Electronic Communications & Transactions Bill: hearings

Meeting report

COMMUNICATIONS PORTFOLIO COMMITTEE
17 May 2002
ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL: PUBLIC HEARINGS

Chairperson:

South African Chapter of the Internet Society; ISOC-ZA presentation
AfricaBio / Versfeld Nkosi Inc Comments
AfricaBio Submission
Banking Council submission
Submission by Comparex
Submission by Namespace ZA (executive summary included in the minutes)
Annexures to the Namespace submission can be accessed at www.namespace.org.za
Submission by Internet Service Providers' Association
Submission by Linux Professional Association - Appendix 1
Submission by Electronic Commerce Association of South Africa - Appendix 2

SUMMARY
A common theme through all the submissions is that Chapter 5 dealing with cryptography and Chapter 10 dealing with the domain name authority must be deleted from the Bill. It is submitted that the ZA domain is currently administered very well and government should not try and take control thereof. The nature of the internet environment is such that it would be easy for South Africa to be isolated from the global internet network if the domain is not run properly and according to recognised rules. The chair kept discussion to a minimum because of time but all the presenters were invited to join the committee in deliberations where they would have a further opportunity to interact.

MINUTES
The South African Chapter of the Internet Society; ISOC-ZA
The submission was presented by the Chairperson, Rosi Stevenson and William Stucke.

Ms Stevenson introduced ISOC-ZA as the South African arm of a US based organisation that was formed 10 years ago. Only ISOC was recognised as being the 'owners' of the internet. It was submitted that the ECT Bill is welcomed but amendments are needed.

Ms Stevenson took the committee through chapter 1 - definitions, and pointed out those that needed amendments.

Mr Stucke went through each chapter.

ISOC had no problem with Chapter 2 but felt that there are no provisions to benefit the disabled and the previously disadvantaged. He said that the US had legislation in section 508 of the Rehabilitation Act that was specific about how WebPages should be structured to make it easier for the disabled.

Chapter 3 is the heart of the Bill and there are no major concerns.

Chapter 4 is welcomed.

Chapter 5 dealing with cryptography is the first major concern of ISOC. The provisions are not clear and as it stands could have various unintended consequences. It was submitted that the provisions have no public benefit and the whole chapter should be deleted.

Chapter 6 has the provisions on the Authentication Service Providers. It was submitted that this chapter does not serve much of a purpose and is a waste of taxpayer money. The US attempted to regulate this area as well but it damages US credibility and ultimately profits. Thereafter regulation in this area was relaxed.

It was submitted that this chapter should be deleted.

The consumer protection provisions, Chapter 7, does not go far enough to protect organisations. The compliance process for SMME's in this chapter is very cumbersome.

Chapter 10 - Domain Name Authority and Authorisation
The appointment of members by the board is a gross violation of democracy. It was submitted that excessive control by the department will not benefit the industry. ISOC agrees with the submission of Namespace on this chapter and feel that the government will not be able to administer the .za name space better than the private sector. It was submitted that parts 1, 2 & 3 must be deleted and an external private sector body should administer the .za name space.

Chapter 11 dealing with the limitation of liability for service providers is very good.

Cyber - Inceptors in chapter 12 should be under the Department of Justice and not the department of communications. It would be important that these officials are well trained and must have more than a working knowledge of desktop operating systems.

Chapter 13 dealing with cyber crime is welcomed but the word 'unlawful' in clause 90(3) needs to be clarified be cause it seems that the net is cast to wide in that actions that should be lawful could be regarded as unlawful under this clause.

In summary, ISOC welcomes the Bill but feel that there are certain provisions that must be deleted. A revision of certain provisions will boost the economy and benefit the citizens.

Discussion
Ms Newhoudt-Druchen (ANC) asked for clarity on the reference to section 508 of the Rehabilitation Act (USA) that takes into account the disabled.

Mr Stucke said that the section provides a standard for HTML WebPages. The purpose is to make it easier for sight impaired people to easier read the web page. The section provides standards on how to structure the content of the WebPages.

The member followed up and asked if South Africa had anything like this, to which Mr Stucke answered that it did not.

Mr Morkel (NNP) asked if the technology was not yet available or if the services had not yet been rolled out.

Mr Stucke replied that the technology is available. He added that something like section 508 should be mandatory for government departments. It is very expensive to re-code the WebPages but he submitted that government should lead by example.

Ms Magazi (ANC) commented that at the hearings people were quoting from Australia, Canada and the US to illustrate their advancement and their balanced legislation that makes it easy for the industry to operate. She asked if there were no other countries with as advanced technology. The member commented that when industry makes presentations they do so because they do not want to loose profit. The member felt that industry was resistant to change. They want to be part of the new South Africa but still ant to hold on to the policies of the past by not wanting to let government exercise fully their legislative and policy making powers. She added that SA was a developing country and government is trying to build and make it a more normal society.

Mr Stucke replied that ISOC-ZA was not a company and did not make a profit. He added that he and is colleague was not being paid to be there and fortunately managed to get sponsorship for airfare and accommodation.
In response to the rest of the comment he said that it was not a question of technology but rather legislation. South Africa is a leader in many areas. There are also many people in Africa that are leaders in their field. South Africa leads Africa id terms of telecommunications but not in telecommunications legislation. As far as internet legislation is concerned there is very little to compare the ECT Bill to.

Mr Maziya (ANC) referred to the presenters concern that the Minister appoints the Board. He asked if ISOC-ZA had other suggestions. Secondly, he referred to the continuos mentioning of the cyber inspectors. The member was not sure who should enforce the legislation because in his opinion if new law was created then a mechanism must be provided to monitor it.

The Chair asked if the presenters would be happy if the law linked the cyber inspectors with the SAPS.

