Electronic Communications & Transactions Bill: hearings

This premium content has been made freely available

Communications and Digital Technologies

15 May 2002
Share this page:

Meeting Summary

A summary of this committee meeting is not yet available.

Meeting report

COMMUNICATIONS PORTFOLIO COMMITTEE
15 May 2002
ELECTRONIC COMMUNICATION AND TRANSACTIONS BILL: PUBLIC HEARINGS
 


Chairperson: Mr N Kekana (ANC)

Submissions handed out:

Johannesburg Securities Exchange
Cell C submission
Cell C Powerpoint presentation
CO.ZA Administrator
Uniforum SA(pdf file)
Multi-Choice
Electronic Communications and Transactions Bill [B8-2002]

Other documents handed out:
Multi-Choice: Detailed Drafting Comments On Chapter III-Facilitating Electronic Transactions (Appendix 1)
Multi-Choice: USA Initiatives to protect Critical Infrastructure (Appendix 2)

SUMMARY
The majority of stakeholders complained of lack of prior consultation before drafting the Bill. The submissions warned that the pace of technological advancement and innovations is so fast that it would overwhelm the most competent lawmaker. The business community warned that government was being overly rigid and bureaucratic in the way it was regulating this domain. Various chapters of the bill simply fall on their own swords, and should be axed or amended. As the meeting was two hours late in starting due to a venue change, discussion was reserved for a follow-up meeting.

MINUTES
The Chairperson, in opening the meeting noted that its purpose was to act in line with the democratic principles of full consultation and participation.

Cell-C submission
Cell-C was represented by a panel of four people: Zwelakhe Nankazana (Director), Pierre Obeid (Senior Network and Operations), Nerisha Pillay (Legal Advisor), Pheladi Gwangwa (Regulatory and Planning Manager) and Dewald Jacobsohn (E-commerce System Administrator).

Ms Pillay stated that South Africa must develop law in harmony with international best practice to ensure global trading, whilst taking cognisance of unique South African circumstances. Cell-C's view is that government must not seek to introduce additional obligations into the market to bring e-commerce to society hurriedly. They suggested that the government should consult with private sector players like Cell-C in the formulation and implementation of the e-strategy. Cell-C went on to show that it was unclear what the drafters of the bill were trying to achieve in some sections.

One of the most pressing issues was Clause 45 which deals with consumer protection. They submitted that there are certain areas where this clause should not apply such as when a consumer is buying intangible goods such as pre-paid voucher recharge and sim card.

Another matter was that of protection of personal information. Cell-C indicated that current law in South Africa does not adequately protect information privacy. Cell-C see this as a barrier to development of e-commerce as there is no confidence in the protection of privacy while engaging in e-commerce transactions.

In sum, Cell-C's view is that "the bill creates a barrier to the entry of South Africans by introducing complex and uncertain provisions in law". Therefore, attention should be focused on creating simple, effective and clear law. Cell C emphasised that the issues should be addressed with the recognition of the unique nature of e-commerce and the inherently dynamic nature of information technology. While it is necessary to protect the consumers and privacy, there is a need to develop effective and legitimate policy and regulatory frameworks.
We will follow up our plan for cyber defense with a second plan focusing on how Government can work with the Nation's infrastructure sectors to help assure the reliability and physical security of essential services from major disruptions. This forthcoming plan will rely heavily on input from the companies and organizations that comprise the complex networks that provide for economic well being, health, safety , and security of the American people."

    "The relationship among industry, state and local governments and the Federal Government should be one of positive, voluntary cooperation, shaped by all participants. Officials at all levels of government and private sector representatives should interact frequently, perhaps continuously, in order to ensure mutual understanding of concerns, needs, and expectations. The Government should not seek to direct private sector compliance, either through law or regulation. Most importantly, it means that the Government should not take any action that would undermine civil liberties.

