If the Cambridge Five had played their games in the modern day South Africa, they would, in terms of the new Act, have been branded with very popular Hollywood-offences such as espionage distributing false information to the state, which could have secured them visit to Polsmoor Prison for up to 25 years…

In the modern area of access to information (see Act 2 of 2000) and constitutional transparency, this new bill comes across quite strangely as very restrictive. A number of commentators have worriedly pointed out that the very wide definition of “state information” (currently defined as “information generated, acquired or received by organs of state or in the possession or control of organs of state”) could inhibit Mr John Doe’s access to government information.

Mr Doe should be very worried because he could suddenly find that some of his records can now be withheld from him in terms of the suggested act and it would now become Mr Doe’s problem to prove that he is otherwise entitled to this information whilst government departments dream up all kinds of excuses in terms of this bill as to why Mr Doe would NOT be entitled to the information. The Bill also allows for the protection of certain commercial information and if one takes that the government is in effect the big daddy of some very large corporation in our country (think Telkom, Eskom, Transnet and the likes), this could make for difficult times for the competition commission and other players in those markets.

It would be interesting to see how the modern technologies play up against very old-fashioned tools such the bill under discussion. The recently launched Wikileaks service provides a platform for private citizens to expose and publish dishonest, corrupt or otherwise sensitive information online about any government or corporation. The purpose of the Wikileaks site is to provide a safe haven where documents can be anonymously uploaded and then afterwards discussed online for verification purposes.

Interestingly enough, this Bill also criminalises the conduct of any South African citizen who contravenes the provisions, irrespective of where in the world this happens.

As Wikileaks so succinctly sums it up:

”
The first ingredient of civil society is the people’s right to know, because without such understanding no human being can meaningfully choose to support anything, much less a political system. Knowledge is the creator of every political process, every constitution, every law and every regulation. The communication of knowledge is without salient analogue. It demands recognition as the founding guide of civilization.
“

It seems as if this Bill tries to swim against the tide of freedom of information, despite the advances in technology and the way in which society is working with information.

Submissions on the Bill have already closed and the Parliamentary Committee is currently considering the submissions.

The Protection of Information Bill is available online at: http://www.info.gov.za/gazette/notices/2008/30885_376.pdf.

The South African section of the Wikileaks page can be found here: http://wikileaks.org/wiki/Category:South_Africa

It seems as if Absa is really trying their utmost best to irritate people. I have received two spam emails from Absa today, one from Absa Platinum and one from “Absa Investment Advantage”, this after I have tried to contact Absa in order to request them to remove my name from their marketing lists.

To date, I have sent 3 requests to Absa (see below), without even the common decency of a reply from either Dick Gardner (from Customer Care) or George Willenburg (branch manager at the Heerengracht Branch).  It seems that the only way to actually receive a response from Absa is to log a complaint on hellopeter.com.

What really worries me is that my private and personal data has been shared with third parties such as “Okeeffe & Swarts”, ContactNow and eList.

In terms of the Electronic Communications and Transactions Act (sec 51), the sharing of my electronic data is illegal. I pointed this out to Gardner and Willenburg – without a reply.

I am really looking forward to the implementation of the new Consumer Protection Bill, since it is envisaged that an Exclusion Register will be kept where a consumer will be able to list their desire not to be contacted by a certain company. I predict that Absa will be having huge problems in implementing this since it is obvious that the left hand does not realise what the right hand is doing – evident in the fact that Absa is bandying their customers’ personal information around to so many third party providers.

Email correspondence:

“

from [.h] to georgewil@absa.co.za cc iansm@absa.co.za, dickg@absa.co.za date 27 May 2008 12:05 subject Re: FW: 20 + years customer . mailed-by brightshark.co.za

hide details 12:05 (41 minutes ago)

Reply

Dear George, Dick & Ian,

As luck would have it – on top of the Absa Platinum email today, I received yet another unsolicited email from Absa for the product “Investment Advantage”.

I will forward this to you too in due course.

Would somebody now please get back to me to get my name removed from all mass-marketing lists of Absa?

Sincerely,
[.h]

2008/5/27 [.h]- Hide quoted text -
Dear George/Dick/Ian,

Should I be surprised that

(1) I have not had the courtesy of a reply from any of you in relation to my previous TWO emails (the first sent more than a month ago)

and

(2) I have today yet again received marketing communication from Absa (have forwarded the communication to you).

I am speechless.

Sincerely,
[.h]

2008/5/16 [.h]
Dear Sirs,

As bitterly disappointed George was in losing a client, as bitterly disappointed I am for not receiving a single reply to my email below.

It seems the only way to get a response from Absa is to basically post a complaint on hellopeter?

I now look forward to any response to my email hereinbelow.

Sincerely,
[.h]

2008/4/25 [.h]:
Dear George,

Thank you for all your efforts.

What still perplexes me is that I, yet again, received a call from a “consultant at Absa”, trying to sell me insurance today? The call was received at 11:59 on my number XXX. The person who called me was Tyrone Oliver, calling from “Absa Finances Division” in “Johannesburg”. After questioning him, I found out that his employer was “Okeeffe & Swarts”, whoever that may be. Subsequent to asking him questions he claimed I was “breaking up” and hung up on me.

