Cellphone privacy: Law enforcement pulls 70,000 subscribers’ call records each year – and that’s a minimum estimate
- Heidi Swart
- South Africa
- 23 Aug 2017 12:55 (South Africa)
In May this year, Daily Maverick revealed that South African intelligence services legally compelled the major mobile network operators to hand over thousands of customer call records annually. Although call records can play a vital role in criminal investigations, we demonstrated that law enforcement had broken the law to obtain such records with relative ease, at times for nefarious purposes. Subsequently, advocacy group Right2Know approached the four major network operators to provide statistics pertaining to call record releases. But even with the information they availed, the numbers are at best an estimate. And that’s a bad thing. Here’s why. By HEIDI SWART.
South African law enforcement services frequently use cellphone records to investigate criminal suspects. Call records include the time a call was made or received, the numbers of the parties involved in the call, the call duration, the starting and finishing times of the call, who the owner of the phone and the SIM card is, and an approximate location of the caller during the call. These records allow law enforcement to build up an accurate picture of your daily routine – where you sleep, who you associate with, who is closest to you, where you go for your morning coffee...
Because such records can reveal so much about your private life, authorities need a court order to obtain them. This order (known as a section 205 subpoena because it is issued in terms of that section of the Criminal Procedures Act) is served on network operators, who are then legally compelled to provide police call data records. The number, or numbers, for which call records must be provided are written in the subpoena.
In June, advocacy group Right2Know asked Vodacom, MTN, Cell C and Telkom for statistics indicating the extent to which law enforcement requested call records. The organisation used the Promotion of Access to Information Act (PAIA) to do this. All four network operators readily complied – to the extent that they could.
This resulted in a whole lot of numbers, and even more questions. (If you haven’t had coffee yet, now would be the time.)
For the past three financial years, Vodacom was served with an average of 19,262 section 205 subpoenas each year. During the 2015 and 2016 calendar years, MTN, Cell C and Telkom were served with an average of 24,785; 6,121 and 1,118 subpoenas respectively. This brings the estimated total yearly average for all four companies to 51,286.
But, if we want to establish how many subscribers actually had their call records released, things get blurry.
Usually, section 205 subpoenas will contain more than one cellphone number for which call records must be handed over. From the statistics provided by Vodacom, we know that over the course of 36 months, the company received a total of 57,788 section 205 subpoenas. The total number of cellphone numbers written in all those subpoenas comes to 211,332. This leaves us with an average of 3.65 cellphone numbers per subpoena. However, neither MTN nor Cell C keep a record of how many cellphone numbers are written in each subpoena they receive. They are not legally compelled to do so. They also don’t keep track of the actual number of cellphone numbers for which they release customers’ call records, and neither does Vodacom. In addition, none of these operators keeps count of how many customers’ call records they release. Again, the companies are not legally compelled to do so.
Only Telkom could reveal how many numbers it actually released call records for, with a grand total of 1,006 and 1,229 numbers in 2015 and 2016 respectively. But the enterprise’s mobile subscriptions comprise only a fraction of the national tally of mobile customers, and they accordingly receive comparatively few subpoenas. As of 31 March this year, Vodacom had 37.1-million mobile subscribers, MTN had 30.2-million, Cell C tallied 15.3-million, and Telkom came in at 4-million. With 4.6% of the total number of mobile subscribers in the country, their information is a small piece of the puzzle.
And there’s another spanner in the works that hinders an accurate statistical overview of call record interception: number portability. Cell C’s Chief Legal Officer, Graham Mackinnon, explains that, of the multiple numbers contained in one subpoena, some belong to different mobile networks: “This is often due to the implementation of number portability which allows a customer to port from one network to another while keeping their number.” So, you may have an 082 number, but the police won’t know that you’ve moved from Vodacom to Cell C. [Since its inception in November 2006 up to the end of July 2017, 7.45-million cellphone numbers have been ported between networks, averaging 56,046 ports monthly.
It’s not standard procedure for law enforcement to check with a service provider if the cellphone numbers in the subpoena actually are registered with that provider. In such cases, the service provider will direct law enforcement to the correct mobile operator.
This also means that a service provider will sometimes receive warrants for which they have no information. But, it seems a rare occurrence. Vodacom’s chief risk officer, Johan van Graan, said in response to Daily Maverick’s questions that this “may happen once a year”. MTN SA said that there are “occasions where some or even all numbers are not registered on the MTN network”.