    American efforts to protect our critical infrastructures will be a product of this public-private partnership. Therefore, this chapter of the National Plan is not a plan at all, but a framework for building the partnership, an outline of how the Federal Government can contribute and encourage development of public-private cooperation. As such, the chapter considers the private sector and state and local government together, recognizing that there are clear differences between these two sectors. If we are successful, future editions of this section of the National Plan will move beyond the framework described here, and describe a full spectrum of specific actions and programs that have been jointly agreed upon by industry and all levels of government."

    Executive order issued by President Bush in October 2000

    1. The Executive Order imposes responsibilities on -
      1. the Director of the Office of Management and Budget, who has the responsibility to develop and oversee the implementation of government-wide policies, principles, standards and guidelines for the security of information systems that support the executive branch departments and agencies;
      2. the Secretary of Defence and the Director of Central Intelligence;
      3. the Heads of Executive Branch Departments and Agencies.
    2. The Executive Order establishes a Board which is mandated to "recommend policies and coordinate programmes for protecting information systems for critical infrastructure, including emergency preparedness communications, and the physical assets that support such systems". The responsibilities of the Board include -
      1. outreach to the private sector and state and local governments;
      2. information sharing;
      3. incident co-ordination and crisis response;
      4. recruitment, retention and training executive branch security professionals; and
      5. research and development.
    3. As regards the first-mentioned responsibility, the Executive Order mandates the Board, in consultation with affected Executive Branch Departments and Agencies, to "coordinate outreach to and consultation with the private sector, including corporations that own, operate, develop, and equip information, telecommunications, transportation, energy, water, health care, and financial services, on protection of information systems for critical infrastructure, including emergency preparedness communications, and the physical assets that support such systems; and coordinate outreach to State and local governments, as well as communities and representatives from academia and other relevant elements of society."
    4. The primary focus of the National Plan concerns initiatives by the federal government in relation to computer security and information resources management. However, the National Plan identifies, in addition, the need for a public-private partnership. The chapter dealing with this issue states:

      "The Need for Public-Private Partnerships

      The Federal Government alone cannot protect U.S. critical infrastructures. Private industry and state and local governments directly own, effectively control, or greatly influence the large majority of the infrastructures that are vital to our national security and economic well-being. Therefore, the Federal Government can only help defend these critical infrastructures through effective cooperation with industry, and state and local governments. Attempts by the Federal Government to do the job alone will fail.

      This is not to say that the Federal Government has no role or only a limited role in protecting private sector infrastructures, but the Federal Government must act through cooperative means. The Federal Government must develop a relevant case for action to urge the private sector into motion, share information with the private sector about threats and potential remedies, support the private sector to design its own defensive programs, provide incentives for the private sector to implement those programs, remove obstacles to private sector action, spur important research and development, and, at times, provide overall national leadership. The relationship between the Federal Government and private sector infrastructure providers should be a full and complete partnership."

    5. The "Principles of Partnering" were identified as the following -
      1. voluntary;
      2. mutual concerns, with achieving clear, focused, well-defined goal(s);
      3. key complementary capabilities and roles exist between the participants;
      4. mutual understanding of each participant's values, expectations, needs, concerns, and individual objectives;
      5. persistent/frequent interaction;
      6. mutual trust on action; and
      7. starts with planning.
    6. The National Plan continued:
    7.  

      Johannesburg Securities Exchange (JSE) submission
       

      Mr Kgosi Monaisa and Ms Phillipa Stratten gave the presentation on behalf of the JSE. It was noted that a significant amount of their share trading is dealt with through the Internet. The Bill directly affects their scope and manner of operation. Though welcoming the Bill, they stated that government had to ensure that the Bill does not cause any confusion in the electronic commerce field.

      Comments
      Mr. Gore (DP) asked the JSE whether they were in favour of self-regulation or co-regulation. This question appeared not to be answered.

      The Chairperson, Mr. Kekana, commented about the JSE move to London and asked how it was going to affect South African citizens who trade with the JSE.

      Ms. Phillipa Stratten said that the move was both stressful and advantageous to South African traders. Strenuous because they will have to learn to adjust to new rules but advantageous since they are now part of the broader international market.

