Cybercrimes and Cybersecurity Bill: Department response to submissions; Review of Executive Members Ethics Act

This premium content has been made freely available

Justice and Correctional Services

08 November 2017
Chairperson: Dr M Motshekga (ANC)
Share this page:

Meeting Summary

The Department of Justice and Constitutional Development (DJCD) continued with the comments and submissions received on the Cybercrimes and Cybersecurity Bill, and the responses by the Department to those comments.

Media Monitoring Africa (MMA) submitted that the best interests of the child in cybercrimes and cybersecurity should specifically be acknowledged and they also raised a concern that the Bill contained limited reference to information rights. To this the Department responded that information rights related to rights and obligations in terms of communication, collection, access use and control of data. It also included the right to privacy, intellectual property, and access to information and freedom of expression.

A concern was raised by Legal Aid SA on the failed attempt of the Bill to deal with cyber harassment, bullying and revenge pornography in the Films and Publications Amendment Bill.

R2K raised a concern around chapter 3 of the Bill creating a legal framework that was wide open to abuse. The chapter appeared to be government’s proposal to regulate social media. The Department replied that the provisions in the said chapter cannot be interpreted as giving powers to government to regulate social media. The provisions were subject to processes that were constitutional and should be interpreted within the ambit of the Bill of Rights.

R2K also noted that the Bill made it a crime to resend malicious communications even if the re-sender was not the author, without taking into account the intention of the re-sender. The Department replied that the resending of harmful digital communications should not be treated as an exception to the prohibition. In most instances, the resending of malicious communications contributed to the problem that the chapter in question aimed to address.

Although R2K appreciated the intention to protect vulnerable people from online harassment, it was pointed out that this could also have a chilling effect on freedom of expression, which includes robust political expression that was often crude, aggressive and unpleasant. The Department pointed out that the Protection of Harassment Act was a civil remedy ex post facto, meaning that the harm was already done. The fact that other remedies of a civil nature may be available to deal with malicious communications was considered in the case of S v Motsepe 2015 (2) SACR 125 GP at paragraph [47].

Digital Law Companies (DLC) noted that revenge pornography was an increasingly prevalent and alarming phenomenon and had a severe and adverse impact on the lives of persons. It was recommended that the provisions dealing with revenge pornography should be included in the Sexual Offences Act.

Committee Members sought clarity on the definition of malicious communications and data message. Members also appreciated the Department’s efforts in dealing with the issue of malicious communication and distribution of data message of intimate image without consent. Members noted that people have come into the country with various practices and cultures and emphasised the need for regulation of the activities of religious activities and cultural practices.

In addition the Committee asked for the rationale behind the inclusion of incitement of violence to property in clause 16 and wanted more information on child pornography and the distribution of intimate images by children on their cell phones and computers.

On chapter 5 that dealt with powers to investigate, search, access or seize in so far as it relates to cybercrime, service providers raised a concern on the seizure of devices and information on devices that can be infringed as a result of such an investigation. Legal Aid SA also raised a concern around persons being frequently spied on and monitored through their devices. The Department replied that the Regulation of Interception of Communication Act (RICA) and communication relating to the Information Act prohibited the monitoring or the interception of any communications and if a person embarked on such conduct, that person would be committing a criminal offence. Liquid Telecoms appealed to the Committee on the need to revise certain aspects of the RICA.

The Department noted that there was a lot of misunderstanding relating to clause 38 that dealt with interception of communications. Clause 38 was included in the Bill to provide that the Bill cannot be used in instances where the interception of communications needs to take place as required by the RICA; rather the provisions of the RICA should be used. The aim was to ensure that a police official cannot obtain a warrant to use in gaining access to a service provider. The clause therefore, made it obligatory to use the RICA to obtain the communications in question. This was a safety mechanism inserted in the Bill.

On review of Executive Members Ethics Act, Members agreed that the issue at hand was about the communication received from the Office of the Speaker for the Committee to conduct follow-up on the recommendation on the State of Capture report in terms of the remedial action. Some Members proposed that the matter be taken off from the business of the Committee since there was already a proclamation and that the matter should be left to the Executives to address. Members however agreed to have a written report that would cover the issues discussed by the Committee and the decision reached on the matter.

Meeting report

Continuation of responses by DJCD to submissions on the Cybercrimes and Cybersecurity Bill

Ms Kalayvani Pillay, Deputy Director-General: Legislative Development, DJCD, said that the Department would continue with responses to submissions made on the Bill from Chapter 3 of the Bill which dealt with malicious communications.

