The Committee was briefed by the Department of Justice and Constitutional Development (DOJCD) on the proposed Cyber Security and Cybercrime Bill. The Deputy Minister of the Department gave a brief background on why the Bill was needed. The DOJCD team described the terminologies used in the Bill and the National Cybersecurity Policy Framework (NCPF), and provided an overview of the Bill and a chapter by chapter explanation of the draft Clauses in Chapters one to five.
The Deputy Minister commented that the state counsel needed to redraft Clause four of Chapter two in a more specific way, in order to criminalise cybercrime that involved offences against children, as stated in the Sexual Offences Act. He also expressed concern that the draft Bill did not include any clause that criminalised identity theft in banks, as had initially been suggested by the banks.
During discussion, the Committee asked the DOJCD to clarify the intentions of Clauses three and seven in Chapter two of the draft Bill; if Chapter three dealt with the criminalisation of gruesome pictures that were circulated on social media; if the encouragement to harm or intimidate referred to in Chapter three Clause 17 could lead to physical, economical or emotional harm, or even committing suicide; if the Bill criminalised emotional harm; if the NCPF was designed to criminalise only harmful and inciteful conduct in the cyber domain.
The Committee observed that suicide was not a criminal offence and asked the DOJCD how malicious communications that led to suicide could be criminalised, as stated in the draft Bill. Why did it not criminalise hurtful images that were shown on television screens? Was there a provision for a ‘public interest override’ if the data used was obtained unlawfully, but could prevent a potentially damaging situation from occurring?
The Committee observed that bullying could damage a person and cause spiritual and psychological harm, and questioned whether spiritual and psychological harm should be regarded as a petty crime. The draft Bill seemed to be addressing only petty crimes on conduct that led to spiritual and psychological harm in the cyber domain, while it did not address pyramid schemes or illicit financial flows. The Department was asked to research the thinking on the crimes that occurred, based on spiritual and psychological harm, compared to crimes that occurred based on economic harm, and to present a written report to the Committee.
The Committee asked the DOJCD if it could give detailed information of similar cases, where courts had been given jurisdiction to put on trial a person who committed a crime that affected the interests of the country. The Committee resolved that Clause 17 had been phrased in an ambiguous way and suggested that it should be re-drafted. The meeting was adjourned to the following day.
Mr John Jeffery, Deputy Minister of Justice and Constitutional Development (DOJCD), introduced the members of his team from DOJCD and gave a brief background on why the Cybercrimes and Cyber Security Bill was needed. He emphasized that the private and public sector had inadequate capacity to deal with cybercrimes and cyber security, and the current laws relating to jurisdiction to deal with international cybercrimes were inadequate.
Mr Dingaan Mangena, State Law Advisor (SLA), DOJCD, highlighted the terminologies used in the context of the Cybercrimes Bill and the policy framework of the National Cybersecurity Policy Framework (NCPF).
The Chairperson asked Members if they wanted to interrogate the Deputy Minister on the Bill before he left for another meeting. She asked the DOJCD team to clarify the connection between the current legislation and the Cybercrime Bill.
Mr Sarel Robertse, SLA, DOJCD, remarked that the current legislation did not deal with cybercrime, but dealt with fraud in banks and other establishments which was handled by the South African Police Service (SAPS), and was not within the Committee’s mandates. He described some common law Acts used to prosecute some of the offences which were inadequate to prosecute cybercrimes, which had advanced based on technology. For instance, cyber harassment -- which included child pornography -- was not covered in the Sexual Offences and Related Matters Act. The Criminal Procedure Act was also object-based and did not deal with specialised procedures which were required to investigate cybercrimes that involved electronic evidence.
Ms Kalayvani Pillay, Deputy Director-General (DDG) DOJCD, gave an overview of the Cybercrimes and Cyber Security Bill.
Mr Robertse provided explanations for the draft clauses in chapter one and two of the Bill. Chapter one contained various definitions that related to interpretations of the Act, while Chapter two dealt with Clauses two to 15, which pertained to offences which could be committed in the cyberspace.
The Deputy Minister interjected and said that the state needed to re-draft Clause four of Chapter two in a more specific way to criminalise cybercrime offences which involved child offences, as stated in the Sexual Offences and Related Matters Act. He also expressed concern that the draft Bill did not criminalise identity theft in banks, as initially suggested by the banks.
The Chairperson observed that the Chapters that had been dealt with by the DOJCD did not include criminalisation of malicious communications.
The Deputy Minister responded that criminalisation of malicious communications would be dealt with in Chapter three of the draft Bill, and added that the discussion was still on Clause five of Chapter two.
Mr M Maila (ANC) observed that he wanted the Deputy Minister to make more comments before he left for his meeting.
The Deputy Minister agreed to entertain comments and questions in subsequent meetings, and left for his meeting.
Mr Robertse continued with his explanation of the draft Bill clauses in Chapters three and four. Chapter three dealt with Clauses that criminalised the distribution of data messages, especially those which incited or caused damage to property, or violence against a person or group of persons as seen in Clause 16. Clause 17 captured criminalisation of harmful data messages that threatened a person, while Clause 18 captured the distribution of data of an intimate nature without the consent of the person. Clause 19 provided for interim protection orders against conduct contemplated in Clauses 16, 17 and 18, while Clause 20 compelled electronic service providers to assist with the identification of persons who distributed data messages contemplated in Clauses 16, 17 and 18. Clause 21 provided for a court to criminalise further distribution of data messages contemplated in Clauses 16, 17 and 18, while Clause 22 prescribed penalties for offences in Chapter three. The purpose of Chapter four was to expand the jurisdiction of courts to deal with cybercrimes committed across nations.
