Fluxmans Attorneys is one of South Africa’s top law firms. We offer an extensive range of legal services to a diverse client base, including individuals and large corporates across all se...
Whatsapp users would have noticed the following message “Messages sent to this chat and calls are now secured with end-to-end encryption”.
The current South African legislation which governs this topic is the Electronic Communications and Transaction Act of 2002 (“the ECT Act”) and the Interception of Communications and Provision of Communication-related Information Act of 2002 (“RICA”). Unfortunately, both of these acts do not deal directly with this form of encryption.
Nevertheless, the ECT Act and particularly Chapter 5 thereof does provide some form of regulation in respect of cryptography providers, products and services.
In terms of the ECT Act, cryptography providers must register with the Minister of Communications in order to provide cryptography services in South Africa.
Whatsapp Inc. is not based in South Africa and is therefore not subject to the provisions of Chapter 5 of the ECT Act.
Should a law enforcement official wish to attain a decryption key of a South African entity registered with the Minister of Communications, the provisions of Section 21 of RICA would apply. In essence, this section deals with the various requirements that must be followed in order to submit an application for access to a decryption key or alternatively a decryption direction.
With the introduction of end-to-end encryption, a defence that Whatsapp Inc. regularly relies on to avoid disclosing their decryption key is that “a user’s data is not stored on their system and they themselves do not have access to it.”
This development in encryption technology could have far reaching consequences for legal authorities and potentially hamper their ability to gain access to information which is exchanged between criminal groups on Whatsapp and similar platforms (if they follow suit).
Whilst the introduction of end-to end encryption has many positive benefits for the privacy of the individual, the creation of an unregulated platform which may perpetuate illegal activity is concerning.
As is generally the case with a privacy development of this nature, the constitutional rights of the individual must be weighed up against public policy considerations in a delicate balancing act, the consequences of which are yet to be determined.
(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)