by Frederico Links
ON 30 June 2015, the day he announced the appointment of Philemon Malima as director general of the Namibia Central Intelligence Service, President Hage Geingob stated to the media: “I will not allow anyone to spy on Namibians but they (intelligence agency) are just doing their job.”
Almost three years later, it seems the President has changed his mind, as moves are definitely afoot to enable the NCIS, and various other law enforcement agencies, to “spy on Namibians” pervasively and invasively, if they are not doing so already, and that this in fact has primarily become “their job”.
Chief among moves to enable this appears to be an urgent push to promulgate and implement a mandatory SIM card registration regulatory framework as part of efforts framed to ostensibly fight crime and terrorism, as well as other less extreme anti-social behaviours perpetrated through the use of cellphones.
At various stages during 2017 it was argued, even by the likes of MTC Namibia, that such a framework was critical for ensuring the safety of cellphone users and the security of networks.
That Namibia’s premier telecommunications service provider has actively adopted and is a primary pusher for something intelligence and law enforcement authorities have expressed a fervent wish for is not only deeply concerning, but also raises the question of to what extent, as a state-owned enterprise, MTC is already compromised by cooperation with such agencies in an existing and emergent very murky and highly questionable communications surveillance legal environment.
Many other Namibians, in what shows signs of a public bout of Stockholm syndrome, have also become increasingly vocal touts for the introduction of a mandatory SIM card registration system.
While a proposal has been mooted for a while, the clarion call for the introduction of a formal SIM card registration regime really picked up steam in 2017.
At the end of March 2017, a two-day closed-door and highly selective “national multi-stakeholder” workshop, on “preventing and countering violent extremism”, was held under the auspices of the Namibia Central Intelligence Service (NCIS) in Windhoek, which was followed up by another one in September last year to discuss recommendations from the first workshop.
Among the proposals that came out of these workshops, two stand out in particular, specifically one calling for “a need to urgently implement the requirement for telecommunication service providers to register SIM cards against the name of owners” and the other for “a need to devise mechanisms to monitor social media with the aim to detect extremist tendencies”.
The NCIS is pushing the line that a mandatory SIM card registration regime would be effective in dealing with “extremist tendencies”. However, internationally for almost a decade now the evidence of such crime and terror fighting effectiveness is shrouded in immense doubt.
In 2012, a European Council assessment of the effectiveness of SIM card registration systems in crime fighting across a number of EU member states concluded that: “At present there is no evidence, in terms of benefits for criminal investigation or the smooth functioning of the internal market, of any need for a common EU approach in this area.”
Similarly, in 2013, as the Philippines government was looking to implement a mandatory SIM registration system, telecoms operators in the country made a submission stating that the belief that such a system would improve crime and terrorism fighting was “not based on any evidence that it would deter criminal activities in the country”.
And in January this year, influential online rights organisation European Digital Rights (EDRI) published an assessment stating that there continues to be a “complete lack of empirical evidence that this measure has any meaningful benefit to crime-fighting”.
However, despite mounting evidence that the crime and terror fighting effectiveness of SIM card registration regimes appears to be wildly over-hyped, many governments, notably African governments and their internal technical supporters (such as state-owned telecoms operators), have pushed ahead with implementing such systems.
This is arguably because a mandatory SIM card registration regime enables authoritarian, politico-economically unstable and security stressed states to spy on internal critics and perceived troublesome political actors. And the evidence of such spying – targeting journalists, civil society activists and political opposition – on the continent is increasing.
To illustrate this, last year on the sidelines of a major technology conference in South Africa, a senior security expert at one of South Africa’s biggest mobile service providers, with operations across Africa, told this writer how various governments are primarily using SIM card registrations to spy on journalists and activists, and not for crime fighting, and how operators are subtly threatened with licence revocation if they do not play along or provide technical assistance for such spying.
Incidentally, the security executive said they were not in favour of SIM card registrations, as it cost the company a lot to comply across jurisdictions and that such regimes have become a serious threat to its image and reputation.
In light of this, it has emerged that Namibian intelligence or law enforcement authorities are already in possession of sophisticated technologies, such as IMSI-catchers, to intercept cellphone signals, and it appears that they are now seeking legal cover for invasive surveillance practices, which they are probably already engaged in, and which could already be illegal and even unconstitutional.
A mandatory SIM card registration regime would make dragnet-like interception of cellphone communications that much easier, as cellphones have truly become “the spy in your pocket”.
What compounds concerns around Namibian state security surveillance practices is that, unlike truly democratic states, no Namibian law (read part 6 of the Communications Act of 2009) or any of the newer proposals (read the electronic transactions and cybercrime bill of 2017), provide oversight safeguards (even if significantly flawed in many instances, such as in the US and South Africa) against the risk of abuse of such systems, and are substantially weak or almost completely silent on personal privacy and data protection measures.
Namibians do not need to look far to see what state security abuse of a SIM card registration regime looks like.
In April 2017 arguably Africa’s pre-eminent investigative journalism initiative, the amaBhungane Centre for Investigative Journalism, lodged a landmark constitutional challenge against the South African law which authorises SIM card registrations and communications interception and surveillance, the Regulation of Interception of Communications and Provision of Communication-Related Information Act (Rica), which was passed in 2002.
The amaBhungane case is based on a decade of evidence – including cellphone surveillance records – indicating pervasive and extensive abuse of Rica to spy on journalists, civil society organisations and opposition politicians by South Africa’s state security agency, under the Jacob Zuma-led ANC government.
The objective of the amaBhungane constitutional challenge is to ensure the overhaul of the Rica regime and the installation of more democratic, transparent and accountable oversight mechanisms. Last year, in an explanation of the case, Sam Sole of amaBhungane stated that “we say that because interception and surveillance inevitably limit fundamental rights, such as privacy, so it is essential that these procedures be subject to a series of stringent checks and balances”.
Namibians should also take note of the growing involvement of Chinese firms Huawei and ZTE in the Namibian telecommunications sector. Both of these firms have over the years been internationally accused of enabling spying by the Chinese state.
Huawei, which just happens to be one of the world’s leading purveyors of surveillance technology, and is especially beloved by African state-owned telecoms operators, has a big footprint in Namibia and was responsible for overhauling Telecom Namibia’s operating system over recent years, while its cellphones are basically found everywhere these days. ZTE products, such as phones and internet routers, are also easily purchasable in Namibia.
Given this, it would thus be reasonable to suppose that these firms, given their associations with Namibian state-owned telecoms companies, would also be drawn, upon request, into helping make the mobile service environment interception and surveillance-friendly for state security agencies.
What is especially disturbing are the public voices in support of a SIM card registration regime. These voices appear to be wholly uncritical and uninformed of all the implications, and are narrowly focused on combatting cellphone-enabled harassment and scamming.
They are already being co-opted to push for such a regime, even as evidence is mounting that SIM card registration dispensations have become problematic to justify and proven prone to enabling surveillance abuse, amounting to gross human rights violations in many instances.
Against this backdrop, it has probably become time for Namibians to ask President Geingob exactly what he meant when he said in 2015 that he would “not allow anyone to spy on Namibians but they (intelligence agency) are just doing their job”.