Mr Stucke replied that members should refer to the Namespace submission on who should appoint the board. At the end of the day the board should be elected not appointed.
In respect of the cyber inspectors, there are crimes that are unique to the internet but there are also crimes like fraud that just use the internet as a tool. An example is the 419 scam. He submitted that the SAPS are the correct agency to address internet crime. The problem is that they do not have resources. If the Bill says that SAPS will be given resources then a lot will be achieved in solving the problems.

Mr Pieterse (ANC) asked if clause 7 did not adequately take into account previous disadvantaged communities.

Mr Stucke replied that that it was difficult to provide for internet connectivity for disadvantaged communities in legislation. It would be better if the Bill provided a process on how to start addressing the problem.

Mr Gore (DP) asked why the presenters had not mentioned the critical databases and asked what could the possible impacts be if the Bills provisions in relation to domain name authority should be enacted.

Mr Stucke replied that critical databases were not mentioned because of time constraints but added that the provisions are dangerous and that too much power is given to the Minister. There were no problems if the provisions just related to government bodies. The provisions further do not provide an appeal mechanism or a process for consultation.
In response to the second part of the question he said that if the chapter should go ahead as is, people without technical knowledge will be responsible for a highly technical subject. If things should go wrong South African companies will register domains elsewhere, funds will move out of the country and SA will loose its credibility as a significant internet player.
If wrong kinds of regulations are made it could be possible that the rest of the world will not be able to find us because we have different rules.

The Banking Council
The submission was presented by Mr Stuart Grobler the General Manager of the Banking Council.

He warned that we must be careful about unintended consequences. E-commerce has already been around a long time. A need for legislation is strongest where there is no strong judiciary and no strong common law. He submitted that because of the strong judiciary and the strong common law it is not necessary to rush into risky legislation. The context of the submission is based on the saying, 'if its not broken, don't fix it'.

He continued and said that e-commerce has nothing that is broken. He pointed out that there seems to be a conflict between the intention and what the Bill is doing. The Bill intends to control and he said that it is the responsibility of the committee to decide what the intention should be.

He submitted that several whole chapters should be excised because government cannot do better than what is currently being done. If one looks at current experience then the situation can only get worse. Mr Grobler used the registration of a CC as an example. the process is long and inefficient. To register an internet name can be done in 48 hours and for R400. He pointed out that the differences between the two are mind boggling.

The presenter made specific comments on the Bill and it is attached hereto as appendix 1.

Discussion
Mr Maziya said that SARS has its own officers who enforce their legislation. The cyber inspectors will only act in terns of the ECT legislation and will be accompanied with SAPS when arrests needs to be made. He asked who would be the watchdog of the legislation if the SAPS will be responsible for enforcement.

Secondly, the member wanted more clarification on authentication because people are saying that it must be deleted. There is no legislation at the moment that governing this and nobody knows if what is being done is correct.

Mr Grobler replied SARS cannot be compared to the structures in this Bill because it is unique. It has its own special tax courts and have confidential requirements that stops then form sharing information with SAPS. He added that a host of statutes creates offences but each minister does no not have their own enforcement agency. Currently the police do not have the capacity to investigate complicated fraud so rather than creating a parallel investigating unit the resources should be placed at SAPS. He added that the cyber inspectors do not monitor the implementation of the legislation. Their function is to investigate and prosecute offences and this SAPS would be doing.

In respect of authentication, he said that it ensures that you are who you say you are when using a computer. This has been in the market for a long time.

The chair referred to the submission that 'advanced electronic signature' should be debated further. The understood this to be an attempt to legitimise electronic communications and wanted to know why there was this objection.

Mr Grobler replied that the 'advanced' electronic signature is not practical because a notary will not attest an electronic document without proper identification of the person sending the data and the verification of the underlying original. He submitted that this provisions was opening an avenue for fraud because the commissioner does not know who he is dealing with. Practically Mr Grobler was unsure how all this would work.

The chair commented that there were still many questions but said that it would useful to have all the presenters present when the committee deliberates and they could again have an opportunity to interact.

Comparex
Mr Tutani, Group Manager: Legal Support Services introduced Comparex as a global provider of IT services such as hosting, security and other professional services to both the private and public sector.

Submissions were made on a few clauses:

AD CHAPTER 1 SECTION 4(3)
Additions to Column A of Schedule 1 must be published for comment prior to any additions being made.

Include an obligation on the Minister to review the existing laws tabled in Column A of Schedule 1 in an attempt to e-enable such laws.

AD CHAPTER III PART 1 SECTION 11(3) (b)
Section 11(3) (b) should form pad of Chapter VII (Consumer Protection) for 2 reasons; 1) it should not be a requirement of substantive law; and 2) Section 11(3) (b) should only relate to the Business to Consumer Environment and not to the Business to Business Environment.

AD CHAPTER III PART I SECTIONS 12, 13,14,16,17,18
The provisions of Sections 12,13,14,16,17 and 18 should also have relevance when there is a contractual requirement and not merely when required by law.

AD CHAPTER III PART 1 SECTION 13
Section 13 creates the impression that an electronic signature is required in all circumstances. It is therefore advisable that the provisions of section 25 be incorporated as a sub section of section 13 or alternatively as a separate section just after section 13.

Unless a person actually applies to become an accredited ASP, a possibility exists that advanced electronic signatures may never materialise. An alternative is therefore necessary. Government should be obliged to become an ASP if no ASP is registered by a certain date or Government must fund the establishment of an ASP.

AD CHAPTER III PART I SECTIONS 14 (2); 16 (b) AND 17 (2)
Sections 14 (2), 16 (b) and 17 (2) each provide for different tests for determining integrity. It is recommended that these tests be consolidated and harmonised into one test.

