Lawful Interception of Communications Regulations (2013)
Brief Comments By Nasir Ahmad El-Rufai at the Joint Action Committee on ICT Awareness and Development (JACITAD) Policy Review Forum on the Draft Lawful Interception of Communications Regulations held Tuesday May 14, 2013 in Lagos
Background:
The Nigerian Communications Act 2003 (NCA 2003) was originally drafted by a consortium of local and international lawyers hired by the BPE under my leadership to give legal effect to the approved National Communications Policy midwifed by the National Council on Privatization in 2001. The goal of the legislation was to fully deregulate the telecommunications sector and give broader and deeper regulatory powers to the NCC, while restricting the Minister to policy making roles only.
The results of the policy shift and new legal framework have been impressive and the fact that virtually every Nigerian, including teenagers, has a phone is evidence of the success of the de-monopolization regime that began to take effect from 2001.
It is on reliance of, and pursuant to sections 70, 72, 146, 147 and 148 that the NCC has issued “The Draft Lawful Interception of Communications Regulations (2013?)”. In order to undertake a policy analytic review of the draft regulations, it is necessary to ask the following questions, which broadly fall into two classes – first to establish the legitimacy and legality of the regulations, and second to critique their substantive content and language:
(1) What are the constitutional provisions regarding privacy or otherwise of physical and electronic communications between citizens?
(2) Under what conditions does the constitution and laws allow the violation of such privacy, if any?
(3) When the Legislature passed the NCA, did it reasonably intend to give the NCC the powers to regulate the interception of private communications, thus enabling the infringement of fundamental rights without specific legislation via an Act of National Assembly?
(4) Do the provisions of sections 70, 72, 146-148 of the NCA, without more, adequately grant the NCC the legitimacy to issue and enact the regulations under consideration?
(5) Assuming the Constitution and the NCA enables the NCC to issue the regulations, are they fit for the purpose of protecting the privacy of the citizen while enabling access to law enforcement agents in the public interest?
(6) If not, what additions, modifications or omissions are necessary to achieve the desirable balance?
Philosophical and Historical Considerations:
Over two hundred years ago, in the fourth volume of William Blackstone’s ‘Commentaries on the Laws of England”, eavesdropping has been recorded as an offence indictable at common law. Blackstone wrote in 1769 that at common law:
“Eavesdroppers, or such as listen under walls or windows, or the eaves of a house, to hearken after discourse, and thereupon to frame slanderous and mischievous tales, are a common nuisance and presentable at the court-leet; or are indictable at the session, and punishable by fine and finding of sureties for good behaviour.”
Listening to other people’s conversations is therefore not only objectionable but a crime in common law jurisdictions like Nigeria. So why does our government want to listen to our telephone conversations? Why has the federal government committed between $40-$61 million off-budget to monitor our emails, instant messaging and social media activities? The federal government has refused to answer these questions, and when it does, its justification will be the paternalistic need to provide security for all by spying on a few of us.
The primary duty of any government is internal security, maintenance of law and order and monopoly of coercive power over its territory, while respecting the rights of the citizens. From time immemorial, the challenge for any government is to what extent it can tamper with the rights of a few for the good of the many. The dilemma for citizens is the extent to which they will give up their individual rights to a leviathan called government in order to be protected in the arrangement Rousseau called a social contract. While citizens are entitled to their dignity and privacy, governments argue that they can protect citizens only if they know what a handful of criminal elements may be up to. With the rapid development of communications and encryption technologies, side by side with the proliferation of cybercrimes, terrorism and insurgencies, this question has become even more troubling for everyone. Striking a balance between respecting individual privacy and spying enough on citizens to ensure our collective security is the standard that should be applied to analyze the regulations being proposed.
Legitimacy of the Regulations:
Chapter IV of the Constitution of the Federal Republic of Nigeria 1999 deals with fundamental rights of citizens that are guaranteed against the State. Sections 34, 35, 37 and 38 entrenched rights that may be breached if the government unlawfully intercepts communications between citizens. Section 37 is very specific about telephone communications:
37. The privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected.
This provision is however moderated by section 45 which states that:
45. (1) Nothing in sections 37, 38, 39, 40 and 41 of this Constitution shall invalidate any law that is reasonably justifiable in a democratic society (a) in the interest of defence, public safety, public order, public morality or public health; or (b) for the purpose of protecting the rights and freedom of other persons.
From the foregoing, it is not only unlawful for the government to invade the privacy of citizens by intercepting letters, phone conversations or emails, but a constitutional violation and therefore an impeachable offence! However, if the National Assembly enacts “any law that is reasonably justifiable…in the interest of defence, etc…” then the interception may be lawful. The question that follows is whether NCA 2003 is one such law.
As one of the fathers of the NCA 2003, I can say without any fear of contradiction that it was only meant to deregulate the telecommunications sector and no more. It was not designed or drafted to abridge the fundamental rights of Nigerians entrenched in the 1999 Constitution, and there is nowhere in the law except one of the ‘emergency provisions’ in section 148(1)c that intercepting communications was envisaged. The regulations under discussion did not pretend to derive legitimacy from any ‘emergency’ situation in Nigeria right now.
Section 70 of NCA 2003 empowers the NCC to make and publish regulations for six classes of issues all of which have to do with technical and economic regulation of the industry, and none to do with citizens’ rights to the privacy of their communications. Section 72 merely enables the NCC to review rules and regulations already issued, while sections 146 and 147 refer to technical issues and legal indemnities when licensees are required to assist law enforcement agencies in preventing the commission of crimes. The sections do not obviate the need for an Act of the National Assembly that will ‘authorize interception’ of communications without violating the Constitution. Merely mentioning these in ss. 146-147 does suffice in my humble opinion.
