Zimbabwe Situation

BILL WATCH 49/2013 [7th October 2013] SI 142 of 2013: A Spies’ Charter?

BILL WATCH 49/2013

[7th October 2013]

SI 142 of 2013:  A Spies’ Charter?

Introduction

The Postal and Telecommunications (Subscriber Registration) Regulations, 2013, were published in the Gazette as SI 142 of 2013 [available from Veritas by email or on website – see addresses at end of bulletin] and have provoked some alarm.  “Government has … permitted its security agencies to spy into people’s telephone call records, text messages and Internet communication,” is just one of the comments made in the press.

Is the alarm justified?  In this Bill Watch we shall attempt an answer, first by trying to determine what the regulations actually mean [not a very easy task], then by seeing if they are valid in terms of the Act under which they purport to be made, and finally by looking at their constitutionality.

Content of the regulations

Obtaining of subscriber information

The regulations prohibit “service providers” [i.e. organisations that provide telecommunication services such as cell-phone services, telephone services and internet access] from providing services to their customers unless they have obtained and recorded basic information about their customers’ identity.  The information, called “subscriber information” in the regulations, consists of:

The provision of false information to a service provider is a criminal offence, and service providers who suspect they have been given false information must report the matter to the police within 24 hours.  Service providers must store their customers’ subscriber information for as long as they provide services to the customers and for five years afterwards [section 4(6)–(9) of the regulations].

Databases of subscriber information

Service providers must keep registers recording the subscriber information which they and their agents have collected, and must provide the Postal and Telecommunications Regulatory Authority of Zimbabwe [POTRAZ] with access to and copies of their registers on demand [section 7 of the regulations.  Note, incidentally, that this does not apply to the records kept by employers or renters under section 5].  Service providers are also obliged to supply POTRAZ regularly with updates from their registers [section 8].

POTRAZ is obliged to maintain a central database of subscriber information supplied by service providers.  One of the objects of the database is to “assist law enforcement agencies or safeguarding [sic] national security”.

Disclosure of subscriber information

The regulations emphasise repeatedly that subscriber information contained in service providers’ registers and in POTRAZ’s central database is confidential:

Nonetheless, the regulations provide for POTRAZ to disclose subscriber information:

It is these provisions for the disclosure of subscriber information, particularly disclosure to the Police and CIO, that have given rise to fears that the regulations will allow government agencies to intercept telephone and cell-phone calls, e-mails and text messages.

Do the regulations authorise calls and e-mails to be “tapped”?

No.  It must be emphasised that the regulations deal with “subscriber information”, i.e. the names, addresses and identification particulars of subscribers or customers.  The regulations do not cover information regarding calls made, or e-mails or text messages sent, by subscribers or customers.  Hence the regulations do not directly allow government agencies to eavesdrop on calls or to intercept e-mails or text messages.  They may, however, facilitate such eavesdropping or interception, as, under the Interception of Communications Act, law enforcement officers can apply to the responsible Minister for a warrant authorising them to intercept communications including calls, e-mails and messages and the SI may assist officers in applying for interception warrants if they know the personal particulars of people whose calls and messages they want to intercept.

At the most, therefore, it can be said that the regulations facilitate, rather than directly authorise, the interception of communications.

Even so, there are grounds for questioning the validity of the regulations.

Validity of the regulations under the Postal and Telecommunications Act

The regulations were made under section 99 of the Postal and Telecommunications Act, and there is nothing in the section that expressly empowers the Minister to make regulations dealing with the recording and disclosure of subscriber information.  The section begins with the usual formula allowing the Minister to make regulations for “all matters which, in the opinion of the Minister, are necessary or convenient to be prescribed for carrying out or giving effect to [the] Act.”  Wide though this formula is, it does not permit the Minister to go outside the ambit of the Act, and the long list of specific topics on which the Minister can make regulations, set out in section 99(3), does not mention anything relating to subscriber information.  Although this is not decisive, it does give rise to an inference that Parliament did not envisage the Minister making these regulations — an inference that is reinforced by section 98 of the Act, which deals specifically with the interception and handing over of telegrams to law enforcement authorities but does not mention the handing over of other information.

It can be argued, therefore, that the regulations are invalid on the ground that they are ultra vires [i.e. not authorised by] the Act under which they were purportedly made.

Another ground for questioning the validity of the regulations is that they purport to have been made by the Minister of Transport, Communications and Infrastructural Development.  There was a Minister with that title in the inclusive government, but there is no such portfolio in the current Cabinet, and it is not clear which Minister is currently authorised to make regulations under the Act.  There is at least a possibility, therefore, that an unauthorised person made the regulations, and if so they would be invalid.  If the regulations were challenged on this ground in court, the question would have to be settled by evidence as to who made them.

Individual provisions of the regulations may be invalid on other grounds:

Validity of the regulations under the Constitution

Section 57 of the Constitution protects the right to privacy as a fundamental human right, and although the section does not state specifically that the right extends to keeping one’s personal particulars private, undoubtedly it does do so.  That is clear from court decisions in other countries.  Many countries go further and have data protection laws which prohibit the disclosure and misuse of databases of personal particulars.  Even Zimbabwe has such a law — AIPPA.  However, the right to privacy is not absolute.  Under section 86 of the Constitution it may be limited by law to the extent that the limitation is “fair, reasonable, necessary and justifiable in a democratic society based on openness, justice, human dignity, equality and freedom”.

Do the regulations fall within this limitation?  For the following reasons, our Constitutional Court would probably hold that they do:

Back to Home page