Electronic Communications & Transactions Bill: briefing & hearings

Meeting report

COMMUNICATIONS PORTFOLIO COMMITTEE
14 May 2002
ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL: BRIEFING & PUBLIC HEARINGS

Chairperson: Mr N Kekana (ANC)

Relevant documents
 

Electronic Communications and Transactions Bill [B8-2002]
Briefing by the Chairperson [Appendix 1]
Presentation by Department of Communications
South African Post Office Presentation
Telkom PowerPoint Presentation
Telkom Submission
KPMG Submission
CTUF Submission

SUMMARY
The discussion on the presentation highlighted the requirements of the cryptography service accredited authentication service provider, the co-operation between the Department of Communications and other government departments in bridging the digital divide, whether the various issues addressed in the Bill should not be dealt with in individual pieces of legislation and the powers of cyberinspectors.

The discussion on the South African Post Office submission raised questions of clarification on the face-to-face protocol, how it would deal with cybercrime and the role of the cyberinspectors in this regard.

The Telkom presentation and the ensuing discussion focussed amendments to certain definitions and the cooling-off period in Clause 45.

The discussion on the KPMG submission highlighted the discrepancy between electronic signatures and the advanced digital signatures, the problem with accreditation and whether the Department of Communication is best placed to deal with such matters.

The Cape Telecommunications Users Forum discussion dealt with the proposed exclusion of SMME's and special needs communities from the Bill.

MINUTES
Introduction by the Chairperson
The Chair in a brief introduction highlighted the need for a bill that addresses the important issue of electronic transactions and communications, so that South Africa can keep up with international developments in this field. Such an initiative has to take positive steps in providing universal access to telecommunications services to underdeveloped and previously disadvantaged people and communities. Users rights to privacy and protection from fraudulent and criminal activities also has to be ensured and promoted by this Bill, and in this regard the industry itself has an important role to play. Continued dialogue between this Committee and relevant parties is encouraged throughout the deliberation process.

The deadline for the processing of this Bill is 7 June 2002, this means that the Bill should have gone through both Houses before the June recess. This Committee therefore does not have much time to deliberate on this Bill, but this does not mean that this law will be rushed, not at all.

The Chair welcomed the delegation from the Department of Communications, and invited Mr Andile Ngcaba, the Director General of the Department, to commence its briefing on the Bill.

Briefing by the Department
Mr Ngcaba stated that this Bill is being introduced at an important time in South African history, and it is the result of a long process.

The slide entitled "Background and History" indicates a "gap" between July 1999 and November 2000, but this time was used to increase awareness on the core issues in the Bill, as well as the intricate areas.

Under the slide entitled "Issues addressed in the Bill" a national e-strategy as well as an effective electronic transactions policy is needed to enable South Africa to keep up with the fast and ever-changing e-industry. The E-government drive includes initiatives such as Batho Pele and the smartcards.

The DG then provided an outline of the objectives and contents of each Chapter in the Bill, as contained in the presentation.

Discussion
Ms M Smuts (DP) requested clarity on the manner in which cryptography and the Accredited Authentication Service Provider (AASP) are dealt with in the Bill. The Department was asked to explain how it hopes to outlaw the provision of cryptography services and the effectiveness of requiring its registration. How do these measures propose to deal with the importation of such services via downloads, and the extent to which the cyberinspectors are to police compliance with these requirements.

The DG replied that this is a valid question, and it is important for the context within which this Chapter has been written. The cryptography services are used by business, government as well as criminals using the Internet, and registration is not approved for the use of cryptography but rather for ensuring the protection of citizens. This then requires the establishment of a registry requiring the user or provider of a cryptography service to register, and all this is done on-line. Elaborate personal information does not have to supplied here, only basic information. Registration is essential due to the specific nature of the product itself, and it is important to note here that other jurisdictions have more stringent requirements for cryptography service providers. This comparative research will be made available to Members.

The registration requirement will not hinder business or its growth, and is standard practice in foreign jurisdictions.

Ms M Smuts said that the AASP has been made voluntary seemingly to encourage e-commerce and the development of new products and entrepreneurship to keep up with international trends in this area. Yet a regulatory scheme has to be created to address this matter and the cyberinspectors have to be "unleashed" to investigate non-compliance. The Department was requested to explain why the Bill has gone to such lengths if registration is supposed to be voluntary. Surely this is based on the assumption that a voluntary regime ensures that consensus is reached between industry players that the its best interests will be accommodated.

The DG responded that the intention is to render this entire issue as voluntary as possible, yet it is difficult in this field, as voluntary as it is, to ensure that users are not sold digital signatures that have not been used by anyone else. This requirement is thus necessary to avoid "fly by night accreditation services". It should be remembered that the registration requirement is only necessary for dealing with government, and it is voluntary for all other transactions in which government is not involved. The provision of AASP adds strength to enterprise and the accreditation system of the country as a whole, so that such transactions may be conducted in a more robust and confident manner.

The intention is to accredit persons such as Commissioners of Oaths, who are important and respectable persons, and carry with them a very important responsibility towards the South African people and the country. Yet this will not be blanket accreditation, but only in those areas which are in the best interests of the people.

