Electronic Communications & Transactions Bill: deliberations

Meeting report

COMMUNICATIONS PORTFOLIO COMMITTEE
24 May 2002
ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL: DELIBERATIONS
 

Electronic Communications and Transactions Bill [B8-2002]
Summary of Submissions
ISPA, Uniforum SA and Namespace ZA: Chapter X Proposal [see Appendix]

SUMMARY
The discussion on Clause 45 highlighted the concern that this provision disadvantages consumers of electronic services, because they are not afforded the same degree of protection as consumers of tangible goods. Yet this concern does seem to be covered by Clause 43.

Problems raised with Clause 48 include the difficulty in deciding which legal system applies to the dispute, the important distinction between choice of law conflict and jurisdiction and whether it is realistic to expect foreign jurisdictions to apply South African law to electronic transactions disputes.

In Clause 51 concern was raised with the extent to which the SALC Law Commission Project on Privacy should be incorporated in Chapter VIII of the Bill.

Concerns raised with Chapter IX include the inability of this chapter to ensure the protection of personal information, measures to ensure the same level of protection for data information as is currently enjoyed by its paper counterpart and how Clause 58(1) would be implemented in practice.

The discussion on Chapter X highlighted difficulties with the membership and appointment to the board of the Domain Name Authority and Administration, attempts to increase the representivity of this board and access to the Internet and the need for a complete reworking of this chapter.

Clause 81 fails to properly indemnify the service provider from litigation instituted against it by the owner of the web site that has been taken down, and the trouble with self-regulation in this clause was debated.

In Clause 85 concern was raised with the wide powers granted to the cyber inspectors to "monitor and inspect", whether these powers should rather be exercised by the SAPS, the overlap between these two agencies and whether cyber crime is a line function of the Department of Communications or the SAPS.

MINUTES
The Chair informed Members that any further discussion on 'spam' under Clause 46 of the Bill would be postponed till this Committee concludes its discussion on the Bill.

Chapter VII: Consumer Protection
Clause 43: Scope of application and Clause 44: Information to be provided
No concerns were raised with these clauses.

Clause 45: Cooling-off period
The Chair reminded Members that it has been argued that the cooling-off period presents a disadvantage to consumers of electronic services, as it does not afford them the same degree of protection as consumers dealing with tangible goods. An example would be airtime, which cannot be returned despite the fact that the purchaser is dissatisfied with the product or package, or the problem raised earlier regarding the sale of a book by Amazon.com.

Mr Alan Barrett, from Cequrux Technologies, replied that he does have some knowledge on the Amazon.com policy, which provides that as long as the product, in this case the book, is returned in its original condition and within seven days the consumer would receive a full refund, but would have to pay for the postage.

The Chair stated that this clause has to be tightened, as it is a cause of concern for those involved in the cellular telecommunications industry in particular. The State Law Advisor was requested to explain how this provision affects consumable goods, because it seems to protect businesses even though it is "very friendly" to the consumer.

Mr Kellner responded that it is correct that airtime cannot be returned to the vendor, and this clause does not therefore apply to airtime.

Mr Calvin Browne, from Uniforum SA, suggested that Clause 44 provides the details for such a transaction, and caution has to be exercised in not granting consumers too much protection at the expense of small enterprises. This might need to be looked at in greater detail.

Ms S Vos (IFP) stated that Clause 43(1) provides that Clause 45 does not apply to such electronic transactions. The Chair agreed.

Mr Kellner stated that the remainder of Clause 43 lists those electronic transactions to which Clause 45 does not apply.

The Chair stated that this covers the concerns raised by the cellular telecommunications operators, as Clause 43(2) stipulates that Clause 45 does not apply to them.

Adv Francois Slabbert, Manager: Legislation and Policy Development at Telkom, contended that they are not adequately covered because large corporates still apply here.

Mr Kellner replied that large corporates are not included in the definition of "consumer" as provided in Clause 1 of the Bill.

Ms Vos referred to the submission from the Department of Trade and Industry in this regard, which suggests that the definition of "consumer" as provided by its Consumer Affairs Committee should be the preferred formulation in Clause 1 of the Bill. This has to be considered.

The Chair stated that an opinion from the SLA has to be received on this matter.

Mr C Morkel (NNP) stated that the tax implications of Clause 45 also have to be considered. Furthermore, as far as B-to-B and B-to-C transactions are concerned, in the former the Value Added Tax (VAT) costs are passed on to the consumer. This has to be evaluated.

The Chair assured Mr Morkel that this would be raised in a future session of this Committee.

Ms Vos referred to the submission from the Pharmaceutical Society of South Africa which recommends that this clause be flagged "very seriously", as far as its impact on other laws is concerned.

