- Minister Rapapa defends security agencies’ involvement in drafting snooping laws,
- as legal experts slam the “militarisation of the law-making process”.
THE Lesotho government has finished consultations with the army, police, intelligence and other stakeholders as it prepares to re-table draconian spying regulations giving it sweeping powers to monitor mobile phone communications of all citizens, diplomats and foreigners visiting the country, according to Communications, Science and Technology Minister Samuel Rapapa.
Mr Rapapa has defended the security agencies’ role in the crafting of the regulations, saying they were the security experts and their input was required because the regulations had a bearing on national security.
His remarks come against the background of criticism of the proposed regulations by the United States embassy and legal experts who pointed out that giving the state and security agencies unfettered powers to spy on citizens’ and diplomats’ communications could lead to gross human rights violations.
The controversial Communications (Identity Module and Mobile Device Regulation) Regulations, 2021 were initially gazetted in May this year by then communications minister, Keketso Sello.
They caused a huge outcry due to the overweening powers they gave to the government, via the Lesotho Communications Authority (LCA), to monitor private communications of citizens.
The regulations empowered the state to fully monitor cyberspace, define cybercrimes and prescribe penalties that include fines and lengthy prison sentences. They include a provision for the establishment of a central database, with details of citizens, to be run by the LCA. In addition to registering their sim cards, citizens and visitors would also be required to register their communication devices and store their biometrics in the database.
This is an unprecedented move as other countries, including South Africa, only require users to register their SIM cards and not mobile devices.
Another unprecedented measure was the requirement for foreigners on international roaming services in Lesotho to be registered as well.
More chillingly, citizens’ details and communications stored in the central database could be handed over to any of the security agencies without a court order.
All the army, police, intelligence and correctional services would have to do to lay their hands on such information would be to request it from the LCA in writing only. They would also have to state why they want such information. But they would not require formal court orders as happens in most civilized countries.
Last month, parliament ordered Minister Rapapa to go back to the drawing board and redraft the regulations in consultation with the security agencies and “other stakeholders”.
This after the parliamentary Portfolio Committee on the Prime Minister’s Ministries and Departments, Governance, Foreign Relations and Information Cluster had indicated in its report that the regulations had been crafted without the necessary input of key stakeholders. The committee said there was need for consultations to ensure that all stakeholder input was included in the subordinate law.
Mr Rapapa this week claimed consultations had been completed with various stakeholders including the security agencies. He said the consultations had been done by 30 September 2021. He said he was currently reviewing the submissions and he would soon re-table the regulations in parliament for approval.
He said there was nothing wrong with people being asked to submit their personal details and biometrics for storage in a central database as per the proposed regulations.
“I don’t see anything wrong with this because people are already submitting this kind of information to institutions like banks whenever they want to open accounts,” Mr Rapapa said.
He also defended the involvement of the security agencies.
“The security agencies had to be consulted because we are dealing with a national security issue. They are the experts in security issues and we are not experts,” Mr Rapapa said.
His comments are unlikely to address lingering US concerns about the “complexity” of the government’s self-appointed task of registering all subscribers.
Nor will they address the concerns about the “intrusive” nature of the proposed regulations “which will touch on the privacy and personal liberties of every Lesotho citizen who owns a telephone”.
“The US Embassy notes that the collection and storage of sensitive personal data pose complex challenges,” the US embassy said when the regulations were initially gazetted in June this year.
“One such challenge is preventing access by unauthorised users. In the past year, the computer systems of the government of Lesotho have been subject to repeated penetration by hackers. This brings several questions to the fore; how will the biometric data collected under these new regulations be protected from unauthorised access?
“What will the government of Lesotho do to protect or compensate its citizens after hackers steal their biometric data? Will the government hire an outside consultant to manage this data, and if so, how will this consultant be selected, managed, and held accountable?”
This week, constitutional law expert Hoolo Nyane, a law professor at the University of Limpopo, said the regulations should have been completely repealed instead of being redrafted.
Prof Nyane said the initial regulations were not only “intrusive” but “most probably in contravention of constitutional freedoms of communication and expression”.
As such they ought to have been struck down instead of being revised with the input of the security agencies who have a “dark past” of human rights violations, he said.
“The problem with those regulations was never about the process followed by the minister or the LCA in drafting them in the first place,” Prof Nyane told the Lesotho Times.
“The fundamental problem related to their content. Their content unjustifiably trembles upon human rights and freedoms. If the communications ministry intends to press ahead with the regulations, they must be revised to align them with human rights.
“Hence it is disingenuous for parliament to suggest that the reason for rejecting the regulations is because of non-consultation with the relevant stakeholders. In any event, the obligation to involve the public in legislative processes belongs to parliament. If government departments don’t do the consultation, parliament must do it.
“Cherry picking the security agencies as the stakeholders to be consulted, in particular, is also interesting. This suggests that probably there is a fundamental misconception at various levels about the problems of these regulations. “Consultation with the cross-section of society is always a hallmark of good governance; but with the dark history that the country has with the security agencies, it is a concern to say matters of human rights such as this be done with the security agencies. Perhaps the intention is to drift the Bill further to a dark corner, rather than to improve its human rights compliance,” Prof Nyane said.
A local lawyer who did not want to be named said the roping in of the security agencies in the drafting of the revised regulations was “a worrying militarisation of the law-making process”.
“The regulations were already chilling enough when they were initially gazetted by the previous minister. They gave the security agencies excessive powers to snoop on citizens’ communications and laid the groundwork for possible human rights violations.
“We need to keep in mind that in their current unreformed state, the security agencies are an unprofessional and partisan lot who have shown their propensity to wantonly abuse citizens on behalf of their political masters. The NSS (National Security Service) still owes us answers regarding the secret purchase of M28 million spying equipment they procured with funds that had been earmarked for student loans and grants. Also, the police have still not been made to account for torturing some people who were accused of being social media political activists a few years ago.
“What all this therefore means is that involving unreformed security institutions in the law-making process will only quicken Lesotho’s descent into a fully-fledged police state and banana republic,” the lawyer said.
His comments were in reference to the auditor general’s report for the 2016/17 financial year which indicated that M28, 4 million had been diverted from the National Manpower Development Secretariat (NMDS) facility for tertiary students to purchase cyber equipment to spy on politicians, members of the security agencies and ordinary civilians.
This was done by the then seven parties’ coalition which was headed by Pakalitha Mosisili.
During that government’s tenure in 2016, the police arrested two men, Lira Moeti and Mohato Seleke, allegedly for being administrators of a shadowy Facebook group that had been releasing sensitive government information.
They were allegedly tortured to get them to confess to being the administrators of a Facebook group called ‘Count Down to Elections 2015, 2016 or 2017’.
Mr Seleke is now the managing director of the Lesotho Electricity Company (LEC).
Herbert Moyo is a journalist researching digital surveillance with support from
the Media Policy & Democracy Project (MPDP) jointly run by the University of Johannesburg and Unisa.