Donate to SAFLII and support open access to the law

SAFLII is a vital cog in the broader movement to safeguard democracy in South Africa through open access to the law. SAFLII relies on donations to operate. Make your donation today, before it is too late.

If you are somehow involved in the South African legal scene you will know about SAFLII, the South African Legal Information Institute. To say this organisation provides a valuable service to the South African public is a gross understatement. The service it provides is vital and now SAFLII needs our help to keep it going.

What is SAFLII?

In case you aren’t familiar with SAFLII, it is a non-profit that has been working for years to make open access to legal knowledge and developments a reality. This is how SAFLII describes itself:

The Southern African Legal Information Institute (SAFLII) is an online repository of legal information from South Africa that aims to promote the rule of law and judicial accountability by publishing legal material for open access in line with the objectives of the global Free Access to Law Movement.

SAFLII also hosts legal materials from other countries in the region, which are obtained through partnerships and collaborative efforts with governments, courts, law societies and more recently through linking to other Legal Information Institutes being established in these regions.

If you want to know what happened in a pivotal court case, you go to SAFLII. They curate and publish court cases from South Africa’s superior courts (High Courts up to the Constitutional Court, along with a number of tribunals) as well as a range of journals and other legal reference materials.

You simply can’t have a society based on equal access to the law if you can’t actually access legal information. SAFLII is South Africa’s answer to that and one of the handful organisations that ensure that South Africans have meaningful access to legal developments.

Revolutionising open access to the law

I have been a huge fan of SAFLII and its work for years. My introduction to SAFLII was through a Privacy and Freedom of Information workshop hosted by the Constitutional Court in September 2007.

I have referenced dozens of court cases in my articles about legal news and developments over the years. This was only possible because of the incredible work the SAFLII team has done. Here are a few of the articles that became possible thanks to SAFLII:

  1. What the High Court decided about broadcasting the Oscar Pistorius trial
  2. Isparta Facebook defamation case highlights a fundamental legal question
  3. Johannesburg High Court rules on Facebook defamation
  4. The President, his penis and the Streisand Effect

To lawyers, these cases are professional knowledge. To the general public, these cases are a direct line to insights into the forces that shape South Africa on a daily basis.

Attending a workshop at SAFLII
My first exposure to SAFLII and a Privacy and Freedom of Information workshop in late 2007

Before SAFLII, commercial legal publishers such as LexisNexis and Juta & Company had a lock on legal knowledge. They were the exclusive publishers of court cases, statutes and journals and those invaluable materials were only available through relatively expensive subscriptions.

SAFLII changed that by publishing judgments published by South Africa’s courts and tribunals for free.

Those judgments, alone, made a profound difference. SAFLII’s work meant that citizens could read about the cases that shape the law. It also meant that lawyers and law students could keep up to date on the trends shaping the profession and all aspects of South African law.

Now SAFLII needs our help – Donate!

The organisation launched a fundraising drive a couple months ago. Its operating budget seems to be around R2 million each year. The organisation hasn’t published any information about its progress towards its goal but time is running out.

South Africa can’t afford to lose a resource like this. The law may be a dry abstract to most South Africans but open access to the law is a powerful tool to help build and maintain a democracy.

Donate to SAFLII
Donate to SAFLII today.

We can all make a contribution to keep this vital service alive for another year. Make a donation, whatever you can afford. SAFLII offers three options:

  1. Credit card;
  2. SnapScan; and
  3. EFT.

Donate today, make a difference.

The State Capture Report downloads, analysis and news

Update (2016-11-08): Added a new section titled “Interviews with President Zuma” with embedded audio recordings of interviews conducted by the Public Protector.

The State Capture Report is the culmination of a revealing investigation into various allegations of corruption and irregular actions by prominent politicians and business people. This is the first paragraph of the report’s introduction:

The investigation emanates from complaints lodged against the President by Father S. Mayebe on behalf of the Dominican Order, a group of Catholic Priests, on 18 March 2016 (The First Complainant); Mr. Mmusi Maimane, the leader of the Democratic Alliance and Leader of the Opposition in Parliament on 18 March 2016 (The Second Complainant), in terms of section 4 of the Executive Members’ Ethics Act, 82 of 1998 (EMEA); and a member of the public on 22 April 2016 (The third Complainant), whose name I have withheld.

It was completed in October 2016 by Advocate Thuli Madonsela, then the Public Protector. The report was submitted to the Speaker of Parliament and withheld, partly due to legal challenges to its release by the President and others.

