RICA, RICA, Secutiry Bill, Telecommunications Act. Is our legislation protecting or strangling us? And how government find the balance between having valuable citizen data and taking a ‘Big Brother’ control approach?

Government’s ICT house is really not in order. There is just too much conflicting information about what national and local government intends doing, is doing, and has done.

For example, merely setting up ICT-based legislative centres to try and fight crime at all levels – from dealing with cellphone theft to supporting the United Nations Security Council’s resolutions – doesn’t instil much confidence. Conversely, while SA is seen as having the most liberal constitution in the world, it continues putting seemingly endless legislation in place to cover any possible loopholes.


FINANCIAL INTELLIGENCE CENTRE

Let’s start with the Financial Intelligence Centre (FIC), set up under the FICA Act in 2003 to establish and maintain an effective financial services policy and compliance framework. Its intention is to sustain the operational capacity to oversee compliance and provide “timely, high-quality financial intelligence for use in the fight against crime, money laundering and terror financing”.

The FIC’s mandate is to collect and analyse data sourced from what it terms “accountable institutions”, and when necessary, provide analytical information to law enforcement authorities, the South African Revenue Service (SARS), and other intelligence agencies for investigation. In general, public perception of the FIC (by those who actually know what it is supposed to do) is that it is generally a good thing – unless you are a drug lord, terrorist or tax evader.


FLAGRANT CORRUPTION

Let us digress slightly. SA has a complex relationship with the rest of the world. It looks like our foreign policy tries to be all things to all people, whether that nation is perceived as a team player or a rogue state. A pretty obvious ploy to cover all mutually beneficial bases within a very liquid foreign policy: we have tea and chat with Queen Elizabeth, take foreign aid from the USA, copy Zimbabwe, pander to North Africa and give some of our brightest minds to Australasia so that their children will not be subject to black economic empowerment.

This liquid foreign policy means the potential for SA to be used for criminal purposes – be they financial or otherwise – is probably higher than we are led to believe. The flagrant corruption that is uncovered across pretty much every government department, regardless of party political affiliation, demonstrates how easy it is for locals to exploit systems. If locals can exploit the gaps, then so can foreigners – either directly or with local assistance.

Back to the FIC, which says it “works closely with counterparts on the African continent and international organisations”. We should accept that the intention has merit as long as it is exempt from scandal.

We also have to hope that if it is working closely with the CIA, FBI, Interpol and others, there is a level of subtle international policing of the FIC. This could make the role this agency has in enhancing levels of business compliance and reducing exploitation of financial institutions by criminal networks absolutely invaluable.

Certainly, there are those delighted that there is such an entity tasked to monitor and enhance the integrity of the country’s financial system. Independent security consultant Stephen Bekker comments: “We must be seen to be a responsible global player. As the economic hub of sub-Saharan Africa, we must ensure our efforts and actions to apply security and compliance mirror the efforts taken by the rest of the world.”


UNDERGROUND JOURNALISTS

The Internet is the prime modern-day platform to air grievances and attract international attention. No longer is the electronic petition seen as being a waste of time. Structured, organised groups of professional campaigners can mobilise and realise literally thousands of signatures across the globe in a matter of minutes in response to a campaign – be it to ‘save the shark’ or ‘stop Subaru selling cars in countries where women are not allowed to drive’.

The efficacy of electronic petitioning has already seen mega businesses rushing off into a corner to re-group. It is no wonder despots, dictators and political megalomaniacs are keen to restrict information, or shut it down completely, when the heat of international pressure becomes unbearable.

Asked whether the Internet will be able to remain free from censorship and government interference, Tellumat CEO Rasheed Hargey says: “The Internet is an open medium of communication and is bigger than any government. If governments attempt to restrict access to the Internet, citizens will always find other means of communication to circumvent this, which might lead to the downfall of government as we have recently seen in Egypt.”

Despite the warnings, the South African government is still playing a dangerous, ally-annoying game with its proposed secrecy bill. The bill would imprison anyone who possesses or publishes anything that affects what is vaguely defined as ‘national security’, for a minimum of 15 years, regardless of whether that information is in the public interest. It would drive investigative journalists underground and prevent whistle-blowers from exposing official crime. Suddenly, government corruption becomes far easier to cover up.

Recent public pressure through online petitions helped prolong parliamentary debate over the bill. Although ruling party MPs seemed peeved at being prevented from operating without public scrutiny, consider the alternative: a government able to secret away whatever hurts its reputation in the name of “national security”.


INTERCEPTION OF COMMUNICATIONS

Enter, stage left, the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA).

Another pertinent piece of legislation is the Telecommunications Act – which provides for the primary regulation of the telecommunications industry.

The Act defines the means to communicate as follows: “The emission, transmission or reception of a signal from one point to another by means of electricity, magnetism, radio or other electromagnetic waves, or any other agency of a like nature, whether with or without the aid of tangible conductors.”

