Internet control, freedom hangs in the balance
SA's newly proposed Cyber Crimes and Cyber Security Bill will "not give any powers to the State Security Agency (SSA) to control the Internet".
This is the message delivered by deputy minister of justice and constitutional development, John Jeffery, at a media briefing on the Bill in Pretoria yesterday.
The process to introduce a revised Cyber Security Bill was initiated by government following growing criticism from security agents over SA's lack of decisive policy and control over cyber crime.
In terms of government, the Bill aims to give SA a co-ordinated approach to cyber security, and puts in place measures to effectively deal with cyber crimes and address aspects relating to cyber security.
The Department of Justice and Constitutional Development has described the Bill as a tool to address the current shortcomings in SA law and facilitate the effective prosecution of cyber crimes.
Despite this, the Bill received backlash from those who say it threatens the fundamental democratic spirit of the Internet and increases the state's surveillance powers.
During the media briefing, however, Jeffery explained that regarding the SSA, which has been assigned a role to co-ordinate the implementation of government's cyber security initiative, the additional structures which need to be established within the agency do not give any powers to the SSA to control the Internet.
"In this regard, reference can be made to the functions of the Cyber Security Centre, which is a structure in command of the government security incident response teams, and whose functions are primarily associated with the protection of critical information infrastructure and government security incident response teams, which is a continuation of the existing government security incident response team."
He adds: "There are also misconceptions around the interception of data and allegations that the Bill increases the state's surveillance powers. It is incorrect to equate search and seizure under clause 27 of the Bill as an extension of 'surveillance powers'.
"Data is merely a means to commit offences, such as fraud, damage of programs or computer systems, extortion, forgery and uttering, etc...In order to prove an offence in a court of law, data must be seized as evidential material. If the state cannot seize evidential material to adduce as evidence, it is impossible to prove the guilt of an accused person."
Scrap the whole thing
The revised Bill, which was first introduced for public comment in 2015, was approved by Cabinet in December 2016 and waits to be introduced to Parliament in the next few weeks.
According to Jeffery, a working group consisting of persons with different areas of expertise was appointed to give advice on the Bill and on how to address concerns raised.
He noted this version that will be introduced to Parliament is considerably different in many respects to the Bill that was issued for public comment.
Advocacy group Right2Know Campaign (R2K), which has been against the Cyber Security Bill and called for it to be scrapped, says despite the revisions, the fundamental fatal flaws of the Bill are still there.
R2K advocacy coordinator Murray Hunter says the organisation recognises the Department of Justice has made some important revisions in the Bill.
For example, the clauses that were copied-and-pasted from the Secrecy Bill have been scrapped. The crazy provisions on copyright law that would have basically criminalised every meme on the Internet have also been scrapped, he says.
"But as far as we can see, the fundamental, fatal flaw of the Bill is still there ? it would hand over the keys of the Internet to state security minister David Mahlobo.
"It would greatly expand the power of state security structures to spy on users through the Internet, and create backdoors to any network or device they see fit. This Bill can be read as a huge power grab by the ministry of state security to clamp down on South African cyberspace," Hunter told ITWeb via e-mail.
"We believe the Cyber Crimes Bill will make the Internet less safe, not [safer]. Since the Bill is not fit for purpose, Parliament should scrap it entirely," he states.
The development of new proposed legislation to enhance cyber security is a necessity, Jeffery said.
His department has been tasked with the review and alignment of cyber security laws to ensure these laws are aligned with the National Cybersecurity Policy Framework and provide for an integrated cyber security legal framework for SA.
Jeffery explained: "The offences provided for in the Bill aim to protect the confidentiality, integrity and availability of computer data and systems by means of the offences of unlawful access, interception of protected data, malware-related offences, interference with data and computer systems and password-related offences.
"The Bill criminalises cyber-facilitated offences by means of the offences of fraud, forgery, uttering and extortion, which were adapted specifically for the cyber environment. Jurisdiction in respect of all offences which can be committed in cyberspace is expanded substantially in terms of the Bill, mainly to deal with cyber crime which originates from outside our borders.
"The Bill aims to put in place specialised procedures, with sufficient checks and balances to protect the rights of an accused person and other users of information and communication technologies, to deal with the investigation of cyber crimes. Since many cyber crimes emanate from another country, the Bill also provides for procedures which will facilitate mutual assistance with other countries in the investigation of cyber crimes," he stated.
To read the latest version of the Cyber Crimes and Cyber Security Bill, click here.