On 2 November 2016, a full bench of the High Court ordered the State Capture Report’s release. The court ordered the Public Protector to release the report on its website which crashed soon after the order was made. The report eventually became available on the website. Below are download links to the two parts of the report.

I have included alternative download links to copies of the report stored on Amazon S3 in case the Public Protector’s site goes down.

The State Capture Report

  1. Report No:6 of 2016/17 on an investigation into alleged improper and unethical conduct by the President and other state functionaries relating to alleged improper relationships and involvement of the Gupta family in the removal and appointment of Ministers and Directors of the State-Owned Enterprises resulting in improper and possibly corrupt award of state contracts and benefits to the Gupta family’s businesses
    1. Official link on the Public Protector’s site
    2. Alternative download link
  2. Annexure A1 Interview between President Zuma and the Public Protector
    1. Official link on the Public Protector’s site
    2. Alternative download link

The Report is also available from SAFLII:

Interviews with President Zuma

eNCA has published audio recordings of the Public Protector’s interviews with President Zuma on its website. The President has lodged a complaint with the Public Protector about this but the interviews are currently available through these players:

Analysis

As you would expect, there has been considerable analysis of the State Capture Report.

Below are some of the links that I came across which seem particularly helpful in understanding the findings of the report and their implications. I may add to this list from time to time so check back for updates.

Interviews and discussions about the State Capture Report

State Capture Report developments

I created a Twitter Moment titled “#StateCapture Links, News and Analysis” to help organize many of the developments I found particularly helpful. This Moment may also be updated over time:

Of course you can also follow the #StateCapture hashtag on Twitter for even more developments and analysis:


Japanese theft from Standard Bank – leak?

The news about the Japanese theft from Standard Bank using roughly 1,400 cash withdrawals from Japanese bank ATMs raises serious questions about Standard Bank’s security and the possibility of a data leak.

Alicia’s recent article about cyber risks is very timely. News of a massive Japanese theft from Standard Bank highlights some of the risks Alicia wrote about.

Defeat cyber risks, use the Force

At the same time, this is an interesting attack primarily because of its simplicity. Usually credit card fraud attacks are based on stolen credit card information and/or cloned cards but chip and PIN cards (which are probably the most prevalent type of credit card in use in South Africa these days) are usually too secure for that to work.

What went wrong?

It’s one thing to clone a credit card and swipe it as a way to obtain some sort of benefit but withdrawing so much cash means the thieves had access to a substantial number of PIN codes and were able to draw roughly R14 000 from each ATM.

It’s not clear if that is per withdrawal or cumulatively from each ATM. If it is per withdrawal, there could be a problem with withdrawal limits set for the cards which were cloned.

Instead, the Japanese theft uses something much simpler and old school: PIN codes to enable the thieves to draw cash from Japanese bank ATMs. According to Moneyweb:

Police believe more than 100 people may be involved, according to the report, which quotes anonymous sources as saying that approximately 14 000 transactions were used to draw a maximum of 100 000 yen (R14 247) from seven bank ATMs.

Was Standard Bank hacked?

The big question, though, is how the thieves obtained the PIN codes to facilitate the crime? This question remains unanswered, for now, but early indications point to an exploit or security breach of some kind at the bank.

According to The Mainichi, which broke the story in its article titled “1.4 bil. yen stolen from 1,400 convenience store ATMs across Japan” –

Police suspect that the cash was withdrawn at ATMs using counterfeit credit cards containing account information leaked from a South African bank.

This story is still developing so expect to hear more, particularly about this alleged leak.

Postscript:

I assumed the credit cards were cloned but some commentators have suggested that these are issued credit cards, although with fictitious card numbers.

Postscript 2 (2016-05-24)

According to Ars Technica:

The theft took place on May 15, a Sunday, between the hours of 5am and 8am. ATMs were targeted across Tokyo and 16 other prefectures in the country. Police said they believe up to 100 people were involved in the heist, according to the Kyodo News Agency. The thieves apparently went to ATMs like those found in 7-11s across Japan and swiped counterfeit South African credit cards, created using information from cards issued by South Africa’s Standard Bank.

So the thieves created fake cards using information from issued credit cards? I have a feeling we are going to learn something important about how credit cards work and how they are processed by banks by the time the key details of this story emerge.

Image source: Pixabay

Defeat cyber risks, use the Force

Cyber risks are a real and present danger. They are often hidden and misunderstood so I wrote this article just for you. I’m also a Star Wars fan and couldn’t resist the Force.