Now, yet again, I fully appreciate that you are not in control of everything which Absa does, but I am deeply worried in my personal information being bandied about to sales agents and externel service providors, with whom I’ve had no relationship.

Can you perhaps direct me as to who I should address my issues to in this regard? I would like to formally give notice to Absa, in terms of section 51 of the Electronic Communications and Transactions Act, that I no longer wish to be contacted by Absa or any of Absa’s third party providers to sell me goods or services.

Section 51 of the Electronic Communications and Transactions Act states as follows:

”

1)        A data controller must have the express written permission of the data subject for the collection, collation, processing or disclosure of any personal information on that data subject unless he or she is permitted or required to do so by law.

2)        A data controller may not electronically request, collect, collate, process or store personal information on a data subject which is not necessary for the lawful purpose for which the personal information is required.

3)        The data controller must disclose in writing to the data subject the specific purpose for which any personal information is being requested, collected, collated, processed or stored.

4)        The data controller may not use the personal information for any other purpose than the disclosed purpose without the express written permission of the data subject, unless he or she is permitted or required to do so by law.

5)        The data controller must, for as long as the personal information is used and for a period of at (cast one year thereafter, keep a record of the personal information and the specific purpose for which the personal information was collected.

6)        A data controller may not disclose any of the personal information held by it to a third party, unless required or permitted by law or specifically authorised to do so in writing by the data subject.

7)        The data controller must, for as long as the personal information is used and for a period of at least one year thereafter, keep a record of any third party to whom the personal information was disclosed and of the date on which and the purpose for which it was disclosed.

        The data controller must delete or destroy all personal information which has become obsolete.

9)        A party controlling personal information may use that personal information to compile profiles for statistical purposes and may freely trade with such profiles and statistical data, as long as the profiles or statistical data cannot be linked to any specific data subject by a third party.

”

I would also like to draw your attention to subsections 6 and 8 (highlighted for your ease of reference).

Lastly I would like to be informed to whom by data has been distributed and would like to receive confirmation that my personal data has now in fact been removed from all potential sales list.

I look forward to your (and/or Dick Gardner’s) formal response hereto (as well as to the outcome in due course of your investigation as referred to in your email of the 21st instant).

Thanking you in anticipation.

Kind regards,
[.h]

“

In fact, in virtually every sphere of professional life, one is sure to find some kind of anonymous blogger, lurking around, such as Doctor Anonymous, “the Blog of the Anonymous Clerk“, Anonymous Prof  or The Anonymous Teacher.

The latest hoo-ha over an anonymous blogger comes from the US, where a Cisco employee working in their patent department, started a blog called the Patent Troll Tracker. A Patent Troll is a term loosely used for companies or lawyers who register patents in the hope that somebody infringes on the said patent, which opens up the door for some nice litigation with some really nice settlements. The Patent Troll Tracker tried to keep track of and report on such litigation and ended up being highly regarded and quoted – once or twice, it was even quoted as “proof” in litigation against some Patent Trolls.

The Patent Troll Tracker became such a thorn in the side of certain attorneys, that some even offered a reward of $5 000 (later upped to $15 000) if the writer of the Patent Troll Tracker was exposed.

Recently, writer of the Patent Troll Tracker, Richard Frenkel,  revealed his identity – which has led to a number of cases being instituted against, not only the writer but also his employer, Cisco, for defamation. Cisco was cited as a defendant because of the fact that one or two of the writers managers knew that Frenkel was authoring the Patent Troll Tracker. Commendably, Cisco has supported Frenkel and have now amended their blogging policy to require from employees to state that the posts on a blog is made so in the employee’s personal capacity.

The lesson to be learned from this is that all employers should be aware of the potential dangers which lurk in the shadows of the various blogging sites and should address this through their normal electronic communications policies, to safeguard the company against unnecessary risk and exposure.

So, the process started to rid my cellphone of those pesky sms’es, arriving day and night, advertising credit cards, new fashion sales and parties (lawyers are boring, didn’t they know it won’t help!). The first step was to try and get hold of the offending sms’er. This in itself was quite an interesting experience since MTN provided me with the name and contact details of the person who was sending the sms’ (I would have thought that at the very least they would want something in writing from me, not to even mention a court order).

After trying in vain to get hold of some nondescript company to ask them to remove me from my list I decided to report the matter to WASPA (the Wireless Applications Service Provider’s Association – http://www.waspa.org.za/). WASPA is a body founded by the cellphone carriers/providers in SA as a “self-regulating body”. Needless to say I didn’t have much hope of getting any joy from them, but plunged in nevertheless.

Reporting an incidence of SMS spam is as easy as filling out an online form and within a few days I received an email from WASPA, attempting to address the issue.

The process progresses through various stages (starting at an attempt on sorting out the situation amicably and ending up at an arbitration).