The Chair stated that Clause 43(2) would be evaluated regarding whether these should be exempted. Clause 45 would is thus passed, subject to this understanding.

Clause 47: Performance
No concerns were raised with this clause.

Clause 48: Applicability of foreign law
Ms M Smuts (DP) suggested that the intention of this clause is not clear, as the very spirit of the Internet is that the borders between countries fall away and it is not clear exactly how this provision is supposed to work. The phrasing of the provision is odd as well, and it seems this clause would create less of a problem if both parties to the transaction agree on the specific legal system to settle their dispute. Clarification is needed on this clause.

Mr Otto Kellner, from the Office of the State Law Advisor (SLA), replied that the matter depends entirely on whether the South African courts have the ability to "do something about it", and the clause only applies in so far as they can found jurisdiction via attachment procedures. A better formulation is welcomed.

The Chair provided the following example: when one buys a book on-line from Amazon.com one is not sure "in which country" one is, because it is an American web site yet the consumer is logging on from his/her home in South Africa. There is thus uncertainty as to which law applies to the electronic transaction, and this is an important issue especially if a legal dispute should arise between the parties regarding the product purchased. The second stage of the transaction is when the book is actually delivered to the consumer or buyer and it has been suggested that Amazon.com in the United States then relays an electronic message to their warehouse in South Africa, or the relevant country, which in turn delivers the book to the consumer. Here again the question of jurisdiction is not clear, and is no less important than during the first stage of the transaction.

The comfort South African on-line consumers enjoy is that when they transact with Kalahari.net they at least know it is a locally based service provider, because its usual place of business is within the Republic.

Mr Morkel contended that most web sites do contain a disclaimer that declares the jurisdiction in which litigation would take place, but not all web sites provide this disclaimer. Nor does this always favour the on-line consumer because the designated jurisdiction might to suit him/her. Furthermore, the "agreement" contained in Clause 48 is essentially, a contest between which law is applicable to the dispute or electronic transaction in question.

Mr Michael Silber, from NamespaceZA, contended that a distinction has to be made here between choice of law and jurisdiction because certain web sites, as Mr Morkel pointed out, do designate both. The intention here is that, when the consumer purchases their product, s/he agrees not only to the jurisdiction applicable but also to the specific court that would hear any dispute that might arise. The result is that the consumer would have to physically travel to the country that houses that courthouse to engage in the litigation.

A further concern that arises here is that web sites/international on-line businesses such as Amazon.com could claim that they do not know much, if anything at all, about South African law, with the result that they could then refuse to apply it in their on-line disputes. They could in turn, therefore, decide not to deal with South African users at all, despite the fact that South African courts do not hesitate in applying American electronic law within the Republic. It is not the important big-business transactions that are being focused on here, but the relatively smaller consumer issues.

The Chair stated that the South African Airways tickets do stipulate that the relevant jurisdiction is South Africa, and that this would apply to a dispute that arises anywhere in the world.

Ms Clarissa Mack, from Multichoice, agreed with Mr Silber and stated further that the courts would respect the contract between the two parties to the electronic transaction, irrespective of where the dispute arises and whether or not Amazon.com has a warehouse within the specific jurisdiction or not. The courts would thus uphold the contract first, and then look at the specifics.

The Chair contended that Clause 48 seems fine, in view of the points raised, and "it does not make much difference".

Ms Safiyya Patel, from Cheadle, Thompson and Haysom Inc., stated that further clarity is needed on distinction between choice of law and jurisdiction, as mentioned earlier by Mr Silber, because the current formulation of Clause 48 is ambiguous in this regard.

Mr Kellner suggested that the interested parties present submit written proposals.

The Chair reminded Members that the same was proposed during the discussion on the banning of SPAM, during a previous session of this Committee. This is especially relevant in view of the fact that the United Kingdom has not banned it, and the effect of this on electronic transactions and communications involving South African on-line users and the legal system that would be relevant should any dispute arise.

Mr Silber contended that the difference here is that Clause 48 deals with on-line consumer contracts or electronic transactions, with most web sites containing a written agreement designating the relevant choice of law and jurisdiction applicable. Yet the important aspect of SPAM is not where the message originates, but rather where it impacts. Thus with SPAM an effect situation has to be employed.

Furthermore, Mr Silber stated that he was not aware of an Amazon.com warehouse in South Africa, but it would be far easier for Amazon.com should it argue that it has a business presence in South Africa as this is sufficient to acquire protection under South African law. Thus a policy decision is needed here in terms of whether the South African legal system is prepared to step outside its borders and impose its laws and conditions in such disputes to foreign jurisdictions. If so, this Bill has to clarify these matters and the Bill has to be drafted more carefully.