When I think of the words “cyber risks”, I don’t think of anything immediately tangible nor anything immediately threatening. What those words, (especially together) mean to me is far more ethereal and a lot more entertaining…

My thoughts digress to a Jedi fighting a Sith, Ewoks and Jabba the Hutt. I think of Darth Vader – the famous “I am your father” scene. All very “other wordly” and “galactic”. Something a true Star Wars fan can fully and truly appreciate. But this is not Star Wars and I am no Princess Leia.

“Luke, I am your father”

Just like the “Luke I am your father” scene inevitably shocked Luke into a new reality, growing Cyber Risks are doing the same for businesses across the Globe. And that is actually my point – Is Cyber Risk really in a “Legality” far, far away or is it closer to home than we think?

What do I mean? Well I will give you some examples.

In the Price Waterhouse Cooper’s January 2016 Top Issues publication, the following was outlined

“The biggest challenge for insurers is that cyber isn’t like other risks. There is limited publicly available data on the scale and financial impact of attacks and threats are very rapidly changing and proliferating. Moreover, the fact that cyber security breaches can remain undetected for several months – even years – creates the possibility of accumulated and compounded future losses.”

And

“Cyber risks are increasingly frequent and severe, loss contagion is hard to contain, and risks are difficult to detect, evaluate, and price.”

On the Freshfields, Bruckhaus, Deringer website, a world-wide legal practice on their “Cyber crime can derail your company” page, they state the following:

“Whatever your industry, cyber security is a worldwide concern. As you hold more data, and your staff use their own devices, you can become more vulnerable to security breaches.

Those breaches can have significant legal and reputational effects upon companies. As shown by recent data breaches, and related litigation, this is not just an IT issue.”

There has even been a full article written on the Hedgeweek website entitled “Cyber security – a Global Persceptive” ,(the title alone has a sense of doom and seriousness about it). This article sets out the lengths the US Legislature is taking to ensure the protection of companies against cyber-crime, which includes the House of Representatives passing a new cybersecurity bill –

“the Protecting Cyber Networks Act (PCNA) – to allow file sharing between government intelligence agencies and private companies and raise the overall awareness of hacking.”

Cyber Risks – a clear and present danger

If it is not clear already, let me spell it out for you – cyber risks are here. It is a risk that is not only very real but one that can be truly devastating to a company should their systems and data be hacked thereby revealing company trade secrets. Can anyone say “huge liability claim”?

boss-fight-free-stock-images-image-photos-photo-photography-pie-cafe-coffee-milk-cream
Source: Boss Fight

Speaking of huge liability claims, Insurers and Re-insurers are discovering that there is a growing and real need to insure Companies across all industries against these potentially devastating risks and that means increased premiums for those Insurers and Re-insurers eager to tuck into a slice of the proverbial cyber pie. According to PWC –

“Cyber insurance is a potentially huge but still largely untapped opportunity for insurers and reinsurers. We estimate that annual gross written premiums will increase from around $2.5 billion today to $7.5 billion by the end of the decade.”

But thats Insurance and therefore inevitably a safety net should things go awry but where Law is concerned, prevention is often better than the cure.

Understanding leads to prevention

In order to even start combating Cyber Risk, we first need to understand what it actually entails. According to Kennedy’s “Cyber risks – an insurance perspective” article  cyber risks can be understood quite simply:

“Two of the most common forms of cyber risks are Cyber-attacks and data breaches. Cyber-attacks can take many forms:

Hacktivism – where a company’s website is hacked into and used as a platform to promote views.

Denial of service attacks (DoS) – when a site is bombarded with millions of emails from a bogus source, thereby blocking access to the site by legitimate users. This happened to the Amazon and PayPal sites recently, when they were forced to stop online trading as a result of DoS attacks by people protesting against the arrest of Julian Assange.

Cyber-extortion – where attackers threaten to carry out a DoS attack or to implant viruses in a company’s website or network.

Data breaches can occur as a result of human error – for instance, unencrypted data is lost or sent to the incorrect recipient – or by hackers, employees or others stealing or otherwise gaining access to sensitive data.”

A call to arms

black-and-white-sport-fight-boxer
Source: Pexels

What is abundantly clear is that this is not just an IT issue, something you can “dial a nerd” for and consider your job done. What this is, is a global risk. Something as legal practitioners we need to get ahead of. It is all well and good to have the insurers and reinsurers making their mark in this currently untapped risk market but we need to prevent the risk from happening in the first place. A seemingly daunting and almost impossible task to be sure. However with everything, you can tackle this “one bite at a time”.

With that in mind, how do we fight Cyber Risks?

