Lesotho’s amendments to mobile phone regulations welcome but not enough
…subscribers’ rights not protected enough as DCEO boss can still access their info without a court order
ALTHOUGH Lesotho has amended its draconian mobile phone subscriber regulations to remove clauses which allowed members of the security agencies access to subscribers’ information without a court order, there is still a huge threat to subscribers’ rights and freedoms including freedoms of expression and rights to privacy.
This is because while the army, police, intelligence and prison services are now required to obtain a court order to access subscribers’ information to aid their investigations of suspected crimes, the Directorate on Corruption and Economic Offences (DCEO) can still access such information without a court order.
All the director general of the DCEO has to do is write to the mobile communications companies indicating that he needs information on a particular subscriber to facilitate investigations of a possible crime and that information will be given to him.
As explained in a recent interview by Vodacom Lesotho’s Head of Legal, Regulatory and External Affairs, Tšepo Ntaopane, and Econet Telecom Lesotho’s General Manager for Legal and Regulatory Affairs, Karabo Tlhoeli, the DCEO’s exemption from having to obtain a court order is provided for in the Prevention of Economic Offences Act of 1999.
Although the DCEO is a statutory body tasked with investigating corruption and economic crimes, there have been allegations by high profile people including former finance minister, ‘Mamphono Khaketla, that the anti-graft body has at times been weaponised by politicians to fight their political battles and enemies.
There is therefore the risk, that with its unfettered access to subscribers’ information, it can be weaponised to fight the ruling elite’s enemies and others who are not ‘politically correct’. Violations of rights to privacy and freedom of expression cannot be ruled out in such circumstances.
Since June 2022, Lesotho’s two mobile communications operators, Econet Telecom Lesotho and Vodacom Lesotho, have been engaged in an exercise to register the Sim cards of their customers as well as recording other personal data.
This is in line with the requirements of the Communications (Subscriber Identity Module Registration) Regulations gazette issued on 24 December 2021 by then Communications, Science and Technology Minister, Sam Rapapa.
The regulations require citizens, diplomats, foreign nationals and visitors to register their Sim cards with mobile service providers or their agents.
Mr Rapapa’s amended regulations replaced the earlier discredited ones originally gazetted by his predecessor, Keketso Sello, in June 2021.
Among the main provisions of the amended regulations is that all new Sim cards be registered and activated within seven days.
Existing Sim cards will have to be captured and registered within 12 months of the new regulations coming into force. This means that all existing Sim cards will have to be registered by 24 June 2023 latest.
For registration purposes, subscribers would have to submit valid identity documents and passports in the case of foreign nationals.
As was the case with the previous regulations, mobile service providers will have the capacity to monitor citizens’ private information which can be passed on to the security agencies should the need arise but only upon production of a court order. This scraps the previous draconian Sello regulations which had given the security agencies unfettered access to subscribers’ information and communications without court authorisations.
The new regulations also remove the earlier provisions for the creation of a national database where all subscribers’ information would be stored. In terms of the earlier regulations, that database would have been managed by the Lesotho Communications Authority (LCA) – the regulatory authority for all mobile communications and broadcasting organisations in Lesotho.
Under its then chief executive officer (CEO), Mamarame Matela, the LCA had gone on to award an M500 million tender to Global Voices Group (GVG) South Africa in December 2020 to supply it with a Compliance Monitoring and Revenue Assurance system.
However, the central database has no place in the new regulations, therefore GVG’s services are no longer required. The LCA has a pending High Court case seeking the nullification of the GVG tender on the grounds that it was irregularly awarded. More importantly, the acting LCA CEO, Nizam Goolam has argued in his court papers that the GVG system would give the authority pervasive and intrusive powers to snoop on citizens’ information and communications- powers which are generally associated with security and intelligence agencies. This is despite that there are no laws allowing the authority to spy on citizens.
In addition, unlike the previous regulations, there is no longer need for roaming foreign Sim cards to be registered in Lesotho. The requirement for subscribers to register their mobile phones and other devices for use with the Sim cards has also been scrapped.
There are penalties in the form of fines for failure to comply with the new regulations.
