Richard Poplak wrote a great article earlier today in the Daily Maverick about how the balance between what we can know about government versus what they can know about us has gotten “completely out of whack”. And while I agreed with most of what he said, I was struck by absence of comment on what this might mean for South Africa.
Never mind whether Edward Snowden is a martyr or a rogue warrior, just know that he is extremely unlikely to ever exist in South Africa thanks to the recently approved “secrecy bill“. Whistleblowers in the public service in South Africa enjoy some protection if they are disclosing information that reveals criminal activity but what the NSA have been doing with Prism is apparently legal. The law itself requires review. In South Africa, the chances of anyone getting that far are slim, not to mention the fear engendered by the current ambiguity around whistleblower protection.
And in South Africa the situation is arguably worse than in the US. Note that while the big Internet companies have leapt forward to seek permission from the government to be more transparent about what they have shared and how, the reactions from Verizon and AT&T have been “We have no comment”.
Verizon and AT&T on PRISM: "We have no comment." http://t.co/DKPziaVGWq
— CNNTech Gadgets (@CNNTechGadgets) June 7, 2013
There is no tradition of openness or transparency for telecommunications operators, not even the pretence. In South Africa, the communication regulator can’t even get the information they are legally entitled to from the mobile operators in order to better regulate the market. The culture of secrecy is embedded in telecommunications companies where all attempts at transparency are brushed off as potentially compromising their competitiveness. I experienced this first hand when trying to get Telkom to release a map of their fibre infrastructure in South Africa. They responded that they “decline to grant access to the records since they contain financial, commercial, scientific, and/or technical information, other than trade secrets, the disclosure of which is likely to cause harm to the commercial or financial interests of Telkom“. In the end only public embarrassment forced their hand.
And South Africa, similar to at least 34 other countries in Africa, has enacted legislation to make the registration of mobile sim cards mandatory. In the security-conscious United States, you can still purchase a pre-paid SIM card without having to register it. The argument for SIM registration has been that of improved law enforcement though be able to better track criminals yet no evidence has ever been presented that backs up that assertion. Maintaining a SIM registration database is dangerous to personal privacy. While there are legal protections against its abuse, you have to be confident that the technology and process safeguards exist to back that up. When the South African Police Service website was hacked a few weeks ago, they didn’t even know it had happened.
So here are three things I’d like to see in South Africa in the wake of the NSA Prism scandal:
- Real whistleblower protection for public service employees. Support the Right2Know campaign!
- An end to mandatory SIM card registration until evidence is produced that a) it actually makes a difference; and b) sufficient safeguards are in place around its use.
- Tougher rules that oblige better and more consistent transparency on the part of telecommunication operators.