  1. Identify the specific risks to the business and what needs the most protection. For example, in a company like Coke, intellectual property might be the most important asset which is vulnerable to cyber attack. For Bid or Buy, the stability of online platforms and the security of customers’ personal data may be paramount.
  2. Assess the potential consequences of the various types of possible attack. Essentially, what would the impact to the company’s reputation be, to its share price, to its goodwill? What is the litigation risk? What would be the impact on the business be if its activities were disrupted for a short or for a sustained period of time? How much risk can the business accept? This is a really important balancing act and from a legal perspective will need some risk management. For example, ensure senior management in all areas of the business are fully aware of the IT security and all the risks that potentially exist.
  3. Devise a strategy to address the identified cyber risks. This is likely to involve preparation of both a cyber risk management plan and an incident response plan. A cybersecurity review is vital.
  4. Ensure that the systems and security measures are properly and regularly tested (here you can most certainly get a hold of “dial a nerd”),
  5. Implement appropriate staff training and education. Many attempts to compromise information involve what is known as “social engineering”, which is effectively the skilful manipulation of people and human nature to trick information out of a company. Online social media platforms need to be properly monitored and staff trained here according to what they can say and what they can’t say with regards to the company online. A social media policy will most definitely be needed. Proper training can help reduce or prevent completely this type of risk.

Clearly, cyber-security is more than just tightly worded policies and endless procedures. It is a legal risk management exercise which undoubtedly entails keeping your eyes wide open, ears to the ground and your paper trail well and truly up to date -if there is any significant attack, the legal team needs to be properly armed with their trail of governance to ensure real combative steps are taken.

“May the force be with you” indeed does come to mind.

Featured image credit: Paul Jacobson, licensed CC BY NC SA 2.0

You agree to online contracts all the time

You sign online contracts every time you browse the Web, install some application or do just about anything on your devices. This is how it works.

How many online contracts did you agree to, today? Everything in this day and age is done online – whether it is shopping, browsing Wikipedia, sharing your thoughts on twitter or posting pictures on Facebook. In fact it has become so prevalent that people of absolutely all ages are occupied almost throughout the entire day with updates on their phones, tablets, laptops and PC’s. We are always connected and with that comes its own quagmire of “what am I actually agreeing to?”.

How you agree to so many online contracts

During your online shopping spree or when uploading a picture of yourself and your beloved feline companion, you have almost certainly come across an “I agree” button. Whether it is agreeing to provide a website with your location and/or email address (for location accuracy purposes) or whether you are agreeing that you are actually entitled to upload the picture, you are agreeing to “something”. That “something” is typically an online contract.

And, instead of fully understanding what we are agreeing to, we have simply become a species of “yes people”, only to happen to click the “I agree” button just to get your music download or complete your purchase. But what does that actually mean? By clicking on that ever increasingly intimidating “I Agree” button, we as online users may be binding ourselves to legally enforceable contracts with the online service provider. And I don’t know about you, but that really scares me.

But did we, as online users, actually “agree” to anything, really? As with any legal agreement, both sides, including the user, must agree to the online contract in the form of the terms and conditions being offered by the relevant online service you are currently using, whether it is Facebook or eBay, in order to create a legally enforceable “agreement”.

Understanding the difference between click-wrap agreements v.s browse-wrap agreements

Some service providers ask for your agreement by requiring you to click the “I Agree” or “Accept” button after being shown the agreement (i.e. a “click wrap” agreement). A common example of a click-wrap agreement is where a consumer is transported, usually by clicking a hyperlink, to a webpage containing terms and conditions which will be included in the agreement, where there is normally (at the end of the page) a button with the phrase “I agree” or “Accept” printed on or next to it.

I agree Screenshot - WTL blog post

As its name suggests, a click-wrap agreement requires a positive act from a consumer, still other service providers, try to characterise your simple use of their website as your “agreement” to a set of terms and conditions buried somewhere on the site, a sort of “what agreement are you talking about” site (i.e. a “web-wrap” or “browse-wrap” agreement). The browse-wrap is similar to the click-wrap agreement, and is often used under similar situations, except for one rather important difference.

Not all online contracts behave the same way. Where a click-wrap agreement actually requires a positive action to indicate agreement, a browse wrap agreement does not. It is sneaky that way.

Sometimes the terms will be displayed on the web page being used and other times it will not. A kind of “out of sight out of mind” scenario. An online user is not required to click on the terms and conditions if it is provided via a hyperlink, and there are very few ways to actually ascertain whether or not such a user was made aware of the terms and conditions. There are other similar themes as the click wrap or browse wrap, such as mandatory checkboxes (“check this box to indicate your agreement to our terms and conditions”) or email notices (“by continuing to use our service, you agree to the recent modifications to our terms of service”).

