Civil society organisations have cried out for the reform of RICA, especially regarding the lack of transparency. It is concerning that the redrafted Cybercrimes and Cybersecurity Bill (Bill) which extends the scope of RICA, fails to address these concerns. The Bill, to the extent it echoes and relies on these controversial RICA provisions, indirectly impacts on individuals’ constitutional rights to privacy and access to courts.
RICA provides the procedure for the interception by the State of a person’s “communication” and “communication-related information”. “Communication-related information” is basically the information behind a text message, for instance the location of the sender of a text message. Interception is justified on the reasonable belief that information will be obtained relating to a threat to “national security” or a “serious offence”, such as high treason.
The procedure for an interception order by a RICA judge is highly controversial as it excludes any notification of the application – even after the investigation has passed and the order has lapsed. Thus, the legality of the interception order cannot be reviewed by a Court. The question arises whether this is a reasonable infringement on the right to access to courts, especially as certain foreign jurisdictions do provide for notification (such as Japan and Germany). Furthermore, the International Principles on the Application of Human Rights to Communications Surveillance – launched by the United Nations Human Rights Commission, after global consultation with various stakeholders – requires notification of the application. Delay of notification would for instance only be justified if it would “seriously jeopardise” the purpose of the surveillance. This suggests that RICA, in this regard, falls short of international best practice.
The constitutionality of RICA’s prohibition of notification of an interception order forms one of the key issues currently challenged by amaBhungane Investigative Journalism (amaBhungane). In its High Court application, amaBhungane argues that certain provisions of RICA unduly infringe on an individual’s rights to privacy and access to courts. The application is supported by Mr Sam Sole, an investigative journalist. Mr Sole suspected that communication between himself and the senior prosecutor investigating charges against President Zuma in relation to the Arms deal in 2009 were intercepted. According to Mr Sole’s affidavit, extracts of the intercepted communication later became public in Court papers. Mr Sole, according to his affidavit, has never been provided with the initial interception order or the information that the RICA judge considered to grant the interception order.
The Bill is intricately linked to RICA’s contested procedures. Clause 38 of the Bill requires the interception of “data” defined as “electronic representations of information in any form” to be made in terms of RICA. It appears the intention was to ensure the interception of all information must be via RICA and to limit the abuse of section 205 of the Criminal Procedure Act of 1977 (CPA). Section 205 of the CPA allows for instance, a Magistrate to issue a warrant for telephone records as it may provide information of an alleged offence. This process occurs outside the more onerous prescribed RICA procedure by a designated RICA judge. Section 15 of RICA currently allows other legislative mechanisms to obtain “communication-related information” such as telephone records, and this has been a glaring legislative loophole. However, despite Clause 38’s intention, section 15 of RICA has still not been amended.
The Bill also provides for the strict prohibition of disclosure and it echoes RICA’s exceptions with the additional exception of “information sharing” as provided for in the Bill. This means electronic communications service providers are prohibited from informing their customers of the interception orders. They are also prohibited from publishing the information for statistical reasons, which would inform the public of the prevalence of specific data requests. This not only impacts on the constitutional right to privacy but also raises questions as to the justifiability of the infringement on the right to access courts. Furthermore, the exception of “information sharing”, which provides for the sharing of information between new proposed State structures dealing with cybersecurity, is an additional threat to the right to privacy.
The above lack of transparency is even more concerning as the definition of a “serious offence” in RICA is extended by the Bill to include offences such as “cyber fraud”, “cyber forgery and uttering” and “cyber extortion”. The constitutional right to privacy is also threatened, with the additional requirement that electronic communication service providers who are not currently required in terms of RICA to store “communication-related-information”, such as internet service providers, will now be required in terms of the Bill to do so. No information is given on how this information should be stored, when and how it should be destroyed, and there is no independent oversight mechanism monitoring this. The lack of independent oversight on the storage of “communication-related information” by telecommunication-service providers is also currently being challenged by amaBhungane.
The State fervently defends the constitutionality of these RICA provisions in the amaBhungane matter and one wonders why there is a reluctance to consider alternatives.
What risk is there to review RICA together with the Bill, to consider the possibility of a conditional notification after the investigation or the implementation of an independent civilian oversight mechanism? One hopes the amaBhungane challenge will seriously address these RICA challenges as the matter becomes more urgent with the looming enactment of the Bill.
By Ms Christine Botha: Legal Officer, Centre for Constitutional Rights