The South African Cybercrimes and Cybersecurity Bill set for promulgation in 2016 is a hot topic among local security practitioners. The Bill is part of a set of laws and policy initiatives in the country, aimed at regulating the fast-growing online economy, as well as the uptick in cyber-related crime from a local and global perspective.
Dave Loxton, attorney at ENS Africa, will be discussing the Bill during his presentation at the ITWeb Security Summit 2016, to be held at Vodaworld in Midrand from 17 to 19 May 2016.
Co-operation among nations
He says the Bill is pretty comprehensive. "One needs to read the Bill in the context of the Budapest Convention, which is the first international treaty seeking to address computer crimes across jurisdictions. This treaty does so by harmonising national laws, and increasing cooperation amongst nations. In addition, one needs to peruse the Hague Convention on Cybersecurity and Personal Data Protection, which also provides that states must adopt laws that criminalise attacks on computer systems, computerised data breaches, references relating to electronic message security measures and content related offences."
According to Loxton, as things stand, South Africa has a number of pieces of legislation that deal with cybercrime to a greater or lesser extent. "These include the Electronic Communications and Transactions Act, the Film and Publications Act, RICA, the Criminal Law Sexual Offences and Related Matters Amendment Act, and of course our common law."
He says the Bill then is an attempt to further align South Africa with its international cybercrime obligations, and that it goes very far and introduces a number of new offences. "The Bill also introduces procedural law mechanisms dealing with search and seizure, data preservation, and obligations to assist law enforcement agencies."
A silver bullet?
In terms of whether or not the Bill will be successful and help prevent cybercrime, he says the answer is both yes and no. "Yes in the sense that it will give more clarity on what constitutes cybercrimes and in that it sets out the procedural mechanisms for dealing with such crimes. No, because South Africa has the general problem of lack of resources. One simply needs to look at the general state of law enforcement, both at investigative and prosecutorial level, to understand that our institutions are simply ill-equipped to deal with the street crimes, such as rape, murder and robbery, let alone sophisticated crimes, such as cybercrimes."
As such, he says unless there is a massive investment by the various institutions to train and equip law enforcement agencies to deal with cybercrime, no matter what laws are in place, the criminals will still win the battle.
Consequences
Speaking of potentially unforeseen consequences of the Bill, Loxton says the first thing that comes to mind is the financial consequences for electronic communications service providers. "As an example, there is now an obligation on such service providers to keep customers updated about cybercrime trends, as well as an obligation to preserve information that may be of assistance to law enforcement agencies which are investigating an offence. This may require the service providers to invest in infrastructure, if their current infrastructure does not enable them to comply with this provision."
Another concern, he says, is that the Bill gives the South African Police Services and State security agencies, far-reaching powers to investigate, search and seize, which could be seen as an unwelcome invasion on the rights of citizens. "In particular, one is concerned about the potential for abuse by the police services and security agencies."
However, despite this, Loxton thinks the bill is a step in the right direction. "We all know that cybercrime is growing exponentially and that law enforcement agencies are battling to keep up with the sophistication of the cybercriminals. As such, any piece of legislation which will assist law enforcement agencies, as well as the general public utilising cyberspace, in dealing with cybercrime, is to be welcomed.
However, I do feel that without the concomitant investment in training across the board, the legislation will do very little to stamp out cybercrime."
Share