AD CHAPTER III PART I SECTION 15
Section 15 gives evidential weight to data messages yet it omits to deal with the process to be adhered to in admitting evidence constituted by a data message into court. The Computer Evidence Act deals only with the process to be adhered to in admitting evidence constituted by computer printouts.

It is recommended that the process to be adhered to in admitting evidence constituted by a data message into court be defined in the Computer Evidence Act, the ECT Bill, the Rules of Court or the Civil Procedure Act. Until such process is defined data messages cannot be submitted as evidence. Surely this is not the intention of Section 15.

AD CHAPTER III PART I SECTION 16(c)
Section 16 (c) should be qualified to state that the date and time that the data message was sent and received is only relevant when such information forms an integral part as to the evidential value of the data message.

AD CHAPTER III PART I SECTION 17
Section 17 should be amended to clarify that Section 17,
a) shall apply only if the recipient has not specified its own requirements for the production of a document or information in the form of a data message; and
b) does not only deal with the situation where a person produces a document or information in the form of a data message to a government body but also to the private sector.

AD CHAPTER III PART I SECTION 19
The Act should create guidelines.

AD CHAPTER III PART I SECTION 21
Chapter VII (Consumer Protection) is more than adequate in protecting the consumer in a Business to Consumer Environment. It is submitted that Government should not be regulating the Business-to-Business Environment and that section 21 should be removed.

AD CHAPTER III PART 2 SECTION 24(c)
It is submitted that Section 24 (c) be deleted as the words "usual place of business" limits the operation and intention of Chapter III Part 2. A person may not in all circumstances have "a usual place of business".

AD CHAPTER III PART 2 SECTION 26(c)
Insert the words "unless otherwise proved" to prevent persons from avoiding liability in the situation where a person fraudulently attributes the data message to the "originator".

AD CHAPTER IV
It is submitted that an obligation must be imposed on Government to harmonise the requirements for the e-filing of government documents between all the government departments within a specified time period with the entitlement to consult with the private sector.

AD CHAPTER IX
The declaration of certain classes of information as critical data should not be left solely to the Minister but should be the obligation of the regulators of certain industries, for example, the JSE and SARS. The industry regulators should be tasked to define the critical data for their particular industry sectors in accordance with minimum standards. These minimum standards should be in line with international best practice and should be decided upon in consultation between the Minister and each industry regulator.

Section 55 applies to the "administrator" of critical databases. Clarification is necessary as to whether it applies to the manager of the critical database or the owner thereof.

AD CHAPTER X
We submit that Section 69(7) should be deleted.

Discussion
The chair commented that it Friday and that the committee had a difficult weak but hoped there would be at least one question.

Ms Magazi referred to the submission that government should protect consumers but not business-to-business relationships. She wanted the presenter to elaborate what he meant because SMME's were bullied by larger companies and they also need protection.

Mr Tutani replied that business-to-business relationships are governed by contract. If SMME's need protection then it should be done through the Department of Trade and Industry rather than in telecommunications legislation.

The chair followed on and said that the definition of consumer implies someone at the end of the food chain. In this regard the SMME's could be consumers. He asked if in this context SMME's should not be protected by government.

Mr Tutani reiterated his previous point and added that there are initiatives in DTI to allow for SMME's to compete on a equal footing with big business.

Namespace ZA
Namespace ZA was represented by the Co-Chairpersons, Mr Michael Silber and Mr Mike Lawrie.

Mr Silber referred to the meeting of the committee on 15 May 2002 where there were allegations that Namespace ZA was threatening government and wanting to tell then what they can and cannot do. He said that all the presentation is doing is explaining the consequences if the current course of action is carried out. Mr Silber said that many individuals at Namespace contributed to the growth of the internet and would not want any mistakes to be made and therefore are willing to help in any way possible.

There are many provisions that Namespace want deleted and all the comments in respect of such provisions are due to desperation and not support thereof. Mr Silber aid that the ideal situation would be one where the government issues a policy statement recognising Namespace as the authority to administer .za. Government must not be the domain name authority.

Namespace provided an executive summary of their presentation included hereunder:

Executive Summary
A country code top level domain is a national and communal asset. That does not mean it must be subsumed or otherwise taken over by the State.

Namespace ZA is the current administrator of the ZA ccTLD, having taken over this responsibility from Mike Lawrie as part of a well publicised, open and democratic process during which participation was invited from all stakeholders.

The participatory model adopted by Namespace ZA is a hybrid of international best practice combined with measures designed to facilitate democracy, bridge the digital divide and include stakeholders and civil society. Namespace ZA is accordingly composed of registrants of domains within the ZA ccTLD, representatives of specific interest groups (government, user community and registrars) and any member of the public who wishes to join.

The provisions of Chapter X of the ECT Bill seek to remove this administrative function from Namespace ZA and assign it to a new body, a process to which Namespace ZA is vehemently opposed for a number of reasons, including -

It creates unnecessary wastage and duplication of a function that is already in existence with virtually no added benefits. It also ignores the wealth of knowledge and resources (technical, legal and otherwise) within the existing structure. If any changes are in fact required to the existing situation these changes should be made within Namespace ZA itself and a new entity need not be created;

The Internet industry must remain the primary motivator behind the ccTLD administrator and civil society should not be entitled to dominate the administrator to the extent of rendering domain name registrants mere bystanders in the body administering their names and upon whom their livelihood may depend;

The Authority seeks to deviate from Company Act provisions for no good reason;

The appointment of the board of the Authority is entirely within the control of the Minister and ignores the principles of democracy and representivity. The user community must be able to elect representatives to such a body;

The Bill seeks to create and extravagance of functions, staff and board members which is costly and unnecessary.