Ms I Mutsila (ANC) referred to the objective of "bridging the digital divide" contained in the presentation, and said she is saddened by this objective to provide access to E-commerce in rural areas, when these areas do not even possess the necessary infrastructure to provide this service. Will the Department be working with other government departments, such as the Departments of Public Works and Minerals and Energy to provide this infrastructure so that the previously disadvantaged could be ensured access to such services in reality?

The DG answered that this is an important point, and the manner in which this entire process is handled in the Bill entailed the balancing of issues, and it seems the issue of bridging the digital divide and accommodating the historically disadvantaged has been left behind. This is due to the fact that those persons tasked with addressing these issues do not fully understand or have never personally experienced the hardships in this regard. During the deliberations on the Telecommunications Act of the early 1990s it was said that the provision of telephony and communications in the rural areas would not be possible, yet this Bill does take active steps in addressing this issue, such as Clauses 2(1)(a) and (b). These objectives will be achieved via the Multi-Purpose Community Centres (MPCCs), established together with the Department of Public Works.

Efforts are also being made to give rural villages and communities their own domain names to showcase their rich heritage, culture and lifestyle, and it is also possible to design architecture for them to exist on the Internet. This would promote both local and international tourism and the sale of their products, such as the colourful Ndebele culture, which can be presented and promoted in the Internet for future generations to enjoy.

Ms S Vos (IFP) referred to the submission by the South African Law Commission (SALC) which recommends that Chapter 8 should be deleted in its entirety, and that issues of privacy and data should rather be dealt with in a separate piece of legislation devoted to such issues exclusively. Furthermore, the submission suggests that Chapter 8 in the Bill should be regarded as an interim ruling on the matter until the Act on privacy and data is finalised, because Chapter 8 only deals superficially with these issues. The Department was asked to comment on this.

The DG replied that the Department has discussed this matter with the SALC, and it is believed that it is very important that the Bill deals with the issue of privacy and data. This is particularly important if one considers that the current legal systems that deal with hard or physical information and electronic information are different. Of particular significance here is the substantial difference in transferring information in these two formats, as electronic transfer could take a few seconds, whereas its counterpart is much more onerous. The Department does accept the importance of this concern but it would be practically impossible to totally exclude the privacy issue from the Bill, and the Department will work with the SALC on the privacy legislation.

Furthermore, the Department has argued its case before Cabinet, and it accepted the Department's view on this matter. The input made by the SALC will not be ignored, and the Department will co-operate with them.

Ms S Vos noted that the submission from the Treasury states that the Bill does not contain any provision dealing with international considerations, or the manner in which this Bill relates to foreign and local laws, or its effect on existing tax legislation.

The DG replied that this matter has been discussed with the South African Revenue Service (SARS) and cross-border trade must be regulated via treaties signed at an international level. In this regard the Department is developing a best model, in conjunction with the World Trade Organisation (WTO) via a discussion paper on this matter, but the truth of the matter is that no treaty or convention currently exists to deal with this issue. Should a treaty be signed in this regard, it would be brought before this Committee for certification so that it may be incorporated into South African law. A conscious decision has been taken to exclude international consequences in this Bill because such matters have to be dealt with on a case-by-case basis, and no generalisations should be made in this regard.

An important consideration is the impact of this Bill on those who download music from the Internet, and it has been argued that import tax should be imposed on such transactions. Yet the question which then arises is how, precisely, this will be policed. This matter has to be evaluated further.

Ms S Vos said that it is unclear as to the manner in which the chapter on domain names will accommodate the South African Certification Authority (SACA) which deals exclusively with domain name registration.

The DG assured Ms Vos that there is no contradiction here, as the Department had met with their colleagues and had long discussions which culminated in an agreement with the industry that an interim structure has to be established even before the Bill is introduced. SACA is a privately owned company and there is no contradiction between its stated and actual business purpose and practice, and can therefore continue to trade as SACA should it so desire. There is thus no relationship with SACA whatsoever.

The Chair requested the Department to explain whether it believes that the law relating to cryptography provides sufficient protection to users in transacting with government, and this Bill attempts to legislate that such transactions should be encrypted. Yet the necessity for secrecy must not be undermined, as recommended by the American Chamber of Commerce submission.

The DG replied that the use of cryptography is part of the import/export control regime in the United States, and if an American service provider produces an encrypted product which s/he wishes to export or import, it has to be reported to the accreditation authority, together with information regarding the recipient of the message, its purpose and the manner in which it will be used. This approach seems especially legitimate in view of the September 11 events, and South Africa would do well to do the same in the interests of the safety of its citizens. In other countries cryptography is used as a military product.

The contention that cryptography would infringe the right to trade cannot be supported. Indeed, it could very well be argued that it is in the interests of the company itself to know that its cryptography product is being used for the desired and proper purpose.

Secondly, concern has also been expressed with the manner in which the Bill deals with fraud, and it has been suggested that these measures be improved especially with regard to Internet fraud. The question which then arises relates to the cyberinspectors who are vested with powers "to do all sorts of things" in the Bill and who, according to the Bill, will play a supportive role to the South African Police Services (SAPS). The reason for this is that SAPS is equipped to deal with Internet fraud, such as the so-called "419 schemes", as well as those syndicates that do not function from within the Republic.

