Cyber Crimes Bill inches closer to becoming law

Simnikiwe Mzekandaba
By Simnikiwe Mzekandaba
Johannesburg, 28 Nov 2018
South Africa's Cyber Crimes Bill has been passed by the National Assembly.
South Africa's Cyber Crimes Bill has been passed by the National Assembly.

South Africa's Cyber Crimes Bill is nearing the stages of becoming law, as it was passed by the National Assembly yesterday.

With the completion of the National Assembly process, the Bill will be transferred to National Council of Provinces for agreement, whereby it will eventually reach the president to be signed into law.

The Bill, initiated by the South African government, through the Department of Justice and Constitutional Development (DOJ), seeks to create offences which have a bearing on cyber crime, to criminalise the distribution of data messages which are harmful, and to provide for interim protection orders, among other issues.

The initial draft Bill received some backlash with several critics saying it was too broad and open to abuse, and it threatened the fundamental democratic spirit of the Internet.

However, following public comment and discussion, the Bill was revised and the DOJ tabled a new version before Parliament's Portfolio Committee on Justice and Correctional Services in October.

Standalone Bill

When it was initially introduced, the piece of legislation was called the Cyber Crimes and Cyber Security Bill. However, it is now called the Cyber Crimes Bill, making it clear it is all about cyber crime and not about cyber security.

Sizwe Snail ka Mtuze of Snail Attorneys at Law describes the move to remove the cyber security element in the Bill as great.

"The Cyber Crimes Bill has been long outstanding. It's been 16 years since the ECT [Electronic Communications and Transactions] Act first brought in sections 86, 87, 88, 89 and 90 to give effect to cyber crime. That said, a standalone Act dealing with cyber security is still a requirement.

"It my view that government should try and draft a standalone Bill that addresses critical information infrastructure in relation to cyber terrorism, cyber defence and cyber warfare; areas that need to be regulated as well."

Snail ka Mtuze, who also serves as deputy chair of the e-law community of the Law Society of SA, further explains that cyber crime deals more with substantive crime and procedural aspects of cyber criminality.

"The substantive provisions are the dos and don'ts. For example, you may not illegally access someone's data or illegally process an individual's information systems, and you may not hack.

"The procedural provisions focus on how evidence is collected; how it is stored; and how data is presented before the courts in order to get a conviction."

On the other hand, he continues, cyber security deals more with the security of data. "Although cyber security and cyber crime are not brothers and sisters, they are cousins. They have a common ancestor called vulnerability. If your system is vulnerable and there are no correct security measures in place, then you are more likely going to be a target of cyber criminality. If data is not secured properly, it may end up in the wrong hands and result in the misuse or criminal use of it.

"The cyber security law deals with how an incident could have been avoided. It is preparation for an incident and getting sufficient protection from external intrusions."

Industry welcome

Jason Jordaan, principal forensic scientist and MD of digital forensics firm DFIRLABS, notes there was a lot of lobbying for the Bill to be separated mainly because most of the contentious issues were in the cyber security section.

This, he says, was also to allow finalisation of the cyber crime section and get legislation passed as soon as possible to actually address the problems of cyber crime.

"I am quite happy with the Bill in its current form, as it creates the necessary criminal offences to allow South Africa to ratify the Budapest Convention on Cyber crime, which we are a signatory to. It gives us more criminal offences that we can use in investigating cyber crime, and options to prosecute various cyber crime conduct. In other words, it gives us ammunition on our fight against cyber crime. It also provides us procedures and powers to be able to better investigate cyber crime.

"We have been working hard on this Bill and I am happy that we are now closer to the Bill becoming law. The sooner it becomes law, the sooner we can start using it to start making a difference in our fight against cyber crime."

Michalsons' Lisa Emma-Iwuoha welcomes the news that the Bill has been passed in the National Assembly.

"It is good to see some progress on this important issue. South Africa needs legislation that deals with cyber crimes, and the Bill will have a practical impact on us all."