The fact is it’s impossible to know just how many people’s private call records are released annually, because the government doesn’t have a central tracking system either. Back in May, Daily Maverick asked the Department of Justice and Correctional services to reveal the number of subpoenas issued for call records annually. The department said that, although the lower court judiciary had established measures to keep them, the department itself did not have this information.
But there are some things we can be relatively sure about:
A subpoena normally contains at least one number for which a service provider will have call records. Given this assumption, and the statistics furnished by the service providers, we can calculate a monthly minimum average. Monthly, and on average, MTN probably released call records for 2,231 numbers, Vodacom for 1,605 numbers, and Cell C for 516 numbers. In total, if we add Telkom’s numbers (96 per month) the monthly average is 4,448.
That would be the moderate estimate. However, it may be a far higher number. From the statistics provided by Vodacom, we know that each subpoena contains, on average, 3.65 cellphone numbers. If we suppose that all those numbers belong to the service provider that received the warrant, it in turn means that the figure of 4,448 could be more than thrice that; we could be looking at an estimated monthly average as high as 16,235, and an average yearly total of 194,820.
Given that there are 86.6-million mobile subscribers (as of the end of the 2016/2017 financial year) this number appears reassuringly low. Even at the highest estimate, records for only about 0.2% of all cellphone numbers are pulled annually. When we compare the number of subpoenas served to crime statistics, another picture emerges: For the 2015/2016 period, 2.1-million serious crimes (which includes inter alia contact crimes, theft, robbery, and commercial crime) were recorded. With a yearly average of 51,286 section 205 subpoenas served, it means that call records are requested in an estimated 2.4% of crimes.
The problem with these estimations is that they are just that: an educated guess. And this is a problem, because there is no way to assess the true extent to which state surveillance applies to customer call records, or to even begin to establish whether law enforcement agencies are subpoenaing call records within reasonable limits. At the other extreme, law enforcement may not be making enough use of cellphone records to apprehend criminals and terrorists.
An accurate cross-country comparison is also near impossible. When it comes to transparency, South Africa is in bad company. In the United States, the National Security Agency reported obtaining the call details for 151-million phone calls (not phone numbers) made and received by 42 terror suspects. The NSA stated that they did not have a breakdown of how many persons’ call details were actually collected, according to Reuters.
Yet SA could do a lot worse. In 2015 in the UK, then Home Secretary Theresa May revealed that the British government had been collecting citizens’ cellphone records in bulk since 2001, following the 9/11 disaster. Prior to the revelations by Edward Snowden, the same thing was happening in the US. But, then again, we’d have no way of knowing if SA was engaging in bulk collection of call records.
However, R2K's Murray Hunter, who launched the PAIA applications, warns that these numbers are "shocking", and says the fault lies in poor legislation. "These policies have let government spying go out of control. We never thought we'd find out that this loophole was being used to the tune of 70,000 or more phone numbers a year. It's a rate of surveillance that's easily 50 times what we've previously seen reported through RICA statistics. All this is further proof that the people of South Africa need to take back control of their privacy."
Hunter has a point. Legal control is sorely lacking when it comes to recording call record statistics. The law does compel a record to be kept for the number of calls that law enforcement and intelligence services listen to or record. This is provided for in Rica – the Regulation of Interception of Communications and Provision of Communication-Related Information Act. But such statistics are not kept for section 205 call records, because section 205 is part of the Criminal Procedures Act.
When approached for comment, the justice department said it was inappropriate to answer questions at this time, because Rica was being challenged in the Constitutional Court.
This court case is the one filed by the amaBhungane Centre for Investigative Journalism. The organisation is contending that Rica does not adequately regulate communications monitoring. For the full monty, go here. It seems, for now, that we simply have to wait and see if the beetles manage to roll this giant piece of BS out of the way. DM
- Big Brother is watching your phone call records, on Daily Maverick
- You always feel like somebody’s watching you? They probably are, on Daily Maverick
- Cyberspying: The ghost in your machine, on Daily Maverick
Heidi Swart is a journalist who has extensively investigated South Africa’s intelligence services. This story was commissioned by the Media Policy and Democracy Project, an initiative of the University of Johannesburg’s department of journalism, film and TV and Unisa’s department of communication science.