Intellectual Property Rights from Publicly Financed Research and
R 385
Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)Schedule B : Directive for Mobile Cellular Operators in terms of Section 30(7)(a) read with Section 30(2) of the Regulation of Interception of Communications Information Act, 2002 (Act No. 70 of 2002)Part 2: Interception of Indirect Communications6. Security requirements for interception |
6.1 | Information on the manner in which interception measures are implemented in a given telecommunication system shall not be made available to unauthorised persons. |
6.2 | Information relating to target identities and target services to which interception is being applied shall not be made available to unauthorised persons. |
6.3 | The MCO shall agree confidentiality on the manner in which interception measures are implemented in a given telecommunication system with the manufacturers of its technical installations for the implementation of interception measures. |
6.4 | The technical arrangements required within a telecommunication system to allow implementation of the interception measures shall be realised with due care exercised in operating telecommunication systems, particularly with respect to the following: |
(a) | The need to protect information on which and how many target identities are or were subject to interception and the periods during which the interception measures were active. |
(b) | The restriction to a minimum number of staff engaged in implementation and operation of the interception measure. |
(c) | To ensure the clear delimitation of functions and responsibilities and the maintenance of third-party telecommunications privacy, interception shall be carried out in operating rooms accessible only by authorised personnel. |
(d) | The results of interception shall be delivered through a handover interface to the IC. |
(e) | No access of any form to the handover interface shall be granted to unauthorised persons. |
(f) | MCOs shall take all necessary measures to protect the handover interface against misuse. |
(g) | The results of interception shall only be routed to the IC as indicated in the direction or request when proof of the authority to receive, was received from the IC, and proof of the authority to send of the handover interface, has been furnished. |
(h) | Authentication and proof of authentication shall be implemented subject to national laws and regulations. |
(i) | Where switched lines to the IC are used, proof of authentication shall be furnished for each call set-up. |
(j) | In certain interception cases applicants may require, at the cost of the IC, the use of encryption or other confidentiality measures to protect the routing of the results of such interception. |
(k) | MCOs shall co-operate with the IC, or a person authorised by the IC, to implement encryption or other confidentiality measures if required for the purposes of subparagraph (j) above. |
(l) | In order to prevent or trace misuse of the technical functions integrated in the telecommunication system enabling interception, any activation or application of these functions in relation to a given target identity shall be fully recorded, including any activation or application caused by faulty or unauthorised input, and the records shall cover all or some of- |
(m) | the target identities of the target service or target services concerned; |
(n) | the beginning and end of the activation or implementation of the interception measure; |
(o) | the IC to which the result of interception is routed; |
(p) | an authenticator suitable to identify the operating staff (including date and time of input); and |
(q) | a reference to the direction or request. |
6.5 | The MCOs shall –take reasonable steps to ensure that the records referred to in paragraph 6.4(1) are secure and only accessible to specific nominated staff. |