      CO.ZA Administrator submission
      Mr. Mike Lawrie described himself as the manager and administrator of the South Africa's Internet service since 1990. He said that the government had not held any consultations with him concerning the new bill. He maintained that he had been astonished to find a secret document marked "Confidential" outlining the government's intentions to unleash a new law to govern the electronic commerce. This document was secretly handed to him by someone from the Department of Communications in 1999.

      According to Mr. Lawrie, there should have been more consultation with the electronic communication experts by government before drafting the bill. His biggest 'thorn" was Chapter 10 of the Bill. He again stated that the government seemed to have not done enough consultation with the experts on communication technology. He further reiterated that technology "is not a political issue" and that "there should be only participation - not control - by government plus a legal framework on the management and administration of .ZA". He saw Chapter 10 as a pipe dream and urged government to axe it or to refrain from dealing with issues that require technical expertise. He emphasised: "I'm not interested in continuing as administrator of the ZA…I'm not blocking the bill…but what I want is a proper hand-over process and there are issues of compensation to myself"

      Comments
      The Chairperson warned Mr. Lawrie not to claim the Internet. He indicated that no individual has the right to claim the ownership of Internet in South Africa. He continued that the roots of Internet can be traced back to the military.

      Uniforum SA's submission
      Uniforum SA's director indicated that Uniforum is a not-for-gain organisation tasked with the administration of the CO.ZA. He added that Uniforum has done much in terms of social responsibility such as translating information technology terms into South African languages.

      He stated that before passing the bill there needed to be international consensus since there are international Internet stakeholders. He repeated Mr. Mike Lawrie's point that the government had not consulted enough before drafting the Bill.

      Their comment on Chapter 10 of the Bill was that it does not comply with the process that must be followed for the hand-over from the .ZA administrators. He warned the committee that there was still no mutual consensus and the Bill cannot be passed under those circumstances. Negligence to achieve that would undoubtedly lead to unintended consequences. The government has to comply with the internet community.

      The examples of Japan and Australia were noted where their governments gave the authority and administration of these services to private people but retained the right to step in if things go wrong. He stressed that if one drafts legislation that imposes restrictions and costs, this will drive investment away.

      Comments
      The Chairperson maintained that while the submission made by the Uniforum was of significant importance, Uniforum should realise that the primary thrust of the Bill was to protect consumers. He continued that whether or not someone tries to be a stumbling block, the Bill will be passed. "But if you feel the government is acting unconstitutionally, you have the right to take it to the Constitutional Court"

      Multi-Choice presentation.
      The Multi-Choice presenters went through the Bill chapter by chapter showing how it impacts on Multi-Choice's business operation. They held that while the Bill was good, it contained some complexities and challenges to the business community.

      The panel saw Chapter 2 and 4 as white elephants indicating that the government can still achieve its objectives without these two chapters. They urged the Department to remove these chapters from the Bill.

      The panel stated that Chapter 5 does not comply with international best practice. They gave as examples the UK and US models. In the UK, for example, registration is voluntary in order to encourage the use and development of Internet generally. They urged the government to adopt the US and UK approach.

      Chapter 6 was also viewed with strong scepticism. They indicated that it will affect their daily operations. The panel advised the government to adopt a two tier approach like that of the European Union (EU). Chapter 6 needed to be amended to ensure that it is in line with international best practice.

      Multichoice believes that there is no need for Chapter 7 since the business community has its own standards for consumer protection. They prefer the US and Canadian model which gives the business community self-regulation. They saw Chapter 7 as a duplication since there are enough organs such as the South African Bureau of Standards and consumer protection organisations that protect consumers in South Africa. They believed that electronic commerce should not be regulated. They therefore suggested that Chapter 7 should be axed.

      Chapter 8 as well was not welcomed by Multi-Choice. They advised the government to wait for the South African Law Commission to release its report before triggering this bill. This chapter was seen as "rigid", "bureaucratic" and "unjust". It was stressed that the issues which Chapter 8 aims to address should be dealt with through co-operation and partnership between state and business community. They therefore urged the Department to do away with Chapter 8.

      The Multi-Choice panel also dismissed Chapters 11, 12 and 14. These chapters impose a heavy burden on business and they will block innovation and the development of electronic commerce and telecommunication industries in South Africa.

