Democracy and biometrics

What Pazhany Rangasamy’s case against SIM card registration is about

11 février 2024, 22:00


Partager cet article

Facebook X WhatsApp

What Pazhany Rangasamy’s case against SIM card registration is about

The ongoing sim registration exercise is looking to re-register sim cards nationwide until April 2024.

The Labour Party’s Pazhany Rangasamy has lodged a case at the Supreme Court contesting the constitutionality of the regulations concerning the sim card re-registration exercise currently underway. So what are his arguments against the move?

The registration exercise

Labour Party member Pazhany Rangasamy lodged a case at the Supreme Court this week contesting the constitutionality of regulations regarding the ongoing registration of sim cards by telecoms companies. What he is also asking for is for the Supreme Court to freeze this exercise until the case is decided. This after the leader of the party and ex-prime minister Navin Ramgoolam announced that his party would challenge the move. Rangasamy’s case is the second questioning the sim card registration exercise after one lodged by former Attorney General and barrister Rama Valayden and unionist Ivor Tan Yan (both in the LPM Party) also disputing the re-registration of sim cards on constitutional grounds.

In December 2021 the MSM-led government came up with the Information and Communication Technologies (Registration of SIM) regulations but had to push back the registration exercise as the three major telecoms companies, Mauritius Telecom, Emtel and MTML, said they lacked the infrastructure to store the data from a mass, nationwide registration exercise that would include biometric information such as photographs for each user. In June 2023, the cabinet passed another regulation to start the registration process on October 31, 2023 to last until April 2024. The Information and Communication Technologies Authority (ICTA) announced that the registration campaign was; “to ensure that at the end of the exercise, each sim is registered in the name of its user, in order to protect subscribers against all types of fraud, identity theft and other offenses”.

SIM 2.jpg (Attorney and Labour Party member Pazhany Rangasamy has lodged a case contesting the constitutionality of the campaign. The second such case that been lodged since the registration exercise started.)

The planks of the case

So what are the arguments that Rangasamy’s legal challenge is looking to present at the Supreme Court? The first argument, just as the case of Valayden and Tan Yan argued, was that imposing an obligation on citizens to turn over biometric data to telecoms companies cannot be done just by a simple regulation. As Rangasamy’s case argues, “the unilateral decision of the defendants to impose a legal obligations upon citizens to give sensitive, biometric data for purpose of registration of SIM without any parliamentary debate infringes the very spirit of sections 1 and 45(1) of the Constitution…”(sic).

In addition to the argument that such a move was made by bypassing the National Assembly entirely and coming via regulations instead, Rangasamy’s case also attacks the rationale for introducing the move. The Lam Shang Leen commission report on drug trafficking made public in 2018 brought up the issue of sim cards being used by jailed drug traffickers. It pointed to sim cards being bought by tourists and foreign workers which were then recycled and sold to traffickers. It pointed to one example where an employee in a travel agency bought 200 sim cards at a time, ending up with 25,000 sim cards registered in his name, some of which were seized in prison from jailed drug traffickers. Despite the fact that the commission recommended much more modest ways of tackling the problem such as limiting the number of sim cards that could be purchased at a time, automatically deactivating sim cards sold to tourists and foreign workers after a time, switching to postpaid subscriptions and banning the sale of scratch cards, it was the commission report that the government has leant on to justify the move.

However Rangasamy’s riposte is that; “first, it is the duty of prison authorities to prevent unofficial mobile phones with sim cards from entering prison premises. Secondly, the fact that some drug traffickers may have made use of black phones in the past, does not constitute sufficient justification to require a whole population and honest citizens who have nothing to do with the drug trade to register their sim cards failing which same will be deactivated”.

SIM 3.jpg (The late Dr Rajah Madhewoo contested the giving of fingerprints for the biometric cards that appeared in 2013. The Supreme Court ruled that keeping a database on biometric information was unconstitutional.)

The biometrics question

The other plank of Rangasamy’s case is a more complex argument; in effect, it accuses the government of coming up with the registration exercise as a way to sidestep limitations put on it by the Supreme Court and the Privy Council.

To illustrate this, a bit of background is in order. Back in 2013, the Labour-PMSD government led by Prime Minister Navin Ramgoolam introduced biometric ID cards including fingerprints that would be stored at a government-run database. The Rs1.1 billion project was challenged legally in separate cases filed by Dr. Rajah Madhewoo and Pravind Jugnauth (then heading the MSM in the opposition).

Convinced that the collection of fingerprints was needed to prevent the duplication of ID card applications, the Supreme Court in May 2015 ruled that while collecting fingerprints to process an ID card application was okay, the Mauritian state storing biometric information such as fingerprints on a database indefinitely was unconstitutional.

In its 2015 judgement, the Supreme Court held that; “the provisions in the National Identity Card Act and the Data Protection Act for the storage and retention of fingerprints and other personal biometric data collected for the purpose of the biometric identity card of a citizen of Mauritius are unconstitutional”. Alongside the Madhewoo case, the court reached the same conclusion in Jugnauth’s case too.