The Chair recommended that these cyberinspectors should be vested with such extensive powers, especially as far as fraud is concerned, because unless the problem with Internet fraud is resolved no-one will have the confidence to transact on-line. The Department was asked to comment.

The DG responded that the cyberinspectors do have powers of search and seizure, subject to being granted a warrant compliant with the procedure, and the option of granting more powers for them to be more effective will be considered further.

Ms W Newhoudt-Druchen (ANC) contended that the SAPS officials are currently underresourced to deal with problems relating to Internet crime, and therefore need support. Of particular concern here are the chatrooms where adults are stalking young children. Does the Bill protect children from such people, and are the cyberinspectors able to monitor and respond to this situation?

The DG stated that his response to the previous question posed by the Chair is related to the concern with the chatrooms. He stated that this is an important problem facing society, and the Bill has to address it. The cyberinspectors can be tasked with this duty, and much more specific proposals on this issue will have to be devised. It has to be emphasised that they would not be doing the work of the SAPS officers in this regard because SAPS does have its own cybercrime unit, and the cyberinspectors would only be serving as a supportive structure. The Department would, however, co-operate should SAPS itself want the cyberinspectors to do more work.

Ms Vos stated that one of the submissions received stated that the cyberinspectors could be challenged as being unconstitutional, as they infringe business' right to privacy with regard to their search and seizure powers. This function should properly fall with SAPS and the Bill should clarify the rights of "foreign parties" to the transaction.

The DG replied that the cyberinspectors would be following rules and procedures in executing their search and seizure powers. Should the cyberinspectors discover that the company or business is involved in any wrongdoing while executing their search and seizure powers, they would report this to SAPS. This cannot be said to adversely affect the rights of the company neither directly nor indirectly, and there is thus no constitutional problem. In fact, this matter has been tested by the Department's legal team, and no constitutional problems were reported. It has to be remembered here that the cyberinspectors will be introduced to protect the rights of South African citizens.

Mr V Gore (DP) requested the Department to explain its thinking in deciding to incorporate all these important matters into a single Bill, as the international trend is to "separate these out". It seems that in adopting this approach the Department has "[bitten] off more than it can chew", and it seems more advantageous to split these issues into separate pieces of legislation.

The DG answered that the Department has examined similar Bills in more than ten different countries, and the Bill clearly caters for all the important issues. It was decided that the final title of the Bill should be the Electronic Communications and Transactions Bill and not the Electronic Transactions Bill, because the phrase "electronic transactions" does not necessarily include commercial transactions or those involving some form of payment. It can therefore be Electronic Transactions without involving any sort of payment, and the Electronic Communications and Transactions Bill was decided upon.

Research has therefore been conducted on this matter, and there are several matters which have been omitted from the Bill. It is hoped that these matters would be addressed over time. The Department is confident that the Bill does address the core issues facing South African society. Splitting the issues into separate statutes, each statute dealing exclusively and comprehensively with a particular issue, is not necessary, because the Bill aims to address electronic communications in general.

Mr S Abram (UDM) contended that there will always be those people who will find ways to circumvent legal provisions, and the same fate might befall the requirement of registration of a cryptography service. Yet any products that appear to be involved in an illegal activity need to be monitored by law enforcement agencies, so that the latter may be able to better respond to any illegal activity. SAPS, as mentioned earlier, do have their own cybercrime unit that deal with these sorts of crimes, but is the Department satisfied that its agency is and will be sufficiently geared up to fulfil this type of monitoring function.

The DG assured Mr Abram that the Department is ready and has already been having dealings with SAPS, and is committed to joint co-operation with them. The role and purpose of the cyberinspectors is not only to execute search and seize operations, but also to assimilate research and advice.

The regulation of cryptography has to be tightened up.

The Chair inquired whether the definition of "date message" contained in Clause 1 of the Bill includes audio files or a recording of an oral communication, because other legislation does not recognise oral communications as necessarily including an audio message.

The DG responded that an audio message is included under the definition of "data message".

A Member (ANC) stated that the Bill provides that the cyberinspectors are to be appointed by the DG, and clarity was requested on the requirements for such appointment.

The DG responded that the cyberinspectors have to be South African citizens and must possess the necessary ability and skill to properly execute their duty, and the Department will provide them with the requisite training. They also need a fair understanding of South African law, the Internet and related issues so that they may serve all South Africans and ensure a better use of the Internet.

Ms Smuts requested clarity on the meaning of the term "offence" in Clause 87 within the context of the Bill, as the offences for which a warrant may be granted under the Criminal procedure Act of 1977 is clear, but not so under Clause 87. One cannot see the cyberinspectors taking the place of the SAPS, and surely the Office for Serious Economic Offences has a unit to deal with cybercrime, and the cyberinspectors cannot be allowed to interfere here.

The DG replied that the cyberinspectorate needs to be equipped with these responsibilities and the common law provides that permission for the execution of these functions first has to be lawfully obtained, and in this regard a secure process has been established to regulate this authorisation. Should the cyberinspectors act in contravention of this procedure, the consequent actions taken would be rendered unlawful. This very matter was discussed with those persons responsible for the Criminal Procedure Act, and the Department was informed that it has to include the provision dealing with the granting of a warrant as part of the inspecting function. This provision therefore complies with the Criminal Procedure Act.

