Service providers snub RICA

By Leon Engelbrecht, ITWeb senior writer

Johannesburg, 02 Jul 2007

Internet service providers (ISPs) are flouting the Regulation of Interception and Provision of Communication-related Information Act (RICA) because of the cost involved, says IST Telecoms MD Magatho Mello.

RICA requires telecommunications providers and ISPs to install lawful intercept (LI) technology at their own cost to monitor voice and data traffic across their networks and provide the material gathered to the state against a warrant signed by a High Court judge.

The cost of LI technology to an ISP, with a presence in three cities, will be at least $400 000 (about R2.8 million), Mello says. ISPs see the expense as unnecessary and are dragging their heels, despite a legal requirement for them to comply.

"It is not cheap and providers are saying they'll rather wait and see if they ever get a RICA warrant," Mello says. He adds that ISPs see the move as "another regulatory stumbling block rather than an international trend".

European Telecommunications Standards Institute LI technical committee chairman Peter van der Arend supports Mello's view. He says it is a standard licence condition in Europe and the US that ISPs and telcos must provide LI facilities to the state at their own expense.

He says LI is a crucial part of police investigations into organised crime and efforts to fight terrorism. "We have to get [criminals and terrorists] before [they do] something to us, our families or our children," Van der Arend says.

Valuable information

SS8 Europe and Africa sales director Erik de Bueger says South African companies are fortunate that they only have to deal with the Office for Interception Centres (OIC), the single law enforcement entity created by RICA. He says in Germany there are 46 such entities, creating some complexity with regards to interoperability.

De Bueger says law enforcement and intelligence agencies requesting LI normally want uncontaminated data and voice, as well as metadata. He cautions that strict measures must be put in place - and maintained - to ensure the gathered material is uncontaminated. This includes a requirement to limit the number of staff involved in the process and to keep secret the identities of LI targets.

"This sort of information is very valuable," he says, intimating that criminals could bribe or do harm to staff to obtain that knowledge.

Domestically, RICA came into effect in September 2005 after being enacted in 2002. It requires all fixed-line and mobile phone operators, as well as ISPs, to provide LI on request.

However, a lawyer says the definition of an ISP is overly broad and theoretically includes educational institutions and employers providing e-mail and Internet access to students and staff. The lawyer says the ISP Association has, since January last year, been seeking an exemption from the Act for smaller ISPs.

The attorney confirms there are substantial penalties for non-compliance.

Meanwhile, industry talk is that the OIC is not yet ready to receive intercepted data packets, perhaps rendering the entire exercise moot - and buying the industry more time.