Pazhany Rangasamy, lawyer, has submitted his responses to the Demands of Further Particulars from the State, the ICTA, the Data Protection Commissioner, and Mauritius Telecom in relation to his constitutional complaint questioning the government regulations that make it mandatory to reregister SIM cards.
This case was called before the Chief Justice Rehana Mungly-Gunbul in the Supreme Court on Monday April 08.
Despite the Supreme Court being on break since March 29, 2024, the Chief Justice has agreed to hear this urgent complaint in April.
This decision was made as the deadline for Mauritians to reregister their SIM cards on Tuesday, April 30, is fast approaching.
The Chief Justice has made it clear to the legal representatives that she wants this case to be in shape by the end of April, to then be heard on its merits.
The parties mentioned in the complaint, including the State, the Minister of ICT, the ICTA, the Data Protection Commissioner, Mauritius Telecom, Emtel, and MTML, will need to formally outline their positions by the following Monday.
However, no indication has been given regarding any interim judgment on a Stay of Execution for these regulations.
The Chief Justice and Judge Karuna Gunesh-Balaghee had already heard submissions from legal representatives on March 25 regarding this matter.
Pazhany Rangasamy submitted his responses to the questions from the State, the ICTA, the Data Protection Commissioner, and Mauritius Telecom on Monday. Below is a summary of these questions and the responses provided:
Which Database is Pazhany Rangasamy referring to?
Pazhany Rangasamy claims that the State and its officials are trying to circumvent the Supreme Court judgment in the Madhewoo v. State case, concerning biometric identity cards, by establishing a biometric database of citizens under the new regulations for SIM card reregistration.
He argues that this constitutes a Colourable Device. The term “Database” is mentioned multiple times in these regulations.
In the Madhewoo v. State case, the Supreme Court ruled that it was unconstitutional to collect and indefinitely store citizens’ biometric data in a easily accessible database without Judicial Oversight.
According to Pazhany Rangasamy, biometric data, including a color photo, must be stored in a database for authentication purposes by telecommunications operators through the Central Population Database (CPD).
There is also complete lack of transparency regarding the authentication process by telecommunications operators, which will be carried out by middleware at the Government Online Center (GOC).
He believes that these regulations aim to facilitate the creation of a vast database of personal information on citizens, posing a risk of misuse of this private information.
What data protection measures are missing?
The State has not provided any information on the Data Privacy Policy that will be in effect or the technical measures that will be taken to protect biometric data.
There is no mention if the Data Protection Act 2017 will apply to the protection of this data.
The issue of legal responsibility is also a concern in this case. A simple statement that this data will be protected is not sufficient.
The article in Le-Mauricien dated April 6, which discusses the processing of citizens’ personal biometric data by foreign companies, was mentioned in this context.
The Mauritian government will have to rely on these companies, as neither the government, nor its officials, nor telecom operators have the necessary software for facial recognition.
The lawyer pointed out that all of this is happening without the approval of Mauritian citizens. Furthermore, these companies will not be subject to confidentiality agreements with Mauritian citizens.
How will re-registration facilitate access to private communications by the State and its officials?
What are the dangers for citizens and political opponents? Monitoring users by State officials will be facilitated through the interception of phone conversations and emails.
This compromises users’ ability to communicate confidentially, violating their right to privacy.
User profiling could even be done, as their phone number could be matched with their voting preferences. The government could then identify and target political opponents.
The information provided through SIM card re-registration could make it easier for officials of the State or hackers to clone, copy, or swap these cards.
This could lead to the operation of a Duplicate Device, which could receive or send calls or messages in parallel.
From there, private communications, including emails and WhatsApp messages, are at risk of interception. User geolocation could also be accessed.
State officials or hackers could thus gain easier access to the system and intercept phone conversations or messages.
How do these Regulations violate the Data Protection Act?
The Data Protection Act 2017 states that the Data Subject has the right to know how their data is processed by any entity.
Telecom operators are obligated to disclose this data processing process.
However, there will be no user consent regarding how their biometric data, including photos, will be processed by telecom operators.
The ultimatum to re-register SIM cards thus violates this right to provide consent under the Data Protection Act 2017.
Why does the plaintiff mention a violation of the presumption of innocence?
The main reason cited by the State to justify the mandatory re-registration of SIM cards is to track drug traffickers using Black Phones, based on the recommendations of the Lam Shang Leen Commission.
However, the report did not recommend forcing all citizens to re-register their SIM cards. Instead of this coercive measure, authorities should have conducted a thorough investigation in the prison environment to eliminate the use of Black Phones, both inside and outside prisons.
Authorities should have imposed stricter control measures on prison staff and implemented strict surveillance to combat SIM card smuggling.
The focus should be on drug traffickers, not all mobile phone users. The authorities are completely missing the point.
Minister Balgobin asks the Supreme Court to dismiss the complaint:
Minister of ICT, Deepak Balgobin, has requested that Pazhany Rangasamy’s complaint be dismissed as it may be Time-Barred.
This legal action was filed three months after the Regulations took effect, and no justification has been provided by the plaintiff for the delay.
He also questioned whether Pazhany Rangasamy has the necessary Locus Standi to bring this action.
The ICT Minister also emphasized that he is not responsible for the ICTA. He has no role in enacting these Regulations and is not responsible for SIM card re-registration or the collection or retention of biometric data under these Regulations.
Source: Le Mauricien
