State surveillance capabilities are expanding all the time, but transparency and political accountability for how they are used is lagging behind, said Professor Jane Duncan at a panel discussion hosted by the University of Cape Town (UCT) Faculty of Law.

The discussion, titled “Privacy vs Security – Where does the balance lie?”, was the brainchild of an honorary professor in the faculty, UK judicial commissioner Dame Linda Dobbs. It came in the wake of major data leaks: the Facebook-Cambridge Analytica data scandal and former US Central Intelligence Agency (CIA) employee Edward Snowden’s revelations, and four major leaks in South Africa.

Hiding behind the cloak of security makes it easy for politicians to evade accountability, abuse power and maintain unsustainable societies, Duncan said, addressing the difficulty of determining appropriate balances between security and privacy.

A professor of film and journalism at the University of Johannesburg, Duncan was among three panellists in a dialogue moderated by Judge Dennis Davis. She was joined by South African Information Regulator Advocate Pansy Tlakula, and criminal lawyer Peter Carter QC.

“We need to demand accountability from the politicians who justify and oversee these practices in the name of security,” she said.

“We also need to demand performance from the devices that collect and process our data.”

Duncan believes that no public surveillance system should be rolled out without a privacy impact assessment and a public consultation process being undertaken.

Panellist Prof Jane Duncan of the University of Johannesburg.

Inappropriate securitisation

In the Jacob Zuma era, security was misused to counter any threat to the former president’s administration and state capture project, including legitimate ones. Many aspects of the security services that could have arrested corruption, she added, were either captured or run down.

“Our main surveillance law, RICA, has many systemic weaknesses. There has also been a paucity of national debate on the issue.

“Better guidelines are needed for lawmakers. And we need a serious conversation about principles guiding national security.”

“Better guidelines are needed for lawmakers. And we need a serious conversation about principles guiding national security.”

South Africa doesn’t face any major terrorism threat – unlike the “Five Eyes” countries, often abbreviated as FVEY, an intelligence alliance of Australia, Canada, New Zealand, the United Kingdom and the United States.

“Our greater threats are domestic … linked largely to persistently high levels of inequality. There are few compelling reasons to limit fundamental rights such as privacy unduly, especially on national security grounds.”

Although privacy is protected by the Constitution, it’s not affirmed sufficiently in laws or practices that enable surveillance, Duncan said. State responses to social instability fuelled by inequality have become “increasingly and inappropriately securitised”, and beyond the well-recognised functions of intelligence. Also, many of the tools and practice models have been rolled out ahead of the establishment of this country’s privacy and information regulator.

“As a result, it’s been open season on our data, and massive data breaches have threatened public security safety.”

She’s concerned that the Protection of Personal Information Act doesn’t apply to security issues.

“It’s a huge debate internationally, whether data protection laws should apply to national security. We need to make an argument that it should.”

New on the block

Pansy Tlakula, chairperson of the new office of Information Regulator, established under the Protection of Personal Information Act, said the Information Regulator’s office will play a crucial role in protecting Constitutional rights: the right to privacy and the protection of personal information; and monitoring the enforcement of access to information.

But it has taken time to get her office up and running.

“We are also trying to interpret a complex piece of information.”

“We are also trying to interpret a complex piece of information,” she said, referring to the Act.

However, trends show where the problems are beginning to emerge in South Africa.

“In the past four months we’ve had four major data leaks, some in the public domain … If you look at the way the Act has been drafted, it excludes from its operation personal information collected for the purposes of national security. That runs throughout the Act ...

“It has a wide definition of personal information, and the processes are also defined relating to the collection, storage, linking and merging of data. The interception of data falls within the definition process. Surveillance activities take place within the ambit of the Act. So, during this debate we really do need to talk about what constitutes national security.”

Tlakula added that the Tshwane Principles on National Security and the Right to Information at least gave some indication of what constitutes national security, and how and under what circumstances national security trumps access to information.

These principles could guide those engaged in drafting, revising, or implementing relevant laws or policies.

“They address the question of how to ensure public access to government information without jeopardising legitimate efforts to protect people from national security threats.”

Privacy as a right

But when is privacy an absolute right?

Carter, pointing to the UK where he practises, said the right to privacy is not an absolute right in national or international law.

“It’s a curtailed right. And the habit of politicians is to say: if you’ve got nothing to hide, you’ve got nothing to fear.

“That puts matters entirely the wrong way around, because the only justification for limiting or curtailing the right to privacy is if there is a justified need, based on necessity, within a democratic society limited by curtailment as prescribed by law.”

Panellist Peter Carter QC (left).

Security, he charged, is too often understood in the context of terrorism.

“Let me throw that back in the face of government – because historically, government has used terrorism against its own citizens, and [against] citizens of other states.”

In the wake of 9/11, the United Nations Security Council passed a resolution demanding that states act against terrorism. But Carter said that whatever means they adopt must comply with all their obligations under international law, particularly human rights, refugee and humanitarian law.

“Have we done that? That’s open to doubt,” he said.

“We need a process by which whatever governments do is subject to democratic accountability.”

The dangers of not doing that were well illustrated by Guantánamo Bay in 2001, when Vice-President Dick Cheney said of US policy: “We have to work, though, sort of on the dark side, if you will. We’ve got to spend time in the shadows in the intelligence world … it’s going to be vital for us to use any means at our disposal, basically, to achieve our objective.”

“In doing so, they ripped up the rule of law,” Carter said.

“The question is, are investigative powers the same as anti-terrorism powers? They can be. They can suppress legitimate debate, and we must be conscious to ensure this doesn’t happen.”

Independent judicial commissioners

In the UK, specially appointed independent judicial commissioners safeguard citizens against invasions of privacy, he said, suggesting the appointment here of special advocates to represent the “non-present target”, the citizen.

“But only in difficult cases, to ensure the judicial process is independent and integrity is sustained.”

Davis pointed out that history seems to be repeating itself in South Africa.

“We’ve had an astounding history of use of national security for non-national security interests.”

“We’ve had an astounding history of use of national security for non-national security interests. In the new democratic regime, the practices of the 1980s – such as the justification of detention without trial – are occurring again. We haven’t had terrorist activities, generally. We can have a higher threshold on the side of privacy rather than security,” he said.

Panel discussion moderator Judge Dennis Davis (centre).

Definitions of national security and personal privacy are also problematic, as Tlakula illustrated.

“There is no definition; everything falls under national security. I’ve worked all over Africa and I’ve seen this. Freedom of expression and association are curtailed because of national security … My organisation needs to come up with guidelines for what constitutes national security … And the courts will have to help us.”

But the courts will need a legislative framework to guide them, and Carter said it will also take a specialist cadre of trained judges to deal with these issues.

“Part of the rule of law is that you can’t lower the threshold simply because politicians tell us there’s a risk. It must be evidence-based,” he said, urging Tlakula to release her guidelines soon.

“Whose security is it? Who owns it? Is it the politicians? Is it the security services?” he asked.

“It must be quite clear that there is a fundamental difference between the interests of national security – in other words, something catastrophic, like the destruction of an entire computer network – compared to an embarrassment to a sitting administration … That is not national security. That is politics.”