It has to be remembered that the cyberinspectors are not SAPS officers, this point has to be stressed, and this supportive role has been stressed by SAPS as well, but the cyberinspectors may possess more technical expertise on some of the issues. Furthermore, government functions in clusters and therefore all government departments can contribute in other spheres as well, and this means that SAPS expects the Department, via the cyberinspectors, to play its role here. This form of co-operation is currently being institutionalised.

The DG stated further that the introduction of the cyberinspectors will not result in the creation of an additional police force, nor will it create an overlap, because the cyberinspectors deal primarily with the area of communications and will therefore never become involved in the business of policing. Such inspectorates exist within government in various areas, and these are almost identical to the cyberinspectorate established in the Bill.

Clause 85(a) suggests some form of censorship by the cyberinspectors, but South Africa no longer tolerates censorship. The Department has argued that this provision would be used to monitor electronic communications such as religious speech, but in a recent case dealing with the broadcast of religious speech by a radio station the Constitutional Court ruled that this form of speech cannot be monitored.

This also creates a problem with jurisdiction because not all such communications and transactions are based within the Republic. It is also unclear which criminal statutes apply here, and would the usual law enforcement agencies have jurisdiction in crimes such as cyberstalking and the chatroom problem raised earlier?

The DG answered that Clause 85 is not necessarily unconstitutional, as Subclause (a) is to be used to inform users of those potentially harmful websites. A separate institution is needed to provide this sort of information because the cyberinspectors cannot perform any function or activity that "goes beyond inspecting".

Ms Smuts suggested, secondly, that the Bill does not seem to deal with "big crimes" occurring outside the jurisdiction of South African law enforcement agencies. It is also recommended that South Africa adopt the European Union (EU) approach to data protection. Furthermore, the chapter dealing with the limited liability of the service providers is very similar to the EU approach, but the Bill does differ under Clause 75. The Department is requested to explain the reasoning behind this decision.

The Chair contended that the SAPS do not currently possess enough ammunition to deal with the problem with adults involved in downloading child pornography from the Internet, as they could far too easily ward off the charge by stating that the data was just "dumped" on their computer without their knowledge. In this situation the cyberinspectors would be able to provide more specific assistance, and are thus equipped to deal with this sort of activity and eventually prove that either this person did it and is therefore guilty, or that the data was in fact "dumped" on the computer without his/her knowledge. People with specialised knowledge of precisely how the Internet works is needed here.

There are several legal uncertainties on this platform and it is the responsibility of this Committee to create a legal framework, which has been achieved by the Bill. The challenging questions facing the Bill will be dealt with at a later stage when the strategy unfolds, and this is the approach taken in other countries.

The DG replied that no court has been dedicated to deal specifically with Internet related matters, but the Department has discussed this with the Department of Justice and Constitutional Development and it was agreed that it would be preferable to have specialised judges in the cybercrime sphere. In this regard other countries make use of assessors who do assist the legal system and the courts themselves to provide the necessary background information.

The DG informed Members that it is important to note that currently only the United States Courts have jurisdiction to preside over Internet disputes. He gave the example of the current South Africa.com case, in which a legal team representing the South African government is arguing the case in an American courthouse. This indicates that the governance of the Internet at a global level is far from being universal, but is still within the exclusive jurisdiction of the United States and not the World Intellectual Property Organisation (WIPO) for example. This essentially is reduced to a matter of country versus enterprise, whereas there should be consensus that such matters should be regulated via international treaties, bi-lateral agreements and world constitutions, for example.

In conclusion, it is believed that this Bill is vital for the success of E-Commerce in South Africa, as well as for the provision of universal access.

South African Post Office submission
Mr Maanda Manyatshe, CEO of the South African Post Office (SAPO), thanked the Committee for the opportunity to address it, and provided a brief history of the SAPO and the services it provides. Its interaction with the population through the distribution of information, goods and financial services, as well as bracing change, technology and innovation, indicates that SAPO can be a trusted third party in government-public interaction.

In order to deliver on this commitment, the SAPO has created a number of Citizen's Post Offices (much like Internet Café's) and 100 Public Internet Terminals (PiTs). Over 1000 post offices currently have an on-line system, and these outlets offer a range of services from traditional mail to more advanced electronic services, including the issue of advanced electronic signatures.

Traditionally, the SAPO core business has focussed on physical postal services, which have been defined by the Post Office Act of 1958 as receiving, collecting, dispatching, conveying and delivering letters, as well as performing all incidental services. The SAPO is thus in the communications delivery service industry, as is keeping up with the rapidly changing and evolving communications industry.

In this context the SAPO has a unique competitive advantage, namely the ability to offer face-to-face identity authentication. Both as an authentication service provider and also as a value-added service to other authentication service providers. It must be remembered that existing authentication service providers have found it difficult to offer face-to-face authentication and a series of so-called classes of certification has evolved.

The SAPO already has the following characteristics: it has a wide, established and accessible ground network; face-to-face meetings are the order of the day, as is the identification process and the addition of digital certification; the Internet is the foundation of services delivered by the authentication service provider and the SAPO has already made substantial investment in the Internet environment; the SAPO has a relationship of trust with millions of customers and it offers digital certification as well as physical identification verification. The SAPO is playing a leading role in promoting universal access in the for of the PiTs, and it will therefore form a natural link between the general public and public and private sectors in providing access to the Internet and electronic services.

