Vodafone, the parent company of SA operator, Vodacom, says that government agencies in a few of its operating countries have direct access to its network, which allows them to listen in on calls.
The world’s second-biggest mobile operator has also divulged the legal powers under the law of South Africa that government agencies have to order Vodafone’s assistance with conducting real-time interception and the disclosure of data about Vodacom’s customers.
Essentially, it is unlawful to disclose information related to the interception of the content of phone calls and messages in SA.
Security agencies, globally, have faced greater scrutiny since Edward Snowden, a former contractor with the US National Security Agency (NSA), disclosed the extent of their surveillance.
On Friday, Vodafone published a “Disclosure Report” which said that, while in many of the 29 countries in which it operates government agencies need legal notices to tap into customers’ communications, there are some instances where this is not the case.
Vodafone said it could not give a full picture of all the requests it gets, because it is unlawful in several countries to disclose this information.
“In a small number of countries, the law dictates that specific agencies and authorities must have direct access to an operator’s network, bypassing any form of operational control over lawful interception on the part of the operator,” the company said.
Vodafone has not named the countries where this can happen, but in the document it calls on governments to amend legislation so eavesdropping can only take place on legal grounds.
Vodafone points to an overview of some of the legal powers under the law of South Africa that government agencies have to order Vodafone’s assistance with conducting real-time interception and the disclosure of data about it’s customers.
It notes that The Regulation of Interception of Communications and Provision of Communication-Related Information Act no.70 of 2002 (RICA) prescribes that the interception and monitoring of communications is prohibited unless:
- A directive has been granted that permits the prohibited activities;
- The party protected by RICA gives requisite consent;
- The entity engaging in the above activity was also a party to those communications;
- Intercepting, monitoring or disseminating information of an employee while carrying on a business;
- Interception takes place to prevent serious bodily harm;
- Interception takes place to determine a location during an emergency; or
- Entitled to do so in terms of other legislation.
According to Vodafone, “an interception direction can only be issued in the event that a judge is satisfied that a serious offence has been or will be committed, or the gathering of information is necessary concerning an actual threat to the public health or safety, national security or compelling national economic interests of the Republic”.
The British based operator highlights chapter 3 of RICA, which sets out circumstances under which “an applicant may apply for an interception and monitoring direction and entry warrants along with the manner in which such directions and entry warrants are to be executed”.
Under RICA law, an applicant may apply in writing to a designated judge for an interception direction where there are reasonable grounds to believe that a serious offence has been, is being or will probably be committed or in order to gather information concerning an actual or potential threat to the public health or safety, national security or compelling national economic interests.
“The applicant may simultaneously apply for an entry warrant,” Vodafone said.
It said that section 21 of RICA provides for the issuing of decryption directions by application to a designated judge.
Vodafone stressed that RICA requires a telecommunication service provider to intercept and store communication-related information, which is commonly referred to as metadata.