Regulation of Interception of Communications and Provision of Communications-Related Information Amendment Bill: hearings

Meeting report

JUSTICE AND CONSTITUTIONAL DEVELOPMENT PORTFOLIO COMMITTEE
30 May 2006
REGULATION OF INTERCEPTION OF COMMUNICATIONS AND PROVISION OF COMMUNICATIONS-RELATED INFORMATION AMENDMENT BILL: HEARINGS

Chairperson: Ms F Chohan-Kota (ANC)

Documents handed out
Cell C powerpoint presentation
Cell C written submission
Vodacom powerpoint submission
Vodacom written submission
MTN powerpoint presentation
MTN written submission
Law Enforcement Agencies Joint submission

Relevant documentation
PEP Stores submission
Pick n Pay submission
Vodafone submission
Ellerine Furnishers submission
Ackermans submission
Smartcall submission
Edcon submission
Submission from Mr M Lombard [email [email protected] for document]

SUMMARY
The Committee received submissions from Cell C, Vodacom and MTN on the Bill. The major concerns expressed by them was that the twelve month period (1 July 2006 - 1 July 2007) stipulated in the principal Act, within which they were to have captured the full names, ID number and addresses of all their subscribers, was not sufficient. They argued that they needed at least 36 months to capture that detailed information. If the Committee insisted on the 12 month period, they would be able to capture at most the first name, surname and ID number of their subscribers. They suggested that the rest of the details be sourced from existing databases, such as that of the Financial Intelligence Centre Act (FICA) and the Department of Home Affairs’ Home Affairs National Identification System (HANIS).

The Committee however rejected the 36 month period as telecommunication service providers had had since 2002, when the Act was passed, to capture the full names of all subscribers. Further, the proposed delay would allow criminals another two years of impunity in which to use their cellphones in the commission of crimes.

Members were displeased that the telecommunication service providers were not concerned about the success of the Act’s law enforcement objectives but instead were worried that the requirement to capture full details of subscribers would lower their bottom line and be the cause of loss of revenue.

The South African Police Services (SAPS), addressed the Committee on the effects of the Bill from a law enforcement perspective. They agreed that a 36 month compliance period was not acceptable, and that the telecommunication service providers ought to be required to capture the full names of subscribers in order to ensure the interception order was secured. The Office for Interception Centres did not made a submission on the Bill, but agreed that 36 months was not reasonable.

MINUTES
Introduction by Chairperson
The Chair informed all who had made submissions on the Bill that she had had to decline requests to meet privately with individuals to discuss the Bill because, as a matter of principle and standard parliamentary procedure, all matters relating to the Bill were discussed in open at committee meetings. This ensured transparency. Individuals were of course free to lobby individual members of the Committee.

She had been informed by the Department of Justice and Constitutional Development (the Department) that all the telecommunication service providers were ad idem on their proposals on the way forward. She was thus expecting a single submission from all three telecommunication service providers, yet was surprised that today’s meeting would be having three separate submissions from each of them which repeated many commonly held points. She requested the presenters to be sensitive to that repetition when making their submission, so as to save time.

She had received some submissions on the previous day, such as from Vodafone, and they would be considered as the Committee continued receiving submissions.

It was hoped that the Committee would finalise the Bill within the next two weeks, as it still had to be referred to the NCOP as well.

Mr J Jeffery (ANC) stated that it was not in order for Vodacom to have included the complimentary pen with its brand name in its handout to Members. It was part of its marketing paraphernalia and could be classified as an undue gift, and could be misconstrued as an attempt to influence the Committee. He strongly requested Vodacom not to do so again.

Both the Chair and Mr L Landers (ANC) agreed. The legislative process must operate within a framework of integrity, and Members would be returning the pen.

Cell C submission
Mr T Lahan, Chairman and CEO, stated by way of introduction that Cell C welcomed the opportunity to address the Committee on the Bill. He stated that Cell C supported the objectives of the Act and subscriber registration in particular, especially as it pertained to fighting crime.

Mr K Motlana, Head: Regulatory Affairs, conducted the remainder of the presentation. He detailed the extent of Cell C’s readiness to adequately provide for subscriber registration, and outlined its electronic solution for individual registration officers. Cell C’s comments on the specific provisions of the Bill itself were outlined, which included the relationship between the Mobile Subscriber ISD Number (MSISDN), the SIM-card and the International Mobile Equipment Identity (IMEI), the capturing of MSISDN and handset information or IMEI and the requisite detail of subscriber information to be captured.

Mr Motlana was unable to complete the entire powerpoint presentation, as each presenter was restricted to ten minutes, in the interests of time.

Discussion
The Chair asked whether telecommunication service providers were able to capture and store the IMEI number because, if it was not captured, the Committee would have to accommodate that.

Mr Lahan replied that it was captured and stored.

The Chair was satisfied. She asked whether the concern expressed by Cell C was that it was not able to capture the MSISDN number automatically up front.

Mr Lahan answered in the affirmative.