Advocate Andre Oosthuizen presented the proposed amendments to the Committee. It was suggested that a new Subclause (bA) be added to the current Clause 39(1) to provide for "face-to-face identification", as this measure would enhance the validity of the identification process and provide increased security, reliability and trustworthiness for all transactions requiring an advanced electronic signature. It would also improve the trust in electronic communications, transactions and commerce as a whole. This proposed amendment is neither unrealistic nor overly burdensome when weighed against the advantages it could achieve.

It is submitted that there is a need for the designation of preferred authentication service providers in the Bill to give public bodies the option of referring to such designation for their clause 29 requirements. This would provide a guide to public bodies that need to identify suitable and appropriate authentication service providers to deal with the Government where the public bodies do not have the capacity to make such an assessment. It is thus proposed that the Post Office be named in the Bill as a preferred authentication service provider, while at the same time allowing other authentication service providers to apply for such designation.
Clause 18(2) deals with the certification of documents as true copies in the electronic environment, and there is presently a lacuna in the Bill which will significantly reduce the ability of entities to convert paper-based documents into electronic documents and then to provide certified copies of such documents in electronic format. The SAPO proposed amendment is aimed at filling this gap with an appropriate provision in the Bill. This will also promote the use and growth of electronic communications and transactions, not only in fields of document retention and archiving, but also in the service to the general public.

With regard to Clause 19 of the Bill, many pieces of legislation require documents or notices to be sent by prepaid registered post or a similar service. There is no provision in the Bill that covers this situation for electronic documents. The SAPO thus proposes that clause 19 of the Bill be amended to provide for electronic registration of a data message by the Post Office in order to comply with the requirement for registered post in various pieces of legislation. This new provision will make it unnecessary to amend every other piece of legislation where this requirement appears. 3

Discussion
Mr Maziya requested clarity on the SAPO proposal on Clause 39.

Advocate Oosthuizen replied that the electronic signatures should be underpinned by the face-to-face identification requirement, as this would provide greater certainty and security to the receiver of an electronic signature. The role of SAPO as the preferred provider relates to the specific realm of public bodies because in this area the Bill has to specifically designate a category of preferred authentication service provider, and the SAPO is uniquely positioned to fulfil this role.

Secondly, several incidences of corruption within the SAPO have been reported, and the SAPO is requested to explain whether it has put sufficient measures in place to effectively deal with this problem.

Mr Manyatshe responded that he does not believe that the SAPO is the most corrupt institution in South Africa, but this problem has been dealt with in an open and transparent manner, is unmatched by other parastatals. During 2001 a high number of dismissals versus employment positions filled was reported by the banking industry. It is believed that the SAPO has repositioned itself without too much cause for concern.

Thirdly, the presentation mentioned the steps taken to recognise and utilise more South African languages in its service delivery, and the SAPO is requested to explain the role of languages in providing an authentication service.

Advocate Oosthuizen replied that the SAPO currently uses all eleven official languages in its services, and is thus in a very good position to promote universal access to such services.

The Chair requested the SAPO to relate the lessons it has learnt from its experiences with fraud, corruption etc. in the electronic world, and how it would turn this around or prevent "paper crimes" not being repeated in the electronic sphere. The United States government has proposed a severe penalty for such fraud.

Mr Manyatshe replied that the SAPO has much experience with cybercrime, and it has put measures in place within electronic transactions to ensure all Internet transactions can be traced, and these are archived in a facility off the SAPO premises.

Ms Vos suggested that appointing the SAPO as a Preferred Authentication Service Provider (PASP) could be seen as a political decision because the SAPO, as mentioned in the presentation, does provide welfare services to the public. The Department is requested to explain why it has not given this Committee any thinking on this matter, especially in view of the significant rollout of the SAPS.

Mr Pongwane, the Deputy Director General (DDG) of the Department, replied that at the time of the drafting of this Bill, the Department did not engage any particular institution having a particular role. Yet when the Department was engaged in strategy planning with the SAPO a Universal Internet Strategy was devised, and it was felt that the SAPO would have an important role to play here. Several stakeholders were consulted in the drafting of this Bill.

Mr Gore requested further clarity on the face-to-face protocol. The Bill has to ensure technical neutrality. It could be argued that specifically requiring this protocol in the Bill could hinder the any further growth of the Internet, which is really geared around telecommunications.

The Chair requested the precise definition of "authentication service providers", because the current definition refers to two separate provisions in the Bill. Furthermore, what precisely does PASP mean, and how does it operate when the platform is basically open for anyone to gain access.

Advocate Oosthuizen responded to both questions by stating that a high level of authentification is being dealt with here, and the Bill includes objectives other than ensuring neutrality. Therefore attempts are being made to provide a secure identification service together with other technology that would provide the best product to the public.

The Chair asked the SAPO to explain face-to-face protocol at the first point of contact, and how this protocol would work with the Bill and its ability to improve the identification process.

