Some sections of Cyber Crimes Act now in force
Justice and correctional services minister Ronald Lamola has welcomed the coming into operation of certain sections of the Cyber Crimes Act, with effect from 1 December.
This, after president Cyril Ramaphosa in June signed the Cyber Crimes Bill into law.
ITWeb recently reported that even though SA’s Cyber Crimes Act 19 of 2020 had been signed into law, it remained inactive because its commencement was yet to be proclaimed.
This meant the legislation could not be used in prosecuting any of the high-profile cyber attacks the country faced in recent months.
In a statement, Lamola says it is necessary to align the country’s law with international trends and best practices.
“Another consideration is the evolving nature of cyber crime. The methods of committing cyber crimes change rapidly and our laws need to keep pace with the more intrusive and complex investigative measures which are needed to investigate cyber crime,” says the minister.
“Various countries, including other countries on our continent, have enacted or are in the process of enacting cyber-specific laws to deal with cyber crimes.”
South Africa has witnessed high-profile cyber attacks and cyber crimes in the public and private sectors increasing at an alarming rate in the wake of the COVID-19 pandemic.
In late July, South Africa’s ports and railways were brought to a standstill as a cyber attack hit Transnet, the country’s rail, port and pipeline company.
The Department of Justice and Constitutional Development was also recently hit by a ransomware attack, which resulted in all electronic services provided by the department being affected, including the issuing of letters of authority, bail services, e-mail and the departmental website.
Also this year, the South African National Space Agency – a government agency responsible for the promotion and development of aeronautics and aerospace space research in SA – notified the public of a breach to its IT systems.
The unrest which engulfed SA in July was also widely co-ordinated using social media platforms and with this Act, perpetrators will be brought to book if the messages they send are deemed to be harmful.
Streamlining laws of SA
The Department of Justice and Constitutional Development says the Cyber Crimes Act streamlines the laws of South Africa which deal with cyber crime into a single law that criminalises conduct considered to be cyber crimes.
The Act also criminalises the disclosure of data messages which are harmful and provides for protection orders to protect victims against harm. It also regulates the powers to investigate cyber crimes.
The justice ministry notes that cyber crime, being transnational in nature, requires collaboration with other countries, and the Act regulates aspects relating to mutual assistance in respect of the investigation of cyber crimes.
To ensure proper coordination of cases in South Africa, the Act provides for the establishment of a point of contact within the South African Police Services (SAPS).
The ministry says the Act also imposes obligations on electronic communications service providers and financial institutions to report cyber crimes to the SAPS and provides for capacity-building by the SAPS to detect, prevent and investigate cyber crimes.
“As empowered by the Act itself, different sections of the Act may come into operation on different dates. In this regard, the president has put into operation substantial portions of the Act,” it notes.
The sections that come into operation are:
Offences: Chapter 2, with the exclusion of Part VI, comes into operation on 1 December 2021. These sections create offences, which include, among others, those against the confidentiality, integrity and availability of data, computer programs and computer systems; offences facilitated by cyber means, such as cyber fraud; aggravated offences to protect essential computer systems and persons against harm as a result of criminal conduct in cyber space; the disclosure of data messages which incite damage to property or violence; which threatens persons with damage to property or violence; or of an intimate image of a person.
Jurisdiction: Chapter 3 affords courts the ability to deal with cyber crime where these have occurred outside South African borders, bearing in mind the transnational nature of cyber crime.
Powers of SAPS: Chapter 4 regulates the powers of the SAPS to investigate cyber crime or other offences that are committed or facilitated by cyber means.
Proof of certain facts by affidavit: Chapter 7 provides for the designation by the minister of justice and correctional services of the category of persons who are competent to make an affidavit.
Reporting obligations and capacity-building: Chapter 8 will come into operation on 1 December 2021 (with the exclusion of section 54.)
The ministry says the sections which were being put into operation on 1 December aim to ensure the SAPS is adequately capacitated and trained to deal with cyber crimes; that verifiable statistics of the extent of cyber crime in South Africa is available; the effectiveness and capacity of the SAPS to investigate cyber crimes can be evaluated, and the capacity of the NPA to prosecute cyber crimes can be evaluated.
It notes that certain sections of the Act could not yet be put into operation as they require regulations which are still to be finalised.
These sections include, among others, those relating to protection orders against the harmful disclosure of pornography and the establishment of a functional point of contact within the SAPS to coordinate cyber crime investigations within the Republic and to facilitate international cooperation.
The remaining sections will be put into operation in due course, once the concomitant regulations have been finalised, says the ministry.
“Cyber crime is a reality of the world we live in. More and more criminals are exploiting the internet and online means to commit a diverse range of crimes. We, therefore, need to make cyber space safer and more secure,” says the minister.