Is the new internet bill cause for concern?
A recent cybersecurity bill has not received any fanfare, just criticism and concern
The new Cybercrimes and Cybersecurity Bill 2017 has been given the go-ahead by Cabinet, which has internet users, businesses and supporters of freedom of speech up in arms.
The Bill was put together to address cybersecurity issues that plague South Africa, and to regulate both internet usage and the protection of sensitive commercial and personal information.
In the Bill, several acts have been added as criminal offences, including hacking, unlawful data interception, electronic forgery and using delicate financial information to defraud a person or system. In addition, it mentions and regulates the distribution of pornography, private information and other “harmful” data.
The offences carry prison sentences of up to ten years, and hefty fines of up to R10 million.
Private internet and computer users are concerned about the effect that this Bill will have on the right to privacy and freedom of speech.
According to the Bill, the South African Police Service (SAPS), State Security Agency (SSA) and any other authorised people or agency have the permission “to use or obtain and use any instrument, device, equipment, password, decryption key, data, computer program, computer data storage medium or computer system, or other information that is believed, on reasonable grounds, to be necessary to search for, access or seize an article identified in the warrant to the extent set out in the warrants”.
With abilities like this being bestowed, it is inevitable that protests by privacy groups and freedom of speech campaigners began in response to the Bill, which, if misused, could lead to catastrophic invasions of privacy and potentially harmful leaks of personal information.
In addition, the Bill could have a negative effect by restricting the amount of information shared online. If people or businesses feel their information might be compromised by sending it electronically, this could lead to alternate forms of encrypted communication cropping up, which could pose additional problems.
Freedom of expression is in the spotlight in relation to chapter 3 of the Bill, titled: Malicious Communications. This chapter addresses issues of malicious distribution of private images, damaging information, intentionally false and hurtful accusations and the like, but also extends to the possession of potentially harmful data.
In application, this could mean that someone in possession of or found to be distributing damaging data regarding a corrupt official, or a governmental process, could be fined or imprisoned.
The business sector is also concerned by the Bill, as are operations such as “white-hat” hackers, who exploit security flaws to alert the owners as a paid service, and cybersecurity firms that may not be able to protect their clients’ entrusted information if compelled to provide it by a court.
However, it may not be as radical as feared, as the Deputy Minister of Justice and Constitutional Development, John Jeffery, explained in a statement earlier this year. He spoke about the backlash to the Bill, saying that it is important to note that the Bill is not “an extension of surveillance powers”, as it falls under the existing laws surrounding internet usage and data distribution.
He explained: “Neither the Bill nor the National Cybersecurity Policy Framework (NCPF) gives the SSA any powers to censor or suppress what can be accessed, published, or viewed on the internet, or to monitor communications without judicial sanctioning.”
In addition, he reminded South Africans that the country runs according to the Constitution, and as such, if any section of the Bill is found to be “wanting”, the court will rule it as unconstitutional.