Are We Sleepwalking Into a Surveillance Society?

Image: Flickr, dusk-photography
Image: Flickr, dusk-photography

From 1 July 2009 cellphone service providers in South Africa cannot activate a new SIM card without the full name, address and identity number of the customer.

Existing SIM cards must be registered within 18 months. The new registration law is aimed at assisting law enforcement agencies to investigate and combat serious crime by ensuring that the identity and whereabouts of every SIM card owner is known to foil and investigate criminal activity. Customer information must be kept in a secure database for a minimum of three years, accessible only to selected personnel. But does monitoring criminal activity threaten our right to privacy, and more particularly, will it actually help to combat crime?

While the government promises that it will not use the personal information to spy on its citizens, this offers little peace of mind. A service provider has no legal authority to question a request from the police for information. According to the existing law the police already have extensive powers to approach a court for access to information if they have a reasonable belief that there exists a threat to public health, safety or national security. With the information now stored with the service provider and traceable to a customer, could a member of the opposition party find a flippant email brought  up later in elections or can a frustrated husband now be charged with planning a murder if he complains to a friend that he is going to kill his wife?

Internationally, SIM card registration laws were enacted to combat terrorism, especially after 9/11. However, research into other countries shows little empirical evidence that registration acts as a deterrent to crime. For example, in Thailand SIM card registration began in May 2005 in an attempt to fight crime, violence and social unrest. However, by the end of 2006 the Information and Communication Technology Minister, Sitthichai Phokai-udom, admitted that SIM card registration did not reduce the violence. One problem was that Malaysian SIM cards were smuggled into Thailand and were untraceable. South Africa could potentially face similar problems because the registration laws do not apply to SIM cards registered in other countries and used here. In a reversal of the 2005 law, today, no SIM card registration is required in Thailand.

The British government has recently abandoned its plans for identity cards being used to fight terrorism and illegal immigration. Numerous parties raised their concerns about data protection and privacy, not to mention the large threat of identity theft. The proposed cost of the system also drew a large public outcry. The requirement for passports to be presented when purchasing a pre-paid cell phone has also been criticised in the UK as a move by government towards greater surveillance.

There are also significant practical constraints which could undermine the usefulness of the data held by service providers and the purpose of the registration law. A SIM card that is lost, stolen or leased to someone else will not correspond to the personal information stored on the database. For example in Australia, an enquiry into criminal activity highlighted how criminals weaken the integrity of the captured information by registering up to four SIM cards a day and providing false identification information.

It is questionable whether South Africa can effectively administer and implement this new legislation. The implementation of SA’s new gun laws, aimed at reducing the number of illegal guns in SA by making new and existing gun owners undergo a competency test highlights some of the pitfalls. Because of extensive delays in issuing licences, police are unable to manage the applications efficiently and some law-abiding citizens have lost their guns on arbitrary grounds.

Efforts to fight crime will only be successful if the necessary logistics are in place to secure and update the integrity of the data. Government, working with service providers, must set in place appropriate security standards for recording and storing the information. However, the personal information in and of itself will do little to combat crime without extensive prior investigatory work by the police.

There is also another point to consider. Government might have to contemplate relaxing the burden of providing proof of identification, at least for foreign nationals visiting the country. Will everyone visiting for the 2010 FIFA World Cup need to verify their details when they purchase SIM cards?

Compared to international practices, it seems excessive to store personal information data for a minimum period of three years for all subscribers, regardless of whether they are subject to criminal investigation. The irony of more laws to curb criminal activity without the necessary logistics and systems in place that ensure the integrity of data and the protection of the rights of the individual, is that it creates more administrative processes and more loopholes for criminals to exploit without addressing crime effectively while also eroding our right to privacy.

10 Jul 2009