By Dingaan Mangena
It is estimated that offences with cyber elements cost South Africa (SA) in excess of R 1 billion a year. In terms of the medium term strategic framework for government for the period 2014 – 2019, insofar as it relates to the outcome ‘All people in South Africa are and feel safe’ – measures to address cyber security are identified as an area of priority.
There are various laws dealing with cyber security, some with overlapping mandates administered by different government departments and the implementation of which is not coordinated. The legislation, which is currently in place, when viewed collectively does not address SA’s cyber security challenges adequately. The Department of Justice and Constitutional Development (DOJ&CD), was mandated to analyse the laws of the Republic of SA in order to determine –
The outcome of this analysis is that:
The draft Cybercrimes and Cyber Security Bill (GN 878 GG39161/2-9-2015) aims to address these and other shortcomings.
The Bill contains 11 chapters. The various chapters deal with the following aspects:
Clauses 1, 2, 26 and 50 contain various definitions of a technical nature, which are necessary for the interpretation of the Bill. Furthermore, definitions were inserted in various clauses of the Bill in order to aid in the interpretation of those clauses.
In terms of ch 2 of the Bill, various new offences are created in order to address illegal conduct in cyberspace; some of which do not currently exist in terms of SA law. Furthermore, various other common law and statutory offences, which are currently used to prosecute conduct relating to cybercrime are adapted by the Bill in order to make them more ‘usable’ for the prosecution of cybercrime. The penalties in respect of all these new offences are also increased substantially.
Clause 21 further criminalises the harbouring or concealing of persons who commit offences in terms of the Bill. Any attempt, conspiring, aiding, abetting, inducing, inciting, instigating, instructing, commanding, or procuring to commit offences in the Bill are also criminalised in terms of clause 22. Clause 23 provides that a court must consider it an aggravating circumstance if offences in terms of the Bill are committed in concert with other persons or where persons in trust commit certain offences provided for in the Bill.
Jurisdiction in respect of all offences which can be committed in cyberspace is expanded substantially in terms of ch 3 of the Bill.
Insofar as the investigation of cybercrime is concerned, the provisions of ch 2 of the Criminal Procedure Act 51 of 1977, are currently applied in the investigation of cybercrime, in conjunction with the provisions of the Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002 (RICA). The Criminal Procedure Act, is adequate insofar as real evidence is concerned, but it has various shortcomings in respect of digital evidence. RICA relates mainly to the interception of communications and the storing of call-related information and it too has various shortcomings in the investigation of cyber-related offences. Chapter 4 of the Bill, therefore, contains various provisions that are designed to investigate cyber-related offences.
Clauses 26 to 37 regulate aspects relating to the search and seizure of evidence. Clause 38 of the Bill prohibits a person from disclosing any information which he or she obtained in the exercising of his or her powers or the performance of his or her duties in terms of the Bill except insofar as it is authorised by the clause. Clause 39 provides for the interception of data. Clause 40 of the Bill provides for the expedited preservation of data. Clause 41 provides for the issuing of a disclosure of data direction by a judicial officer after considering an application by a law enforcement agency.
Clauses 42 and 43 make provision for a procedure to preserve other evidence relating to a cybercrime. Clause 44 regulates access to certain information and the provision of unsolicited information to foreign law enforcement agencies, as well as the receipt of such information from foreign law enforcement agencies. Clauses 45 to 48 regulate aspects relevant to requests for and the provision of foreign assistance and cooperation in the investigation of cybercrime.
South Africa does not currently have an institutionalised 24/7 point of contact relating to cooperation in criminal matters. Chapter 5 of the Bill provides for the establishment of a body within government, more specifically the South African Police Service (SAPS), which will act as a 24/7 point of contact in order to request cooperation from other countries or to provide cooperation to other countries in cyber criminal matters.
Chapter 6 of the Bill gives statutory recognition to the various bodies, which need to be established. The Bill aims to coordinate their functioning in relation to each other.
The Bill further provides for the functions, responsibilities and accountability, of these structures.
Chapter 7 of the Bill contains provisions relating to NCII, which could be either state owned or privately owned. Clause 58 of the Bill provides for the identification and declaration of NCII and for the implementation of measures to secure such information infrastructures. Clause 59 deals with the establishment of the NCII Fund, which is to be utilised mainly for the implementation of disaster management measures in respect of NCII in disaster situations. Clause 60 deals with the auditing of NCII to ensure compliance with the implementation of security measures.
Chapter 8 of the Bill deals with aspects relating to evidence. Clause 61 aims to regulate the admissibility of affidavits by experts in relation to technological aspects involving data, computers and electronic communications networks. Clause 62 deals with the admissibility of evidence obtained as a result of a direction requesting foreign assistance and cooperation. Clause 63 provides for the admissibility of data or a data message in evidence, in criminal proceedings.
Chapter 9 of the Bill (clause 64) imposes obligations on electronic communications service providers to report cyber related offences, which come to their knowledge and which were committed on their electronic communications systems, to the SAPS and to mitigate the impact of cyber offences. In terms of this clause electronic communications service providers must further –
Chapter 10 of the Bill provides that the President may enter into any agreement with any foreign state or territory regarding –
In terms of clause 66 various provisions of other laws are repealed as a consequence of the provisions of the Bill. Various current offences on the Statute book are assimilated in the Bill. It is therefore not necessary to have a duplication of offences.
Clause 68 also aims to effect amendments to the Criminal Law (Sexual Offences and Related Matters) Amendment Act 32 of 2007, in order to deal with cybercrimes involving child pornography.
Dingaan Mangena LLB (UJ) is an attorney at the Department of Justice and Constitutional Development in Pretoria.
This article was first published in De Rebus in 2016 (Jan/Feb) DR 33.
De Rebus proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media, which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website at www.presscouncil.org.za or e-mail the complaint to enquiries@ombudsman.org.za. Contact the Press Council at (011) 4843612.
South African COVID-19 Coronavirus. Access the latest information on: www.sacoronavirus.co.za
|