Whatever form the Authority takes, State involvement in technical issues is of great concern and should not be imposed on the Internet, both in South Africa and internationally. Technical issues MUST be left to technical experts and not to Ministerial decision making. Similarly, decisions concerning involvement in private international bodies (such as ICANN) must be left to the Authority and must not be imposed by legislation or otherwise.

The State recognises the importance of the independence of numerous bodies with significant importance in our economy (such as the Stock Exchanges Control Act, 1 of 1985, where control of a stock exchange such as the Johannesburg Securities Exchange, is vested in a committee elected by the members of the exchange and not appointed by government. The exchange is subject to the supervision and regulation of a government entity but is not controlled by such entity, either directly by making appointments to the board or indirectly by being allowed to impose regulations on all manner of issues on the entity). These bodies are not subject to the Ministerial discretion and decision making that is sought to be imposed on the Authority. The State must have a role to play in the .za ccTLD, but this must be a participatory role, not a controlling one.

Discussion
Mr Morkel commented that many presenters are concerned with the Nationalisation of a communal asset. He asked how the democratic process undertook by Namespace and the one in the Bill can be compared.

Mr Silber said that a notice of elections are sent out to everyone on the mailing list. Three additional board positions were formed. One for the Service Providers, one for ISOC and one for the Department. Namespace wanted government to be involved and if government requested that they be given 2 positions on the board that would have been fine. An official from the department sat on the board in a personal capacity until the DG decided that it was inappropriate.

In the Bill there must be nominations from 8 sectors. He said that he was not even sure about the relevance of these sectors to the IT industry.

The Minister also has unfettered discretion to appoint whoever she wants from the list. The process is undemocratic, confused and can be done in secret.

Mr Magashule (ANC) said that we are talking about a National asset and everyone agrees that it must have a custodian. He was of the opinion that in this instance it should be the state and used a constitutional justification for this view. He asked if what Namespace was saying that the Bill over regulates. Secondly, he referred to a comment that suggested that the DG prevented Namespace from talking to black technology business and questioned how it was possible that the DG could do this.

Mr Silber replied that meetings were set up with the Black IT forum and other forums and it was explained that Namespace ZA must be representative. Namespace wanted the black IT sector to volunteer for the board and stand for elections. There were fruitful discussions until they spoke to the DG who told them not to get involved in the process. He added that should have been expected since The Department had broken off negotiations with Namespace.

Mr Silber stressed that the wish of Namespace to administer the domain is not because they were first. He said that Mr Lawrie took up the responsibility and performed the function for many years without compensation. The department chose to participate in a process where an organisation was set up to take over from Mr Lawrie. He submitted that if the department does not like the process then everyone should find the right process but the Bill does not deal with the situation correctly.

He added that there is a real possibility of over regulating. Domain Name is a significant area with lots of politics and flexibility is needed.

Mr Maziya looked at the manes on the board of Namespace and said that it was not representative of the country. He asked what type of arrangement would there be if government gave responsibility to them. He added that he was never aware that there was somebody responsible for administering .za.

Ms Magazi commented that in the submission it is stated that the Bill is not clear on the dispute resolution process. The member was of the opinion that the Bill is very clear and wanted Namespace to give a proposal if they were not happy.

Mr Silber replied that he did not want to propose a dispute resolution process because it had nothing to do with Namespace. Namespace does not make decisions as to who gets what. It is the same kind of role like the registrar of companies who just registers the name and if there is a dispute it is settled in the courts. An Alternative Dispute Resolution is cheaper but Mr Silber wanted a mechanism that creates precedent because one would not want the situation where the same kind of matters are referred for dispute resolution. One of the inadequacies in the current clause is that no precedent is created.

Mr Gore asked what would be the consequences if a registration authority is set up by the government.

Mr Lawrie said that the ICANN requirements must be complied with or else the administrator will loose legitimacy to administer the domain. Worse than loosing this legitimacy is that if at a technical level South Africa will not be able to connect to the internet.
Mr Lawrie added that he wanted to make it clear that he did not want to be administrator anymore and that he had tried to get rid of the responsibility for 4 years. He said it was dangerous and was trying to find the best way to get rid of it. By pressing a few buttons at his computer and within a few minutes South Africa could be cut off from the internet.

The chair concluded by saying that the parties are finding each other because all agree that nobody owns the internet.

Due to time constraints the chair asked that the Internet Service Providers Association (ISPA), the Electronic Commerce Association of South Africa (ECASA) and Linux Professionals Association (LPA) all present their submissions and then questions can be fielded in panel.

Internet Service Providers Association (ISPA)
The submission was presented by Mr Ant Brooks a member of the management committee of ISPA.

Mr Brooks submitted that the Bill is supported because legislation is needed in this area. The legislation should remove barriers that prevent e-commerce and not put up new barriers. It was submitted that there are certain areas with excessive state involvement. One of the areas where the bill is lacking is that it does not deal with the digital divide in that there are no targets for improving access to e-commerce. Before giving a brief overview of the chapters Mr Brooks suggested that the name of the Bill be changed to the 'Electronic Commerce Act.'

The two main areas of concern for ISPA is the chapters dealing with cryptography and the domain name authority. They submit that these chapters must be deleted. The rationale is that is that if it is working at the moment and there is no good reason why it should be changed then it should not be changed.

In respect of cyber crime it was submitted that it is a good chapter but the penalties are too lenient.

The provisions on cyber inspectors are understood. Competent people are needed but the rationale for making it separate from the SAPS is not understood. SAPS do have a computer crime unit but the problem is at the moment it is difficult to prosecute because there are many actions that are not illegal in terms of a law.

Chapter 10 that deals with critical databases was seen to be a good chapter but because of the excessive power given to the Minister there could be constitutional challenges.

Chapter 7 - Consumer Protection, is well meaning but makes it difficult for the little guy. There is also not enough protection from Spam. It was submitted that in this area self regulation would be more appropriate.