The Chair suggested that the point raised earlier by Ms Mack is interesting, and therefore Clause 48 is needed to protect South African on-line consumers.

Ms Smuts stated that the difficulty here is that this Committee cannot pass law, via this Bill, that is not enforceable. Is it realistic to expect persons from foreign legal systems to engage in litigation regarding electronic transactions disputes in South Africa? It is suggested that the preferred route would be the conclusion of multi- or bilateral agreements with foreign jurisdictions, so that one single law can be established to govern this matter in all countries.

The Chair stated that perhaps that Internet Corporation for Assigned Names and Numbers (ICANN), a Californian non-profit public benefit corporation, could be made the United Nations of the Internet, which would then apply to all states. Clause 48 has to be revisited.

Ms Mack contended that the choice of law conflict between two big international companies differs significantly from everyday electronic transactions involving the ordinary on-line consumer, as most ordinary consumers do not opt out of such contracts.

Ms Patel suggested that this contradicts Clause 45(4).

Mr Kellner stated that the important word in Clause 45(4) is "prejudice", whereas Clause 48 contains "protection", and there is therefore no contradiction between these two provisions.

Clause 49: Non-exclusion and Clause 50: Complaints to Consumer Affairs Committee
No concerns were raised with these clauses.

Chapter VIII: Protection of personal information
Clause 51: Scope of protection of personal information
Ms Smuts recommended that the European Union position of data protection should apply here, and whether voluntary treatment here is desirable as an interim step. Perhaps this Committee should interact with the South African Law Commission (SALC) as it has devised a comprehensive law on data protection and cyber crime. In fact, the SALC has written to this Committee expressly to request that this Bill not deal with these issues as their legislation covers these matters comprehensively. This Committee should thus consult with them so that this Bill does not negatively affect their work done in this regard.

Furthermore, only certain principles are listed in Clause 52, and clarity was requested on the decision to exclude others. An interim regime is needed, and this is especially important in view of the fact the European Union does not trade with states that do not have such a policy in place, as highlighted by its conflict with the United States on this matter.

The Chair disagreed with Ms Smuts and stated that if the SALC felt that strongly that it needed to argue its position on this issue it should have consulted this Committee, and should be present during this deliberation process. Matters would be unnecessarily complicated by the Chair contacting the SALC and the proposal cannot be accepted that this Bill cannot be passed simply because someone else is doing research on common issues, because the Bill can always be amended. In fact, if no protection were to be granted in the interim, this is a compelling reason for such protection to be provided by this Bill. The SALC written submission will be considered.

Mr P Pongwane, the Deputy Director General (the DDG) of the Department of Communications (the Department), wished to clarify that this Chapter had been drafted differently by the time the Bill was presented to Parliament. The SALC announced that it would be writing a much more comprehensive law on these issues, but suggested that a vacuum would be created if these matters were not included in the Bill as their research and assimilation process would take no less than eighteen months to complete. An agreement was therefore reached that Chapter VIII of the Bill would serve as "the basic minimum needed" here, and the SALC was satisfied with this position until such time as its law proposal on data protection and privacy and cyber crime is complete.

Mr Kellner stated that neither the Department nor this Committee has a contract with the SALC regarding this process.

Ms Smuts contended that the SALC "is not just another interest group", and this Committee expressly requested it to write a comprehensive law on those matters.

The Chair stated that the SALC should come to Parliament.

Ms Smuts reiterated that it was this Committee that enlisted their assistance in this matter, and for this reason the SALC cannot be excluded from this process.

The Chair maintained that the SALC has made its submission and the Committee would consider it, as it does with all the submissions it receives. Again, if the SALC felt strongly about this matter it should have contacted this Committee, but the Chair would not contact them. Ms Smuts was free to contact them in her personal capacity, but not on behalf of this Committee. Chapter VIII is thus closed, and it will not be removed from the Bill.

Mr Morkel suggested that Clause 46 be revisited as it is related to Clause 52.

The Chair stated that "this is a given", and the issue of the protection of personal information will be evaluated in its entirety. Chapter VIII is thus passed with this understanding.

Ms Vos contended that this Committee not race through this important chapter, and should instead pick out certain points highlighted by the SALC submission.

The Chair agreed and assured Members that the SALC submission would be given due consideration along with all other submissions received. The State Law Advisor must provide guidelines on whether this chapter conflicts with other existing laws and whether there are any Constitutional challenges to this chapter. Chapter VIII is thus passed with this understanding.

Chapter 9: Protection of critical databases
Ms Smuts recommended that this chapter be "probed" because it seems to be under the impression that it is able to deal with data, and the decision taken by the Department that critical databases should be registered has to be evaluated.