Mr Manyatshe stated that without first clearing this point of entry via the face-to-face protocol, the user would not be able to gain access into the SAPO system. It is thus important that this stringent but necessary requirement be placed at the very beginning of the transaction, so that any mala fide intention when transacting may be avoided.

Mr R Pieterse (ANC) stated that some post offices within the Republic are not up to scratch.

Secondly, if the SAPO is so confident and sure that it is best suited to be the PASP, and if it is ready to provide this service while welcoming competition, why is it expressly asking to be named as the official PASP. This suggests that it is requesting that its competitors must be excluded here.

Mr Manyatshe replied that the SAPO has found a niche in the urban areas and not the rural and other "far flung" areas, and it is nearly certain that these services would not take off as well in the rural areas.

Ms Smuts contended that the SAPO is not really challenging anything currently contained in the Bill, and should its proposal under Clause 29 be accepted, it might be a good reason for the problem raised earlier by Mr Gore.

Advocate Oosthuizen responded that the local authority could appoint anyone in this regard. The thinking here would be that often the smaller bodies do not possess the requisite expertise in this regard, and it is thus proposed that a special category of PASP be provided for. The proposed amendment does include "any other authentication service provider", and not just the SAPO. The advantage of a body designated by statute is that once the Bill comes into place the public bodies can immediately utilise the service provided.

Secondly, would the changes proposed to Clauses 18 and 19 change the Bill in any way?

Advocate Oosthuizen replied that the SAPO believed that it is necessary to amend these clauses.

Submission by Telkom
Mr Thabo Makhakhe, Executive: Regulatory and Government Relations, presented the submission, and informed Members that it would be concise.

The guiding objectives stated in the Preamble are supported, but proposes that the title of the Bill be altered to the "Electronic Transactions Act" without any reference to "communications". The reason for this assertion is that the Bill relates essentially to commercial electronic interaction and transactions, and not to electronic communications as provided for in the Telecommunications Act as amended.

It is suggested that the current definition of "cryptography" be amended to clarify its content and scope, and the definition of the term "data" should amended as its ambit is too wide. The definition of "electronic" is flawed, and should rather read "electronic commerce", and the definition of "electronic commerce" should also be amended, as provided in the submission.

Clause 45 should be deleted in its entirety as it defeats that purpose of, and discourages the use of the Internet as a quick and efficient way of doing business.

Telkom proposes that Clauses 54 and 57, that deal with critical data, be amended to provide that the Minister of Communications (the Minister) may not make public any information that has been categorised as "critical data".

The Chair opened the floor to questions from Members.

Discussion
Ms Vos inquired as to the implications should the clause relating to the cooling-off period be amended to reduce the number of days allowing users to avoid the cooling-off period.

The Chair inquired further as to how the proposed amendment would benefit the consumer in practice, and stated that at this point decisions cannot be taken to delete an entire clause.

Advocate Francois Slabbert, Manager: Legislation and Policy Development, replied that the effect of the cooling-off period affects Telkom's business as well and is not only a benefit for virtual consumers, but also affects a range of other services provided by Telkom. Clause 44 does provide a list of protection and Telkom is of the opinion that this clause does afford consumers more safeguards, and therefore the creation of additional protection via Clause 45 is unnecessary.

Ms N Mtsweni (ANC) requested clarity on the precise nature of the conflict caused by the current definition of "data", as suggested in the presentation.

Advocate Slabbert replied that the inclusion of the phrase "in any form" in the current definition of this term is too wide, as the Bill only relates to electronic data and interactions.

Secondly, the proposal that the current definition of "electronic" should be reformulated cannot be entertained, because there is still a need to retain this definition in the Bill.

Advocate Slabbert replied that various precedents were consulted on this matter, and it was found that no definition of this term exists. The inclusion of the phrase "intangible form" in the current definition of this term in the Bill is problematic, because this phrase could be interpreted to include emotions, which clearly cannot be the intention.

Mr Pieterse suggested that the cooling-off period serves the interest of the consumer, as s/he is granted the opportunity to return the product should s/he not be satisfied. Should this be deleted, as suggested by Telkom, consumers would have no other recourse if the product they have purchased does not live up to its promise.

The DDG responded that the harsh reality of the matter is that the vast majority of South Africans have not yet been integrated into the fast environment of the Internet, with the result that they get themselves into on-line transactions, shopping for example, but they do not know how to get out should they change their mind. Clause 45 currently ensures that these users are protected. Furthermore, in traditional practice people are allowed to take their time in making the decision, yet this same practice has not been extended to the electronic sphere. Thus Clause 45 is important here.

The Chair requested further clarity on Telkom's reasons for the deletion of Clause 45, and how precisely it affects their business.

Advocate Slabbert replied that Telkom is not averse to consumer protection, but the focus of this matter is whether Internet transactions are afforded the same degree of protection under the South African common law. Clause 44 provides a sufficient description of goods and services relevant here, and also contains a comprehensive refund policy which affords more protection to on-line users. It also covers all users, whether corporate or private.

The Chair inquired whether an oral communication is included in the current definition of "data message" in Clause 1 of the Bill.

