In a recent case in the Cape Town High Court, disturbing details are emerging about how former rugby player, Zane Killian, who, along with 14 co-accused, has been charged with the murder of the head of the Western Cape division of the South African Police Service’s Anti-Gang Unit, Lieutenant-Colonel Charl Kinnear, used a cell phone tracking platform to stalk the officer in the months leading up to his murder. Killian and his co-accused have also been charged with the attempted murder of prominent Cape Town criminal law attorney, William Booth. The officer’s location was tracked using a platform called LAD, operated by an American company, 3DT Group. The tracking was done by “pinging” the officer’s cell phone number through LAD, which sent a signal to the phone and returned its approximate location.
Access to the officer’s phone number and those of other individuals was gained through MarisIT Credit Services, a company that provides consumer trace services. Using this service, Killian and his co-accused were allegedly able to illegally retrieve phone numbers from the Credit Bureaux and subsequently track those phones via the LAD platform. While LAD and similar services have been shut down, this case has raised alarming questions about how easily criminals can access sensitive personal information, specifically cell phone numbers and use it for nefarious purposes.
The use of location-tracking services is not inherently illegal under circumstances where consumers specifically consent to their cell phone data being tracked in order to determine their approximate, or sometimes exact, location at all times. In fact, these tools can be invaluable in emergencies, such as when recovering stolen property or locating a missing person. However, tracking someone without their consent is a serious invasion of privacy and illegal. There are two key laws that are aimed at protecting individuals from such abuses: the Regulation of Interception of Communications and Provision of Communication-related Information Act (RICA) and the Protection of Personal Information Act (POPIA).
RICA governs how communication information, including phone numbers and location data, can be accessed. Section 42 read with section 43 of RICA prohibits mobile cellular service providers from disclosing any information, including, consumer’s cell phone numbers and locations, unless there is a court warrant authorising such a disclosure or the information is required as evidence in a court of law. Additionally, POPIA places a legal obligation on parties responsible for processing personal information, including mobile cellular service providers, to protect the personal information they hold. In terms of Section 19 of POPIA, service providers must take reasonable steps to safeguard this data from unauthorised access.
A CALL FOR BETTER SAFEGUARDS
While LAD has been shut down, the Killian case has exposed vulnerabilities in how personal information is handled and protected by mobile cellular service providers, leading one to ask: how many other tracking platforms might still be out there, operating in the shadows? How many more individuals could be put at risk due to weak security practices? The frightening reality is that mobile service providers and companies have not done enough to protect our personal information.
Stronger security measures are needed, not only to prevent further tragedies like the one that took the life of the police officer but also to ensure that mobile service providers are complying with both RICA and POPIA. These laws are designed to protect us, but they are only as effective as the actions taken by those responsible for safeguarding our information.
The Killian case is a wake-up call for mobile service providers to strengthen their security systems and for consumers to remain vigilant about who has access to their data. Companies need to be held accountable for breaches, and there must be a push for better enforcement of the laws that exist to protect consumers.