But thankfully not all methods, be they click-wrap or browse-wrap, are good enough to create “legally binding contracts”. I sense a collective sigh of relief.

But when are online contracts binding?

But when or how will such online interactions constitute binding agreements? The consensus here depends on which region you are in – by participating in online transactions in whichever form they are in, we can all basically assume that the interactions here will most likely be cross or trans-border.

This does create some difficulty in the sense that some territories, like The United States, are more evolved in this aspect than others. For example in South Africa there is very little to no case law on this matter. In the UK and EU they too have very limited case law or Legislation based on what binds a user to online terms and conditions except to say that they have established one rule

an online user should be provided with all terms and conditions in a manner that is readily available and easily accessible without inappropriately or irrevocably binding a consumer to terms he had no real opportunity to become acquainted with.

It seems rather polite of them and a decent way to conduct oneself when interacting online. Could one say “typical of the British”? Whereas the US have accepted as a rule of thumb, the click-wrap agreement for its obvious enablement of the user to assent to the website’s terms and conditions. In other words the user, by clicking that “I Agree” button acknowledges that they intend to bind themselves.

In South Africa we are sort of playing catch up with both the US and the UK. In this regard and with the application of our contract law as well as our Common Law, one needs to look at the intention of the parties as well as the actual agreement of the parties. With click-wrap agreements it is quite easy to ensure that the user indicates their agreement by making a mark in the relevant space.

document-428331_1920

In our Electronic Communications and Transaction Act, an electronic signature is defined as that of “data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature”. It is therefore accepted that the function of a signature is some kind of personal mark which may be used to identify a party and to convey or confirm an intention to be bound. Common knowledge, I would assume.

In this context, this “mark” as an indication of a person’s agreement is the same as a click-wrap agreement. This in essence leads one to believe that the click-wrap agreement is more than just an “I Agree” Button, but rather an “I have been shown the terms and conditions, have read them and have agreed to be bound by them” button. If you are like me, I immediately think of my iTunes account and the constant need to “accept” their terms of use when updating your version of iTunes account. If I am absolutely honest, I have never actually read the terms of use before clicking “accept”. As astounding as that sounds from someone of my vocation, all I really want to do is download my music or update my WhatsApp application.

Eeeek!

ALWAYS read the terms and conditions

Once I have finished writing this article, I think I will go avail myself (really) of Apple’s user terms and conditions and next time I click on the “I agree” or “accept” button make sure that I well and truly “Agree” or “Accept” because what I have learnt from writing this article (and which should be obvious) is that with everything, be it a written, a formal Contract or online terms and conditions – read before you click that button, it may hold more consequences than you think!

#justsaying

WhatsApp encryption guarantees your privacy

WhatsApp encryption is now complete and, when using an up-to-date version of WhatsApp, virtually guarantees your privacy with end-to-end encryption and forward secrecy.

WhatsApp_Logo_1Whether you realise it or not, WhatsApp encryption now guarantees your privacy. All you need to do is make sure you are running the latest version of the immensely popular chat app on your mobile device. WhatsApp’s founders published a blog post yesterday announcing the culmination of year and a half journey with Open Whisper Systems:

WhatsApp has always prioritized making your data and communication as secure as possible. And today, we’re proud to announce that we’ve completed a technological development that makes WhatsApp a leader in protecting your private communication: full end-to-end encryption. From now on when you and your contacts use the latest version of the app, every call you make, and every message, photo, video, file, and voice message you send, is end-to-end encrypted by default, including group chats.

WhatsApp encryption, in itself, isn’t new. Open Whisper System’s Moxie Marlinspike summarised the fruit of this journey in his blog post titled “WhatsApp’s Signal Protocol integration is now complete”:

As of today, the integration is fully complete. Users running the most recent versions of WhatsApp on any platform now get full end to end encryption for every message they send and every WhatsApp call they make when communicating with each other. This includes all the benefits of the Signal Protocol – a modern, open source, forward secure, strong encryption protocol for asynchronous messaging systems, designed to make end-to-end encrypted messaging as seamless as possible.

We are still in a transitionary phase at the moment. Conversations will only be encrypted if all the parties to a conversation are using an updated version of WhatsApp. When they are, though, the result is pretty impressive:

  • WhatsApp conversations (voice and text) are fully encrypted. This includes all the attachments. WhatsApp itself can’t decrypt the messages and its servers really only pass the encrypted messages between users.
  • Because WhatsApp uses different encryption keys for each session, older messages can’t be decrypted even if someone manages to seize a current encryption key (this is known as “forward secrecy”).
  • Once your conversations with contacts are encrypted, they remain encrypted and downgrading to an earlier version of WhatsApp won’t make your messages available in an unencrypted form.
  • For the time being, you can see which of your conversations are encrypted by looking to see whether your contact/s is/are using an updated version of the app. You will also be shown a message that indicates that your conversations with a contact are encrypted going forward.