Ms S Camerer (DA) stated that she had received death threats not too long ago and the South African Police Service (SAPS) was able to trace the person responsible, even without the stringent registration requirements proposed by the Bill. The only thing necessary to trace the person was their use of a cellphone. Therefore she did not understand why the Bill required the detailed information to be registered.

The Chair replied that Ms Camerer had raised that same point during the Committee’s meeting on 23 May 2006. At that meeting Adv T Rudman, Department of Justice Deputy Director-General: Legislative and Constitutional Development, explained that the service providers informed the Department that there were technical provisions in the Bill which the Department had drafted that posed difficulties to them, and stated that they wanted to address the Committee on those difficulties. She requested Adv Rudman to explain it again for the benefit of all present.

Adv Rudman explained that meetings held last year with the telecommunication service providers and the law enforcement agencies (LEAs) related to the principle contained in the Bill that marked a move from away from a paper- to an electronic-based system for securing and storing the required information on users. The Department agreed with the telecommunications service provider that it would provide draft legislation that would provide for an electronic-based system. At the next meeting the redrafted legislation was discussed, but at that point the original legislation was already caught up in the Cabinet process. The service providers then made a number of suggestions regarding the technical provisions, and Adv Rudman indicated to them at that stage that only way to deal with their amendments was in the Parliamentary Committee process. Meetings were also held with the LEAs who held different views from those of the telecommunication service providers, and it was for that reason that he stated the matters must be resolved in this Committee.

The Chair agreed with Adv Rudman’s advice given to the telecommunication service providers and LEAs. She preferred the Committee to deal with the matters, and did not want a situation in which telecommunication service providers would inform the Committee that they had agreed on X with the Department, and were thus not prepared to concede to Y as proposed by the Committee. Indeed it was Parliament alone that was the law-making arm of government.

She stated that it appeared sound to pursue the IMEI information in the manner suggested by the telecommunications service providers. The Committee would consider it very carefully and try to arrive at an accommodating formulation. The Committee was happy to accept proposals on technical matters that assisted the implementation of the Bill, but she was not prepared to entertain technical matters that fundamentally affected the operations of the LEAs.

In its presentation Cell C proposed that only the first name and surname and the ID number of the subscriber be captured. However the position in the Bill was that the full names be captured and the Committee would not be moving away from that, not at all. The reason for its proposal was that the ID number would enable it to verify the full name of the subscriber. The Chair stated that that reason however overlooked the possibility that the ID number could be incorrectly captured by the registration officer, which would then create a totally erroneous information system. She stated that the Committee was however prepared to reconsider the requirement that the subscriber’s postal address be captured as well.

Ms Camerer agreed with the general principle that as much information as possible about the subscriber must be registered, but it was important to hear from the telecommunications service providers themselves whether they were able to capture all that detailed information within the 12 month timeframe stipulated in the Bill. Parliament must legislate within the bounds of the technically possible.

The Chair cautioned Ms Camerer for having raised the same points at the Committee’s previous meeting, during which the Chair had disagreed with Ms Camerer’s assertion that the paper-based system required by the Act was not capable of effective implementation. The Committee was steadfast in its resolve not to allow any dilution of the law enforcement aspects of the legislation. The aim of the Bill was to identify a more implementable and practicable mechanism to ensure the law enforcement aspects in the Bill were implemented. She was flabbergasted that people were altering their specifications according to what the Committee would legislate.

Mr Lahan explained that the Cell C’s problem with the requirement that the full names of the subscriber be captured was that its system only allowed a finite number of characters when capturing a name. He urged that a reasonable proposal be entertained. Cell C’s system could easily accommodate the first name and surname.

The Chair questioned how exactly the person would be traced, if only the first name and surname were to be captured.

Mr Motlana responded that Cell C would then enter the subscriber’s first name and surname into the Department of Home Affairs’ database and, via an algorithm, the full name would be verified. He stated that that the Home Affairs National Identification System (HANIS) would allow some form of validation.

The Chair stated that she was not sure whether that route addressed the heart of the issue.

Mr Jeffery said that the Committee was going round in circles on the name issue. He failed to understand Cell C’s objection to capturing the full name because if it was required to capture the first name and surname only, it would encounter the same problem with limitation of characters when it came across a subscriber with a double-barrelled surname.

He asked whether it would be easier if only the MSISDN number were captured, or whether the SIM card information was needed as well.

Mr Motlana replied that the MSISDN, the IMEI and ID number should be captured. The verification algorithm used would then confirm their details.

Mr Jeffery raised concern with the Cell C proposal that subscribers not be required to submit written proof of their physical address. That proposal negated the purpose of the requirement, which was that the subscriber prove that he in fact resided at that address.

Mr Motlana disagreed with Mr Jeffery’s interpretation of the proposal. He explained that Cell C was in favour of the provision of proof of address, but was simply of the view that that proof did not have to be produced in written form. Some sort of proof must be provided to the registration officer, for the purposes of validation.

