By Ashnah Kalemera & Juliet N. Nanfuka
The true extent of governments’ surveillance and monitoring of citizens’ communications across the world remains largely unknown. This is despite legislative rights provisions for privacy and increased calls for data protection of citizens in their communications.
Last month, Vodafone became the first telecomuminications company to reveal the extent of government surveillance of its subscribers. In its Law Enforcement Disclosure Report, the company revealed that governments in some of the 29 countries in which it operates – including in Africa – are requesting its subscribers’ data sometimes without warrants. In addition, government agencies also listen in on subscribers’ conversations and monitor their whereabouts through wires connected to the Vodafone networks.
However, the British company and world’s second largest mobile phone operator could not disclose the full extent of surveillance in nine of the countries it operates in due to legal provisions prohibiting the disclosure of information relating to government wiretapping and interception of communications.
Vodafone operates in eight African countries, namely the Democratic Republic of Congo, South Africa, Lesotho, Tanzania, Mozambique (in all of which it operates as Vodacom), Kenya (as Safaricom), Egypt and Ghana. In 2013, the company received around 100,000 requests from African governments for metadata such as phone numbers, addresses, device locations and times of calls and text messages.
The report cites the Tanzanian government as having made the highest number of requests – 98, 765. Authorities in Congo made 436 requests while in Lesotho 488 requests, were made.
Due to laws restricting the disclosure of information related to law enforcement, Vodafone was unable to publish statistics on the other five African states where it has operations.
According to the report, in Egypt, local criminal laws prohibit the disclosure of national security-related information and other matters related to law enforcement. In Ghana, unclear legal restrictions on access to, transfer and disclosure of electronic records meant that Vodafone was unable to publish information on the demands made. “We have asked the [Ghana] authorities for guidance: however, we have not yet received a reply.” said the report.
Vodafone was also unable to publish statistics related to the Kenyan government’s request for individual communications data due to unclear provisions in the Official Secrets Act and the National Intelligence Services Act. Unclear legal provisions in Mozambique meant that the same statistics could not be published.
Similarly, South Africa’s Regulation on Interception of Communication and Provision of Communication-related Information Act prohibits the disclosure of the fact that any demand for lawful interception or communications data has been issued under the Act. Accordingly, Vodafone did not publish any statistics for the country.
The legal provisions preventing Vodafone from indicating the exact number of government requests for its subscriber information, instances of lawful interceptions or even any indication of interception capabilities, is telling of the degree to which some governments will go to hide the extent of their surveillance.
In the report, Vodafone disclosed that it had not implemented the technical requirements necessary to enable lawful interception in Congo, Kenya, Lesotho, Ghana, Tanzania and Mozambique and as such had not received any demands from those authorities for lawful interception assistance.
Vodafone Communication Interception and Data Requests in Africa
|Country||Communications meta data requests||Implementation of technical capacity for lawful interception|
|Democratic Republic of Congo||436||None|
|Egypt||Disclosure of information is unlawful|
|Ghana||Disclosure of information is unlawful||None|
|Kenya||Disclosure of information is unlawful||None|
|Mozambique||Disclosure of information is unlawful||None|
|South Africa||Disclosure of information is unlawful|
Vodafone reported that similar to Egypt and South Africa, the disclosure of information related to interception of communications and government data requests was unlawful in India, Qatar, Romania and Turkey.
In Europe, Italy made the highest metadata requests to the company – a total of 605,601. This was followed by Hungary (75,938), Spain (48,679) and Portugal (28,145). The governments of Albania, Ireland and Malta made 7,667, 4,124 and 3,773 metadata requests respectively. Two requests were received from Belgium and three from France. From the South Pacific, 760 metadata requests were received from Fiji.
The report states that Australia, Germany, Greece, the Netherlands, New Zealand and the United Kingdom were the only countries whose authorities published statistics on interception of communications and requests for communications metadata.
Vodafone’s report brings to the fore the intermediary liability challenge faced by many other telecommunications service providers across the world. The company published its statistics in an effort to urge all states to publish annual data on the surveillance and monitoring of citizens via digital technologies. Indeed, a similar recommendation was made by a research report published in May 2014 on the State of Internet Freedoms in East Africa. The report revealed the use of legal and extra-legal means to snoop on citizens under the guise of national security in the six countries studied – Burundi, Ethiopia, Kenya, Rwanda, Tanzania and Uganda.
While Vodafone has broken its silence on this highly secretive issue, it remains to be seen whether other service providers will follow suit or whether governments will change their legal provisions to allow for increased transparency in surveillance.