Furthermore the security of data infrastructure in South Africa deals primarily with government information and related matters, and the Minister of Communications (the Minister) is now granted the power to pass regulations in matters such as those included in Clause 56(1)(b) and (e), with the cyber inspectors also being "unleashed" on critical databases to monitor compliance. What happened to the role of the State information Technology Agency (SITA) here? The Minister has to be made to consult with other Cabinet members on the possible impact of this chapter on their critical databases.

The Chair urged Ms Smuts to argue matters on merit, and informed her that the fact of the matter is that the Bill does contain a definition of 'critical database', and once she understands this she should then use it to navigate through Chapter IX. It should also be remembered that all the chapters flow into each other. Yet Ms Smuts intention has been to cut everything out of the chapters, and at this stage of the deliberation process this Committee would not be entertaining thoughts of possible amendments.

Ms Vos requested clarity on a suggestion made in one of the submissions received that the word "retracted" in the definition of the term "critical database" in Clause 1 of the Bill should be replaced with "extracted". Furthermore, this chapter also has to comply with the Constitution, business interest and real security issues.

The Chair contended that the problem here is that it does not ensure that one's personal information is protected, such as an individual's HIV/AIDS status, and a firewall has to be put in place to ensure such protection. A chapter such as this is therefore needed to ensure that no unauthorised person may be able to access an individual's personal information at the click of a mouse.

Mr Morkel suggested that the rules applicable to the protection of personal information captured in a written form would still be relevant here, but the real issue is the accessibility of such information once it becomes virtual and whether the protection principles already in place are sufficiently applicable to electronic information as well.

The Chair questioned, in the interests of curiosity, whether any laws relating to tangible or paper documentation currently exist to ensure medical aids or banks do not disclose personal information.

Mr Silber stated that no such laws presently exist, but most have evolved from practice, such as laws relating to confidentiality and privilege in both the legal and medical professions, which is overseen by the Bar- and Medical Councils respectively. In this regard two laudable issues have been raised by the Bill: firstly, the Minister has to prescribe universal and uniform standards and the proposal made earlier by Ms Smuts that the SITA be included here is supported. Secondly, the Protection of Access to Information Act of 2000 also provides adequate protection to personal information, the SALC is currently engaged in drafting a law the aims to deal comprehensively with this very issue. This chapter could also affect the situation in which government could now tell individuals what to do with information that is not private, especially as this relates to banking institutions.

Mr E Magashule (ANC) suggested that the tax laws clearly protects the privacy of individuals.

Adv Slabbert added that the Constitution also contains a clause dealing with confidentiality of information.

The Chair stated that this Committee has to ensure that the Bill does not infringe the rights of companies in the private sector as regards the manner in which they deal with the personal information they have store on their clients. Perhaps a paradigm shift is needed here, because the protection of paper-based personal information is geared around physical security measures such as locks, yet on-line or electronic information cannot be protected in the same manner. Much more attention has to be paid to this issue.

Mr Morkel suggested that some critical databases are quite important, such as the NamespaceZA database which, if not properly protected, could be used to disconnect South Africa from the Internet entirely in a matter of five minutes, as mentioned by Mr Mike Lawrie, from the CO.ZA Administrator. Thus a definition is needed that would clearly protect such databases.

Clause 58: Right of inspection
Ms Vos inquired how precisely the Director General (DG) of the Department could "cause audits" to be performed by the critical database administrator, in clause 58(1). This needs clarity. Furthermore, whether a right to appeal against such audit is provided for, as far as compliance with technical competence with Chapter IX is concerned, as these administrators are granted unlimited power. Measures have to be put in place to ensure these powers are exercised reasonably.

The Chair agreed that this is a sensitive issue, and stated that the administrator has to exercise reasonableness here.

Ms Vos questioned the constitutionality of this provision and requested an opinion on this matter from the SLA, because the DG cannot be unleashed onto the databases of private business.

The Chair contended that Clause 58 cannot be used "to shoot down everything else".

Mr Maanda Manyatshe, CEO of the South African Post Office (SAPO), suggested that this has to be read together with the definition of "critical data" in Clause 1 of the Bill. This indicates that not all data will necessarily be classified as "critical", but will only be regarded as such when it affects national security or the economic and social well-being of South African citizens.

Ms Smuts stated that this is precisely the point she raised earlier, in that determining the interests of national security is not a function to be exercised by the Minister, as a special ministry has been established to deal with this.

Chapter X: Domain Name Authority and Administration
The Chair reminded Members that, at the very beginning of the process of deliberations on this Bill he had contended that it would be useful for the different stakeholders to consult each other, as well as the Department on this chapter, and arrive at possible solutions that accommodate the interests of each party. There is clearly a need for a Domain Name Authority and Administration (DNAA).

