The Cyber Crimes and Cyber Security Bill aims to give SA a co-ordinated approach to cyber security.
So said Advocate Dingaan Mangena of the Department of Justice and Constitutional Development (DJCD), in a recent interview with ITWeb.
According to Mangena, it is estimated that offences with cyber elements cost SA in excess of R1 billion a year.
The DJCD this month is inviting comment on the Cyber Crimes and Cyber Security Bill. Any person wishing to comment on the Bill is invited to submit written comments to the DJCD on or before 30 November.
The Cyber Crimes and Cyber Security Bill creates many new offences (about 50) that are related to data, messages, computers and networks; for example, using personal or financial information to commit an offence, hacking, unlawful interception of data, as well as computer-related forgery and uttering, extortion or terrorist activity.
It gives South African courts the jurisdiction to try these offences. Penalties range from one year to 10 years' imprisonment, or a R1 million to R10 million fine.
Overlapping mandates
Mangena noted there are various laws on the Statute Book dealing with cyber security, some with overlapping mandates administered by different government departments - the implementation of which is not co-ordinated.
"The legislation which is currently in place, when viewed collectively, does not adequately address SA's cybersecurity challenges," he pointed out.
The DJCD was mandated to analyse the laws of the Republic of SA to determine their adequacy when they are compared with legislation of other jurisdictions and international as well as regional instruments.
He added the department needs to determine whether there are any gaps that may impact on cyber security in general; whether the current laws make adequate provision for the investigation and prosecution of cyber crime; and whether it is feasible to consolidate all provisions relating to cyber crime and cyber security in a single law.
"The legislation dealing with cyber crime is 'silo-based' in that it only criminalises cyber crime in relation to certain government departments or state bodies; the Electronic Communications Transactions Act, 2002, being the exception," Mangena noted.
"The common law is used to prosecute some of the offences but needs to grapple with new concepts such as intangible data. Furthermore, our cyber crime laws are not in line with those of the international community. This is essential for purposes of international co-operation, which is mostly based on reciprocal laws."
Lagging behind
He added procedural laws in SA have not kept pace with the more intrusive and complex investigative measures that are needed to investigate cyber crime.
"Jurisdiction in relation to cyber crime in SA is dealt with differently in our laws. In general, our laws afford broad jurisdiction to criminal acts which affect national security in the Republic, while jurisdiction is significantly narrower in ordinary criminal cases."
There is no legislation which specifically provides for the protection of critical information infrastructures in SA, he continued.
The country is not a party to any international or regional instruments that deal specifically with co-operation in cyber crime matters. Chapter two of the International Co-operation in Criminal Matters Act, 1996, regulates international co-operation in criminal matters in the Republic. This mechanism is, however, slow and not conducive to the investigation of cyber crime, Mangena explained.
There are no specific obligations on electronic communications service providers to assist with the reporting and prevention of cyber crime, he added.
There is limited sharing of information between government and the private sector on cyber threats.
Click here for more details, or e-mail comments to cybercrimesbill@justice.gov.za.
Share