Furthermore, it is trite law that no regulation pursuant to any legislation without specific intervention of the legislature can abridge constitutionally-protected rights. It is therefore my view that these regulations have no legal basis and will be challenged by civil rights lawyers when they come into effect. What the government must do is to propose the regulations as a bill for consideration, debate, public hearings and passage by the National Assembly. This ‘short cut’ is unconstitutional, unlawful and unlikely to stand judicial review. The NCC is not the legislature. It cannot create a brand new legal and regulatory framework with no basis in statute or common law. It should simply step back and do the right thing which is referring the draft to the President to present to the Legislature.
Purpose and Content Review:
The first clause of the regulations purports to create “a legal and regulatory framework” including prescribing penalties for offences not specified in the NCA – something only the National Assembly can do. Compare this overreaching with the NCA 2003 Enforcement Regulations 2005 which started differently and within the limits allowed by the Act. The regulations also promised to ‘ensure the privacy of subscribers’ as required by the Constitution without taking any specific steps to do so.
The regulations have no commencement date. The title of the draft regulations contain no year of coming into effect. Many of us know that the unlawful interception of communications have been going on for years. The deliberate omission of a commencement clause indicates that the regulations are likely to be backdated to have retrospective effect. This will serve to provide cover for the unconstitutional, criminal and unlawful interception of private communications of political opponents that do not constitute a threat to public interest. We must insist that every regulation or law be appropriately dated and comply with the “non-retrospective” provisions of the Constitution.
Regulation 3 restated the obvious – that interception of communication is an offence. Since this is an offence at common law, the statement is unnecessary unless being specifically modified by statute. In many common law jurisdictions like the US, there is one objective standard applicable to allow the interception of communications – ‘probable cause’. This requires a preponderance of evidence presented to a judge for a warrant and is included in the Fourth Amendment of the US Constitution, which is a more detailed version of s.37 of our constitution:
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
Regulation 4 provides for lawful interception when the specific consent of either party to the communication has been obtained. What needs adding here is “specifically” between ‘has’ and ‘consented’. Regulation 5 contains the provisions in event of interception when a Warrant has been properly issued by a federal judge. My only suggestion is that 5(1)b and everywhere else such provision applies, should be redrafted to read:
“(b) assistance to a foreign government in accordance with a valid treaty or bilateral mutual legal assistance agreement with Nigeria.” (Additions or modifications in bold Italics)
Regulation 7 is an attempt at legislation relying on the emergency provisions of NCA 2003, but going further to specify that the designees of the NSA and Director SSS as ‘the law enforcement agencies’ that can intercept our communications. First, where the constitutional rights of a citizen are at risk, only the officers of ultimate responsible and NEVER their designees are allowed to take such decisions. Remember that even under military dictatorship, only the IG of Police, the NSA and the Chief of General Staff could sign detention orders. Secondly, it is doubtful if the NSA and Director-General of the SSS (not Director in the draft) are ‘stricto sensu’ law enforcement agencies! The Nigeria Police or EFCC are certainly law enforcement agencies, but not the office of the NSA and SSS. Thirdly, the omission of the frontline law enforcement agency – the Police from the list clearly shows the purpose of the interception is more driven by factors other than crime prevention. The entire regulation needs not just redrafting but fundamental rethinking.
Regulation 10 repeats the error of determining agencies to implement the warrant to lawfully intercept communications by limiting these to the NSA and the SSS, while broadening the scope of assistance to include not only disclosure of intercepted material, but provision of communication data. The narrow and restrictive rule of statutory interpretation when the rights of citizens are affected appears to be violated in this case. Once again, fundamental rethinking and redrafting is recommended.
Regulations 12 and 13 appear to be the ‘Anti-BlackBerry’ rules which prohibit the provision of services whose encryption algorithm makes it difficult or impossible to spy on. What is most troubling about these is the requirement that the NSA and SSS be given the key, code or access without the need to apply to a federal judge for a warrant, showing probable cause and on a case by case basis. This is a very dangerous provision which gives unchecked powers to the named agencies to invade the privacy of citizens without prior judicial review. This is unconstitutional and must be significantly qualified to be lawful.
Regulation 15 relating to secrecy needs to be reviewed to ensure that intercepted information is available to both the prosecution and defence in criminal proceedings. It is therefore suggested that 15(d) be redrafted to read:
(d) to any competent authority which requires it for any criminal investigation, any person or party that requires it in any criminal proceedings for prosecution or defence.
The interpretation section of the regulations should define “investigation”, correct the definition of law enforcement agency and perhaps change it to “security agencies” within the meaning of the National Security Act, and delete the ‘international mutual assistance agreement’ which does not exist in fact.
Final Words:
The publication of these draft regulations by the NCC is an open admission by the security agencies that they have been invading our privacy and constitutional rights without any legal basis. Subject to some of the suggested amendments to the content of the draft, the NCC should properly submit it as a bill for enactment by the National Assembly. That in my opinion is the only way to have an appropriate legal and regulatory framework.
Thanks for inviting me. God Bless the Federal Republic of Nigeria.
* Nasir Ahmad El-Rufai is a quantity surveyor who worked variously for AT&T Network Systems and Motorola before being appointed a presidential adviser (1998-99), director-general of the Bureau of Public Enterprises (BPE) (1999-2003) and Minister of the Federal Capital Territory, Abuja (2003-2007).