Adv Dingaan Mangena, Senior Legal Adviser (SLA): DJCD said All Rise submitted that providers of blogging and social networking services should be included within the definition of electronic communications service providers. To this, the Department responded that this category of service providers had been included in clauses 19 to 21.

Media Monitoring Africa (MMA) remarked that the best interests of the child in cybercrimes and cybersecurity should specifically be acknowledged. The Department responded by that the Criminal Law (Sexual Offences and Related Matters) Amendment Act to deal with instances of child pornography and harmful disclosure of pornography.

MMA raised a concern that the Bill contained limited reference to information rights. To this the Department responded that information rights related to rights and obligations in terms of communication, collection, access use and control of data. It also included the right to privacy, intellectual property, and access to information and freedom of expression.

On unintended consequences, MMA said it might result from the provisions of clauses 16 to 18 on the enjoyment of freedom of expression. The Department’s response to this concern was that malicious communications may infringe some basic rights. The Constitution however, imposed a duty on the State not to perform any act that infringed the entrenched rights. This right did not extend to the incitement of imminent violence or advocacy of hatred based on race, ethnicity, gender, religion and any action that constitutes incitement to cause harm. (See pages 87 to 91 of the attached document for details of DJCD’s response).

MMA submitted that it was necessary to provide for the disclosure of malicious communications in the public interest. It raised a concern that the Bill made no reference to communications (intentionally made available, broadcast, or distributed) that were in the public interest, in the interest of justice or already in the public domain. The effect of this omission was that journalists or human rights defenders who published malicious communications would be criminally liable in terms of the Bill. The Department’s response to this concern was that courts did not recognise public interest defence in relation to criminal offence. The Bill cannot therefore, deal with such defence since it would apply to all criminal conducts.

A concern was raised by Legal Aid SA on the failed attempt of the Bill to deal with cyber harassment, bullying and revenge pornography in the Films and Publications Amendment Bill. According to the Department, the offences in the Bill dealing with malicious communications were substantially different from the offences in the Films and Publications Amendment Bill.

A comment was made by All Rise to the effect that cyber abuse was commonly cross-jurisdictional either in respect of the perpetrator and victim being in different states or countries, or in respect of the location of the company hosting the content, versus the victim and the law enforcement (see details of comment in page 94 of the attached document). The Department’s response to this was that the Bill substantially increased jurisdiction in respect of cybercrimes, and provision was made for agreements with other countries to curb cybercrime.

Internet Solutions opined that section 16 and 17 should not form part of the Bill since the offences contained therein were not offences committed against computer systems. It was further submitted that the crimes stated in the aforementioned sections were already criminalised in South African law and were merely recriminalised in the Bill by way of reference to offences committed by means of computer systems.

The Department replied that the offences primarily aimed to address the proliferation and effects of the use of computer systems to harm or treat persons in a cruel, inhumane and degrading manner, and to address cyber bullying. The Hate Crimes Bill did not address the crimes provided for in clauses 16 and 17 since the ambit of that Bill was to criminalise conducts relating to racism, racial discrimination, xenophobia and related intolerances.

R2K raised a concern around chapter 3 of the Bill creating a legal framework that was wide open to abuse. The chapter appeared to be government’s proposal to regulate social media. The Department replied that the provisions in the said chapter cannot be interpreted as giving powers to government to regulate social media. The provisions were subject to processes that were constitutional and should be interpreted within the ambit of the Bill of Rights.

R2K also noted that the Bill made it a crime to resend malicious communications even if the re-sender was not the author, without taking into account the intention of the re-sender. The Department replied that the resending of harmful digital communications should not be treated as an exception to the prohibition. In most instances, the resending of malicious communications contributed to the problem that the chapter in question aimed to address.

R2K further proposed that chapter 3 be revised and all clauses dealing with malicious communications should be omitted from the Bill, with the exception of the clause that dealt with revenge pornography. The Department’s view on this proposal was that the elements of the offences were substantially similar to the offences already contained in the Statue Book. The challenge of constitutionality was without basis.

Centre for Constitutional Rights (CCR) remarked that the definition of a “data message” in clause 16 conflicted with the definition used in the Hate Crimes Bill. It was unclear what conduct was being prohibited in terms of the proposed Bills. The Department replied that the broad ambit of the application of the clause was restricted by the fault element of “intention to incite” the conduct as provided for in paragraphs (a) and (b) of clause 16. It was unnecessary to define the terminology “makes available, broadcasts or distributes”, as the meaning of the words were evident and should therefore, be interpreted in accordance with their ordinary understanding. In addition, CCR also noted that clause 16 (b) of the Bill was not constitutionally aligned. The Department was of the view that the clause was constitutionally aligned. Nevertheless, an amendment was proposed to correct an omission in the Draft Bill.