The Chairperson asked the DOGCD to clarify if Chapter three dealt with the criminalisation of gruesome pictures that were circulated on social media.
Mr S Swart (ACDP) asked the DOJCD if it could provide written documents on malicious communication that was trending internationally. He also asked the DOJCD to clarify if the encouragement to harm or intimidate, referred to in Clause 17 of the draft Bill, led to physical, economical or emotional harm, and committing suicide, for example.
Dr M Motshekga (ANC) asked the DOJCD to state if the harm referred to in Chapter three, Clause 17, was emotional or spiritual harm. He also asked whether the draft Bill criminalised emotional harm.
Mr W Horn (DA) remarked that Clause 17 had been phrased in an ambiguous way and suggested that it should be re-drafted.
The Chairperson asked the DOJCD to respond to the comments and questions.
Mr Robertse responded that Clause 17 (1c) addressed the conduct of the person that intimidated or encouraged others to intimidate another person. In addition, according to law, Clause 17 should be interpreted in the context of the physical body, personal reputation and human dignity. Clause 17 (1c) also addressed cyber bullying, and although it was difficult to address gruesome pictures, the offence could be criminalised if it fell under Clause 17. He said that the DOJCD had examples of international trends on criminalisation of malicious communication, and would submit them to the Committee.
Dr Motshekga observed that suicide was not a criminal offence and asked the DOJCD how malicious communications that led to suicide could be criminalised, as stated in the draft Bill.
Mr Mangena said that the draft Bill included definitions which stated that harm covered mental, economic, social and psychological aspects.
Ms Pillay said she was not sure if gruesome pictures were criminalised, and the Department would research on the issue and report back to the Committee
Dr Motshekga asked the DOJCD why it did not criminalise hurtful images that were shown on television screens.
Mr Robertse replied that the Media Act covered age exclusion of hurtful images shown on television screens. He added that the Electronic Communications Act covered certain matters that related to contents being presented on television screens, but he promised that the DOJCD would research the issue and report back to the Committee.
Mr Maila asked the Department to clarify if the NCPF was designed to criminalise only harmful and inciteful conduct in the cyber domain.
Mr Robertse replied that the NCPF was a document that addressed cybercrimes and cyber security regulations. The DOJCD had been given a specific mandate to draft an NCPF Bill that could prosecute all cases in the cyber domain only.
Ms Christine Silkstone, Committee Content Advisor, asked the DOJCD to clarify the intentions of Clauses three and seven in Chapter two of the draft Bill.
Mr Robertse said that the common law that criminalised the offence of possession of goods if the person could not explain the source -- as seen in Section 36 of the General Law Amendment Act of 1952 -- had been found to be constitutional. The proposed Clause three and seven in Chapter two was in line with Section 36 of the General Law Amendment Act of 1952, so Clause three and seven in Chapter two in the draft Bill was aimed to criminalise the offence.
Dr Motshekga asked the DOJCD to clarify how a person could explain the source of goods, or provide evidence that goods bought from a road side vendor was not stolen.
Mr Swart asked if there was a provision for a ‘public interest override’ in the draft Bill if the data used was obtained unlawfully, but could prevent a potentially damaging situation from occurring.
Mr Robertse responded that the draft Bill contained a qualifier that there should be reasonable suspicion that the goods in question were stolen. However, if the person could give a reasonable explanation, the person would not be charged. He added that there was no public interest defence in favour of data that was unlawfully obtained.
Mr Maila observed that the draft Bill seemed to be addressing only petty crimes, while it did not address pyramid schemes or illicit financial flows. He asked if the draft Bill focused only on petty crimes in the cyber domain.
Dr Motshekga commented that Mr Maila seemed to be saying that bullying, which could be damaging to a person and cause spiritual and psychological harm, was a petty crime, while economic crimes like pyramid schemes or illicit financial flows were more grievous crimes. He asked if spiritual and psychological harm should be placed higher than economic crimes.
Mr Robertse said that Chapter three of the draft Bill dealt with cybercrimes which might look petty, but serious cyber harassments had occurred in the cyber domain. He gave examples of bank transfers which resulted in great cash losses in bank accounts, and viruses which caused serious danger to the navigation beacons of aircraft and ships, so the draft Bill did not deal with petty crimes but ones that had serious consequences in the real world.
The Chairperson asked the DOJCD to research the thinking of both types of harm, and to present written reports to the Committee. She also asked the Department to continue with its brief.
Mr Robertse continued that the purpose of Chapter four of the draft Bill was to empower the courts to place on trial a person who committed a crime that affected the interests of the country, either by extradition or when available in the country.
Dr Motshekga asked the DOJCD if it could give detailed information on such cases.
Mr Robertse said that the Department could provide written detailed information on such cases.
He gave an overview of Chapter five, which dealt with powers of the South African Police Service (SAPS) to investigate cybercrimes, highlighting the purposes of Clauses 24, 25, 26, 27 and 28.
The Chairperson asked the team from the DOJCD to resume the brief the next day.
The meeting was adjourned.