The system used by the Department of Social Development to distribute grants has been in the spotlight recently. What has been given less attention, however, is the fact that the collected biometric information of all the grant recipients used to administer the grants amounts to a large-scale privacy hazard. And it’s not just Sassa amassing personal information on citizens: a recent report suggests that South Africa’s surveillance state is expanding by alarming proportions. By REBECCA DAVIS.
South Africa was one of the first countries in the world to have huge databases of data on people, says researcher Dr Dale McKinley. That’s because the maintenance of the apartheid regime depended on bureaucratic features like the pass system to regulate the movements of South Africans of colour, and the work of labourers on South Africa’s mines.
Twenty-three years after the official onset of democracy, however, the collection of biometric data is not something consigned to the scrapheap of history. Writes McKinley in a recent paper, New Terrains of Privacy in South Africa: “Biometrics are no longer used to underpin an entire system of racialised oppression; their use has simply shifted into constructing an ever-expanding and centralised system of identification management and control as well as a colossal and, as yet, uncontrolled commercial data analysis sector”.
One of the entities which holds the largest biometric database is Sassa, the South African Social Security Agency. The reason why Sassa had to gather a large amount of information on its grant recipients was ostensibly to combat fraud. Every grant recipient has had their fingerprints and photographs captured, and McKinley notes that others have also had their voices recorded. The biometric data of almost 17-million people now sits in a central database.
McKinley says that the anti-fraud justification for the compiling of all this data doesn’t hold water. “There are high levels of falsified biometric information,” he told an audience hosted by the Right2Know advocacy group in Cape Town on Wednesday. His report states that the quality of biometric information being compiled is poor, “thus creating the likelihood of a significant amount of false and/or incomplete information”.
In McKinley’s estimation, the system treats the right to privacy “with contempt”, or simply ignores it. He says that it is still unclear what Sassa officials do with all the information they can easily access; how they share information with other state branches like the Department of Home Affairs, and the extent to which the information is being exploited by the private companies which administer the grants.
Wits professor Jane Duncan, from the Media Policy & Democracy Project, says the level of acceptance from South African society about this scale of personal data collection is remarkable. “Other countries have had mass campaigns against centralised biometric databases,” she points out. Duncan says that Mauritius recently had to dismantle such a system under the pressure of a widespread outcry.
The biometric data collected by Sassa is the tip of the privacy iceberg. The increasing roll-out of CCTV surveillance cameras in South African cities is also a concern to Duncan and McKinley. They cite figures showing that Johannesburg now has more than 400 cameras in the CBD, with 440 in Cape Town’s CBD and 350 in Nelson Mandela Bay (Port Elizabeth). These numbers do not include the increasing quantity of privately installed CCTV systems. McKinley notes that estimating accurate figures is “made more difficult because of the complete lack of signage informing/warning people that they are being watched”.
As time goes on, more of these cameras will be fitted with facial recognition capacities. Duncan says it’s still unclear where the database of photographs these will work with will come from, though an audience member at Wednesday’s event said his research suggested they would be provided by private security companies who routinely photograph visitors to buildings as part of access control.
International experience, says Duncan, shows that this kind of facial recognition software tends to be “racist and ageist”: it has most difficulty distinguishing black faces and young faces.
The roll-out of extensive CCTV networks is justified as a crime reduction measure, which is why it is often met with public approval: “It almost goes without saying that we need to give up some of our rights to feel safe”, Duncan says. The impact of CCTV on reducing crime has been found to be negligible elsewhere in the world, however. McKinley cites a Scottish study from 2009 which found there was “minimal evidence to suggest that CCTV effectively deters crime, and in cases where crime does appear to be deterred, this effect is generally short-lived”.
The City of Cape Town’s mayoral committee member for safety and security, JP Smith, told Daily Maverick on Wednesday that the city’s camera system detected 3,149 incidents during the last quarter of 2016.
“Of these, 978 were incidents of a criminal or suspected criminal nature, resulting in 82 arrests,” Smith said.
Researchers like Duncan are concerned about what happens to all the data collected by CCTV cameras, and whether its treatment is subject to basic privacy considerations. Smith said that the City of Cape Town has thus far collected 1.1 petabytes of data via CCTV. One petabyte is equivalent to one thousand million million bytes. He said that the footage is stored in “data centres across the city”.
Last year it was also reported that the City of Cape Town was considering using drones for intelligence gathering. A discussion paper proposed that drones would be used to collect data. Among their functions could be to monitor “public unrest situations”.
The increasing use of drones is also ringing alarm bells for McKinley and Duncan, who point out that their use remains largely unregulated despite an amendment of the 2009 Civil Aviation Authority Act aimed at controlling how they are operated. Last year, a privately owned drone being flown above Koeberg Nuclear Power Station crashed within the grounds, and was returned to its operator – raising serious questions about security.
“There is no common law jurisprudence on drone usage, no legal cases have yet been brought and therefore there are no guiding legal principles and precedents in relation to drones and privacy,” McKinley notes.
State use of drones also has potentially sinister implications. A Pretoria-based company called Desert Wolf attracted international condemnation in 2014 upon announcing that it had developed a “Skunk Riot Control Copter”, fitted with 4,000 pepper spray-filled balls which could be shot at 80 balls per second. Its developer claimed that the idea originated from his desire to better control situations like Marikana.
The City of Cape Town confirmed to Daily Maverick that it is still planning to roll out surveillance drones. “The thinking is to acquire the services of a drone operator which all of the different City departments can use,” Smith said. “The intention is also to use it for active surveillance during a major incident”. DM
Photo by Ralph via Flickr.