Advocate Slabbert replied that voice is included in that definition, if it is used in an automated transaction, and both data and voice traffic would fall within the ambit of the Bill. It is important to note that the term "electronic communication" is expressly defined in Clause 1 of the Bill, yet it only appears in one other provision in the Bill, despite the fact that the very title of the Bill includes this term. It is thus argued, as previously discussed under the proposed amendment to the definition of the Preamble, that this term should be excluded as it properly falls within the ambit of the Telecommunications Act as amended.

Submission by KPMG
Mr Mark Heyink, Head of E-Business Legal Risk Management, thanked the Committee for the opportunity and discussed the extensive involvement in the drafting process. The objects of the Bill were outlined and these included the role of the Department in the regulation of E-Commerce, the importance of education and the "serious weakness" caused by the lack of private sector participation in the Bill. It is necessary for government to develop an E-Commerce strategy as a national priority.

The current definitions of the terms "electronic signature" and "advanced electronic signature" implies that the former may fully incorporate all the attributes of the latter, yet the critical difference here is that an electronic signature only has to satisfy the requirement of 'authenticity" or identity. The result is that an advanced electronic signature has a superior quality, and thus this is the preferred option where an electronic signature is required by law.

Yet accreditation does create an artificial distinction which has little to do with the quality of the signature, and it is thus suggested that linking of "advanced electronic signature" with accreditation should be done away with. Accreditation should become a purely voluntary concept, as argued by the Bill's Green Paper. It is suggested that the Computer Evidence Act of 1983 be repealed as it has no bearing on the current impact of electronic data of the weight of such evidence in a court of law.

Those clauses dealing with cryptography providers and critical databases should not be dealt with in this Bill, as this matter relates to national security. The cyberinspectors should not fall within the jurisdiction of the Department, as they serve a law enforcement function. The issue of consumer protection under the Bill has to be improved.

The Chair invited Members to pose questions.

Discussion
The Chair inquired whether KPMG was of the opinion that the Department is not the appropriate body to deal with this Bill and, if so, is this because KPMG believes that the Department does not possess the necessary technological expertise? Should the Department of Trade and Industry perhaps take the helm?

Mr Heyink replied that the comments made during the presentation is not a reflection on the department, although there are certain parallels with the work done by that department. The Department does have experience in the Information Technology (IT) industry, and it increasingly permeates everything we do. Certain matters are driven by IT aspects, whereas they should properly be handled by business. It is important here that this Bill is driven by all areas of government, and in this regard it has to be questioned whether the Department in fact has the ability to do this.

Mr E Magashule (ANC) disagreed, because no other government department has the level of experience and expertise that the Department has amassed that is necessary to understand the IT environment.

The DDG replied that the specific area of expertise of a particular department is immaterial, and this is clearly illustrated by the fact that the E-Government campaign originated with the Department but was then taken over by the Department of Public Service and Administration. The reason for this shift is that it was felt that they would be better placed, as they dealt with all public servants. The same transpired with the ICU University mentioned by the President during the State of the Nation Address, as it was introduced by the Cabinet Lekgotla by the Director General of the Departments of Agriculture and Trade and Industry. Yet the Department was later asked to lead this initiative. This illustrates that a particular issue is not only dealt with by one department.

The Chair agreed with Mr Heyink that the Bill should clearly state the body responsible for leading the Bill.

Ms Smuts stated that the European approach is one of co-operation between government and the private sector, and this approach has generated huge success in their sophisticated and advanced e-commerce industry. This calls into question the need for mandatory accreditation when the majority of businesses already provide, very successfully, this service.

Mr Heyink responded that the accreditation mechanism required here needs a high level of expertise and knowledge of encryption. An additional problem created by the Bill is that requires advanced electronic signatures which needs substantial funds to implement this, yet finances cannot be used to buy the time needed to properly train these service providers. This could result in a lacuna being created until the Department is able to address this matter. It has to be accepted that this is a huge task, let alone the infrastructure needed to implement this.

Ms Smuts stated further that the Bill emphasises the role of government, and the definition of "public body" has to be considered further because it mirrors the definition contained in the Constitution. Furthermore, this is not just about government departments who actually form the focus of Chapter 4, and this matter has to be clarified because it might not even be referring to private bodies.

Mr Heyink stated that he expects the drafting process did envisage some distinction between public and private bodies because Clause 1 does contain a definition of private body, yet this term is not mentioned anywhere else in the Bill.

The Chair requested Mr Heyink to respond to the assertion by the SAPO that it can be a PASP.

Mr Heyink replied that the SAPO would have to show that it is truly a PASP in every sense and that its information security capabilities in all its services are adequate to gain the public's trust. Too much stock cannot be placed in the face-to-face protocol alone because, although it is an important asset, it does not fully explain how it ensures security. Furthermore, the SAPO does not provide a digital signature but only a digital certificate, which relates only to the identity of the user, and the technology for this application is provided by another party.

Briefing by Cape Telecommunications Users Forum
Mr Glen Thompson and Mr Alan Levin from the Cape Telecommunications Users Forum (CTUF) addressed the Committee. Mr Thompson stated that CTUF supports the objects of the Bill, as much of the contemporary law cannot cater for electronic transactions, but contended that it is over-ambitious and over-prescriptive in certain areas and raises the very real danger of creating new obstacles to frustrate its own aims. CTUF is particularly concerned that the Bill locates a very wide range of functions and powers within the exclusive domain of the Minister of Communications and the Department of Communications. In almost every case it believes these powers and functions concern a far greater range of stakeholders.

