On the whole, though, targeted surveillance through lawful interception has been less controversial than mass surveillance, which is often referred to as ‘suspicionless surveillance’. The latter involves the tracking of individuals or organisations where there is no suspicion of wrongdoing, but where information about their communications may be stored just in case the law enforcement or intelligence agencies need it to detect suspicious activities in future. While lawful interception generally requires human intervention in order to intercept the communications of specific individuals, and communications service providers have to ‘switch’ the communications to a monitoring centre, mass surveillance is generally automated, and may be conducted through network probes that transmit communications directly to a monitoring centre. Communications service providers may not be involved in this form of surveillance, as the data can be copied off the backbone of the communications infrastructure. Once it is copied, then an agency can conduct searches for specific terms, names or numbers in the intercepted communications to narrow them down to more manageable levels. They may also choose to look for associations between various individuals in order to map contacts. The Snowden documents revealed how the NSA is allowed to travel three ‘hops’ from the communications of a person of interest: that is, they can examine the people who spoke to that person and the people who spoke to those people. As a result of the ‘three hops’ policy, the communications of large numbers of people, many of whom are likely to be innocent of any crime, can be examined.30 However, surveillance affects different social groups differently, and can be used for the purposes of discriminatory social sorting: selectors can be developed on the basis of populations (Afghanis, for instance), and the tendency to profile what the agencies consider to be problem populations is particularly pronounced with mass surveillance.31
Surveillance provides the state with a politically low-cost form of social control, as abuses are very difficult to detect, and it can use such surveillance, or the threat of surveillance, to create fear that organised violence will be used against perceived opponents. To that extent, and when used inappropriately, surveillance could be considered a form of violence. At the same time, the fear of being watched may force people to self-police their own behaviour, as Foucault argued.32 Such a society is not one that we should want to live in, or to allow our children to inherit, as it will be premised on fear and insecurity.
Perhaps even more controversial than mass surveillance, which involves passive monitoring of networks, are more active forms of communications interception using equipment interference, such as hacking. Increasingly, law enforcement and intelligence agencies are arguing that encryption is making it more and more difficult to conduct communications surveillance, and this is pushing them to resort to more extreme measures such as infiltrating a communications device like a computer remotely, using malware that delivers surveillance software through an email attachment, taking control of the device and opening any document or application as though it was the device owner. Hacking can even alter or delete a person’s communications, which not only renders the communications and the device pretty useless for evidentiary purposes, but presents grave threats to the security of communications networks as a whole.33
In spite of the widespread public outrage about the expansiveness of the programmes exposed by Snowden, and in spite of ongoing controversies about the effectiveness of mass surveillance relative to more traditional intelligence efforts, the UK responded by not only defending its existing bulk powers in terms of the Regulation of Investigatory Powers Act (RIPA) and the Data Retention and Investigatory Powers Act (DRIPA), but also seeking new powers through a controversial new Investigatory Powers Act, which was passed in the dying days of 2016. Bulk powers target people outside the country, with less privacy-invasive surveillance ostensibly being reserved for UK nationals. As a result, the Act subjects non-nationals to weaker privacy protections, and thus discriminates against them, thereby flying in the face of attempts to universalise human rights. The most controversial elements of the Act are the executive’s bulk powers to intercept, store and even hack communications on a massive scale. The debate about the Act did put a spotlight on the UK government’s use of hacking. Up to that point, the UK government had never admitted its use of bulk hacking of the computer equipment of non-nationals, until several NGOs brought a case before the Investigatory Powers Tribunal (IPT), which confirmed GCHQ’s use of this surveillance practice.34 This form of surveillance is possibly the most intrusive and dubious of all, as it allows the intelligence agencies, on a mass scale, to access address books, track every keystroke, email and internet search on communications devices, and even turn on a computer’s camera and microphone, using it as a surveillance device against its owner.
WHY SHOULD THE GLOBAL SOUTH BE CONCERNED?
But should countries in the global South, like South Africa, even be concerned? The southern African region has largely escaped the terrorism problem plaguing countries like France, the UK and the US, and African countries further north, like Nigeria and Kenya. No southern African country has its own version of al-Shabaab or Boko Haram, responsible for terrible atrocities in East Africa and Nigeria respectively. South Africa faces no significant threats to national security, especially terrorist threats, although the presence of terrorists in the country has been an enduring source of speculation. So, it could be assumed that the region should have little reason to invest in the building of surveillance states. Evidence is emerging that suggests this assumption is incorrect.
Even though South Africa is not a terrorist target, growing social discord over inequality means that the temptation is there for less principled members of the security apparatus to abuse the state’s surveillance capabilities to advantage the ruling group in the ruling party and disadvantage their perceived detractors. This possibility is not far-fetched. In 2005, the state’s mass surveillance capacities were misused to spy on perceived opponents of Jacob Zuma, then contender for the presidency. Journalists have also had their communications intercepted, and several politicians and activists have alleged that their communications were intercepted. The Mail & Guardian has quoted sources inside the police and the SSA alleging that security personnel often do not even bother to obtain directions to intercept communications.35 In 2013, it emerged during a trial that the Crime Intelligence Division of the South African Police Service (SAPS) had placed members of the extreme Afrikaner militia, the Boeremag, under surveillance while in prison, which included intercepting communications between the accused and their lawyers, in violation of attorney–client privilege.36 While it is extremely difficult to establish the extent of the problem, these incidents make the case for reforms to ensure that the state’s surveillance capacities are not abused.
South Africa has a law, RICA, that governs lawful interceptions for policing and national security purposes. In spite of the fact that its drafters attempted to strike a balance between the interests of justice and national security, on the one hand, and civil liberties such as privacy,