Cape Town - It would be hard - but not impossible - for South Africa's government to demand wholesale access to data from Vodacom under current legislation, according to Vodafone.
The UK-based company which is a majority shareholder in Vodacom released its first Law Enforcement Disclosure Report on Friday that illustrated wide-ranging collection of data from governments in areas where the company operates.
Vodafone's report showed that governments in Europe, notably Italy, were particularly enthusiastic about mopping up data that would allow agencies to monitor phone calls and metadata.
Metadata refers to non-personal data like when a phone call was placed, to what number, for how long.
Italy collected over 600 000 data sets that may personally identify Vodafone mobile phone subscribers - the highest in Europe, while Australia collected close to 700 000 sets of metadata in 2013.
SA is one of a number of countries that do not allow mobile operators to report on the data demand requests from government agencies.Judicial oversight
In SA, the Regulation of Interception of Communications and Provision of Communication-Related Information Act, commonly known as Rica, allows the third party collection of data from mobile operators under strict conditions.
"Subject to this Act, no person may intentionally intercept or attempt to intercept, or authorise or procure any other person to intercept or attempt to intercept, at any place in the Republic, any communication in the course of its occurrence or transmission," says the law.
However, it does allow for law enforcement officials to collect data if they have a "reasonable grounds" that a crime has been committed.
In its analysis of the South African legal framework, Vodafone said that a judicial officer had to be consulted before any data collection programme was conducted in the country.
"An interception direction can only be issued in the event that a judge is satisfied that a serious offence has been or will be committed, or the gathering of information is necessary concerning an actual threat to the public health or safety, national security or compelling national economic interests of the Republic."
However, Chapter 5 of Rica says that any mobile operator in SA must build a back door into its network.
"Notwithstanding any other law, a telecommunication service provider must- (a) provide a telecommunication service which has the capability to be intercepted; and (b) store communication-related information," says Section 30.Transparency
This capability could be potentially used by government agents to snoop on mobile subscribers without the company's knowledge.
Vodafone said in many jurisdictions, this provision was a requirement as some countries insisted that government agencies directly plugged in to the company's networks, allowing massive collection of data, recording of phone calls and even tracking user locations.
The lack of judicial oversight was one of the reasons cited by former NSA security contractor Edward Snowden for making public the revelations on the US agency's activities.
Tech firms have urged governments to limit what spooks may collect on the internet and have pushed for more transparency regarding information requests.
Google has long published its Transparency Report and Twitter, Apple and others have recently also published similar initiatives.
- Follow Duncan on Twitter