CTUF believes that in general, South Africa should be vigilant about the dangers of over-regulation, and government should not seek to regulate online transactions except to the extent that such regulation is required to create an enabling environment and remove restrictions.

Furthermore, the CTUF is concerned that the drafters of the Bill have not always adequately grappled with the implications of a global information sphere. There are several provisions - for example in Chapter V on cryptography providers, dealt with in detail below - that seek to impose conditions on service providers who may be located anywhere in the world. CTUF believes that the most likely effect of such provisions is that many global e-commerce entities will simply refuse to do business with South Africans. This cannot be allowed to come to pass.

Mr Levin detailed the specific objections raised by CTUF with regard to particular provisions in the Bill, and these are contained in the submission.

Discussion
Ms M Magazi (ANC) noted that CTUF objected to the manner in which Clauses 6 to 10 deal with small/medium/micro enterprises (SMME's), and questioned whether this means that CTUF is of the opinion that SMME's should not be dealt with in this Bill at all.

Furthermore, the presentation questions the wide-ranging powers granted to the Minister, but it should be remembered that the purpose of such authorisation is to rectify the injustices and inequalities of the past.

Ms W Newhoudt-Druchen (ANC) noted that the presentation calls for the deletion of the needs of the special community, and requested CTUF to explain the reasoning behind this assertion.

Mr Magashule stated that one of the objects of the Bill is the promotion of SMME's, yet the presentation lists, in detail, the ways in which the Bill hampers the promotion of SMME's. Perhaps the DG should clarify this matter.

Mr Thompson replied to these questions by informing Members that CTUF does not discount the need for redress in the social and equity framework, but this Bill deals exclusively with the electronic medium outside of the political sphere. The focus of this Bill is on institutional power and not political power, and the White Paper process is preferred to devise a better strategy to meet the needs of those communities. The context of the Bill is therefore apolitical.

Mr Levin added that CTUF does want this deletion, because it is of the opinion that the "promises" made by the Bill are empty and merely paying lip-service to the needs of these communities. Actual details are needed here. CTUF is not aiming to disenfranchise anyone, but the inclusion of such clauses "must have meat" in this Bill.

Mr Magashule stated that examples are needed of countries with Ministers or a government that is not much involved in this field.

Mr Levin replied that this problem has been recognised in Australia many years ago, and has taken a proactive step in establishing a national office for information on matters included in the Bill. In the United Kingdom their Department of Trade and Industry deals with the telecommunications industry, and thus the Departments of Trade and Industry and Telecommunications are subsumed into a single government department. Zimbabwe has adopted a similar approach by creating the office of the E-Envoy, which deals with issues closely related to those covered by the Bill.

There were no further questions or comments and the meeting was adjourned.

Appendix 1
Comments of the Chairperson of the Portfolio Committee on Communications:
Public Hearings: Electronic Communication and Transaction Bill
14 May 2002

We have received 58 written submissions and this week we are expecting to listen to 20 oral submissions from industry players in the telecomms and banking sector data and Internet service providers, the credit bureau, the post office and consulting and legal firms. We have followed with keen interest the debate that is taking place in the media, and as lawmakers we are hoping to benefit from your insights and reflections.

Africa is the least computerised continent; with fewer than 5 million Internet users; the majority being in South Africa alone. Our country has a high level of industrialisation; a well-developed economy, a sophisticated banking and finance infrastructure, and we are a significant player in global trade. We have however, two worlds in one, one developed and comparable with any other developed country; whilst the other is underdeveloped and poor. We, as South Africa must lead; we must lead in the provision of infrastructure, organisation and legislative precedent.

Indeed, we have improved our infrastructure capacity in the last 8 years We have built a network backbone to support online trading, online communication, online commerce, and online entertainment. The roll out of electricity provision, telephone services and greater access by communities, schools and clinics to computers and telephones, through telecentres and multipurpose community centres, act as a platform for electronic commerce and transaction activities. However, we are sadly lacking in the training of human skills and this remains a major concern. We cannot have equipment without operators, or Systems and programmes without local content.

Government has the responsibility to facilitate the provision of services and to promote universal service and access. It must encourage access usage and the growth of online services in clinics, schools and tertiary institutions. It must encourage the development of human resources and training and capacity building. It must support initiatives aimed at encouraging ownership and the entry into the economy of historically disadvantaged individuals and communities.

Government must maintain law and order and ensure that all citizens and online users use online services. These users must also enjoy privacy and protection from fraudulent and criminal activities. There is no intention to stifle the growth of the Internet or to restrict access to it.

The industry has a major role to play in ensuring that we do not lose the momentous growth of the Internet. We are urging all stakeholders to work with government to realise this historic task of building a new online platform for trade, commerce and transactions between business to business, businesses to consumers and e-government.

Consumer protection is what we are all interested in and we are committed to ensuring that every person who wants to buy, sell or enter into any sort of electronic agreement is able to do so and is fully protected. The challenges of globalisation demands of us to pass good law and with your in put and insight we will pass this historic piece of legislation to enable electronic communication and transaction in our country.