Cybercrimes and Cybersecurity Bill - draft

Call for comments opened 28 August 2015 Share this page:

Submissions are now closed (since 30 November 2015)

Justice and Correctional Services

The Department of Justice and Constitutional Development invites you to comment on the Cybercrimes and Cybersecurity Bill.

The Bill seeks to:
▪ creates offences and prescribes penalties;
▪ further regulates jurisdiction;
▪ further regulates the powers to investigate, search and gain access to or seize items;
▪ further regulates aspects of international cooperation in respect of the investigation of cybercrime;
▪ provides for the establishment of a 24/7 point of contact;
▪ provides for the establishment of various structures to deal with cyber security;
▪ regulates the identification and declaration of National Critical Information Infrastructures and provides for measures to protect National Critical Information Infrastructures;
▪ further regulates aspects relating to evidence;
▪ imposes obligations on electronic communications service providers regarding aspects which may impact on cybersecurity;
▪ provides that the President may enter into agreements with foreign States to promote cybersecurity;
▪ repeals and amends certain laws.
---------------------------------------------------------

Find here: Discussion of the Cybercrimes and Cybersecurity Bill

Comments can be emailed to SJ Robbertse at cybercrimesbill@justice.gov.za by no later than Monday, 30 November 2015.

Enquiries can be directed to SJ Robbertse on tel (012) 406 4770

Please note: Any person or entity, who wants to meet with the Department to discuss any aspect of the Bill must make the necessary arrangements with the Department. Any meeting with regard to the Bill will take place at the Department of Justice and Constitutional Development, unless expressly agreed to otherwise by the Department.

Background

In 2011 more than one third of the world‘s total population had access to the Internet. It is estimated that mobile broadband subscriptions will approach 70 per cent of the world‘s total population by 2017. The number of networked devices is estimated to outnumber people by six to one, transforming current conceptions of the internet. In the future hyper-connected society, it is hard to imagine a cybercrime or perhaps any crime, that does not involve electronic evidence linked with internet protocol connectivity. Both individuals and organised criminal groups exploit new criminal opportunities, driven by profit and personal gain. Most cybercrime acts are estimated to originate in some form 2 of organised activity, with cybercrime black markets established on a cycle of malware creation, computer infection, botnet management, harvesting of personal and financial data, data sale and selling of financial information. Cybercrime perpetrators no longer require complex skills or techniques. Globally, cybercrime shows a broad distribution across financially-driven acts and computer-content related acts, as well as acts against the confidentiality, integrity and accessibility of computer systems. Globally policerecorded crime statistics do not represent a sound basis for determining the precise impact of cybercrime. According to authors cybercrime is significantly higher than conventional crimes. The use of the Internet to facilitate and commit acts of terrorism is a real occurrence. Such attacks are typically intended to disrupt the proper functioning of targets, such as computer systems, servers or underlying infrastructure, especially if they are part of critical information infrastructures of a country, among others, by means of unlawful access, computer viruses or malware. Some countries are taking steps to implement cyber-warfare and defence strategies. As part of Government‘s Outcome Based Priorities, the JCPS Cluster signed the JCPS Delivery Agreement relating to Outcome 3 on 24 October 2010. This agreement focuses on certain areas and activities, clustered around specific outputs, where interventions will make a substantial and positive impact on the safety of the people of South Africa. Currently there are various laws on the Statute Book dealing with cyber security, some with overlapping mandates administered by different Government Departments and whose implementation is not coordinated. The legal framework regulating cyber security in the Republic of South Africa is a hybrid mix of legislation and the common law. Some notable statutes in this regard include, among others, the Electronic Communications and Transactions Act, 2002 (Act No. 25 of 2002), the Protection of State Information Bill, 2010, the South African Police Service Act, 1995 (Act No. 68 of 1995), the Correctional Services Act, 1998 (Act No. 111 of 1998), the National Prosecuting Authority Act, 1998 (Act 32 of 1998), the Regulation of Interception of Communications and Provision of Communication-related Information Act, 2002 (Act No. 70 of 2002), the Prevention and Combatting of Corrupt Activities Act, 2004 (Act No. 3 12 of 2004), the Films and Publications Act, 1996 (Act No. 65 of 1996), the Criminal Law (Sexual Offences and Related Matters) Amendment Act, 2007 (Act No. 32 of 2007), the Copyright Act, 1978 (Act No. 98 of 1978), the Civil Proceedings Evidence Act, 1965 (Act No. 25 of 1956), the Criminal Procedure Act, 1977 (Act No. 51 of 1977), the Protection of Personal Information Act, 2013 (Act No. 4 of 2013), the Protection from Harassment Act, 2011 (Act No. 17 of 2011), the Financial Intelligence Centre Act, 2001 (Act No. 38 of 2001), and the State Information Technology Agency Act, 1998 (Act No. 88 of 1998), to name a few. The Department of Justice and Constitutional Development was mandated to review the cyber security laws of the Republic to ensure that these laws provide for a coherent and integrated cyber security legal framework for the Republic. The Bill is part of a review process of the laws on the Statute Book which deal with cyber security and matters related to cyber security. Further legislation may in due course be promoted to address other relevant aspects, inter alia, cryptography, e-identity management and also a possible review of electronic evidence.