Cyber Crimes and Cyber Security Bill still open to abuse
The deadline to change the Cyber Crimes and Cyber Security Bill is 28 July, as the Portfolio Committee on Justice and Correctional Services has called for comments and public participation on the latest version of the Bill.
The Cyber Crimes and Cyber Security Bill aims to give SA a co-ordinated approach to cyber security. It also creates many new offences that are related to data, messages, computers and networks. For example, using personal or financial information to commit an offence, hacking, unlawful interception of data, as well as computer-related forgery and uttering, extortion or terrorist activity.
Law firm Michalsons says South Africans' participation and comments are vitally important to the process to ensure the country ends up with a good law that is not open to abuse.
Although the country needs such legislation, cyber security experts as well as legal practitioners concur the Bill has several loopholes in its current form.
The Bill was approved by Cabinet in December and now moves to get the green light from Parliament.
Government says the Bill aims to put in place a coherent and integrated cyber security statutory framework to address various shortcomings, which exist in dealing with cyber crime and cyber security in the country.
According to Lisa Emma-Iwuoha, an attorney at Michalsons, after the comments are closed, public hearings for the Bill will be scheduled.
She points out that since the Bill was promulgated, crimes that related to cyber terrorism and classified information have since been removed. These crimes were taken from the controversial Secrecy Bill and inserted into the Cyber Crimes and Cyber Security Bill, but with harsher penalties, she notes.
"The Bill is necessary but not in its current form," says Emma-Iwuoha. "We do need a law that protects us from cyber crimes, but, unfortunately, the Bill has unintended consequences as it is so broad and far-reaching.
"All countries are dealing with cyber crime and cyber security issues and how to safeguard themselves against them. Recently, there was a cyber attack on the British Parliament and e-mail accounts were hacked. So this is not just a problem South Africa has to deal with. However, the Bill in its current form is not the best solution," says Emma-Iwuoha.
Patchwork of laws
Lucien Pierce, BDO Cyber and Forensics Lab consultant, says SA currently has a patchwork of laws that are used to prosecute cyber crimes.
However, he explains these laws are lacking in that they struggle to deal with new concepts and challenges that cyber crime brings.
"Issues such as speedily securing and ensuring the integrity of electronic evidence or ensuring the protection of the computer systems - and not just the physical aspects - of critical information infrastructures are not dealt with adequately in our existing laws," says Pierce.
He points out that earlier versions of the Bill provided for copyright infringement. "It was felt that because we already have laws that deal with copyright, there was no need to provide for such issues in another Act - this was just a recipe for confusion."
Another concerning aspect is the Bill provides that any person who "unlawfully and intentionally possesses data, with the knowledge that such data was acquired unlawfully", is guilty of an offence, he adds.
"This means that, for example, in instances where journalists are given information that may have been obtained by way of a hack, they could be prosecuted. It has been argued that the Bill needs an exemption for this sort of possession."
For John Mc Loughlin, MD of J2 Software, with the proliferation of connectivity, South Africans are now an even bigger part of the connected world.
However, he notes, this growth in connectivity has also driven the growth of cyber crimes. "South African businesses are one of the most targeted groups in the world with cyber crime and this Bill is required to provide a method to protect South Africans from cyber criminals, terrorists and other states."
McLoughlin points out the intention will be to bring all cyber security laws under one piece of legislation. This will provide a more formal framework and provide law enforcement more power to fight cyber crimes and establish methods to co-operate with foreign states for investigations, he explains.
Nonetheless, he says, there are several points which make the current Bill a problem. "I believe that one of the primary problems is that several sections are poorly drafted, too complex and way too broad. There are too many openings which will allow for selective prosecution and the breach of privacy by surveillance of online activities.
"We are living in a highly regulated country as it is; passing new, complex laws when there is no capacity and the lack of skills to implement it seems a little counter-productive. Our law enforcement agencies will take many years simply to get up to speed with how to start with this Bill."
The public can make a written submission to Parliament by e-mailing V Ramaano by Friday, 28 July 2017 at firstname.lastname@example.org.