Special Investigating Units and Special Tribunals Act, 1996
R 385
Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act 70 of 2002)Directives in Respect of Different Categories of Telecommunications Service Providers made in terms of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)Schedule A : Directive for Fixed Line Operators in Terms of Section 30(7)(a) read with Section 30(2) of The Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 (Act No. 70 of 2002)Part 2 : Interception of Indirect Communications6. Security requirements for interception |
(6.1) | Information on the manner in which interception measures are implemented in a given telecommunication installation shall not be made available to unauthorized persons. |
(6.2) | Information relating to target identities and target services to which interception is being applied shall not be made available to unauthorized persons. |
(6.3) | The FLO shall agree to confidentiality on the manner in which interception measures are implemented in a given telecommunication installation with the manufacturers of its technical installations for the implementation of interception measures. |
(6.4) | The technical arrangements required within a telecommunication system to allow implementation of the interception measures shall be realized with due care exercised in operating telecommunication installations, particularly with respect to the following: |
(a) | The need to protect information on which and how many target identities are or were subject to interception and the periods during which the interception measures were active. |
(b) | The restriction to a minimum of staff engaged in implementation and operation of the interception measure. |
(c) | To ensure the clear delimitation of functions and responsibilities and the maintenance of third-party telecommunications privacy, interception shall be carried out in operating rooms accessible only by authorized personnel. |
(d) | The results of interception shall be delivered through a handover interface to the IC. |
(e) | No access of any form to the handover interface shall be granted to unauthorized persons. |
(f) | FLOs shall take all necessary measures to protect the handover-interface against misuse. |
(g) | The results of interception shall only be routed to the IC as indicated in the direction or request when proof of the authority to receive, was received from the IC, and proof of the authority to send from the handover interface, has been furnished. |
(h) | Authentication and proof of authentication shall be implemented subject to national laws and regulations and as agreed upon by the IC and FLO. |
(i) | Where switched lines to the IC are used, call set-up shall be restricted through the use of the Closed User Group (CUG) facility. |
(j) | In certain jnterception cases applicants may require, at the cost of the IC, the use of encryption or other confidentiality measures to protect the routing of the results of such interception. |
(k) | FLOs shall co-operate with the IC, or a person authorised by the IC, to implement encryption or other confidentiality measures if required for the purposes of paragraph (j), above. |
(l) | In order to prevent or trace misuse of the technical functions integrated in the telecommunication installation enabling interception, any activation or application of these functions in relation to a given identity shall be fully recorded, including any activation or application caused by faulty or unauthorized input, and the records shall cover all or some of— |
(i) | the target identities of the target service or target services concerned; |
(ii) | the beginning and end of the activation or application of the interception measure; |
(iii) | the IC to which the result of interception is routed; |
(iv) | an authenticator suitable to identify the operating staff (including date and time of input); and |
(v) | a reference to the direction or request. |
(6.5) | The FLOs shall take reasonable steps to ensure that the records referred to in paragraph 6.4(l) are secure and only accessible to authorised staff. |
(6.6) | Refer to. paragraphs 18 and 19 for further compliance requirements with respect to security. |