The NamespaceZA submission is useful as it provides options employed in foreign jurisdictions. Yet with this Bill this Committee has to work on the basis of what is written in this law, but also has to allow the DNAA to state in principle, the kind of structure it can work with. The Department then has to be consulted to allow it to state what it is able to put on the table. Each has been asked to reduce these proposals to written form. The intention in this chapter is to arrive at a DNAA that all interested parties are satisfied with.

Mr Silber contended that there are actually two basic areas in which Chapter X does not work: firstly, there is no intention to create a government-naming authority, but rather a representative body with state input on matters such as technology standards. It is not intended that the state govern this body, and this misconception is due to a drafting problem that has to be resolved. A new organisation is needed to exercise this function, as a Section 21 company is currently being used here and its membership is open to anyone. The body currently has two categories of membership, and It is hoped that as many members as possible would be enlisted under the new organisation.

The second relates to appointment to the board, and it is suggested that nominations of members from various communities be requested to stand for election, and would ultimately be elected the members of the organisation. It should also be specified that a minimum of four directors sit on the board, with three appointed via the public process and one by the Minister, despite the fact that the Bill currently provides that government appoints this single director. It has to be stipulated that provisions regarding directors must be included in the Bill and cannot be altered without the consent of the Minister. When an independent authority no longer operates in the best interests of the country the Minister is empowered to address a letter to the board forcing it to abide by its Memorandum and Articles of Association. If it fails to abide, the Minister can remove the entire board and call for a fresh election procedure. Specifically stipulating four directors allows the board to more adequately execute its mandate without the added administrative baggage. The first rough draft on this will be prepared soon.

The DDG stated that the element of government control can be removed from this chapter, as this was never the intention of the Department. The aim has always been for this body to serve society at large, and not only the Internet community, including those South Africans who do not yet have access to the Internet. A constant concern has to be the devising of methods to spread Internet usage in South Africa, and therefore that body should represent society as a whole and not just existing Internet users. The Department will first examine the rest of the text before replying to Mr Silber's concerns, but it has to be made clear that the Department does not intend having one of its officials on that board.

The Chair informed Members that ICANN has established a direct relationship with the United States Department of Commerce in en effort to facilitate the realisation of its objectives, and the same might have to be done in the South African context. But ICANN itself realised that it had to change, and has therefore made no bones of the fact that it is in a transitional phase in evaluating its operation, objectives and methods to facilitate the transition. NamespaceZA and the DNAA should engage in a similar process.

South Africa does have the Top Level Domain (TLD) but its structure has to be changed to ensure greater representivity and transparency, as well as checks and balances regarding funding considerations.

As far as the responsibility of such a body in acting on behalf of the country is concerned, protective measures have to be put in place here as such a body is an asset to the country.

Furthermore, a relationship between the public and private sectors has to develop so that checks and balances are set in place to ensure that the possibility of one sector infringing the rights of the other is avoided.

It is only once these four principles have been established that a proper evaluation could be made on whether the proposal satisfies the particular yardstick.

Mr Morkel suggested that he was under the impression that communication had broken down between NamespaceZA and the Department during the public hearings stage, and they are requested to explain the driving force behind the apparent resurgence.

The Chair replied that this Committee serves as a facilitator, and this parliamentary process has been the driving force.

Mr Morkel referred to ICANN, and stated that participation in the government of the Internet is really at issue here. In this regard a United Nations approach should be adopted for the Internet which, it appears, ICANN is attempting to facilitate. What representations has South Africa made on the international front to promote the internationalisation of the South African government, and the effects of this process?

Mr Silber replied that the databases allegedly under the control of ICANN can be used to make control changes on information anywhere else. Furthermore, a better time schedule and interaction with government departments has to be devised.

Mr Silber agreed with the DDG that an open and honest attempt has been made to improve representivity, and stated that this industry is currently being lead primarily by "pale males". Partial reasons are South Africa's history and a general lack of interest, but government has also offered and elicited a limited response to the impact of the Internet. Little has been made from those actively involved in the Internet, and even less from South African business and the Intellectual Property industry.

The Chair drew Members' attention to the Proposed Formulation of Chapter X compiled by NamespaceZA, ISPA and Uniforum SA. The aim is to create a regime via this Bill to create a DNAA framework, and this relationship has to happen as there has to be a relationship between the Internet and government.

Mr Browne contended that unless government is satisfied with the position and communicates this to ICANN, the process would not be taken forward at all, and it is thus vital that consensus be reached here.

Ms Smuts requested the SLA to explain whether the current Section 21 company would be used or whether a new body would have to be introduced. Is it not unusual for government to have a Section 21 company? She agreed with Mr Silber that this process should function outside the scope of the Companies Act, and that the appropriate minister has to be introduced to deal with this issue.