One step for fully encrypted conversations

We have had encrypted messaging apps for a little while now. Apple’s Messages app and the popular Telegram app are encrypted to a degree although neither are encrypted end-to-end like WhatsApp, apparently.

Cade Metz wrote a fascinating article for Wired titled “Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People” which gives a fair amount of background into this development. As he pointed out, the scale of this is remarkable when you consider just how big WhatsApp is:

More than a billion people trade messages, make phone calls, send photos, and swap videos using the service. This means that only Facebook itself runs a larger self-contained communications network.

One of the challenges implementing encrypted solutions is simplifying the process for users enough so the process itself isn’t a deterrent. This migration is literally as simply as updating your app and prompting your contacts to do likewise to ensure that your conversations are encrypted.

Why encrypted WhatsApp is a big deal

Encrypted WhatsApp messages about family dinner plans may not seem a high priority. Consider that WhatsApp is one of the biggest social and communications platforms on the planet used by friends, families, business people and activists, alike. Suddenly you can see the benefits of a service that easily implements strong encryption and protects conversations that are truly sensitive and could, literally, save lives.

The flip side is also true: terrorists and criminals could also use WhatsApp to hide their conversations and may well be doing that. Bear in mind, though, that WhatsApp isn’t the only encrypted communication solution. Publicly available solutions have been around for years and if the bad guys aren’t using WhatsApp, they have many other options available to them.

This is a more significant development for the rest of us because it means that we are less vulnerable to digital attacks by the bad guys. It also means that people who need an assurance of privacy can have it. As the WhatsApp team pointed out in their blog post:

We live in a world where more of our data is digitized than ever before. Every day we see stories about sensitive records being improperly accessed or stolen. And if nothing is done, more of people’s digital information and communication will be vulnerable to attack in the years to come. Fortunately, end-to-end encryption protects us from these vulnerabilities.

I know a few colleagues, lawyers, whose communications with their clients have been intercepted and compromised. They have had to seek out other solutions to protect their privileged conversations (one option has been the Signal app which was also developed by Open Whisper Systems). This development means they can simply stick with WhatsApp and be confident that their privileged conversations remain protected.

WhatsApp becoming fully encrypted is a big deal. It is also a smart move because it means that WhatsApp is simply unable to follow regulators’ directives to hand over users’ data. It places them beyond the fray and leaves governments to figure out how to deal with a substantial proportion of the planet’s population whose communications are protected from their interference. Or, as WhatsApp’s Koum and Acton put it:

Today more than a billion people are using WhatsApp to stay in touch with their friends and family all over the world. And now, every single one of those people can talk freely and securely on WhatsApp.

Image credit: Pixabay

MTN’s misleading uncapped data bundle fine print

MTN’s uncapped data bundles are not what consumers think they are. They are complicated packages with rules that limit them dramatically.

EWN published a surprising story titled “The terms of MTN’s uncapped data explained”, in which MTN’s Chief Customer Experience Officer, Eddie Moyce, explains MTN’s activation requirement for its time based uncapped data bundle. Here is the radio segment:

The surprise is that this uncapped data offer doesn’t work the way you may expect. Consumers should pay careful attention to the fine print avoid being caught out, potentially at a substantial cost. Essentially, even though you have paid for the bundle, you still need to activate it by dialling a short-code which you receive by a SMS. If you don’t activate the bundle, you will use data at normal data rates and could wind up with a larger bill than you expected.

Two aspects of this story are problematic:

1. Why offer this sort of “uncapped” bundle that the customer still needs to activate in order to use it, even after paying for it?

This is really misleading. Most data bundles activate automatically when you have paid for them and the changes propagate across the network, don’t they?

The mechanism suggests that MTN intentionally created this activation mechanism knowing that many customers won’t actually realise they need to do it and will wind up paying far more. I checked the terms and conditions that apply to this package (I think – the MTN site is not exactly designed to find information easily) and it says the following:

  1. Activation of the MTN 1 Day Uncapped Internet Bundles

5.1 Customers may purchase an MTN 1 Day Uncapped Internet Bundle by dialing *141*2#.

5.2 Customers must activate the MTN 1 Day Uncapped Internet Bundle after purchase, by dialing *141*5#. The MTN 1 Day Uncapped Internet Bundle does not automatically activate .