Mr Landers agreed with Mr Jeffery’s concern. He was very disturbed by the course of the discussion. The Act provided for a paper-based system of capturing which was objected to by the service providers because it was not the most effective and efficient. The Department had then drafted provisions to accommodate their concern and provided for an electronic-based system. The service providers were yet again raising concerns with the system proposed, except this time it was with the very system they themselves had called for. He disagreed with Cell C’s almost dismissive proposal that the LEAs would have to secure the information from the Department of Home Affairs rather than Cell C capture the full names of the subscribers.

He asked Cell C who gave it the go ahead to implement its current capturing system, which only gathered minimal information.

Mr Motlana replied that the issue involved two conflicting objectives: the first was the need for a versatile system that would initiate the data capturing process required by the Bill, and the second was the problem that Cell C's system did not allow the capturing of all the information fields required by the legislation. Cell C had engaged in a very interactive process on this very matter and had spoken to the Deputy Minister of Justice, Adv J De Lange, and the Director-General of the Department, Adv M Simelane, and had submitted proposals to them on what Cell C was able to cater for.

Mr Landers was of the view that the service provider must demand much more information from foreigners who arrived in South Africa and wanted to use a cellphone, precisely because the country had no clue about them. He proposed that the service providers demand the physical, business and postal addresses of those persons in their country of origin, as well as their addresses during their time in South Africa.

Mr Motlana replied that if that proposal was introduced the question which then must be asked was whether the legislation envisaged a uniform system, or whether it envisaged a specialist system in which foreigners’ information was stored on a separate database.

The Chair stated that the Committee would consider the issues raised, especially the time needed by the telecommunication service providers to reconfigure their systems.

Vodacom submission
Mr P Matlare, Group CEO, began by apologising to Mr Jeffery for the misunderstanding in providing the pen. He explained that it was standard Vodacom procedure to provide that kind of package, and assured Members that it was not an attempt to assuage the Committee.

Mr Landers stated firmly that Vodacom got away with it in Parliament’s Portfolio Committee on Communications, but they must be set straight and told never to do so again.

Mr Matlare commenced the presentation by stating that Vodacom encountered a number of practical problems in establishing its electronic capturing systems. The first was the belief that the more detailed the information Vodacom requested its retailers in the informal distribution channel to capture from subscribers, the greater the negative effect on sales from that channel.

Secondly, Vodacom cautioned against subscriber registration having a discriminatory or exclusionary impact on the marginalised sector of the population. It was believed that this would be the result as many subscribers in the informal distribution channel would not be able to comply with the requirements to register and verify names, addresses and ID numbers. Small business impact slide.

Thirdly, as indicated in the presentation, Vodacom would not be able to secure the detailed historical data on subscribers required by the Bill within the stipulated 12 month period, despite all best efforts. He assured the Committee that Vodacom fully recognised the importance of working with the LEAs, but it was simply not able to capture the detailed information on the daily average of 90 000 of its subscribers. A period of three years was thus requested, and Vodacom wanted to make firm commitments along the way that show definite achievements in reaching that target.

Mr Matlare was unable to complete the presentation as he exceeded the allotted 10 minutes.

Discussion
The Chair stated that, as she informed Cell C, the Committee would not be moving away from the requirement that the subscriber’s residential and/or business address be captured. That information was essential to the law enforcement objectives of the Act.

Secondly, she queried the reliability of the information provided by Vodacom on the informal sector. She believed that that was based on Vodacom's own perceptions, and not on scientific data. Vodacom’s primary concern with the Bill appeared to be that its requirements would result in a reduction of its subscriber base, especially from the informal sector, because most subscribers in that area did not have physical addresses. However the relevant provision in the Bill phrased the verification process very loosely and merely provided “to the satisfaction of the telecommunications service provider”. That formulation was as wide as one could get, because it was completely subjective. She was thus not clear as to Vodacom’s proposal as an alternative to that.

Mr Joosub replied that, as indicated in the presentation, there was plenty of international evidence to suggest a proportional relationship between Gross Domestic Product (GDP) growth and the mobile phone subscriber base in a particular country. Vodacom currently had the most extensive footprint in the deepest rural communities, to ensure access to telecommunication services to those communities which offered them a chance at a better economic life. The new requirements put in place by the Bill placed Vodacom’s 28 000 informal distribution points at risk, because those retailers did not have mechanisms in place to record the detailed information required by the Bill.

The Chair stated that Vodacom was not clearly explaining how it translated the issue of the activation of the SIM card into a reduction in its revenue. When she was in India in 2005 she was able to purchase a SIM card and have it activated within 15 minutes, and the vendor had to take down all the detailed information currently proposed by the Bill. She believed that if it could be done as efficiently in the most rural part of India, there was no reason why it could not be done in South Africa.

Mr Joosub explained that it would be extremely difficult for the informal market to secure that detailed information. The less detailed the information required, the easier it would be for them to capture.

The Chair maintained that the less detailed the information required for them to capture, the greater the risk of fraud or misrepresentation. That in turn placed strain on the verification process.

