In this post PRISM era people are decidedly edgy about their online privacy and any laws that are perceived to be aiding official spying are treated with the utmost suspicion and even alarm. On 1 October the new “spy law” was gazetted by the Zimbabwean government sending a lot of news outlets into panicked frenzy as fears of this law being used to spy on us started spreading.
The offending law is known as the Postal and Telecommunications Regulations which comes in the form of Statutory Instrument number 142 of 2013. It deals primarily with the registration of subscribers by service providers. The term service providers is used to refer to Land line operators (Telone), mobile network operators (both traditional operators like Econet and Telecel as well as CDMA operators), VoIP operators such as Guroo, ISPs, IAPs and other people involved in offering telecommunications services.
After getting a copy of the law I decided to peruse the entire text and ponder on it.
Generally speaking the law is nothing new. It is just a codification and interpretation of legislation that already exists and deals primarily with subscriber registration and the access and maintenance of such information. It however expands on the scope by including Internet Providers and allows law officers to gain access to this information without a court order.
Here is a summary of the provisions:
Service providers are not allowed to provide services like internet and cellular services to unregistered users.
All subscribers must be registered by 31 October or they will be disconnected.
The required information shall be: A full name, permanent address, nationality, gender, SIM number and ID or passport number.
The subscriber must submit a completed form with this information to the network operator(or their agent instead.) It is not clear however if electronic copies will be permitted. Services like Guroo use an online form. Network operators are required to verify the accuracy of the information.
Changes to this information (an address change for example) must be communicated to the network operator within a space of 21 days after making the change. This will mean lodgers who are constantly on the move will have to keep updating this information.
If you lose or break your SIM card you need to call the police and they will issue you with a written report. I am guessing Network operators will now require a police report in order to issue a new SIM card.
Network operators shall maintain a register with this personal information and retain information up to 5 years after the subscriber has stopped using the service or after the network operator has closed shop.
The Authority (POTRAZ) will maintain a central database of this information for to ensure compliance with the requirements, law enforcement purposes, emergency services, national security purposes (oh! oh!) and research purposes.
POTRAZ will do unspecified stuff to ensure that this data is secure and the information is not transferable outside Zimbabwe but we are guessing hackers could still get their information anyhow.
An officer of the Rank Assistant commissioner or a similar rank can write a letter requesting data relevant to an authority.
Researchers (we are guessing the media is also included) can also get access to the data if they submit a request.
There is other mumbo jumbo stuff in the instrument but this is the gist of it. In the next instalment I will take a look at some of the implications of the law as well as provide a comparison with the NSA’s PRISM project.
You can read a scanned copy of the law here for further details.
Quick NetOne, Telecel, Africom, Econet Airtime Recharge
If anything goes wrong, click here to enter your query.