Back in 1999 former co-founder and CEO of Sun Microsystems (one of the pioneers of computer technology) Scott McNealy famously declared that “privacy is dead”. Almost 20 years later a strong argument can be made that McNealy’s declaration has become reality for a large portion of humanity, South Africa included.
Privacy issues in South Africa have a particular historical significance. A central pillar of the apartheid system was the systemic violation of the privacy of the black majority alongside anyone who acted in opposition to that system. Crucially, a significant part of the Struggle to defeat apartheid was the battle to regain both individual and collective privacy.
While South Africa’s new democratic constitution unequivocally broke from that history, in the early post-apartheid period the right to privacy was treated, both legally and politically, as largely applicable to the realm of personal “dignity”. This provided fertile ground for the widespread and generally uncritical embracing of new and rapidly expanding communication, identification and surveillance technologies. For example, biometric/”smart” ID systems, closed circuit television/automated licence plate recognition cameras (CCTV/ALPR), cellphones/SIM cards and more recently drones.
Biometric databases and smart ID cards
When it comes to South Africa’s private sector, there are huge biometric databases that have been assembled by the banking and financial services industry. Standard Bank has already rolled out its biometric banking application and Capitec Bank has fingerprint details of all its 6.2-million customers and has linked its biometric database to the Department of Home Affairs (DHA) database for the stated purpose of enabling it to verify customer identity. Further, First National Bank has announced that it is fast moving towards the roll-out of biometric-enabled automated teller machines (ATMs), initially using fingerprints and possibly later voice recognition and iris scans.
In South Africa’s public sector, one of the largest biometric databases that have been fully constructed to date is that of the South African Social Security Agency (Sassa) in conjunction with a private company, Net1/Cash Paymaster Services (CPS). Over the last several years every single individual receiving a social grant (the latest count being close to 17-million) have had their fingerprints and photographs captured with some also having had their voices recorded for both verification and authentication purposes. Besides Sassa, the DHA is in the process of assembling an even larger biometric database that is being used to construct a range of subsidiary databases for various purposes. For example: the Home Affairs National Identification System (Hanis); the National Population Register (that has now been made biometrically-enabled); and, the National Immigration Information System.
The privacy issues/concerns are many. These include: high levels of falsified biometric identification; the use of such databases for racial, ethnic and immigrant profiling; allowing government tracking and surveillance on a level not before possible; the integrity of inter-operability between all the various databases; and, the security of both government and private sector databases especially related to illegal access and the subsequent misuse of biometric information.
CCTV/ALPR/video surveillance systems
There has been a massive uptake in the use of these systems in South Africa over the last decade in particular. Besides their ubiquitous use by the state (through public-private partnerships) in the main urban areas, ostensibly to combat crime, such systems are being used for traffic control, enforcement and management, including for road tolling systems and border control. Private sector use is also centred mainly on crime prevention and includes tracking/monitoring movement and access control to business premises (eg mines and shops) as well as private residential estates and gated communities. More recently, private debt collectors and repossession agents are making use of CCTV/ALPR systems.
It is crucial to note that the prime rationale and motivation that has been, and continues to be, proffered for these systems – ie combating and preventing crime – is a chimera. Studies conducted by the Scottish government and for the Home Office in the UK have conclusively found “minimal evidence” that these systems effectively deter or have a meaningful impact on crime.
Existing privacy protections are woefully inadequate on a number of fronts. These include: the security of the data processing and information cycle, including storage and retention; the inter-operability of systems and the compilation and sharing of information; the ability to track an individual’s movements using the information; criminal abuse of the system (e.g. stolen identification and subsequent misuse); and, ‘mission creep’ in the use of information collected (eg for discriminatory targeting based on political/ideological activism, race, age, class and sexual preference).
According to the Regulation of Interception of Communications Act (RICA), SIM card registration is mandatory in South Africa. In case anyone has forgotten, this means that it is illegal for any telecoms service providers to activate a SIM card until the relevant “client” has provided: a cellphone number; full names; a certified copy of ID document or passport; and, proof of residence which has to include person’s name and residential address. All of this information, as well as every MSIDSN (Mobile Subscriber Integrated Service Digital Network) number of each SIM card and IMEI (International Mobile Equipment Identity) number of each cell phone, must be recorded and stored by the telecoms for a period of five years after the cancellation and/or termination of the subscription.