Mr Joosub responded that that would not necessarily be the case, because a reliable verification algorithm was used. He was merely appealing to the Committee to be sensitive to teledensity concerns.

Mr Jeffrey asked Vodacom to explain its view that the requirement that the vendors in the informal sector have to capture detailed information would shut down all 28 000 of its vendors.

Mr Joosub replied that the first problem was with physically capturing that detailed information. If that vendor in the informal distribution channel did not have the mechanisms within which to capture the detailed information, he would then have to go to another agent to secure that information. Secondly, the data was captured via a WIG system, which was limited to 160 characters at a time. If more than the subscriber’s first name and surname and addresses were required to be captured, that would mean several smses would have to be sent by that vendor to the Vodacom system to capture that information.

The Chair asked who would be providing the equipment and service for the capturing of that information.

Mr Joosub responded that it would be provided by Vodacom.

The Chair stated that if that was the case then sending more smses would not be a problem. She did not believe that the information requested when purchasing a cellphone had any bearing on the subsequent activation of that SIM card. The two were separate matters.

Ms Camerer sought clarity where the presentation mentioned vendors in the informal sector. She did not understand if Vodacom was referring to rural areas or the more formal economy.

Mr Joosub replied that it referred to the informal distribution channel, and did not thus refer to the formal economy.

Mr Landers stated that Vodacom was now requesting three years to provide the database. He asked whether it had already begun capturing details of existing subscribers and, if not, why it had not yet done so. He was of the view that Vodacom had significant time since the Act was passed in 2002, and it should have captured a significant amount of data already.

Mr Matlare responded that Vodacom indicated in its presentation that it had already begun capturing the information, and it was for that very reason that it was able to speak in an informed manner on its constraints in capturing all the detailed information required by the Act. Vodacom currently had 200 capture points to gather the current estimate of 90 000 subscribers per day. Even if additional points were set up in both the formal and informal sectors, the daily average of 90 000 posed a major logistical challenge. It was for that reason that Vodacom requested the three year period, and it would then be more than willing to review the process on a quarterly or half-yearly basis to demonstrate its bona fides.

Mr Joosub added that Vodacom was merely requesting a reasonable timeframe in capturing that detailed information.

The Chair agreed that the timeframe would be reasonable, but remained firm that 36 months was completely unreasonable. The deadline remained at 12 months, as the Committee would not be granting criminals an additional two years within which to use cellphones with impunity in the commission of crimes. It was clear that Vodacom would need additional resources, such as more personnel to capture the information. She failed so see the business sense in choosing to provide the database over a three year period, as opposed to getting it done as expeditiously as possible within the stipulated 12 month period.

Mr Joosub assured the Committee that Vodacom worked very closely with the LEAs to trace criminals. The three year period was requested because Vodacom wanted to do it properly and ensure the best quality of data, to ensure the Bill’s law enforcement objectives were achieved.

The Chair stated that the last point on the matter was that the Committee would not be granting the three year period. The Committee wanted detailed information from the telecommunication service providers as to the extent of data they have captured to date, and the precise reasons why they were unable to capture all the detailed information required by the Bill within the stipulated 12 month period. The Committee would be having a closer look at the effect of the reconfiguration of their systems..

Mr Lahan assured the Committee that Cell C did work on the capturing mechanism, and wrote to the Department in October 2005 to inform it of Cell C’s reconfiguration criteria. Yet the Department had not yet responded to that correspondence. The stipulated 12 months was not sufficient, as Cell C needed to reconfigure its current system to allow it to accommodate more characters when capturing the information.

Mr Matlare asked whether the Committee would be more amenable to the 36 month period if it secured the approval of the LEAs for that 36 month process.

The Chair answered in the negative. She stated that the telecommunication service providers must convince the Committee itself that they were currently doing everything possible to capture the information. The Act was passed years ago, and it was very irritating when legislation was not implemented.

Mr Landers failed to understand the relevance of the statement in the presentation that currently only 1,7 million post boxes were in use in South Africa. The fact of the matter was that the legislation required that information to be captured nonetheless.

Secondly, stated that it was disturbing that all three telecommunications service provider highlighted the difficulties posed by the Bill to their own telecommunication operations, but none have indicated whether there were any difficulties for the crime prevention and law-enforcement aspects of the Bill. They did not appear to be interested in that, only in the potential reduction in their subscriber base and revenue. He contended that if the telecommunication service providers were not interested in the crime prevention and law-enforcement aspects of the Bill, he remain unconvinced as to why the Committee should entertain their proposals regarding their telecommunication operations.

Mr Matlare responded that it was not the case that Vodacom disregarded the objectives of the LEAs. It merely wanted to identify appropriate technological means to enable the LEAs to locate criminals.

Mr Lahan replied that he very clearly mentioned, in his presentation, Cell C’s recognition of the value in capturing the subscriber information in terms of the fight against crime, and that it worked closely with both the Department and the LEAs to develop and electronic data capture solution that would meet the objectives of the Act.

Mr Landers disagreed with the proposal by the telecommunication service providers that the blacklisting instrument must also be done away with, as it was an important to law enforcement and crime prevention tool.