Consider that RICA also regulates the monitoring of radio signals and radio frequency spectrums and the provision of communication-related information, the latter meaning information relating to indirect communication recorded by telecommunication service providers.

RICA also regulates law enforcement, where interception of communications is involved. It has the power to prohibit the provision of telecommunication services, which are incapable of being intercepted. It also requires telecommunication service providers to store communication-related information (CRI), and the law specifies that costs related to complying with RICA’s requirements must be borne by these service providers.

The Act prohibits the manufacture, assembly, possession, sale, purchase or advertising of interception equipment without a certificate of exemption issued by the relevant minister; and it provides for the establishment of interception centres.

Seemingly not an Act to mess with, yet (similarly with the ICT problems plaguing citizens trying to renew gun licences) inefficiency dogs those citizens who have bothered to “do the right thing” and have registered with RICA.

Explains entrepreneur Darryl Pfaff, whose cellphone was among other items lifted in an armed robbery on his Randburg-based business premises: “I had registered my phone barely a month before the robbery, duly handed in all the forms and was told all was good.

ALL RICAed and nowhere to go? At the end of the RICA registration period on 30 June 2011, Cell C had 99.99% of its contract and 97% prepaid subscribers registered. MTN had 99.5% contract and 97% prepaid customers registered, while Vodacom reported 98.98% of its contract and 95.12% of its prepaid base had registered. The exercise cost the mobile operators close on R1 billion: Vodacom has spent “hundreds” of million, while MTN forked over R250 million and Cell C between R300 million and R400 million. 8ta, which launched after RICA came into effect, has all of its customers registered and built RICA into its cost base. However, there have been issues with the process as the legislation was thwarted. There were reports that ‘pre-RICAed’ cards can be bought in outlets for around R20. Deputy communications minister Obed Bapela was set to meet with operators by the end of July to gather information on how many SIMs had been bulk registered in a bid to weed out the fraud. The law does not set a limit as to how many SIM cards can be registered by one person or company. However, people who register cards in their names, and then provide them to other people, run the risk of falling foul of the law if the SIMs are used in the commission of a crime.

SELF-DESTRUCTIVE INFORMATION

Software entrepreneurs have leapt to the aid of the information-paranoid citizen. There are now software applications that enable users to send self-destructing sensitive information. A new link is created for each secret message, which disappears either after the number of designated views or amount of time specified elapses, permanently deleting a message.

This is a great way to pass along temporary information such as an alarm code for your house-sitter or credit card information.

While Hargey believes government is able to keep its citizen data secure and confidential, he cautions there have been breaches of data security in the past. “Government fully understands that citizen data security is of utmost importance, as we are living in a world of cyber attacks as well as corrupt officials within departments. It now needs to translate this understanding into action.”

Moving back to equality, should we be concerned that different communication tools and technologies do not enjoy equal treatment by RICA? E-mails are not required to have date, time, sender and recipient information recorded and stored (at their cost) by e-mail service providers. However, this information is required and applies to all telephonic and cellular communications. What happened to privacy, neutrality and equality?

The next step would be to apply these minimum standards, and possibly some additional security measures, to the transmission of citizen data. Logically, the Department of Home Affairs has primary responsibility for this.


MASS DATA MANAGEMENT

There’s also the question of how standardisation will affect the health sector as it tries to overcome political in-fighting in order to get the Department of Health to manage a central database on every one of us – so that if we are untimely hospitalised, our medical data is securely and discretely given to the attending ICU physician, and we are able to benefit from the best possible treatment.

Are we doomed by blank and inconsistent fields? Let’s face facts here. Government has not reached a point of effective mass data management, no matter how hard it tries to convince its citizens that this is in the pipeline. Even optimistic officials are citing a 10-year horizon before there is secure, consistent information stored on a competently-managed platform with core applications for different government departments.


SMART TECHNOLOGY

Is the South African government keeping pace with the ICT tsunami on the ground?

Not likely. It takes changing decades-old laws and regulations to actually keep up with newer and smarter technologies. Take burgeoning e-commerce and the associated issues over value-added tax (VAT) and the treatment of electronic transactions. While concerns have been raised, there are still countries adopting recommendations rather than making definitive rulings of directives.

SARS’ income tax law accepts that the source of its income is from products and services in the jurisdiction where these products and services are rendered. This can also apply to online services. There is further argument around tax being levied based on the location of the server that hosts an e-commerce Web site. There are origin and destination principles, and imported and exported products and services. How do companies overcome areas where they may have VAT liabilities in more than one country?

Whatever happens, governments worldwide are all looking to find ways to address controlling the cuts received from the urge to sell and the urge to buy. How watertight these solutions will be, given the enormous number of constantly increasing daily transactions, remains to be seen.

Hargey sums up SA’s legislative ICT scenario when asked if he believes government is over-legislating: “I do not think over-legislating is the issue, but rather the enforcement of that legislation. We have seen too often that government has noble intentions, but is unable to enforce the laws that it promulgates.”