      In conclusion, they reminded the Committee that the purpose of electronic commerce was to lower the cost of transactions. Therefore the government should be careful not to kill the goose that lays the golden egg by imposing more and more regulations.

      Meeting adjourned.
      Appendix 1:
      DETAILED DRAFTING COMMENTS ON CHAPTER III - FACILITATING ELECTRONIC TRANSACTIONS

      Words bold type in square brackets indicate our proposed omissions from the existing text of the Bill, and words underlined indicate our proposed insertions.

      s11 - Legal recognition of data messages

        "Where the law requires a signature of a person, that requirement is met in relation to a data message if -

        (a) a message is used to identify that person and to indicate that person's approval of the information contained in the data message; and

        (b) that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement."

        1. In comparison, s13 of the Bill is unnecessarily complicated :
          1. s13 seeks to distinguish between an "advanced electronic signature" (which phrase is defined in the Bill as "an electronic signature which results from a process which has been accredited by the Authority as provided for in section 38") and a non-advanced/ordinary "electronic signature" (which is defined in the Bill as "data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature"). The very different consequences which flow from whether an electronic signature is an "advanced electronic signature" or simply an "electronic signature" are not warranted, and serve to render the accreditation system (see Chapter VI) compulsory, as opposed to voluntary. If this distinction is to be retained, it should be merely so as to facilitate the establishment of the validity of an electronic signature, and not to render the system compulsory.
          2. s13(4) does not appear to alter the common law, and it is accordingly unnecessary.
          3. Given what we have stated in the preceding subparagraphs, there is no need for subsection (5).
        2. We accordingly propose that the current wording of s13 of the Bill be deleted and replaced with the following:

          "Where the law requires a signature of a person, that requirement is met in relation to a data message if -"

          (a) that person uses an electronic signature; and

          (b) a method is used to identify that person and to indicate that person's approval of the information contained in the data message, and that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the relevant circumstances, including any relevant agreement.

          s14 - Original

        3. Our comments on s14 of the Bill are minor. We propose s14 read as follows :

          "(1) Where [a] the law requires information to be presented or retained in its original form, that requirement is met by a data message if -

          (a) the integrity of the information from the time when it was first generated in its final form, as a data message or otherwise, has passed assessment in terms of subsection (2); and

          (b) where it is required that information be presented, that information is capable of being displayed or produced to the person to whom it is to be presented.

          (2) For the purposes of subsection (1)(a), the integrity must be assessed -

          (a) by considering whether the information has remained complete and unaltered, except for the addition of any endorsement or any immaterial change which arises in the normal course of communication, storage [and] or display;

          (b) in the light of the purpose for which the information was generated; and

          (c) having regard to all other relevant circumstances."

          s15 - Admissibility and evidential weight of data messages

        4. Our comments relate to s15(1) of the Bill, and are minor. We propose s15(1) read as follows :

          "(1) In any legal proceedings, the rules of evidence must not be applied so as to deny the admissibility of a data message [in evidence] -

          (a) on the [mere] sole ground[s] that it is [constituted by] in the form of a data message;

          (b) if it is the best evidence that the person adducing it could reasonably be expected to obtain, on the ground[s] that it is not in its original form.

          s16 - Retention

        5. Again, most of our comments as regards s16 are minor :
          1. In order to avoid a narrow interpretation, we propose that in the opening to s16(1), the phrase "Where a law" be changed to read "Where the law…".
          2. s16(1)(c) contemplates that a data message be sent or received. However, a data message may simply have been generated. We therefore propose that in s16(1(c) the word "generated" be inserted before the word "sent".
          3. We suggest that it would be better to begin s16(2) with the word "An" instead of "The".
        6. The UNCITRAL Model Law provides that the retention requirement is satisfied if the information is retained by a third party. We propose that an equivalent provision be introduced into s16 as subsection (3), and that it be worded as follows :

          "A person may satisfy the requirement referred to in subsection (1) by using the services of any other person, provided that the conditions in subsection (1) are met."