Mr Motlana responded that Mr Landers misunderstood, as Cell C supported blacklisting from day one.

Mr Joosub replied that Vodacom was not suggesting that it be removed at all.

The Chair asked how exactly the blacklisting would work.

Mr Joosub explained that once the cellphone was reported the telecommunication service provider would blacklist the ISISDM number, and it would be switched off on all the networks.

Mr Jeffery was of the view that Vodacom’s assertion that adherence to the detailed information requirements in the Bill would shut down 28 000 vendors in the informal settlements was merely a scare tactic.

Secondly, he reiterated a concern raised with Cell C. He raised concern with the Cell C proposal that subscribers not be required to submit written proof of their physical address. He was of the view that that proposal negated the purpose of the requirement, which was to require the subscriber to prove that he in fact resided at that address.

He was of the view that those two issues needed to be considered further.

MTN submission
Mr M Manyatshe, Managing Director, stated up front that MTN was committed to assisting the LEAs in achieving their objectives under the Bill. The fact of the matter was that the LEAs did current have technology that enabled them to locate a criminal, as long as that person had a cellhpone. That was thus possible even without the detailed information requirements proposed by the Bill. It was true that the co-operation of the telecommunication service providers was needed, and the location can be found even if the person’s address was not captured. He reiterated that MTN was “happy to assist”.

The capturing of the detailed information required by the Bill meant MTN would have to register 15 000 people per hour. It was simply unable to achieve that, even with the best will in the world. He urged the Committee to put in place a timeframe that was both realistic and enforceable.

Mr N Nyoka, Group Executive: Legal and Regulatory Affairs, stated that many of MTN’s points have already been made by Vodacom and Cell C, and he would thus not be repeating them in the interests of time.

The slide in the presentation entitled “Issues” clearly indicated MTN’s main concerns with the Bill. MTN was extremely concerned with the 12 month timeframe, because it was by no means practical. Other legislation imposed a reasonable timeframe such as five years, as the firearms licensing legislation does. If a longer timeframe were put in place, MTN would be able to provide more data as well as data of a higher quality. He concluded by stating that a duty rested with legislators not to pass a bad law that was not implementable.

Discussion
The Chair stated that the MTN presentation did not convince the Committee that the concerns raised as impracticalities were in fact just that. The presentation simply repeated what Mr Joosub said about the quality of data captured. She was thus not convinced that the 12 month period was not sufficient, and reiterated that 36 months was totally out of the question. She was of the view that MTN, like Vodacom and Cell C, would probably need to introduce many more outlets to capture the required data within the 12 month period.

The second issue was the transfer of cellphones between individuals. She asked MTN to explain how its proposal on the matter differed from the position in the Bill, and how it would ideally want the matter to be regulated.

Mr Nyoka replied that MTN’s concern focused primarily on the fact that the legislation appeared to contemplate two separate processes: the first was the electronic-based data capturing system, which MTN supported, and the second was the transfer of cellphones between individuals. It was implicit in the legislation that the transferor must inform the telecommunication service provider in writing of the change in possession. MTn was however of the view that it was cumbersome for the individual to do so, and it would probably increase the margin of error. The point being made was that that individual was out of MTN’s control in terms of the kind of information provided in writing to MTN as well as the accuracy of that information.

The Chair agreed that there was nothing really that compelled those persons to do so, and asked MTN to indicate the incentives it would put in place to ensure the information provided was accurate and that the transferor in fact gave the cellphone to the person stipulated in the written proof submitted to MTN. She suggested that an obligation should perhaps be placed on both the transferor and the recipient of the cellphone to appear together at the registration points.

Mr Nyoka responded that the overall point was to ensure on the one hand access to all government’s telecommunications objectives, as prescribed by the Minister of Communications. The other was the Accelerated Share Growth Initiative for South Africa (ASGISA) prescript that for every 10% increase in a South African telecommunications service provider’s subscriber base, a corresponding 0.6% must be contributed to GDP of the country. There were thus incentives to increase the levels of telecommunications penetration within the country. If the overall effect of the legislation was to slow down the levels of cellphone registration, then it would also slow down ASGISA.

Many of MTN’s distribution channels were not in the formal sector, and the requirements in the Bill would very well confuse subscribers in that sector. Plans will be devised to provide registration points in the informal sector.

The Chair stated that the best solution would be for both the transferor and transferee must appear together at the registration point. That arrangement would guard against the provision of corrupt information and false representations especially.

Mr Nyoka responded that MTN had not yet considered that approach, but would do so.

Mr Joosub stated that individuals could transfer or sell the actual cellphone as often as they want, but it was only when the SIM card was transferred or sold that the telecommunications service provider would have to be informed. It was thus only when the SIM card was sold that the onus rested with the seller or the transferor to either retain a keep copy of ID document of the buyer or transferee, or to inform the telecommunications service provider to change the name. The transfer of SIM cards was however very rare, because people wanted to retain their same cell number and phonebook.