It was submitted that chapter 8 that deals with protection of personal information should be self regulated.

In chapter 6 - authentication service providers - the DG is not the best person to act as the accreditation authority because it is a very technical role and more consultation is needed.

ISPA were happy with chapter 3 - facilitating electronic transactions & 4 - e-government services.

ISPA was happy with chapter 2 - electronic transactions policy - but more consultation is needed.

In respect of the definitions chapter it was said that this could present a real problem.

Linux Professionals Association (LPA)
The submission was presented by Mr Dury.

He introduced the LPA as a South African non-profit, non-incorporated association who' s aim is the promotion of Linux, Free and Open Source Software in southern Africa.

The LPA are making a submission to the Parliamentary Portfolio Committee on Communications for two reasons:
1. A reading of the bill by the LPA indicates there are several clauses, that while well intentioned, could have severe consequences for the adoption and implementation of Free Software.
2. There are various aims that the bill is trying to achieve. These aims would be well served by the adoption of Free Software policies, and feel compelled to point out where these could be used.

The full commentary on the section that affects free software is included below as Appendix 2.

Electronic Commerce Association of South Africa (ECASA)
The submission was presented by Mr Lamb, the chairperson of the association.

He said that the Bill is supported and the role of the department in facilitating and regulating. He believed that e-commerce must be led by the private sector.

Clause 2 sets out the Objects of the Act. He said ECASA is supportive of these Objects with the exception of:

(q) use and management of the za domain name space.

(r) the national interest of the Republic is not compromised through the use of electronic commerce

ECASA are concerned that, in the absence of any defined categories of national interest, this may represent a derogation of citizen's civil liberties and result in a reduced international participation in electronic commerce in South Africa to the detriment of all.

The full submission is attached as appendix 3.

Discussion
Mr Abram (UDM) commented that self regulation was a common theme. He said that in SA poverty levels are very high and many people are not exposed to technology. He asked how else could government compel delivery to such people if it was not in legislation.

Mr Lamb replied that legislation is need but a balance is needed. He said that he supported the legislation in principle but there were area that can be significantly improved.

Mr Brooks added that universal access cannot be self - regulated but other areas must be self-regulated. He cited cryptography as one such example.

Mr Dury commented that regulation will not achieve universal access. Consumers cannot be protected if they do not yet exist.

Ms Smuts (DP) asked if ISPA had no problem with the prior authorisation that is required before ISP's benefit from limited liability. Secondly, she commented that spam would be difficult to stop if it came from other countries.

Mr Brooks replied that spam should be made a crime. People should not be receiving unsolicited mail. He agreed that it cannot be stopped if it cane from other countries but said that all the countries should move in this direction.

A member asked for other reasons why the domain name must not be regulated by government.

Mr Lamb replied that there is sufficient use and management of the domain name environment. He was not convinced that there was valid grounds for government intervention. The cost of administration is estimated at R20 million for the first three years. He submitted that this money is more desperately required elsewhere. He added that government must have proper participation and have the right to ask for certain services and capabilities but this does not warrant government wrestling responsibility and ownership away from the private sector.

Mr Brooks added that there has been a lack of consultation in respect of chapter 10. ISPA registers the most names but was never asked if chapter 10 is a good or bad idea. He said Zimbabwe was an example where in 1995 the government took control of the .zw domain name and the internet did not work for 4 days. With US intervention control was returned to the former administrator.

The Chair replied that examples from Zimbabwe should not be used because it just weakens the argument of the presenter. He added that the SA government does consult and that this process of hearings is a form of consultation. He said that the committee will try its best to find a solution to all the submissions. Once the law has been passed anybody has the right to petition the President or challenge it in court. But if there is no violation of any rights then all that can be done is negotiate with government. he concluded by saying that nobody should make threats.

Versfeld & Nkosi and AfricaBio submission
Synopsis: The Versfeld & Nkosi and AfricaBio submission requested clarity on several definitions contained in Clause 1, the powers of cyberinspectors in Clauses 85 and 86, and the jurisdiction for offences committed outside the Republic under Chapter 4. Concern was raised with the conflict of laws between Clause 17 of the Bill and Section 21 of the Financial Intelligence Centre Act. It was recommended that the "cooling-off period" under Clause 45 be retained, that Clauses 12 to 19 seek to amend common law notions of evidence. It was suggested that the European and Malaysian models be followed in Clauses 24, 25 and 27.

Mr Matthews Suping, from Versfeld & Nkosi, informed Members on behalf of the Bio Technology Association (AfricaBio), that the presentation would only focus on those matters that have not yet been dealt with by previous presentations.

AfricaBio suggests that the current definition of the term "consumer" in Clause 1 of the Bill be amended by the deletion of the word "natural" and insertion of the phrase "and or legal" before the word "person" in that definition. Furthermore, it is recommended that the word "individual" in the term "individual information", as contained in Clause 1, be defined further, and that the words "confidential information" also be inserted.

It is suggested that the period of 24 months prescribed in Clause 5(1) be reduced by initiating the National E-Strategy process as soon as possible. Furthermore, the State itself should provide or facilitate funding for this strategy, rather than procure funding from sourced other than the State, as provided in Clause 6(a).

Under Chapter 4 AfricaBio suggests that the government technology providers, such as SETA, be required to implement the National E-Strategy, and not the provinces and government departments.

The "cooling off period" in Clause 45 although it does provide protection to consumers, which AfrcaBio supports, the current protection contains certain loopholes which may result in the protection of consumers being to the detriment of suppliers. The "opt out" provision in Clause 46 should be retained, because not all South Africans possess the knowledge to transact or communicate on the Internet, and this provision thus affords the consumer awareness.