          s17 - Production of information

        7. Firstly, we believe it would be more logical to shift this section to before s14, since this section deals with a more general requirement than the specific requirement that information be in its original form.
        8. Secondly, in the interests of consistency and clarity, and noting the defined terms, we propose that s17 be reworded as set out below. Since our changes are numerous, we thought it would be easier to put up the proposed alternative wording without attempting to indicate all the changes :

          "(1) Subject to s29, where the law requires a person to produce a document or information, that requirement is met if the person produces that document or information in the form of a data message, and, considering all the relevant circumstances at the time the data message was sent -

          (a) the method of generating the data message provided a reliable means of ensuring the maintenance of the integrity of the information contained in that data message; and

          (b) it was reasonable to expect that the information contained in that data message would be accessible in a manner usable for subsequent reference.

          (2) For the purposes of subsection (1), the integrity of the information contained in a data message is maintained if the information has remained complete and unaltered, except for the addition of any endorsement or any immaterial change which arises in the normal course of communication, storage or display.

          s18 - Notarisation, acknowledgement and certification

          "
        9. Again, our comments relate to the drafting of this section. We propose that it reads as follows :

          "(1) Where [a] the law requires a signature, statement or document to be notarised, acknowledged, verified, or made under oath, and the signature is an electronic signature or the statement or document is in the form of a data message, that requirement is met if the [advanced] electronic signature of the person authorised to perform those acts is attached to, incorporated in, or logically associated with, the electronic signature or data message.

          (2) Where [a] the law requires or permits a person to provide a certified copy of a document and the document [exists in electronic form] is in the form of a data message, that requirement is met if the person provides a print-out certified to be a true reproduction of the document [or information].

          s19 - Other requirements

        10. We propose that s19(1) be reworded as follows :

          "A requirement under [a] the law for multiple copies of a document to be submitted to a single addressee at the same time[,] is satisfied by the submission of that document in the form of a single data message that is capable of being reproduced by that addressee."

        11. As regards s19(2), we understand and applaud the drafters' intention of facilitating electronic communications and transactions. However, we are concerned that the subsection may be worded too widely. We would caution that before proceeding with this subsection, its implications are carefully considered. There may be situations where the law imposes an obligation on a person to publish or make available a document, and they do so by way of a data message : the rights of persons who cannot access that data message may be adversely affected. For example, a law may require a public body to publish a notice in the Government Gazette - if the notice is only published electronically, members of the public without Internet access (which would constitute a majority), would be potentially prejudiced. We therefore urge the Committee to reconsider this subsection, so that its positive consequences remain, but any possible negative consequences are eliminated.
        12. We are also concerned as to how s19(2) of the Bill is to be read with s20 of the Bill.

          s20 - Certain other legislation not affected

        13. This section is likely to give rise to interpretative difficulties. We propose, firstly, that it simply provides :

          "This Act does not limit the operation of any law that expressly authorises, regulates or prohibits the use of data messages."

        14. Secondly, since this section applies to the whole Act and really relates to the application of the Act, the provision ought to be shifted into s4, which deals with application.

          s21 - Automated transactions

        15. Although the UNCITRAL Model Law does not specifically address automated transactions, the UNCITRAL provisions for a draft convention on legal aspects of electronic commerce inform our comments.
        16. The definition of an "automated transaction" should be amended to reflect commercial and technological reality. This is the approach followed in the UNCITRAL provisions, as well as in the USA's Uniform Electronic Transactions Act, 1999, and Canada's Uniform Electronic Commerce Act, 1999. We therefore propose that an "automated transaction" be defined as "an electronic transaction conducted or performed, in whole or in part, by means of data messages in which the conduct or data messages of the electronic agent is not reviewed by a natural person each time an action is initiated or a response is generated by the system".
        17. s21(d) and (e) of the Bill are provisions which protect natural persons dealing with electronic agents. They relate to consumer protection. Their inclusion in this section is therefore inappropriate. As regards the remaining provisions of s21, we propose that they be reworded as follows :

          "21(1) Parties may enter into an agreement where - "

          (a) an electronic agent performs an action required by law for agreement formation;

          (b) all or either one of the parties to a transaction uses an electronic agent.