Mr Landers stated that the problem was that quite a significant portion of time could transpire between the time at which the cellphone was stolen and when it was eventually reported.

Mr Joosub agreed, but stated that there was nothing the telecommunications service provider could do about that.

Ms Camerer stated that there appeared to be a presumption by some Members that the telecommunication service providers would be able to cure the technical difficulties they were expressing in capturing the required data if they threw money at the problem and invested heavily. She asked the telecommunication service providers to indicate whether that presumption was in fact correct.

Mr Nyoka replied that when MTN first discovered in late 2005 that Sections 40 and 62(6) of the Bill were to be implemented, it entered into discussions with the Department on the registration of subscribers via a paper-based system. He made it clear that the Department did not however promise it that Parliament would accept those arrangements. The understanding was also reached that if the telecommunication service provider moved from a paper-base to an electronic system, it would have to introduce that system immediately so that by the time the Bill was passed by Parliament it would be ready by 1 July 2006 to begin collecting subscriber information.

He stated that MTN also engaged in discussions with the Department of Home Affairs, who was working on its HANIS system. MTN was told that as soon as it had fully developed HANIS MTN could, simply by inputting their subscriber’s ID number into HANIS, extract the remainder of the information on the subscriber required by the Bill. That approach was however not favoured by the Department of Justice, and insisted that MTN capture the full names of the subscriber as well as the address.

MTN did have a technological solution at the moment, and it would be able to commence capturing information on 1 July 2006. However, if the Committee insisted that telecommunication service providers needed to capture the full names and addresses of each subscriber, MTN would have to do more development on its current system. Its current wireless Internet gateway (WIG) process was not adequate to meet the 1 July 2006 deadline. The development will cost significant funds, which MTN was very prepared to undertake, but the kick off time for the finalised project would be compromised.

The Chair reiterated the fact expressed several times during the course of the meeting that the Act was passed as far back as 2002, and it contained the very same requirements of the full name and address even back then. There was thus absolutely no basis for the contention by the telecommunication service providers that they had not fully developed the capturing system because they were waiting to see the requirements of this Bill. The requirements were exactly the same. All the Bill did was seek to accommodate an electronic solution to the data capturing process by the telecommunication service providers.

She reiterated her concern about relying on HANIS. MTN appeared to overlook the possibility that the ID number were incorrectly captured by the registration officer, it would make no point to consult HANIS because the ID number was incorrect and pointed to an entirely different person. It would thus create a totally erroneous information system.

Mr Nyoka responded that if the 12 month timeframe remained, MTN would have to do a significant amount of development work, and would clearly not be in a position to capture all its subscribers by 1 July 2007. In all likelihood it would not begin its data capturing process on 1 July 2006. It would need approximately 15 months. It was for that reason that it requested Parliament to consider extending the 12 month period by a reasonable amount of time.

The Chair stated that a further reason why she believed the 12 month deadline was reasonable and possible was because the Bill now marked a shift from a paper-based system to an electronic capturing system, which was must faster. She requested the service providers to persuade the Committee that they were serious about implementing the Bill’s requirements by 1 July 2007. They also needed to indicate what exactly they would be able to provide by 1 July 2007, and why they were not able to provide the entire system by that date. The Committee would then take all that into account and consider the possibility of a reasonable extension.

Mr Landers stated that it appeared to him that the telecommunication service providers merely assumed that the data capturing system they put in place late last year was fine, but they never consulted the Committee before implementing it. He asked MTN to indicate the extent to which it was able to secure the full details, as prescribed by the Act, of its existing subscribers, and how many were outstanding.

Mr Nyoka responded that information on its post-paid subscribers were captured, largely because of the specific information required for the managing of those accounts. That information was thus not based on the requirements of the Bill. MTN had not really captured any of its subscribers’ details. It decided against committing significant resources to that process until the regulatory sureties in the Bill were confirmed. The process would begin once the Bill was passed.

The Chair asked MTN to explain the kind of data it had captured on its post-paid subscribers.

Mr Manyatshe replied that it was different information to its pre-paid subscribers, because it had to conduct a credit rating first, etc.

The Chair asked how long it took to capture the information on its post-paid subscribers.

Mr Manyatshe responded that the information was captured immediately as the subscriber opened up their account. He indicated that MTN had to date only captured information on 10% of those subscribers, and it was just a matter of how the data would be stored.

The Chair stated that the information on the post-paid subscribers was thus captured in the ordinary course of business, and not to satisfy any requirement in the Act.

Mt Manyatshe answered in the affirmative.

Mr Joosub informed the Committee that Vodacom had sent a letter to the Department on its data capturing system, but had even to date received no response. It thus took the initiative and went ahead and implemented its own system. Thus any changes to that system required by the Bill would take time to implement.

The Chair reiterated that Mr Joosub’s statement did not make sense, because the Act was passed way back in 2002 and contained exactly the same requirements with regard to data capturing as the Bill. The only change was from a paper-based to an electronic capturing system.