Mr Kellner replied that there is no reason why Parliament cannot instruct the Minister to make use of a Section 21 company, and can even do so itself.

The Chair inquired whether any precedent exists in this regard.

Mr Kellner answered in the affirmative.

The Chair requested that Members be supplied with written copies of these precedents.

Ms Smuts stated that government control is not desirable here which means that Part 5 of Chapter X would disappear. Part 5 currently provides that the Minister can devise regulations on the matters listed. Clauses 63(3) and (4), which deals with the representivity of the board, are especially important, as well as Clause 63(5) which provides that the Minister may replace any person nominated if, in the Minister's view, s/he does not comply with the stipulated criteria. The submission by Mr Silber that membership on this body be made all inclusive is a prudent suggestion.

The Chair stated that a complete rework of Chapter X is needed.

Mr Browne inquired as to what needs to be done about those South Africans who are not connected to the Internet, and the best way to provide access is to require the payment of a nominal fee that would be used to cover administrative costs. This would serve as a signal that they truly want to join the organisation. This is the best way to ensure the incumbents do not take control, and that they are kept out.

Mr Silber stated that the regulations provided for in Clause 72 of the Bill must be dealt with. Furthermore, the DNAA has to be a representative body, and should even be able to allow possible members to cast their votes by proxy on-line. This has to be coupled with the current need to broaden the group of voting members, so that the Internet may be popularised.

The Chair informed Members that an overnight change has occurred in four schools within his Alexandria constituency, as Microsoft has supplied each school with thirty computers and even their own web site. This small improvement has caused a sudden increase in Internet uses, and it has to be recognised that they want to be involved.

Ms Robyne Conway, Strategic Advisor: Technology to the CEO of SAPO, stated that SAPO is already doing this via its Public Internet Terminals (PiTs), which currently provide both e-mail and domain name facilities. The majority of need has to be recognised here, and SAPO's service delivery initiative is focused on the majority of need, via its universal access objective.

Mr Silber contended that with this Committee's approval and guidance with regard to the relevant policy issues, NamespaceZA would be able to set up free e-mail for all South Africans within two weeks, whereas this would only be implementable via the Bill in more than a year's time. The SAPO would also have a role to play here in providing points of registration. It could be called "me.za", and could be provided in all eleven official languages.

Ms Conway stated that SAPO welcomed this partnership, but reiterated that the SAPO is already providing free e-mail.

Mrs Annamarie Versfeld, from Versfeld & Nkosi Inc., stated that the South African Chamber of Business (SACOB) and the ANC Youth League were consulted on unemployment rates, and its was discovered that the very ability of the Bill to reach and further educate children is an important tool. A proactive approach therefore has to be adopted here, especially in the rural communities. South African customers need to be dealt with here, such as the need for an appeal process for disputes regarding domain names and cyber squatting, for example.

The Chair stated that Chapter X would be passed by this Committee, subject to the understanding that it would be reworked.

Chapter XI: Limitation of liability of service providers
Clause 81: Take-down notification
Mr Ant Brooks, a member of the management committee of the Internet Service Providers Association (ISPA), stated that ISPA has a problem with Clause 81. ISPA agrees with the take-down procedure but the provision does not clearly state the party authorised to exercise this function, and thus needs clarity.

Furthermore, Clause 81(i) provides for the indemnity of the service provider which implies the presence of a complainant, yet the clause does not assist in indemnifying the service provider from liability, as illustrated in the following situation. The service provider could receive a false allegation, which it does not yet know to be without substance, regarding the content of a certain web site and would then follow the proper take-down procedure as stipulated in Clause 81. The owner of that web site would lose any business s/he may have been running from that web site, and could then sue the service provider for taking down the web site based on a false allegation and for any loss of business that may have been caused due to the take-down. The service provider would then be held liable for merely following the proper procedure stipulated in Clause 81, whereas the complainant, the cause of the entire situation, would end up scot free. This clause does therefore not indemnify the service provider, as originally claimed.

Mr Kellner suggested that this contention seems to confuse suing and prosecuting, and the Bill accommodates the latter.

Mr Brooks replied that if a service provider were to take-down a web site dealing in armaments, for example, the ensuing litigation sketched above would be extremely expensive, and Clause 81(i) does not indemnify the service provider from such liability.

Mr Kellner agreed that this type of situation could come to pass.

The Chair requested Mr Brooks to provide a possible alternative.

Mr Brooks suggested that the clause provide for the indemnification of the service provider, in this sort of situation, from any litigation instituted by the owner of the particular web site.

Mr Kellner responded that this cannot be done via the prosecuting or civil action referred to.