Clarity is requested on whether the Minister will recognize one or more representative bodies under Chapter 11, and for the purposes of certainty and consistency AfricaBio suggests just one.

Under Chapter 12 the applications of the powers of the cyberinspectors is not clear and requires further clarity, especially in Clauses 85 and 86.

The issue of jurisdiction with regard to offences committed outside the Republic under Chapter 14 is unclear, as well as the position with regards to International Suppliers.

Ms A Versfeld, from Versfeld & Nkosi Inc., noted that her submission would focus primarily on the manner in which the issues of conflict of laws and evidence are dealt with in the Bill.

The current definitions of the terms "addressee", "consumer", "critical data", "data", "a stored record", "electronic", "originator", "person", "information system", "public domain", "electronic signature" and ".za domain name space" have to be reconsidered.

The conflict exists in so far as Clause 21 of the Financial Intelligence Centre Act specifically provides for the identification of clients and other persons by an accountable institution However identification of a prospective client would be difficult if not impossible if in terms of Clause 17 of the Electronic Communications Bill a prospective client were to be allowed to submit proof of identity by way of a data message.

Special and further attention needs to be given to "data messages" and the interpretation thereof as this goes to the root of this Bill and the future application thereof. It is submitted that the normal rules applicable to the interpretation of statutes and contracts should also find application here. As e-contracts are still contracts in electronic format, legal principles still evolves around consensus and the intention of the parties.

As far as the issue of evidence is concerned, Clause 3 seems to imply that this Bill is without any consequence and does not affect substantially or materially the common law and other statutory provisions. Yet the opposite is true. Clauses 12, 13, 14, 15, 16, 17, 18 and 19 contain provisions which render other statutory provisions obsolete and/or in effect, "amend" them. Scant regard has also been shown to its implications, appear from, inter alia, the inadequate and/or incomplete list of Acts affected by Schedules 1 and 2 of the Bill.

Clarity is requested on the precise implications of Clauses 24, 25 and 27 in Part 2 of the Bill. It is suggested that clarity regarding acceptance of downloading be given and that greater understanding of the time, place and formation of a contract be given. In this regard it is specifically suggested that the spirit of the UNCITRAL Model Law on Electronic Commerce be followed, namely that the law is there to facilitate and that the intention is to create international co-operation in electronic matters. Furthermore, the e-com Legal Guide of Malaysia suggests "acceptance is deemed to take place at the time and in the place where it is received. Confirmation by answer back in telex communication is normally evidence of receipt". It is suggested that this or a similar concept be considered.

The Chair thanked Mrs Versfeld for the fresh angle her submission has added to the discussion, as it refers to the laws in foreign jurisdictions. The floor was opened to questions from Members.

Discussion
Mr Gore stated that the critical databases are important for AfricaBio regarding data of the Genome Project, for example, as well as recording medical data on people and animals. Versfled & Nkosi are requested to comment on this issue.

Mrs Versfeld replied that clients in this sector have to take extreme care and precaution. The intellectual property rights of this data is one of the greatest concerns with medical research. In this regard SMME's can be employed to do the diagnostics needed to create a framework to bridge the digital divide and stimulate the economy. This should be considered on a national level, and the assistance of the country's tertiary institutions should be employed, so that the rights of the people involved are protected. Yet the current position is that this data lies as dead information, when it should be used by those who so desperately need it. Perhaps a body should be established to regulate this.

The Chair requested that the Department summarise all the points made by the various submissions at public hearings, as was done with the Telecommunications Amendment Act. These will be evaluated during this Committee's next sitting on 22, 23 and 25 May 2002.

Appendix 1
Linux Professionals Association(LPA)
Submission to the parliamentary Committee on the Electronic Communications and Transactions (ECT) Bill.
 

About the LPA.
The LPA is a South African non-profit, non-incorporated association who' s aim is the promotion of Linux, Free and Open Source Software in southern Africa.

What is Free and Open Source Software?

The best known example of free software is that which is distributed under the GNU public License (GPL) . The GPL is a software license that is designed to allow people the freedom to share and change software. By contrast, most software licenses are designed to remove this right. Open Source and Free software can, however, refer to software distributed under a number of different software licences. The main effect of these licenses remain the same. The user of the software is generally able so access the source code of the software, and is usually free to modify the software to
their requirements.

Open Systems
Open Systems refer to standards used in an electronic system, where such standards can be freely implemented, unencumbered by patents or by any particular vendor.

What is Linux?
Linux is an operating system. An operating system is the basic set of programs and utilities that make your computer run. Some other common operating systems are Unix (and its variants BSD, AIX, Solaris, HPUX, and others); DO S; Microsoft windows; Amiga; and Mac OS. Linux is the best known result of Free Software, a 'poster child' . It is by no means the only Free Software result, and there are numerous other operating systems, programs and utilities that have resulted from this software paradigm. We will collectively refer to these as 'Free Software'

Why the LPA submission on the ECT bill?
The LPA has felt it necessary to make a submission to the Parliamentary Portfolio Committee on Communications for two reasons:
1. A reading of the bill by the LPA indicates there are several clauses, that while well intentioned, could have severe consequences for the adoption and implementation of Free Software.
2. We note that there are various aims that the bill is trying to achieve. These aims would be well served by the adoption of Free Software policies, and feel compelled to point out where these could be used.

We have limited our commentary to sections of direct relevance to Free Software, but this should by no means be seen as an endorsements that sections not covered in this submission are perfect. In particular, we draw your attention to the submissions of ISOC-ZA , Namespace ZA, UniForum SA and the Free Market Foundation. The LPA through the activities of its members has had input into, consultation with and discussions with these organisations regarding their ECT bill submissions. We urge the Committee to take due cognisance of these submissions.