The Chair asked MTN to explain whether foreign firms who dial into South Africa used South African telecommunications networks. Secondly, clarity was sought on foreigners who came into the country and sought to secure a South African SIM card in order to use our networks while in the country.

Mr Manyatshe explained that if a person with a Vodafone UK SIM card make a call here in South Africa, the call would be charged back to Vodafone UK.

The Chair stated that this was an important area to look at because the Bill at the moment stipulated that the South African telecommunication service provider would have to verify the details of every user on its network, and would thus include a foreigner who was only using the network while in South Africa for a brief period.

Mr Joosub explained that it was a different matter if a foreigner bought a SIM card in South Africa. In that case he would have to provide all the information required by the Act. The category referred to by the Chair were those foreigners who made roaming calls, and it was a standard term in the roaming agreement between the two telecommunication service providers that the costs of those calls would be charged back to their country of origin.

The Chair summarised the position as follows: as the law currently stood, the South African telecommunication service providers would not have to capture the details of that category of foreign user, but would only have to secure the details of that user’s telecommunications service provider in the country of origin.

Mr Joosub agreed.

Law Enforcement Agencies joint submission
Director Van Graan, SAPS Legal Services, introduced the delegation representing the LEAs: Senior Superintendent Du Plooy, Technical support unit and Senior Superintendent Pretorious, from Crime Intelligence. He conducted the presentation, which outlined the problem areas with Sections 40 and 62(6) of the Act and the advantages of the Bill over those Sections. The LEAs were in favour of the 12 month time period within which all cellphones and SIM cards must be registered. He stated that probably the most important point he would want to make was that the LEAs needed to be able to properly identify the person for whom they approached a judge for an interception order. If the details were vague, the judge would not grant the order and the law enforcement objectives of the Bill would be negated. It was therefore vitally important that the telecommunication service providers to capture the full names and address of each subscriber in order to successfully secure an interception order from the judge.

Discussion
The Chair asked whether the LEAs would be able to properly fulfil the law enforcement aspects of the Bill if it required the telecommunication service providers to only capture the first name and surname and the ID number of the subscriber.

Dir Van Graan responded that in its submissions to the Department, the LEAs had always supported the capturing of the full names of the subscribers. Requiring only the first name and surname and ID number was not sufficient to secure the identify of the person.

Mr Saju, Head of the Office for Interception Centres (OIC), stated that it was correct that the judge could not be approached if there was not sufficient information on the person. There was thus a level of information needed by the OIC to properly secure the interception order. The major importance of securing as much information about the person’s cellphone history, such as calls made and received etc, was that it enabled the OIC to analyse those phone records and identify other individuals involved in the criminal activity.

Ms Camerer referred back to her own case in which she received death threats from a pre-paid subscriber, and stated that SAPS were able to bring the person to justice without relying on the provisions in RICA. She asked whether it could be explained precisely how SAPS managed to track the person in that case.

Dir Van Graan replied that, constitutionally, SAPS was protected from disclosing its investigative methods. The question would however be addressed to some extent.

Senior Superintendent Du Plooy explained SAPS had concluded a Memorandum of Understanding (MOU) with the telecommunication service providers which granted SAPS access to certain information on their database. SAPS could access that data 24 hours a day, and it enjoyed “excellent access”. In Ms Camerer’s case SAPS was able to secure the IMEI number and could then input that into the telecommunication service provider’s database and be provided with the full information on the person, which included all calls made and received from the cellphone and location-based information.

He stated that it was true that that person was brought to justice without reliance on the Act, but the LEAs believed that the Bill would greatly support and strengthen their operations.

Mr Landers requested the LEAs to explain the process of securing the interception order from the judge, and the effects of requiring the telecommunication service providers minimal information on their subscribers, and

Dir Van Graan replied that there were case in which false information was submitted to the judge solely for the purposes of securing the interception order. SAPS bore the consequences of such actions. The process was very lengthy, but was a strict process whereby information was verified. The technical support unit would conduct a feasibility study to verify the details of a person who was the subject of the interception order. If the only information the LEAs provided in the application was the first name, the person would not be properly identified and the application for interception would fail. Details such as their residence was needed, or the LEAs ran the risk of intercepting the communications of the wrong individual. SAPS would then have to face legal action for the consequences. The judge was very strict on the detail of information provided, and so too were the LEAs because insufficient information compromised the integrity of their evidence.

Mr M Malahlela (ANC) asked whether the incorrect information was gained from the telecommunication service providers database.

Dir Van Graan responded that he was referring to the recorded case of S v Naidoo 1998 (1) BCLR 46 (D) which occurred some years ago. It involved a heist that took place in Kwazulu-Natal. The case however had nothing to do with the telecommunication service providers, but instead involved misleading information that was put forward to the judge by SAPS officials. He emphasised that the LEAs valued the integrity of the process because it appreciated the fact that the accused’s right to a fair trial began, in this context, with the interception order. If the process was contaminated not only would the interception fail, but so too would the prosecution. As he explained earlier SAPS had a unit that verified the information before it applied for the interception order, to double-check the integrity of the information.