“A licensee who fails to capture, register, deregister, deactivate or keep details of any subscriber as specified in these regulations or as may be stipulated by the Authority (LCA) commits an offence and is liable on conviction to a penalty of M5000 (equivalent of R5000) for each Sim card,” the gazette states.
“A licensee who activates any Sim card without capturing, registering and keeping the personal information of a subscriber commits an offence and is liable on conviction to a penalty of M5000 for each Sim card.
“A licensee who fails to comply with provisions of regulations 5 and 6 (which require the licensee to maintain strict confidentiality with regards to subscribers’ information and ensure that such information is not released to a third party except with the consent of the subscriber or a court order) commits an offence and is liable on conviction to a penalty of M100 000.”
A licensee who “misuses” subscribers’ information is liable to a fine of M250 000 per subscriber.
The special case of the DCEO
Unlike the original regulations, the amended ones offer subscribers greater protection in that their information and communications will no longer be handed over to the security agencies without court orders to that effect. However, as alluded to above, citizens are still not safe from the prying eyes of the state because the director general of the DCEO is exempt from seeking a court order before he can access any information as long as he writes to the mobile phone companies to say he needs it for investigations of alleged crimes. His powers to access information are unlimited. Even banks and any other entity holding any kind of clients’ information are obliged to surrender it to the director general as long as he puts his demands in writing. These powers are granted by Prevention of Economic Offences Act of 1999.
According to Econet’s Mr Thloeli, “the wording of the Prevention of Economic Offences Act of 1999 is such that instead of first approaching the courts for an order like everyone else, the director general of the DCEO is empowered to simply write a letter to any institution explaining why he needs such information.
“As long as the information relates to investigations that his office is conducting, then we are duty bound to release the information. The wording of the law is such that instead of first approaching the courts for an order like everyone else, the director general of the DCEO is empowered to simply write a letter to any institution explaining why he needs such information,” Mr Thloeli adds.
On his part, Vodacom’s Mr Ntaopane said, “there is a good reason why that specific institution (DCEO Director General) is allowed to simply request information in writing.
“Its mandate is to investigate corruption. There’s no need to beat around the bush when you’re fighting corruption. What we should be concerned about is ensuring that nobody, except those who are allowed by law, should have access to subscribers’ information. And that information must be released only when there’s an investigation. We don’t give it out any other way. Even the Director General cannot ask for that information if there’s no investigation.
“So, there has to be an investigation in order to trigger that process. So, to our customers, we can tell you that your data and personal information is safe. I must also inform our subscribers that we don’t record their mobile phone conversations and messages. We don’t keep any recordings and transcripts of their conversations,” Mr Ntaopane said.
DCEO director general Mahlomola Manyokole, who is currently on suspension for alleged incompetence, has also voiced his approval for the exemption, saying, “We can’t have a DCEO that is not able to do its work effectively because it can’t access personal information when investigating cases”.
“People always claim their right to privacy but how can the DCEO investigate if it cannot obtain critical personal information? If the DCEO has to go to court first to access required personal information, there’s a risk of exposing our investigations — the judge and the public will know about it.
Even asking to see the judge in chambers is also risky. What if we’re investigating the judge’s colleagues?
“It is only proper that the DCEO is able to obtain information from institutions like banks and mobile telecommunication service providers without seeking a court order. That will make our investigations more effective,” Advocate Manyokole said.
Abuse of power and potential rights violations
However, former Finance Minister Khaketla is one of those who believe that in the absence of court orders, the DCEO director general, who is solely appointed by the prime minister, risks being manipulated by the latter to abuse his position to access information for the purposes of spying on political opponents and violating their rights to privacy.
To prevent this abuse of power and protect the rights of citizens, Dr Khaketla suggested that the laws should be amended to ensure that everyone, including the DCEO director general can only access citizens’ information only after obtaining a court order to that effect.
“If the police have to get a court order, why not the DCEO? It is very wrong for them to be exempted,” Dr Khaketla said.