Officially, SIM card databases are only allowed to be used for designated law enforcement purposes, the prime ones being to target organised crime and more generally to combat and prevent criminal activity related to cellphone communications. However, the accumulated evidence clearly shows this is not working and that the intended impact on crime is extremely minimal. There are a number of reasons for this that also raises huge privacy concerns.
These include: Rica agents (who capture information during the SIM card registration process) don’t require a police/security clearance certificate and there are no security measures in place to ensure the agent does not, for example, sell the information to someone who may use it for criminal and profit-making purposes; there is little in the way of knowing and thus preventing either unregulated or illegal access to and use of, the telecoms companies information databases; the widespread politicisation, corruption, criminal activity and lack of professionalism within the SAPS as well as other state entities such as the State Security Agency (who are the main “enforcers” of Rica) opens up further space for illegal access to and abuse of both personal information and the meta data contained on the databases; negatively impacting on citizens ability to communicate anonymously; and, the use of registration details by private companies to market new products and services as well as sell data about personally identifiable customers.
The drones are coming. No, this is not about some new B-grade sci-fi movie; it is a true reality show playing out right in front of us. For many years now the world has watched as large weaponised and surveillance drones (mostly deployed by US military and intelligence forces) have wreaked untold fear, misery and death on those deemed, for whatever reason, to be enemies of the most powerful country on earth. Drone technology has now rapidly developed and is being deployed for private and commercial uses we could never have previously imagined. As a result, civil aviation authorities and regulators across the globe, including in South Africa, are scrambling to keep up while the general populace is only just now trying to understand what is going on and what it all means, especially for their privacy.
In South Africa the Civil Aviation Authority’s (CAA) new regulations are predominantly framed by and oriented to, the needs and interests of the commercial/business sector such as farming, mining, film and entertainment and media/journalism. Private sector use is entirely unregulated, there is no distinction between state and private ownership/use and there is no mention of “public order” drone use by police, security and intelligence services or of weaponised drones. The regulations are completely silent on privacy protections, there being no mention of either Rica or the recently enacted Protection of Personal Information Act (Popi).
As such, we have no idea if entities such as SAPS and the SSA are actually operating drones and for what specific purpose. When it comes to private users of drones, we are completely in the dark about how many there are or of the purpose/use of such drones. There is no process set out in terms of redress/recourse for those who believe their privacy has been violated and there are no privacy-related measures in place for flight log books and manuals, storage and processing/use of images that might be captured by camera-fitted drones.
Where to from here?
Over the last decade in particular, issues of privacy have become more and more central to framing and understanding South Africa’s political economy. The reality is that in practice, there is a range of increasingly broader and conscious abuses and violations of the right to privacy. One of the main reasons for this is that Jacob Zuma’s presidency has been paralleled by the rise and rise of a surveillance and intelligence driven state. Paralleling this has also been the hugely expanded role of the private sector/corporate world in ‘delivering’ outsourced/privatised public goods and services, no more so than in the realm of telecommunications.
This has occurred within a context of dominant, privacy-stripping global responses to “terrorism”, citizen concerns around individual and residential safety and rising levels of organised criminal activity. All of these have been fashioned and framed by, the explosion in communications and surveillance technology.
What this has produced is a shifting of the foundations of power. Now, along with the coercive and disciplinary power of the state and the economic and social power of capital, we have the combined political, economic and social power that comes from ‘the vast amounts of permanently stored personal data about entire populations’. It is this power that is now being used and abused by the South African state for political and factional surveillance and by the private sector for further financial gain.
Confronting and contesting that privacy stripping power, is going to require much higher levels of political and societal will and intensified activism. As things stand, there has been too little in the way of sustained pro-active engagement with and advocacy for, the strengthening and enforcement of relevant legislation from the collective citizenry. Further, broader citizen and civil society acknowledgement of and debate around privacy problems has been dangerously slow, leading to limited counter-mobilisation and resistance to give legal and political content to the right to privacy imperative.
The struggle to exercise democratic control over those that systematically violate individual and collective privacy rights is a tough but necessary task. But beyond that more immediate terrain, we should surely be preparing ourselves to engage in a parallel struggle whose longer-term goal is to dismantle the apparatus of information and surveillance slavery. DM
This article is a summary of a longer research monograph entitled, New Terrains of Privacy in South Africa, produced by the author as part of a collaborative research effort between the Right2Know Campaign and the Media Policy and Democracy Project.
Photo by Ben Fruen via Flickr.
"Always and never are two words you should always remember never to use. " ~ Wendell Johnson