Zimbabwe crisis: a view from South Africa on data intercept laws

Following up on a previous BB post about internet-related aspects of the current meltdown in Zimbabwe, BoingBoing reader Bretton Vine writes:

I'm in from South Africa, currently experiencing what the popular media
calls a 'human tsunami' of illegal immigrants from Zimbabwe across our
borders for everything from work to medicine and even basic foodstuffs which
are smuggled back into Zimbabwe for resale.

The recent enforcing of price
controls has left Zimbabwe shelves empty, militia going ape, major
cross-border escape (5000 captured in last two weeks, and that's barely a
dent in the number that make it though).

Add to this is bittersweet irony
that the 'Rainbow Nation' of South Africa is experiencing a form of African
xenophobia historically unparalleled despite more than a decade since
apartheid become the past. But this is another heated discussion not related
to my email.

I just wanted to point out that the Internet Service Providers' Association
of South Africa
hosts an annual free Internet
conference every year, with this year being out 6th.

Back in 2004 we had Declan McCullagh out for one of the talks[1, 2]. While
he certainly seemed to enjoy himself, he also left a huge impression over interception issues
(and made some government people quite uncomfortable in the process). At last
year's event (10th anniversary for ISPA, 5th for iWeek) we even had vendors
for lawful intercept technology exhibiting and giving talks [3] along with
talks from Wim Roggeman[4], Prof Michael Rotert[5] and representatives from
the OIC (central interception spooks, not clearly functional yet) trying
hard to remain inconspicuous in their suits among geeks of varying shapes
and sizes.

With regard to the whole Interception in Zimbabwe issue it's a little bit of
a non-event given so few people have access to either phones or the Internet
in that country, and that no Zim ISP can afford to purchase the equipment
necessary to implement anyway.

It's a slightly similar situation here in South Africa, except for the
following...

* our legislation is older :-P

* we have 30+million cellphone users

* we have ~5 million internet users (give or take a few)

* ISPs/ISOC have been fighting the fight for a decade, and especially with
regard to issues such as forcing ISPs to pay for interception equipment
from the ISPA perspective

* we *didn't* more than 50 stories within 7 days in all the world's major
newspapers (online and off) despite having just as draconian an attempt
at legislation.

* we're hosting the FIFA world cup in 2010. If you have a cellphone, and
are an international visitor you either won't be able to use it, or if
you try and obtain local cellular/internet access you'll have to prove
identity (original and certified copy) plus understand that the providers
are forced to provide intercept capabilities as well as other inane
things.

* the ECT act requires authors/developers/publishers of cryptography
software to register and make themselves available for 'decryption
assistance' or 'decryption warrants' (clearly the repeated attempts at
explaining public-key crypto were ignored ...)

There's a mountain more relevant information, but the following is from
sites I maintain:

Link 1, Link 2, Link 3, Link 4.

And this site needs an update, we're just for workload to drop but the
relevant legislation is there: Link.

At the moment due to uncertainty over ETSI standards and overseas policy it
seems that the OIC is sticking to real-time intercept capabilities as
opposed to data retention, but unrelated legislation places onerous
requirements for the keeping of records, financial or otherwise, in
electronic format.

So yes, Zim is quite fscked, but the people affected by the interception
legislation (which essentially just makes legal an established practise and
passes to the costs to business) are in the thousands, while in this country
it's in the the millions.

This year's iWeek is a smaller, more intimate & member focused affair. But
the lawful intercept guys are back, especially since this applies to small
members who may have to share a pool of equipment. Plus the local police are
getting more and more jacked in terms digital forensics for problem crime (a
good thing surely) but then so are the relevant authorities who want
intercept capability for reason not entirely known yet. (Local politics
appears to be the primary victim of no-warrant abuse of existing systems)

Please note: comments in my personal capacity, and not on behalf of
ISPA/ISOC despite being 2 of many hats I wear down south.

Previously on BoingBoing:

  • Africa -- Zimbabwe passes "interception of communications" law