The main reason for the Supreme Court declaring the state holding biometric data indefinitely was unconstitutional was precisely how weak the laws protecting citizen’s data actually are. In Madhewoo’s case, after reviewing the Data Protection Act, the court concluded that it was, “manifestly clear that the personal data of individuals such as the plaintiff can be readily accessed in a large number of situations. What is even more alarming is the relatively low threshold prescribed for obtaining access to personal data. A striking illustration of that is the enactment in section 52(iii) (of the Data Protection Act -ed.) whereby access may be obtained merely by invoking that the disclosure of the data is necessary for the purpose of obtaining legal advice. What is even more objectionable is the absence of any safeguard by way of judicial control to monitor the access to personal data”. All this to say that the reason why the state could not be trusted with a database containing biometric information on its own citizens was precisely because of the lack of legal protections when it came to protecting such data.

The MSM-led government that had come to power by that time was obliged by the court to destroy the database holding the fingerprints of 900,000 people. The Supreme Court’s view was upheld by the Privy Council – the apex court in the Mauritian judicial system – as well.

Regarding the ongoing sim registration exercise, on 24 October last year, Prime Minister Pravind Jugnauth told the National Assembly; “I am informed that for the efficient implementation of the regulations, it is of paramount importance that a reliable and genuine database of SIM card owners be put in place and maintained”. And further, “personal data of subscribers are and will continue to be collected and stored by the mobile telephone operators in conformity with the Data Protection Act”.

By mandating that citizens turn over biometric data in the form of selfies and photographs to telecoms companies who will keep their own databases which can be accessed by the government-run ICTA and under an inadequate data protection law, Rangasamy argues that the sim card registration exercise is just a way to get around the prohibition on keeping a biometric database by the government itself.

What the government and telecoms companies are doing, Rangasamy argues, “is now trying to circumvent the legal prohibition of setting a database with the biometric detail of the citizen under the National Identity Cards legislations by coming up with registration of SIM under the Information and Communication Technologies Act to set up such a database and that such regulations smack of colourable device” (sic).

Put more simply, barred by the Supreme Court and the Privy Council from storing biometric information on its own databases, the government now seems to be outsourcing the job to telecoms companies instead. But here too the question will crop up: if it is unconstitutional for the state of maintain a biometric database on its citizens, how can it be any more constitutional for private telecoms companies to maintain their own databases by government diktat instead?

The UNHRC angle

Rangasamy also points to the United Nations Human Rights Committee (UNHRC) in Geneva where Madhewoo took his case back in 2017. He wanted to go further than just get the state to destroy its record of fingerprints, he wanted the state to stop collecting fingerprints for the ID card itself.

In July 2021 the UNHRC ruled that by storing the fingerprints and biometric data on the ID card itself, the Mauritian government had shifted the problem of data protection from itself to ordinary citizens carrying their ID cards. What it found was that the lack of safeguards against data theft off an ID card itself meant that forcing people to fork over fingerprints to get an ID card was a breach of the International Covenant on Civil and Political Rights and violated Madhewoo’s privacy rights under the Covenant.

What the UNHRC did was rubbish any arguments that the very act of collecting biometric data in the form of fingerprints was necessary to prevent identity fraud and multiple applications when applying for ID cards. The acceptable compromise for the Supreme Court went something like this: the state could collect fingerprints when someone applied for an ID card to prevent him from making another application somewhere else. Once he got his ID card however, the fingerprint record with the state would be erased, since keeping such a database would be unconstitutional.

At the UNHRC the obvious question was raised: if there was no database, then what would stop somebody from making another application after he had received an ID card? Indicating that the very collection of fingerprints when applying for an ID card seemed to be of little point. In its decision, the UNHRC pointed out that “the state party (Mauritius-ed.) has not responded to that specific point, nor explained how the storage and retention of fingerprint data on individual identity cards can effectively prevent identity fraud”.

With the Mauritian state unable to come up with an answer, the UNHRC ruled against the collection of biometric information in the form of fingerprints and then storing them on unsecured chips on ID cards. Just as the Supreme Court pointed out the inadequacy of the Data Protection Act when it comes keep biometric databases and the UNHRC about the lack of security of the ID cards themselves, Rangasamy’s case argues that his “coloured photograph would be stored in a database. Besides, there is no stringent protective measures to safeguard his sensitive data”.

Madhewoo’s case is still ongoing at the UNHRC – despite his passing away – with the Mauritian state still supposed to come up with an answer on how it plans to resolve its ID card problem and what it has done since the UNHRC decision came out back in 2021.

Rangasamy’s case relies on this twin pincer that the Mauritian state has to deal with: the unconstitutionality of keeping a database of biometric information, this time by telecoms companies but with the ICTA having access to the information. While at the same time, the Mauritian state having to explain why it is asking telecoms companies to even collect photographs for the sim registration campaign even as it is supposed to explain to the UNHRC what it has done to stop itself from collecting fingerprints when it comes to the ID card.