The Chair asked the LEAs to comment on the proposals put forward earlier by the service providers regarding the MSISDN number and the IMEI.

Sen Sup Du Plooy replied that, operationally, the MSISDN number was a reference framework that was accepted by SAPS. The IMEI, however viewed, could be changed. Even if blacklisting were employed, it was only the cellphone that was blacklisted. The person would still be able to change the IMEI and would then be able to use that cellphone. However the MSISDN cannot be changed. Their proposal could be entertained, but he would have to confirm it with his superiors.

The Chair requested Sen Sup Du Plooy to do so, because it did make sense to her to follow the approach proposed by the telecommunications service providers.

Mr Saju stated that the OIC had discussed the matter with the service providers and the LEAs, and agreement was reached. The OIC could live with the telecommunications service provider proposal, as it would bear the responsibility of ensuring that the interception was conducted correctly and with the necessary integrity.

The Chair asked the LEAs to plain the best case scenario for its law enforcement objectives in terms of requiring both the transferor and transferee of the cellphone to be present at the registration point.

Dir Van Graan responded that he was not strictly mandated to speak on this matter. The LEAs supported the Bill in its present form, but he was in favour of the proposal that both parties be present. It would prevent fraud.

Mr Malahlela referred to the contention by the service providers that HANIS would be relied on to verify details and the identity of subscribers, and asked the LEAs to indicate the nature of the relationship enjoyed with the Department of Home Affairs in so far as sourcing information from it was concerned. He was not referring to telecommunication matters alone.

Dir Van Graan replied that his colleague would answer the question, because her unit utilised the Department of Home Affairs’ database.

Sen Sup Pretorius indicated that some of the problems experienced related to the reliability of the information contained in that database. An additional problem was that many of the criminal targets under investigation were not South African citizens, and thus their details did not appear on the system. Accessing of their database was also very slow.

Mr Saju stated that the reliability of their data was a question that would “probably be with us for a very long time”. He stated that he advised the LEAs and service providers that a process was underway within the Department of Home Affairs to capture all data on every registered South African, including fingerprints. This was the HANIS process, which was planned to come to an end in September 2006, give or take a month or two. The improved system was expected to work much better than their current system. He informed the Committee that he had received an entire briefing on how the new system should work. He believed that the OIC would be able to tap into that new database correctly, and that only LEAs would have access to HANIS.

The Chair stated that the HANIS system would assist, but it did not address the problem raised by Sen Sup Pretorius that non-South Africans involved in crimes were not captured on that system.

Mr Landers referred to the implication in the LEAs’ submission that information relating to cellphones and SIM cards be stored centrally, and asked who exactly should provide that service and where it should be stored. It was crucial and confidential information that could not be allowed to fall into the wrong hands.

Sen Sup Du Plooy responded that the service providers have been assisting the LEAs well to date. LEAs would recommend that they be the custodians of the information on their subscribers.

Mr Saju replied that the OIC had travelled to a number of countries to observe their systems. He stated that in Holland, for example, its OIC equivalent had a database and unit that fell directly under its OIC. Any request made by the LEAs for details on a specific number would then be provided by its OIC equivalent, as only those members were allowed access to it. Thus the integrity of the information was assured. He explained that there were thus systems in place to ensure the integrity of the information, and the OIC would be able to detect immediately when misleading information was supplied by LEAs.

Mr Joosub requested that the service providers be required to capture only the ID number of the subscriber, as that could then be referenced back to the HANIS system for the full details on the person. He was of the view that that would expedite the matter significantly. The cross-referencing to existing databases, such as HANIS and the Financial Intelligence Centre Act (FICA), obviated the unnecessary duplication of information.

The Chair replied that the proposal assumed that the HANIS would be operational in time. The Committee was not concerned about the technical methods used by the service providers to secure the information, as it was left to their discretion to choose the most efficient method. The Committee would not deviate from the requirement that the service providers capture the full details of the subscriber. She was not comfortable with the proposal that their data be sourced from other databases, especially from the Department of Home Affairs.

Mr Saju believed there was a solution to the problem, within the stipulated 12 month period, which could be discussed with the various telecommunications service providers. He was of the view that the 36 month period requested by the service providers was “a stretch too far”. The role of the Internet Service Providers (ISPs) would be addressed in the near future.

The Chair agreed and welcomed the OIC to make its own submission on the Bill, bearing in mind the legislation’s very strict timeframes. She encouraged those who wished to make further submissions on the Bill to do so as soon as possible. The submissions must propose actual workable solutions and must not engage in posturing, as the submissions received today have done.

Concluding remarks
Mr Malahlela wished to make it clear to the service providers that the Committee was not intending to make business very expensive for them. They must remember the problem facing South Africa was that ICT was being used effectively in the commission of crimes.

The Chair agreed and stated that the issue of safety and security for all South Africans, especially those in the informal sector, was very important. Having said that, the Committee tried very hard to accommodate proposals that the service providers believed would make their lives easier. She thanked all the presenters for their input, and adjourned the meeting.