          21(2) A party using an electronic agent to enter into an agreement is bound by the terms of that agreement, irrespective of whether that person reviewed the actions of the electronic agent or the terms of the agreement.

          s22 - Variation by agreement between parties

        18. We believe that this section could be drafted more clearly, namely as follows :

          "As between parties involved in generating, sending, receiving, storing or otherwise processing data messages, the provisions of this Part may be varied by agreement."

          s23 - Formation and validity of agreements

        19. We propose that s23(1) be reworded as follows :

          "An agreement is not without legal force and effect [merely] solely because it [was] is concluded partly or in whole [by means] in the form of a data message[s]."

        20. Since subsection (2) deals with the time and place of conclusion of an agreement, it is more appropriate to shift it to s24.

          s24 -Time and place of communications, dispatch and receipt

        21. We note that the definitions in the Bill of "addressee" and "originator" are modelled on the equivalent definitions in the UNCITRAL Model Law. We are concerned, however, that the definitions are subjective. In other words, the addressee is the person who is intended by the originator to receive the data message. Similarly, the originator is the person by whom, or on whose behalf, a data message purports to have been sent. This is problematic, given the fact that s24 provides that a data message is regarded as having been sent by the originator, and received by the addressee, regardless of any errors or problems in the addressing, sending or receiving of the data message. The data message is further regarded as having been sent from and received at the usual place of business of the originator and the addressee respectively, regardless of whether the data message is actually sent from or received by the originator or addressee. Although the parties' place of business is deemed to be the place of dispatch and receipt in a number of jurisdictions, this phrase is problematic in the absence of further clarity. Firstly, the use of the words "place of business" excludes consumers. Secondly, the place of business of an entity is often hard to pinpoint in Cyberspace. Clarity, particularly as regards where a data message is received, is important, since it has jurisdictional implications.
        22. We therefore propose the following definitions -
          1. "Addressee" means "a person to whom an originator addresses a data message and whom the originator intends to be the recipient of the data message, but does not include a person acting as an intermediary in respect of that data message".
          2. "Originator" means "a person by whom, or on whose behalf, a data message is sent or generated prior to storage, if any, but does not include a person acting as an intermediary in respect of that data message".
        23. Relying in part on s15 of the American Uniform Electronic Transactions Act, 1999, and article 15 of the UNCITRAL Model Law, we propose that s24 read as follows :

          "A data message used in the conclusion or performance of an agreement must be regarded as being sent when it - "

          (a) is addressed properly or otherwise directed properly to an information system that the addressee has designated or uses for the purpose of receiving data messages, and from which the addressee is able to retrieve the data message;

          (b) is in a form capable of being processed by that information system; and

          (c) enters an information system outside the control of the originator or enters a region of the information system which is under the control of the addressee.

          (2) A data message used in the conclusion or performance of an agreement must be regarded as being received when it -

          (a) enters an information system that the addressee has designated or uses for the purpose of receiving data messages, and from which the addressee is able to retrieve the data message;

          (b) is in a form capable of being processed by that information system.

          (3) Subsection (2) applies even if the place at which the information system is located is different from the place the data message is deemed to have been received under subsection (4).

          (4) A data message is deemed to be sent from the originator's place of business and to be received at the addressee's place of business. For purposes of this subsection -

          (a) if the originator or addressee has more than one place of business, the place of business of that person is the place having the closest relationship with the underlying transaction;

          (b) if the originator or addressee does not have a place of business, the place of business is the originator or addressee's place of residence, as the case may be.

          (5) A data message is received under subsection (2) even if no individual is aware of its receipt.

          (6) If a person is aware that a data message purportedly sent under subsection (1) or purportedly received under subsection (2) was not actually sent or received, the data message will not be deemed to have been sent or received.

          (7) An agreement concluded between parties by means of a data message is concluded at the time when and place where the acceptance of the offer was received by the offeror.

