“Deleted” WhatsApp messages link accused cop killer to South African underworld boss
The Hawks used deleted WhatsApp messages to connect Zane Kilian, accused of tracking assassinated anti-gang investigator Lieutenant-Colonel Charl Kinnear, to underworld boss Nafiz Modack, eNCA reports.
Kinnear was assassinated outside of his home on 18 September 2020 after he had been tracked by former rugby player and debt collector Zane Kilian.
Now, the Hawks have been able to retrieve multiple deleted WhatsApp messages and images from one of Kilian’s cell phones confiscated upon arrest.
This evidence proves a link to Nafiz Modack, who Kinnear was investigating at the time of his assassination.
Kilian had deleted WhatsApp from his device, but screenshots of WhatsApp conversations were found in his photo gallery.
The Hawks’ Captain Edward du Plessis says the photos and messages show a close relationship between the two.
Police also found that Kilian had been tracking the phone of criminal defence attorney William Booth, who experienced an attempt on his life moments after his phone was pinged multiple times.
On the same day that Booth was found to have been pinged 49 times, consumer trace reports found on Kilian’s phone were sent to a contact labelled “Nafiz 3.”
This happened on 14 March 2020, a few days after Booth began helping a witness who wanted to file charges against Jacques Cronje, one of Modacks allies.
Kilian maintained that Modack was merely one of his clients and that he had no interest in the victims after he had tracked them.
To track Booth and Kinnear, Kilian used wireless application service providers (WASPs) that were given full access to subscribers’ sensitive location data in “good faith”, with the understanding that they would not abuse the privilege.
While WASPs signed contracts which required them to get consent before they could track a person, Vodacom and MTN did not put technical controls in place to prevent abuse.
This allowed numerous individuals and private investigators to use location-based services to track the movement of South Africans without their knowledge or consent.
What this means, in simple terms, is that your sensitive location information was available to anyone, including criminals, for a fee.
This abuse went unnoticed until Kinnear’s assassination and the murder investigation which followed.
The South African Police Service (SAPS) subsequently brought the abuse of location-based services to the attention of MTN and Vodacom.
After MTN was alerted to the abuse, it immediately asked all nine WASPs with which it has contracts to prove that the people they tracked gave them permission to allow it.
When they failed to produce this information, MTN cut all access to location-based services for these WASPs.
Vodacom refused to state how many companies have access to the location data of their subscribers.
Vodacom only suspended the location-based services of a single company pending further investigation.
There is also no indication that Vodacom, like MTN, has launched a wider investigation into the abuse of location-based services on its network.
With various legal frameworks in place to protect subscribers’ personal information, it raises the question of whether Vodacom and MTN are legally liable for what happened.
Floor Inc Attorneys director, Jos Floor, told MyBroadband that MTN and Vodacom were not allowed to provide their subscribers’ location information in “good faith”, given South Africa’s current legal framework.
Floor is one of South Africa’s foremost experts in technology, privacy, and data protection law, which includes the Protection of Personal Information Act.
He said that there are some exceptions as to when they can provide this information, but “good faith” is not one.
Floor mentioned that when this type of data is collected, it must be done for a specific purpose. In the case of MTN and Vodacom, it is collected to provide services to the customer.
However, the customer must be informed if this information is used for any other purpose.
“The cell phone service providers therefore had to notify their customers that their location-based data gets collected and that the data is being used for another purpose, namely selling that data on commercial terms to third parties to use for whatever other purpose they wish,” Floor stated.
Referring to Kinnear, Floor said that given his line of work and his family’s awareness of the dangers associated with it, “I think it is reasonable to assume that he would never have given consent for his location data to be shared with third parties in the manner which has happened.”
Floor notes that one exception could be made, and that is if making the information available aligned with the original purpose for which it was collected.
However, Floor says this can be ruled out because the consequences of third parties gaining access to Kinnear’s location-based information are not compatible with the original purpose for which it was collected.