Privacy, a Fundamental Human Right
While the nature of our human rights does not necessarily change, the manner in which they are threatened may change significantly. This has been the case in the 21st century where the information revolution has wrought significant change in almost every sphere of human endeavour. The risk of violation of our human rights has changed and legal systems around the world are scrambling to address these violations and to find answers to hitherto unprecedented vulnerabilities in our societal, economic and political endeavours. The primary example of a human right that is being threatened in the 21st century in ways that have not been contemplated in the past, is privacy.
What is the government’s track record relating to the fundamental human right of privacy? Since its recognition and incorporation into our Constitution in 1996, it took government 6 years before determining that the issue was “urgent” and the South African Law Reform Commission was assigned to research and investigate how privacy would best be protected in South Africa. The Commission’s work was completed within a period of 3 years and produced not only a report of quality but draft legislation for consideration by the Minister of Justice. A period of 4 to 5 years lapsed while the then Minister of Justice simply did nothing. A new Minister of Justice, the Honourable Enver Surty, gave impetuous to the process and in 2009 the Minister of Justice approved the report and the draft Bill, leading to public hearings on the matter. Since 2009 the Department has sent entirely the wrong message to South African citizens, big business, and indeed government itself in its dilatory attitude to finalising the draft, its passage through Parliament and promulgation. Far more detrimental in government propagating the impression that this is not important legislation, have been the delays since enactment in the appointment of the Regulator, a prerequisite for the commencement of the operation of the Act.
In the meantime while democratic societies around the world are devoting significant thought and resource to protecting our human rights, not only of privacy but against the threats to our property and person that grow at an unprecedented pace, our government busies itself with the protection of vested interests at the expense of its citizens. Daily there are significant global developments in the critical fight to safeguard the human rights that we have found sufficiently important to enshrine in our Constitution. In stark contrast, the apathy of government to establishing appropriate safeguards to the rights of South African citizens that are threatened by abuses in the information world, is alarming.
Against the background of the significant efforts in democracies around the world to protect human rights in the 21st century, let us examine just a few salient points on how government has failed to address unlocking the benefits of the information revolution and fulfilling its responsibility to protect against the abuses that undermine the human rights of its citizens:
• In 2002 significant public comment on the Electronic Communications and Transactions Bill relating to the inadequacy in certain instances and the inappropriateness in others of provisions contained in the Bill. The comment was ignored, save for those made by the South African Post Office aimed at protecting its vested interests relating to advanced electronic signatures, a sphere in which it has proved itself unworthy of this trust. History has proved that government was simply arrogant in its approach, despite which, 14 years later, the ECT Act remains entirely un-amended, government neither recognising its mistakes or addressing the enormous development that has occurred in electronic communications and transactions during that 14 year period.
• The ECT Act further required that the Minister of Communications as she then was, develop a 3 year national strategy for the Republic that was to have been submitted to the Cabinet for approval within 24 months of the promulgation of the Act. The fact that this did not happen and has never been questioned by either the ruling or opposition party is an indication of the bankruptcy of the cyber-policy of both. Fourteen years later there is simply no coherent policy within government providing the required eNational Strategy that the ECT Act heralded.
• The confusion relating to who is responsible for information security within government itself affords a further example of its bungling in addressing the issues of our information age. The responsibility for information security has been attributed to the then National Intelligence Agency (now the State Security Agency), the State Information Technology Agency, the now defunct COMSEC, the various Government Information Technology Officers Councils and even the Department of Public Works and Services. All of these either claimed or disclaimed responsibility, depending on whether they wanted to exercise authority or avoid responsibility. This abdication of responsibility within government for information security is amply illustrated by the fact that information security within government is still governed by the Minimum Information Security Standard, published in 1996. It was inadequate at the time in addressing information security and has never been amended despite the quantum leaps that we have experienced in information and communication technologies and the development of information security disciplines. So, for the past 20 years nothing has changed relating to information security within government, the single largest repository of personal information of citizens in South Africa.
• In 2002 the public discussion of the ECT Act, called for appropriate protection against cyber threats, the establishment of protection against novel cybercrimes and the appropriate sanctions for perpetrators of cybercrimes. Fourteen years later cybersecurity and cybercrime are now being addressed in earnest and it would appear that grudgingly government is beginning to recognise its own failures in providing information security and that in the self-created capability and in capacity to investigate and prosecute cybercrimes, is an inhibiting factor in protecting the human rights of its citizens.
If government is to fulfil its mandate of protecting the Constitution and human right it needs to recognise that in the sphere of cybersecurity it cannot continue to display the arrogance and dictatorial attitude that it did in dealing with the ECT Act in 2002. The information age has changed the face of virtually every facet of our world, so too has it changed the face of government and, in this instance, government’s role in ensuring the security of its citizens. A far more meaningful engagement of the private sector is necessary if government is to succeed in protecting the human rights of South African citizens in the 21st century. Should it fail to do so its human rights record may well prove to be as lamentable as its predecessors in governments in the 20th century.
©Mark Heyink 2016