To make the proverbial long story short, br!ghtshark was pleasantly surprised to receive an email from the WASPA secretariat recently that the SMS’er was found to be in contravention of the code of conduct and fined the SMS’er R7500 as well as suspending the service of the SMS’er for a minimum of two weeks).

br!ghtshark is impressed! Bravo to WASPA – a prime example of self-regulation that actually works! The judgment can be seen HERE

The NCOP raised questions as to the practicality of the amendments. The issues raised by the NCOP include the fact that international visitors will have to register their simcards before roaming on the cell networks will be possible but the soccer fans will be exempt from registering during the 2010 event.

Other issues raised were that one would have to provide an ID (problematic seeing the current general state of affairs at the Department of Home Affairs) as well as an address before one would be allowed to buy a simcard (again problematic seeing that the real users who need cellphones don’t have regular fixed addresses). It was suggested that rural citizens select the local spaza shop or schools/churches as their addresses.

Since this piece of legislation was designed to limit criminal activity it is hard to foresee how this will change anything if simcards are able to be registered at any random address. Whilst efforts in minimisingpotential criminal use of cellphones should be applauded and supported, the new system seems to merely place a burden on John and Sipho (not to mention the financial burden on the cellphone operators, which will most probably be  absorbed by the consumer) whilst Mr Big Crook – the person at which the legislation is aimed – will still probably run around care-free with his “2010 simcard” or be traced to bizarre random addresses.

The act previously allowed FBI agents to obtain the electronic records of suspected terrorists and also gag the institution which provided the records to inform their client of the fact that the records were handed over to the FBI.

The Judge found that this infringed on the separation of executive and judicial powers and struck the provisions. Records had shown that many requests for information did not follow procedure with incorrect statutes cited or obtaining information to which the FBI was not entitled.

There is good reason why there is a separation of powers and judicial oversight – as was proven in the beginning of this year with Madrid bombings investigations and arrest of Brandon Mayfield. Mayfield was arrested when fingerprints were found on a detonator and was “matched” to him “100%”. The FBI later acknowledged that there were serious deficiencies in their investigation. Mayfield’s wrongful arrest and 2-week detention without charge could have been avoided had there been proper judicial oversight over the executive powers of the state.

The Regulation of Interception and Provision of Communication-related Information Act (RICA for short) came into effect yesterday.

In terms of this act, cellphone providers are required to compile a register of all names and details of cellphone users. This is obviously mostly applicable to prepaid users and cellphone providers must link an ID no, name and address to each and every simcard during the next 12 months. This obviously places quite a burden on cellphone providers with Vodacom estimating that it would have to register up to 9000 users per hour to finalise the registrations in the coming 12 moths.

RICA also requires cellphone providers and Internet Service Providers (ISP’s) to install “Lawfull Intercept” systems, at the provider’s cost, to enable law enforcement agencies to intercept certain communications. For an ISP with 3 access sites this could cost as much as R2,8mill. This is a standard requirement in other jurisdictions as in EU member states and other countries. The costs, especially for smaller ISP’s are so high that some ISP’s are taking a “wait-and-see” approach to RICA.

Furthermore, the definition of an ISP is so broad that it might include schools, universities and employers who provide their users with internet and email access.

The ultimate question in the end is – who will finally foot the bill for all of this? South Africa cannot afford to increase the cost of information even more, especially in this day and age of the knowledge economy.

The South African legal system is currently being confronted by a very modern and as yet, novel, incidence of possible defamation.

An unknown person claimed to be a male prostitute and has recently published a list of names of supposed clients, including various well-known or famous individuals such as politicians, SABC presenters and music personalities, on his blog (online diary). One of the persons who was named has laid a charge of defamation at the Caledon Square police station in Cape Town.

The biggest problem with the such complaints are that the blogs are normally posted anonymously as well as on web services hosted on servers overseas. One would be wondering how the South African Police Services would be able to investigate and bring such a crime before the courts whilst it struggles to even properly investigate simple crimes such as break-ins. The SAPS has indicated that it could be involving Interpol in the investigation.

In the end it would boil down to the individual who was defamed to bring a civil action against the blogger – if he/she is able to ascertain the identity of the blogger. In South African law an action for defamation does not carry very much financial reward, especially if the high costs of the legal action are taken into account.

If the blogger is situated in a foreign jurisdiction the costs would skyrocket, especially in rand terms. The most effective solution would probably be to engage with the service on which the blog is hosted (especially if it is an international service) to restrict access to the content by way of a formal request. These requests are also sometimes known as a takedown notice from the “American Online Copyright Infringement Liability Limitation Act”.

All in all, defamation by way of modern communication channels will prove very difficult to police and even more difficult to effectively curb until a global enforcement policy is in place.

The maker of the very popular iPod has recently started selling certain music tracks online without DRM (digital rights management) protection. DRM protection was previously used to prevent users from copying music which was bought online. A big fanfare has now erupted as it was discovered that any music which was bought on the iTunes site would have the user’s personal information embedded in the music file. It is thought that this information might be used to track which users spread the music via sharing websites.

The DRM-free move followed an open letter by Steve Jobs from Apple in February 2007 that called for music companies to release tracks without digital locks, to which EMI responded positively in April. Perhaps the fact that South Africans are not allowed to buy music online from iTunes (due to international distribution issues) is a blessing in disguise?