The Free Software Development process.
Free Software generally follows a unique development process in that it is developed in a 'bazaar' type environment. Contributions come from a 11 kinds of people, from all different cultures and from all parts of the planet. Some contributors do this for the love of it, some because they need to fulfil a personal need, some because they are paid to, or for numerous other reasons. In short, the terms under which the software is licensed, and the enabling Internet technology allows persons from all over the world to produce high quality software of great reliability. The Authors are often situated in different countries and on different continents. Often these authors will have never even personally have met. The glue that holds this together are software licenses that mandate that additions and changes are contributed back to the software 'commons

Where the bill harms Free Software.
Chapter V, Cryptography providers.
Section 31 and 33 makes it an offence for any person to provide cryptography services or cryptography products in the Republic' unless such a person has registered with the department in the prescribed manner. Most Free Software distributions contain elements that fall under the definitions of cryptography services and products. Several services that are essential to providing e-commerce services on Free Software platforms would be covered by this section.
Due to the nature of the Free Software development process, large portions of this software have no single owner or distributor.
Effectively, this would mean this software would be unable to be registered in the register established in section 30, making it illegal to supply these products in the Republic. Section 31 (3) (c) would even make it an offense to offer these products on an Internet site where they may be offered to South
African subjects.

It would appear that this Chapter would attempt to outlaw a widespread and common worldwide practice.

Chapter VII, Consumer Protection.
Many propriety software products include the license agreement in t he actual software package. 43 (2) (g) would mean that if these software pack ages were unsealed, and the terms and conditions were found to be unsatisfactory, the consumer would still be obligated to accept the sale as binding. This is not a healthy situation, and this clause needs re-work.

Chapter IX, Critical Databases
There exists a possibility that certain 'open source databases' (sourceforge, ftp repositories of software etc) could be declared Critical Databases - the threat of having arbitrary restrictions and conditions imposed on t hem by a minister seems like a dangerous idea. This would certainly cause people to think before hosting those databases in a South African jurisdiction.

Where the bill could use Free Software in achieving its aims.
The Government has a duty to its citizens, particularly when it comes to Electronic Communications. These include (but are obviously not limited to)
- Free access to public information by the citizen.
- Permanence of public data.

Accordingly, to guarantee free access to public information, it is imperative that the Government does not use formats that tie it or its citizens to a single vendor.

Permanence of public data can only be guaranteed when the usability and maintenance of Government systems can be guaranteed. This can only be done when the Government has unfettered access to the source code of the software systems it uses on its systems.

The Government also has a duty in the application of taxpayers' funds in that this application should not enhance the financial position of one party to the detriment of others. Using Free Software is a means of achieving this. When free software is mandated by Government (for its internal use only) it allows the building of a software 'commons'. This means that software paid for by taxpayer's money would be available for use by those taxpayers. This would greatly benefit the SMME segment that the bill aims to promote.

It is the recommendation of the LPA that Chapter II and IV include provisions that mandate the Government's use of Free Software wherever possible. It is also the recommendation of the LPA that Open Systems be used as a Government policy.

Appendix 3
Electronic Commerce Association of South Africa Response to Electronic Communications And Transactions Bill
The Electronic Commerce Association of South Africa, (ECASA) represents a significant community of South Africa business interests and has played a significant role in the Electronic Commerce debate since the release of the Electronic Commerce Green paper in mid 1999 including submission of a report delivered personally to the DoC Director General at the launch of the EC debate in July 1999 and participation in numerous workshops hosted by the DoC and other bodies including SACOB, KPMG.

ECASA, has representation on the board of Information Industry South Africa (lISA) and through that, a close association with the World Information Technology and Services Alliance (WITSA).

ECASA's Mission is to encourage improvements in commercial, industrial and government business efficiency by offering guidance and practical solutions to enable organisations to make the most effective use of electronic commerce and to promote EC in SA.

ECASA Objectives are to:

- Promote use and awareness of EC throughout South Africa
- Provide information on EC to members
- Facilitate communications between ECASA members
- Enable members to participate in shaping the future of EC in SA
- Liaise with government, regulatory authorities and other relevant institutions and associations
- Act as forum for EC issues
- Represent SA EC interests internationally
- Encourage interest and investment in SA

The Electronic Communications and Transactions Bill tabled by the Department of Communications seeks to facilitate and regulate e-communications and transactions. With that objective ECASA expresses it's overall support.

However, as a general principle, ECASA align with the OECD, WITSA and others who contend that the development of electronic commerce should be led primarily by the private sector in response to market forces. As associations, we and our member companies believe that the Government's role should be confined to providing a basic legal and institutional framework that ensures effective competition as well as general trust through increased predictability, stability and media neutral-rules.

Chapter 1
2. Objects of Act
ECASA has studied the Objects of the Act as set out in section 2. ECASA is supportive of these Objects with the exception of:

(q) use and management of the za domain name space. See ECASA view in Chapter 10

(r) the national interest of the Republic is not compromised through the use of electronic commerce

ECASA are concerned that, in the absence of any defined categories of national interest, this may represent a derogation of citizen's civil liberties and result in a reduced international participation in electronic commerce in South Africa to the detriment of all.

Proposed Agencies and Constitutional Rights ECASA would further make the general observation regarding the contents of the Bill, specifically that the powers granted to various proposed agencies to realise the Bill's objectives, are of a type, nature and extent that appear to undermine the constitutional rights of individuals.

Business to Business Contracts In addition, ECASA recommend that government adhere to the UN Convention on contracts as laid down in the Vienna Sales Convention in respect of those normal negotiations that are a feature of business-to-business transactions.

Chapter 2
5.1 National e-Strategy
ECASA would like to highlight the fact that the electronic commerce debate commenced in mid 1999 with the launch of the EC Green Paper. The intervening time - almost three years - has been occupied with numerous meetings, fora, workshops, exchanges and submissions.

