and Telkom detail phone numbers contained in the warrants.
In contrast, the most recent statistics from the RICA judge’s office show that in 2014/2015, it issued 760 warrants for interception.
During that same period, a minimum of 25,808 Section 205 warrants were served on mobile operators.
“These statistics confirm that the majority of authorised surveillance operations are happening outside of the RICA judge’s oversight,” said R2K.
Urgent reforms needed
R2K has subsequently demanded the following surveillance reforms:
- Call records must be given better protection – metadata about communication must be protected and only RICA interception orders must compel operators to disclose this.
- An end to mass storage of customer data – RICA requires service providers to store user metadata for 3-5 years.
- An end to SIM card registration – SIM card registration violates privacy.
- Greater transparency – Private companies should publish regular transparency reports about their role in interceptions.
R2K said users must also be notified when their data has been intercepted. “This is a legal requirement of many surveillance laws across the world,” it said.
“The current situation is ripe for abuse, as people who are targeted for surveillance have no way of knowing that their rights have been violated.”
R2K said only under exceptional circumstances should the judge have the power to delay notifying a user that their data has been intercepted.