Mr Wim Mostert, Senior Manager: E-Law at Deloitte & Touche and drafter for the Department, contended that a contract already exists that indemnifies the service provider from such litigation, but ISPA is now requesting that this be expressly included in this statute. This would guarantee that the service provider could not be sued by the owner in this situation.

The Chair stated that this matter would be looked at further.

Ms Smuts contended that the clause does not provide for any person or body that decides whether the allegation lodged by the complainant is of any substance and worthy of action, with the result that they are allowed to decide for themselves what exactly constitutes an "unlawful activity" under Clause 81. This is the critical failing in this clause, and a body has to be established to make such decisions. This matter is further complicated when "the right" of the complainant under Clause 81(c) comes into play, and who is responsible for making such decisions? Some degree of assistance is offered by Clause 82(2).

Ms Vos suggested that this be done via the Independent Communications Authority of South Africa (ICASA). The submission from the Witwatersrand University should be considered here, as it addresses the concern with self-regulation in this regard.

The Chair contended that the problem with self-regulation is that it creates more complaints, as is currently being experienced by the Broadcasting Complaints Commission. The Constitutional Court has to rule on this matter, because the more knowledge people have of their rights, the more complaints are being received in practise.

Mr Brooks informed Members that a take-down process is presently in place, and ISPA co-operates immediately and fully with it. ISPA has worked for a long time on devising a Code of Conduct for this procedure, and is far more comfortable with a government-based institution.

Mr Silber contended that the DNAA is "wholly inappropriate" to manage this type of activity and liability. Clauses 77 and 78 absolve the service provider of any liability, and Clause 79 excludes it from civil liability as well. Clause 79 should also exclude it from the sort of liability raised by Mr Brooks, as the service provider is already absolved from the sort of liability listed in Clauses 77 and 78.

The Chair questioned whether a body separate from the DNAA should be set-up, and its performance and structure could then be monitored.

Ms Smuts requested clarity on the precise meaning of the term "unlawful" as used in Clause 81, and its effect on the Bill of Rights contained in the Constitution. Furthermore, Clause 74 limits the applicability of Chapter XI to internet service providers, as the definition of "information system" provided in Clause 1 is broadly framed. It is also questionable whether it is necessary to require recognition from the Minister for such notification, as the European Union model does not require prior notification.

Mr Brooks replied that no final Code of Conduct exists yet, but will be available soon to regulate such matters.

Mrs Versfeld suggested that a single representative body be established to deal with this issue, as this would be the most advantageous option.

Mr Lance Michalson, from Michalsons Information Technology, Internet and E-Commerce Law Attorneys representing SAPO, suggested that Clause 81(i) be made subject to an undertaking acceptable to the Internet Service Provider. It is contended that this would solve the problem posed by Mr Brooks.

Clause 83: Savings
Ms Vos suggested that Clause 83(d) be added to include the right to limit the liability of the service provider based on South African common law or the Constitution.

The Chair replied that this Committee has not yet reached the amendment stage, and stated that Chapter XI is passed by this Committee.

Chapter XII: Cyber Inspectors and Chapter XIII: Cyber Crime
Clause 84: Appointment of cyber inspectors
Ms Smuts questioned how the certification required under Clause 84(2) would be implemented, as well as its impact on the on-line environment and the real world.

The Chair stated that this would be considered at a later stage.

Clause 85: Powers of cyber inspectors
Mr Smuts requested the DG to indicate the meaning behind Clause 85(1)(a), as he had explained the meaning of the "monitor and inspect" powers on a previous occasion, but these powers are dealt with by the Films and Publications Board. What can the cyber inspectors do once they come across a web site that contravenes this provision? This provision should either be scrapped in its entirety or is has to be decided exactly how the cyber inspectors are to act. Furthermore, clarity was requested on Subclauses 1(b) and (c), because these are not powers that the cyber inspectors should properly be exercising. It appears that the role to be played by the cyber inspectors has not been sufficiently thought through, and the remainder of the clauses in Chapter XII dealing with them also need attention. These include the assumption in Clauses 86 and 87 that they are able to acquire warrants for search and seizure under the Criminal Procedure Act so that they may investigate offences as though they are fully fledged police officers.

The Chair inquired whether anyone objects to the cyber inspectors being part of the South African Police Services (SAPS), or if this chapter were made subject to the SAPS Act. This would essentially provide that the cyber inspectors would patrol the Internet for violations contained in Clause 85, and the SAPS would then be notified of the perpetrators.

Mr Mostert contended that a key concern here is the retention of persons with the requisite level of technical expertise to properly investigate such violations. This involves a two-tier approach: firstly, it has to be ensured that the Department meets its obligation under the Bill is properly policed, such as the cryptography service providers which have to be licensed. Secondly, more powers have to be granted to the cyber inspectors under Clause 85(a) to "monitor and inspect". It is not the intention that the cyber inspectors usurp the functions already being executed by SAPS and other regulatory or investigative authorities, as the former are merely inspectors who would then hand over the perpetrator/s to the SAPS.