In calling for a national e-strategy for the Republic to be submitted for Cabinet approval within 24 months, this represents an accumulated timeframe of nearly five years. This is totally inconsistent with the rapidity of change and developments in the IT and Internet milieu where speed and the ability to change and respond to new developments is a mandatory requirement for survival.

Chapter 4
28 E-Government
ECASA would like to reiterate its frequently aired observation that it is electronic commerce practised by government departments that will provide the critical mass of transactions and stimulus to electronic commerce in South Africa, result in the entry of international service providers, realise the efficiencies that provide cost benefit to all and will emphasise our national capability as a global player.

Chapter 5
30. Cryptography Providers Given the comparative newness of digital certification, ECASA endorse the WITSA recommendation that there is a requirement for an evolving and flexible framework of rules operating in a self regulatory mode that will avoid the rigidity, and potential incompatibility, of a regime imposed by government regulation. This implies a commitment to support and work within the U N Commission on International Trade Law (UNCITRAL) model law on electronic commerce.

Chapter 6
34. Authentication Service Providers
38. Accreditation
ECASA do not agree that the Accreditation Authorities, under DoC control, should have the right to refuse accreditation of electronic signature providers or the right to revoke or terminate accreditation.

ECASA believe that electronic commerce groupings at business to business level and business to consumer level should have the right to determine products and services most suited to their needs rather than have this controlled by a government authority and function. Requirements will differ from industry sector to industry sector. What is necessary in a banking framework for high value, low volume transactions will differ from low value, high volume transactions which in turn will differ from low value business to consumer requirements. Community self- determination and self-regulation is a fundamental right.

Chapter 8
51 Protection of Personal Information (Privacy) ECASA believe that people must be given control over their data as supported in the South African Constitution's declaration on the individual's right to privacy. With that objective, unambiguous consent must be given before a company or agency can process confidential data and use it for any purpose other than that for which it was originally provided and stored.

On personal privacy, the Bill gives excessive powers to a single Minister and to specified public officials. Without suitable checks and balances this can be a dangerous precedent. The purpose of legislation in government must be to lay down the means by which ends can be pursued. This makes it possible to constrain the actions of the non-elected and to submit the power of the elected to the scrutiny of the public.

Chapter 9
Protection of Critical Databases
ECASA fully support the protection of strategic and critical government and military databases. However, the proposed power to be vested in the Minister, to declare what constitutes a critical database and then dictate matters such as general management, access, transfer, control, and issues such as storage, archiving and disaster recovery practices are excessive.

A further concern is the possibility of "creep", being the initial identification of justifiably critical databases, followed over time by extensions into other areas, perhaps not critical, with unacceptable government restrictions over private databases authorized by the Bill.

Chapter 10
Domain Name Authority and Administration
ECASA do not support the Object (q) in Chapter 1.2

ECASA oppose this object on the grounds that it is an unnecessary extension of state control over a mechanism that has historically been operated efficiently and effectively in the private sector.
There are no valid grounds for state intervention and control with the allied administrative function and funding by the Fiscus.
Past government action, through appropriate international channels, has proven to be sufficient to address infrequent national issues such as the South Africa domain name matter.
The creation and financing of a government Domain Name Authority might well obstruct and impede the growth of electronic commerce communications and transactions through onerous licensing provisions. That is quite irrespective of the particular skills set and experience base necessary to perform such function efficiently and the lead time in arriving at that level of expertise.

Further, ECASA believe that the present South African domain name operation could and would address any government requirements deemed appropriate more efficiently and at a fraction of the cost of setting up a government department. This could be achieved as an outsourced fee based service operating to government's advantage.

Chapter 12
Cyber Inspectors
There seems to be no convincing argument as to the need for the Department of Communications itself to create an inspectorate body that can supervise certain provisions of the legislation and perform functions akin to a para-police force, inclusive of the right to inspect, search and seize. Under the terms of the South African Constitution and as outlined above, ECASA, along with WITSA have a major problem on this issue. The question to be asked is the extent to which society is prepared to sacrifice civil liberties in the effort to combat crime. ECASA and WITSA submit that the proposed measures must strike a balance between constitutional rights and criminal prevention measures. In studying the provisions of this Chapter of the Bill, there appears to be little effort to achieve that balance.

In conclusion ECASA supports the broad objectives sought under the Bill. In addition, ECASA, based on the participation of various ECASA members, broadly support the submissions presented by SACOB and KPMG, the latter on behalf of their client base.

ECASA share with WITSA the concern that there are serious shortcomings in the proposed measures set out under the various Chapters. In particular there is a need to strike a balance between consumer protection/security/law enforcement and the safeguarding of civil liberties. In this latter context both ECASA and WITSA express their opposition to unreasonable attempts to erode those rights relating to privacy and to regulation at odds with accepted world standards.

We therefore urge you to reconsider and redraft those sections of the Bill that contain clauses that are unlikely to facilitate the development of South Africa's electronic trade and communications, both internally and externally.

In that connection, due consideration should be taken of the Global Action Plan, published by the Alliance for Global Business (AGB) which urged governments to rely on business self-regulation and the voluntary use of empowering technologies as the main drivers behind the creation of trust across the whole spectrum of users and providers of e-commerce goods and services. It also stated that governments should focus on the provision of a stable and predictable environment enabling the enforcement of electronic contracts, the protection of intellectual property and safeguarding competition.

Furthermore, the Action Plan provided a detailed overview of which issues were the respective responsibilities of the private and the public sectors, and included an exemplary selection of self-regulatory projects.

Sincerely,

I M Lamb

Chairman Electronic Commerce Association of South Africa (ECASA) Tel 083 747 7533