5.3 Customers may only activate the MTN 1 Day Uncapped Internet Bundle if they have sufficient airtime in their airtime account or using their usage limit (for My MTNChoice customers). This excludes MTN Loyalty 1–4–1 Loyalty Points and any promotional airtime.

Data bundle details

These data bundles are typically “valid for a period of 24 (twenty four) hours”, although only “after [they are] activated”. I also wonder how many people are aware of when the data bundle kicks in? How many people assume (and reasonably so) that the package kicks in automatically and they start using the data right away?

The seemingly reasonable SMS from MTN with activation instructions is challenging. Many people ignore SMS messages they receive for various reasons and may not notice the significance of an activation message until long after their bill has hit triple digits.

This activation mechanism looks a lot like the dodgy tactics mobile content providers used to use before they were banned: automatically subscribing consumers to expensive content (think R5 or R7 per day until cancelled) subscription services without clear double opt-in mechanisms and pricing information. You wouldn’t expect major network operators to use misleading tactics such as these.

2. Why impose a “fair use value” cap of 150MB on an “uncapped” data bundle? That is tiny.

Then, to add to this, the notion that a bundle with a “fair use value” cap of 150MB is somehow an “uncapped” data bundle is ridiculous. That is a tiny amount of data when you consider that, as Eddie Moyce put it, people tend to buy these packages for specific reasons. One of those reasons would be that the customer needs to use a lot more data than his or her usual bundle allows (at least, cost effectively) in a short time period.

Here is an extract from the terms and conditions dealing with the “Fair Use Policy”:

9.1.4 Customers with an active MTN 1 Day Uncapped Internet Bundle shall be able to generate uncapped data usage, however, a fair use value/threshold as detailed in the table in clause 4 above will apply for the duration of the Validity Period.

9.1.5 Should the Customer exhaust the fair use value, as detailed in the table in clause 4 above, before the end of the Validity Period, the Customer’s data speeds will be reduced to 128kbps for the remainder of the Validity Period and the Fair Use Policy shall detailed in this clause 9 shall apply.

9.1.6 MTN further reserves the right to implement other measures and controls to ensure that the integrity of its systems is maintained, including but not limited to measures such as DPI (Deep Packet Inspection). DPI:

9.1.6.1 allows MTN to monitor aspects including, but not limited to, non-compliance with its Fair Use Policy and restricted protocols, prevent attacks from computer viruses/worms and identify SPAM. Such usage may be blocked or re-routed;

9.1.6.2 also allows MTN to throttle certain usage, such as peer to peer traffic;

9.1.6.3 shall also allow MTN to prioritize/filter certain activities, such as VoIP traffic, over other activities which are burdensome on the MTN network (such as video streaming);

9.1.6.4 in essence, this allows MTN to alleviate network congestion and improve service to all MTN customers.

9.1.7 This Fair Use Policy may be amended by MTN, whether by clarifying, modifying, adding to or deleting certain terms and conditions. This is subject to the Modification of Terms and Conditions, including notice being provided to you, as detailed in clause 16 below.

Not only does the available data speed slow to 128kbps when you hit that measly 150MB but MTN also imposes a series of restrictions on how you can use the data and when. The end result is that your “uncapped” data bundle is more like a “you can’t do much with this ISDN-like connection but thanks for paying anyway” bundle.

But wait, there’s more:

  • MTN hides all these restrictions and qualifications in terms and conditions which few consumers will ever read, and
  • these restrictions are couched in fairly dense language and presented in pale text on a white background that no-one over 45 can read without squinting says a lot too.

MTN terms

One more thing – no business use for you

Oh, by the way, this package isn’t available for “commercial use” so don’t think you are allowed to use this package to give your small business a little boost either:

9.2 The MTN 1 Day Uncapped Internet Bundles are intended for consumer use only. This means that the MTN 1 Day Uncapped Internet Bundles may not be used for commercial use (which includes, but is not limited to the intention of promoting, enabling, subscribing to, selling (directly or indirectly) the goods, services or image of any person pursuing a commercial, industrial, craft, religious, charitable or political activity or exercising a regulated profession).

9.3 The MTN 1 Day Uncapped Internet Bundles exclude use of the following services:

9.3.1 Least Call Routing (LCR);

9.3.2 Routing devices; and/or

9.3.3 Commercial use.

9.4 Use of the above services shall be deemed abuse and/or fraudulent use of the MTN 1 Day Uncapped Internet Bundles and shall entitle MTN to immediately suspend and/or deactivate the Customer’s access to the MTN 1 Day Uncapped Internet Bundles.

So if you are a small business owner and you happened to buy this bundle and use it as part of your business (you could have sent a data message to a client telling them about your services, for example), you would be committing a fraud in addition to breaching the terms and conditions of the bundle. Talk about hostile to small business!

K.I.S.S MTN!

When I think about what is available outside South Africa, MTN’s approach to mobile services and pricing just doesn’t make sense to me. My current mobile service includes 5 000 minutes of calls, 5 000 SMS messages, 10GB of data a month and 500 minutes of calls to my family in SA (landlines in SA) for the equivalent of about R200 per month. It wasn’t always like this but regulatory changes and increased competition improved the situation for Israelis.

Instead of obfuscating an overly complex service, why not offer a simpler option that just let’s people pay their R40 for either a fixed amount of data or a realistic “fair use value” cap? Drop this silly activation mechanism and the ridiculous fine print. In other words, give people what they think they are getting or, if that is more than you want to offer, offer them something you are comfortable with and that makes sense to consumers.

Image credit: Pixabay

Losing your rights to your professional portfolio

Many creative professionals give up their rights to their professional portfolios when they sign employment contracts without realising it.

This article was inspired by a discussion with a colleague about creating and protecting a professional portfolio. One of the challenges facing creative professionals is building and maintaining a current portfolio for future reference. In this particular conversation, we discussed whether someone could include work produced while employed in a professional portfolio?

I suggested that he import his blog posts and articles from various sources into his Medium profile using the “Import story” feature. It got me thinking about the copyright implications of doing that so I did a little research.

Your employment contract is your first challenge

It turns out that, as an employee, you probably gave up your rights to your writing. Many employment contracts have clauses like this:

Employee acknowledges that any original works of authorship s/he creates, whether alone or jointly with others, within the scope and during the period of employment with Company, shall be deemed a “work made for hire” as defined by the United States Copyright Act and are protected in accordance therewith. To the extent that such work is not, by operation of law, a work made for hire, Employee hereby transfers and assigns to Company all his/her right, title and interest therein, up to and including copyright.

There is often another clause that deals with something called “moral rights” which the contract may require the employee to waive or otherwise give up.

For writers who put a huge amount of effort into their work and take pride in their literary brilliance, clauses like this are analogous to amputations and this is why:

  1. The “work made for hire” clause has the effect of saying that your brilliance which you create as an employee actually belongs to your employer and you don’t have any rights to it from the moment you start populating that blank screen.
  2. If your contract has a clause that requires you to waive your “moral rights”, that basically means you give up your right to be known as the author of your professional work.

The effect of these kinds of clauses is to take your work from you and create a fiction that you didn’t create it and a legal fact that you have no rights to do anything other than admire it from afar. It limits what you can add to your professional portfolio because clauses like this limit –

  1. What you can claim credit for; and
  2. What you can republish without permission from your employer.

In other words …

You didn’t write this, it isn’t yours, just keep working

How you can salvage your professional portfolio

There are other options for building your portfolio which could work. One option is to simply point to an author page of the company blog that lists your articles by author (if you have that option). You could create a collection of links to “your” articles that implies that you are the author of those marvelous works.

The best way to avoid this situation is not to sign a contract that contains those legal scalpels. At the very least, hold on to your moral rights so you can publicly assert that you wrote those works.

Best case scenario

You negotiate clauses that give your employer co-ownership of your work (most employers would insist on this level of control) while retaining co-ownership yourself. That gives your employer the security of knowing it can do what they want with your work (because, after all, it is paying you to write that stuff) and you have the rights to do stuff with it all too, such as include it all in your portfolio.

Don’t assume you have the rights

Unfortunately many of our preconceptions about our rights to our work are misinformed and many creative professionals routinely give up their rights to their work when they sign their employment contracts. The power dynamics are usually against you and you may feel you have little choice but to agree if you want the job.

At the same time, it is a good idea to do the following if preserving your professional portfolio is important to you:

  1. Read your contract and identify the clauses that relate to your rights to your work.
  2. Discuss the clauses with your (prospective) employer and negotiate better terms before you are too far down the road.
  3. If you find you have little choice, be mindful of the clauses’ scope and ensure that the clauses don’t encompass your otherwise unrelated work simply because you don’t make clear distinctions between work and non-work stuff.
  4. Most importantly, don’t assume that you have no say whatsoever. The little secret is that most things tend to be negotiable to a degree.

This article was originally published on Medium on 2015-12-25 as “When you signed away your rights to your writing