There are calls for government to bin the draft Cyber Crimes and Cyber Security Bill, recently gazetted for public comment by the Department of Justice and Constitutional Development (DJCD).
The Cyber Crimes and Cyber Security Bill aims to give SA a co-ordinated approach to cyber security. It also creates many new offences (about 50) that are related to data, messages, computers and networks. For example, using personal or financial information to commit an offence, hacking, unlawful interception of data, as well as computer-related forgery and uttering, extortion or terrorist activity.
At present, SA has no legislation that addresses cyber crimes, whether it is to describe what constitutes a cyber crime, how to enforce the law governing cyber crime, or to determine appropriate correctional sentencing for those convicted of offences in this realm.
In September, the DJCD invited comment on the Bill on or before 30 November. The legislation gives South African courts the jurisdiction to try cyber-related offences. Penalties range from one year to 10 years’ imprisonment, or a R1 million to R10 million fine.
Open to abuse
However, advocacy group Right2Know (R2K) says while there is need to combat genuine cyber crimes and protect national security in SA, this Bill is so broad and open to abuse that it threatens the fundamental democratic spirit of the Internet.
R2K believes that a free and open Internet is crucial to the full realisation of SA’s constitutionally enshrined right to freedom of expression, which includes, but is not limited to, the freedom to impart or receive information or ideas, freedom of the press, freedom of artistic creativity, academic freedom, and freedom of scientific research, the group says.
It adds that the Internet has the potential to democratise knowledge in unprecedented ways. “In SA, we are witnessing the blossoming of the Internet on a variety of ever-improving platforms. The rapid development of Internet technology and increasing Internet access create new opportunities for ordinary South Africans to access and share information and engage critically with the world around them.
“We believe the draft Bill is fatally flawed and should be scrapped in its entirety. A cyber crime law is necessary, but not in this form. In particular, it tries to sneak in the worst clauses of the ‘Secrecy Bill’ by the back door, and hands the keys of the Internet to the minister of state security,” the advocacy group says.
Mongezi Tshongweni, executive for legal and regulatory Affairs at Internet Solutions, says there is concern the Bill gives the South African Police Service and the State Security Agency overly far-reaching powers to investigate, search, access and seize just about anything, with verbally granted search warrants being deemed sufficient for them to take action they deem appropriate.
“While it is obviously hoped these bodies would adhere to the sections that, in turn, govern their behaviour, there has been much concern expressed at the potential for abuse,” says Tshongweni.
However, he says there are clauses that make good sense. For example, he explains, section three specifically addresses the unlawful acquisition of personal and financial information with the intention of committing an offence, and is linked to the Protection of Personal Information Act of 2013.
Similarly, section nine addresses unlawful acts in respect of malware, section 10 addresses the unlawful acquisition or access to passwords and access codes, and section 20 addresses copyright.
R2K, nonetheless, says the draft Bill will make it illegal to use many software and hardware tools. The Bill’s offences relating to malicious use of software and probing of security flaws is broad enough to criminalise the work of ICT professionals and a global community of security analysts and researchers who test these systems as a civic duty, in order to point out and fix security flaws that put the general public at risk, it notes.
The advocacy group also argues the Bill gives the state security structures the power to effectively declare ‘national key points’ of the Internet – and potentially grants backdoor access to any network, and criminalises journalists and whistle-blowers by sneaking in the worst parts of the ‘Secrecy Bill’.
It also points out that the Bill increases the state’s surveillance powers and is even more invasive than RICA; undermines South African’s civil liberties and particularly the constitutional right to privacy; and is contrary to global developments in balancing the powers of law enforcement and state security against the protection of personal information.
“Scrap the Bill and start again – this time with the proper public participation and the need to protect and preserve the democratic spirit of the Internet and ordinary users’ right to privacy at the heart of any drafting. We do not believe it can be tweaked or salvaged – it should be withdrawn and redrafted in its entirety.”