          This proposal includes the content of present s23(2) and s24 of the Bill.

          s25 - Expression of intent or other statement

        24. s25 is unnecessary, since s11 of the Bill is wide enough to include an expression of intent.

          s26 - Attribution of data message to originator

        25. If our proposals as regards s24 are accepted, we have no comment as regards this section. If, however, our proposals are not accepted, then the following subsection (2) ought to be inserted :

          "Subsection (1) does not apply where the addressee knew or ought to have known, had the addressee exercised reasonable care, that the data message was not that of the originator."

          s27 - Acknowledgement of receipt of data message

        26. The words "sufficient to indicate to the originator that the data message has been received" should apply to paragraphs (a) and (b). We therefore propose that s27(2) read as follows :

          "An acknowledgement of receipt may be given by any communication by the addressee, automated or otherwise, or any conduct of the addressee, sufficient to indicate to the originator that the data message has been received."

          Re-ordering of certain sections in Part 2

        27. We believe it would be more logical to re-order the sections in Part 2 so that they flow as follows -
          1. variation by agreement between the parties;
          2. formation and validity of agreement;
          3. attribution of data messages to originator;
          4. acknowledgement of receipt of data message;
          5. time and place of communications, dispatch and receipt.

        Appendix 2:
        Multi-Choice

        USA INITIATIVES TO PROTECT CRITICAL INFRASTRUCTURE

        National Plan for Information Systems Protection, 2000
         

        The National Co-ordinator for Security, Infrastructure Protection and Counter-Terrorism, in the first few passages of the National Plan stated:

        "A Real Public-Private Partnership… Not Dictated Solutions

        The President has ordered that the Federal Government will be a model of computer system security. Today it is not. The Defense Department is well on its way to creating secure systems, but civilian Agencies are also critical and they are generally still insufficiently protected from computer system attack. This Plan proposes additional steps to be taken by DoD and by the rest of the Federal Government.

        The private sector infrastructure is, however, at least as likely to be the target for computer system attack. Throughout the modern era, critical industries and utilities have been targets for destruction in conflicts. America's strength rests on its privately owned and operated critical infrastructures and industries.

        Already, privately owned computer networks are being surveyed, penetrated, and in some cases made the subject of vandalism, theft, espionage, and disruption. While the President and Congress can order Federal networks to be secured, they cannot and should not dictate solutions for private sector systems.

        Thus, the Plan, at this stage, does not lay out in great detail what will be done to secure and defend private sector networks, but suggests a common framework for action. Already some private sector groups have decided to unite to defend their computer networks. As they commit to this activity, the Federal Government can and will help them, in the spirit of a true public-private partnership. The Government will not dictate solutions and will eschew regulation. Nor will the Government infringe on civil liberties, privacy rights, or proprietary information.

        This is Version 1.0 of the Plan. We earnestly seek and solicit views about its improvement. As private sector entities make more decisions and plans to reduce their vulnerabilities and improve their protections, future versions of the Plan will reflect that progress.

        Elements of the Solution … and above all, Trained People


        As you will see in the text, the Plan will build a defense of our cyberspace relying on new security standards, multi-layered defensive technologies, new research, and trained people. Of all of these, the most urgently needed, the hardest to acquire, and the sine qua non for all else that we will do, is a cadre of trained computer science/information technology (IT) specialists.

      1. In subsections (1) and (2) of s11 of the Bill the word "merely" is used, whereas the word "solely" is used in the UNCITRAL Model Law and the American Uniform Electronic Transactions Act, 1999. We believe that "solely" has a clearer meaning and should therefore replace "merely".
      2. The word "grounds" ought to be in the singular.
      3. As regards subsection (3), the common law already provides for incorporation by reference. We therefore do not believe subsection (3) is necessary.

        s13 - Signature

      4. The equivalent provision in the UNCITRAL Model Law provides :
      5. Audio

        No related

        Documents

        No related documents

        Present

        • We don't have attendance info for this committee meeting

        Download as PDF

        You can download this page as a PDF using your browser's print functionality. Click on the "Print" button below and select the "PDF" option under destinations/printers.

        See detailed instructions for your browser here.

        Share this page: