The blanket monitoring which has happened for more than a year includes computers‚ cellphones and the transmission of e-mails‚ SMSes and WhatsApp messages and is conducted by a specialised team within SARS’ IT department.
The monitors are tasked with looking for and flagging staff e-mails which contain certain keywords and which are sent to the e-mail domains of several media houses.
Among those domains which are looked for are the e-mail addresses of the Tiso Blackstar Group‚ owners of The Herald, The Times‚ Sunday Times and the online publications‚ HeraldLIVE, TimesLIVE and BusinessLIVE.
Mysteriously‚ according to documents seen by The Times‚ media houses whose e-mail addresses are not monitored are those belonging to the embattled Gupta family. These include The New Age and ANN7.
The monitoring‚ SARS sources claim‚ is on the instruction of senior management.
SARS spokesman Sandile Memela said the monitoring fell within the bounds of the organisation’s policies but staff representatives feel the monitoring goes too far.
Khaya Xaba ‚ spokesman for the National Education‚ Health and Allies Workers Union‚ one of two unions which represent SARS employees‚ said they were opposed to any “illegal” acts or the unwarranted monitoring of employees’ emails.
“This is an invasion of privacy. While we appreciate that members signed a secrecy oath‚ that does not give SARS the authority to invade our members’ privacy.”
Privacy and labour lawyers say while monitoring is allowed‚ it calls into question how far companies can go in terms of monitoring staff‚ their work and private equipment and why only emails to certain media houses are monitored and not others.
A SARS source‚ who revealed the existence of the monitoring to The Times‚ said it had destroyed staff morale.
“Some of us who wish to blow the whistle on things going wrong here cannot do so.
“We do not trust the police because they will simply go to management and expose us. So what do we do? We cannot even send emails to the media anymore.”
The source said since the monitoring began some staff had been “called in” to explain certain emails.
Memela said: “SARS is mandated by our policies and other national legislation to ensure that taxpayer information is always protected and secured.
“SARS deals with sensitive taxpayer and trader information. This is a responsibility which we treat with great care and the highest degree of caution. This is manifested in strict security controls and protocols.”
He said the SARS “Acceptable Usage Policy” was not a new development‚ and had been in place for years and was part of the revenue service’s response to “cyber security challenges”.
He said SARS had a whistle-blower policy in place which ensured that employees reporting corruption were protected from any reprisals for reporting such offences.
He said in the past year SARS employees had reported 77% of all fraud and corruption cases.
Kenneth Coster of Webber Wentzel attorneys said provided an employee has acknowledged that their e-mails may be monitored‚ an employer was permitted to do so.
He said what was interesting was how SARS determined which keywords relating to the media should be monitored.
“It would be fascinating whether this monitoring applies to all media houses‚ including ANN7. While employers may be permitted to monitor staff e-mails‚ it should do so fairly and objectively. What should be monitored for one‚ should be monitored for others.”
Kyle Cowan and Graeme Hosken– TimesLIVE