Furthermore, it should be noted that those law enforcement agencies that do not themselves possess the necessary technological expertise to track and identify cyber criminals, enlist the services of the cyber inspectors to bring such perpetrators to justice.

The Chair requested a precedent on the manner in which other inspectorates operate, such as the health and labour inspectors.

Mr Kellner replied that they typically have powers of search and seizure subject to the acquisition of a valid warrant, but they may also inspect a non-residential location during the day without first acquiring a warrant. For inspections at all other locations a warrant is needed.

Mr Morkel contended that the concern here is that these cyber inspectors could invade the privacy of an individual or a business. National security and the social well-being of South Africans could be affected, but the question is where the performance of these functions would be best housed: with the Department or with other departments and law enforcement agencies, such as SAPS.

Mr M Lekgoro (ANC) stated that cyber crime is a line function of the Department, and it thus has an immediate interest here.

Ms Vos contended that the IFP has a problem here is that these far-reaching powers are being granted to persons without first ascertaining their identity and background, how they were trained, their technical competence, their capacity to deal with privacy of information etc. This essentially amounts to granting powers to the cyber inspectors that properly belong with SAPS officers.

Furthermore, the Department of Justice and Constitutional Development has to be consulted on the impact of the Interception and Monitoring Bill regarding privacy of information. Elsewhere in this Bill mention is made of "independent" cyber inspectors, which suggests that this service would be outsourced by the Department. Yet this surely cannot be entertained?

Mr V Gore (DP) disagreed with Mr Lekgoro and stated that cyber crime is not a line function of the Department, cyberspace may be, but not cyber crime. Furthermore, the SLA mentioned earlier that certain inspectors do act without first acquiring a valid warrant to enforce a licence agreement, yet the same is not required of cyber inspectors under this Bill. Why are cyber inspectors then granted more powers of inspection, thus creating the impression that they are acting to enforce compliance with a licence agreement?

Ms Smuts suggested that the Committee is losing sight of other provisions, such as that requiring cryptography service providers and authentication service providers to be registered, yet the same is not required of cyber inspectors. Thus "things do not come together here".

Mr Kellner responded to both these questions by stating that although these service providers do not have to be licensed, they do have to be registered, and the cyber inspectors would thus be authorised to monitor and inspect whether the information they have provided on their registration and application forms is indeed accurate and correct. The authentication service providers have to be accredited and the same, it is presumed, will apply to the cyber inspectors.

Mr F Maserumule (ANC) stated that if it is not desirable for the cyber inspectors to deal with cyber crime, there would be no-one else to deal to address this problem.

Mr Kellner replied that upon a proper construction of the meaning of Clause 85(1), it becomes evident that anyone can "monitor and inspect" web sites for unlawful activity and then report transgressions to the SAPS, and there is thus no problem here. Clause 85(1) merely serves to expressly make this a function of the cyber inspectors as well.

The Chair stated that Chapter XIII is heading into cyberspace, but the problem with this chapter is that the moment people hear the word "crime" they automatically think "police". It seems this problem could be solved by simply changing their names from cyber inspectors to cyber officers. A concerted effort should be made to move away from "headings" and focus should only be placed on the necessity of a particular function. The point made by the SLA is valid, because anyone can exercise the Clause 85(1)(a) powers, and these are thus not extraordinary powers, as contended by some.

Mr Mostert informed Members that the SAPS are also incorporated under Chapter XIII, and the functions of the cyber inspectors are restricted to Clause 85. The search and seizure powers granted under Clause 85(2) only become operational once a law enforcement agency such as the SAPS enlists the assistance of the cyber inspectors, in accordance with their own founding statutes, because of the specialised knowledge possessed by the cyber inspectors. It has to be conceded that these clauses could be drafted in better language.

Mrs Versfeld contended that the problem with Clause 85(1)(a) is that no precise definition has been placed on the phrase "or activity" in that clause, which means that this provision is open to abuse. It should thus be redrafted so that the exercise of these powers do not adversely affect the civil liberties of South Africans, and perhaps the Constitution could be used as a yardstick in this regard.

There were no further questions or comments and the meeting was adjourned.

==
Appendix

FIRST DRAFT
MICHAEL SILBER, CALVIN BROWN, NEIL DUNDAS AND ALAN BARRETT
(IN CONSULTATION)

CHAPTER X

DOMAIN NAME AUTHORITY AND ADMINISTRATION
Part 1
Establishment of Domain Name AuthorityPart 2
AlternatIVe Dispute Resolution