She knows too well how powerful the DCEO is after her bank records were accessed without her knowledge as part of a probe into allegations that she attempted to solicit a M4 million bribe from a joint venture company, Lebelonyane Fleet Solutions, which had been shortlisted for a multimillion-maloti government vehicle fleet tender in 2016.
She was only acquitted in June this year by High Court Judge Molefi Makara due to the DCEO’s failure to prosecute the case against her.
She said she was innocent and the case was an example of how the DCEO had been weaponised by her political rivals to destroy her.
Speaking of the DCEO’s pervasive snooping powers, Dr Khaketla said, “They easily access people’s records. When they interrogated me for five solid hours, they already knew everything about my bank accounts”.
To prevent the abuse of its powers and to protect citizens’ privacy, the laws should therefore be amended to ensure that the DCEO only accessed citizens’ information upon obtaining a court order showing why it was necessary for it to have the information.
When this was put to Adv Manyokole, he too conceded that there was a risk of mobile subscribers and other citizens’ information being abused by the DCEO director general and its investigators doing the bidding of unscrupulous politicians.
The solution to this likely abuse of power is not by amending the law to curtail the DCEO director general’s power, Adv Manyokole said. Rather, a victim of such abuse should simply approach the courts for redress.
“Yes, information can be abused by investigators if they are manipulated by politicians or any other people. That is wrong. Information should remain confidential and not go beyond the scope of the case being investigated. If this abuse of power happens, aggrieved persons can take the matter to court,” Adv Manyokole said.
Nevertheless, he admitted the DCEO and its director generals are vulnerable to politicians. “The institution is not as independent as it should be because as things stand, the DCEO director general is solely appointed by the prime minister and can be removed by the prime minister,” he said in an interview.
Over the past few years, the trend has been that of DCEO director generals being removed from office whenever a new prime minister comes into office. Adv Manyokole was himself appointed in 2019 by then Prime Minister Thomas Thabane who had got rid of the former incumbent, Borotho Matsoso. Adv Matsoso was sent on forced leave 22 February 2019 ahead of the expiry of his contract on 30 June 2019. It was alleged at the time that he was forced out of office because he had instituted investigations into the alleged M7 million fraud at the Lesotho Post Bank which was said to involve some senior members of the then Thabane-led government.
While denying the claim, the then prime minister’s spokesperson, Thabo Thakalekoala, said it was the prime minister’s prerogative to renew or terminate the contracts of public officers without providing reasons for his decisions.
The now deceased Mr Thakalekoala’s response showed that DCEO director generals are vulnerable and beholden to prime ministers.
This vulnerability is something Adv Manyokole has himself acknowledged and is blaming for his suspension by former Prime Minister Moeketsi Majoro.
In his ultimately unsuccessful quest to overturn his suspension in the High Court last year, Adv Manyokole alleged that Dr Majoro and then Law and Justice Minister, Nqosa Mahao, were “crusaders of corruption” who had only suspended him because he had dared investigated them and other high-profile people for corruption.
Asked to elaborate on these claims, Adv Manyokole told the Lesotho Times that, “they (Majoro and Mahao) were interfering with my duties to investigate corruption by harbouring criminals and protecting them from prosecution. They would ask me about progress in cases that they had an interest in. They would also tell me who to investigate. I found all this unprofessional”.
But still Adv Manyokole believes the DCEO director general must retain his powers to access any information without having to go to court first. He believes the best way of ensuring a professional and uncompromised DCEO is by amending the laws to take away the prime minister’s powers to appoint, discipline and remove a DCEO director general. Those powers must be given to parliament, he says.
“The DCEO should be answerable to parliament. As long as the prime minister has the powers to appoint, discipline or dismiss the DCEO DG as he deems fit, such officials will always be at his mercy. The law should be amended so that the premier appoints and fires the DG on the recommendations of parliament, and not at his own discretion. This will ensure that DGs are not removed willy-nilly. Making them answerable to parliament would also ensure that they don’t abuse their powers to violate citizens’ rights,” Adv Manyokole said.
Herbert Moyo is a journalist researching digital surveillance with support from
the Media Policy & Democracy Project (MPDP) jointly run by the University of Johannesburg and Unisa.