Internet service providers explain what South Africa’s RICA law requires of them
Internet service providers (ISPs) in South Africa must be able to divert a user’s traffic to an “interception point” on-demand as a requirement of RICA,Cybersmart CEO Laurie Fialkov recently told MyBroadband.
The Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA) was gazetted in 2003 and, after a number of extensions, service providers finally had to fully implement it by June 2011.
Part of the demands RICA places on ISPs, Fialkov added, is that they must be able to see what a user is connecting to, as well as broad classification of what the traffic is.
“For instance we can tell if it is adult content or video streaming or e-mail,” Fialkov said.
This type of interception may only happen when a person in law enforcement receives permission to do so, however.
Fialkov highlighted sections of RICA which specify that only retired judges, or a judge of a High Court not in active service may grant a “direction” to this effect.
This is the only way they are able to inspect a user’s traffic, Fialkov said, as they don’t store any information about which URLs or IPs users connect to.
“At an individual user level we track total usage so that we can apply capping and so on,” explained Hershaw, who is head of Mweb ISP. This is for Mweb’s capped user-base.
Mweb also tracks the network protocols and services that are used by its subscribers at an aggregate level, Hershaw said. This is to do traffic management and shaping.
Asked how this data is stored and who has access, Hershaw said that it is secure.
“We treat it the same way as all our customer information, he said. “In terms of the aggregated data we are referring to here, only a small group of staff who do our traffic management [has access].”