Open Democracy Advice Centre (ODAC) said that cyber bullying can be addressed by means of other legislation already in the Statute Book. The Department acknowledged that other legislation may be used to address aspects that were dealt with in clause 17. However, the Protection from Harassment Act provided a civil remedy ex post facto after the initial harassment that prohibited the harasser not to continue with the harassing act.

MMA remarked that the reference to ‘any property’ in clause 17 (2)(a)(i) did not consider the possible different thresholds for movable, immovable, and increasing virtual property such as one’s brand or intellectual property online. The Department replied that property meant all corporeal and incorporeal properties.

MMA went on to propose that the word ‘imminent’ should be inserted before all references to violence in sub clauses 17(2)(a) and (b). In responding to this, the Department referred MMA to the amendment to clause 16.

The Department disagreed with MMA’s view that the words ‘intimidates, encourages or harasses’ should be replaced by the word ‘incites’, noting that this would change the meaning of the terminology used.

All Rise remarked that it may be useful to extend the offence of cyber harassment to offline conduct as well, in order to comprehensively criminalise harassment. To this the Department replied that the ambit of the Bill was mainly to address conduct in cyber space.

All Rise also submitted that section 17 (d) (i) required the message to be aimed at causing harm (see page 102 to 103) of the attached document for details of comment). The Department replied that intention was an element of criminal liability and could not be dispensed with. The reasonable person test was aimed at restricting the ambit of the clause.

CCR criticised clause 17 of the Bill citing vagueness. The Department responded by stating that unlawfulness and intention were essential elements for liability in accordance with the criminal law of South Africa..

CCR also stated that clause 17 was silent on the defences available to an accused in this instance. To this, the Department noted that the general principles of criminal law would apply. There are not numerous defences that would be available to the accused. Provision of specific defences would limit the grounds of justification and may operate unfavourably towards an accused person.

MMA remarked that section 17(2)(d) was an unjustifiable limitation of free speech in so far as it criminalised the distribution of a harmful data message that was inherently false in nature. The Department responded that the mere distribution of fake news was not criminalised. This clause was aimed at protecting the result of such communications. A false data message will only fall within the proscription if it was aimed at causing mental, psychological, physical or economic harm to a person or group of persons.

Michalsons Attorneys commented that clause 17 (2)(d) potentially criminalised satire, parody or artistic or other works that were intended to be used as political commentary. It was proposed that a defence be included to cater for the aforementioned. The Department replied that there were no closed categories of grounds of justification in SA law that will lift the unlawfulness of prohibited conduct. It was submitted that the limitation test of a reasonable person in possession of the same information and with regard to all circumstances implied that any ground of justification which would justify conduct that complied with the proscription, must be taken into account.

Although R2K appreciated the intention to protect vulnerable people from online harassment, it was pointed out that this could also have a chilling effect on freedom of expression, which includes robust political expression that was often crude, aggressive and unpleasant. The Department pointed out that the Protection of Harassment Act was a civil remedy ex post facto, meaning that the harm was already done. The fact that other remedies of a civil nature may be available to deal with malicious communications was considered in the case of S v Motsepe 2015 (2) SACR 125 GP at paragraph [47].

Freedom of Religion remarked that the expression ‘inherently false in nature’ in clause 17 (2)(d) was not defined and was therefore, open to multiple interpretations and subject to what a person believed. The Department responded that there was no need to define words having ordinary meanings.

With regard to section 18, the Western Cape welcomed the offence of distributing intimate images without consent was welcomed but proposed that it should be extended to include instances where sexual activity without visible nudity was involved as contemplated in section 18(2)(b). The Department replied that sexual activity without visible nudity was addressed in the Schedule to the Bill, where it was proposed that a new section 10A be inserted in the Sexual Offences Act.

Deloitte submitted that offence in section 18 can only be committed where intention was proved. It was proposed that negligent conduct falling within the clause should also be criminalised. The Department replied that for the purposes of this Act and in general, criminal liability flowed from willed or intentional acts only.

MMA noted that section 18 did not require the element of harm and this lead to the possible absurdity of the criminal prosecution of a parent who shared a nude picture of a new born baby with family members. The Department however, disagreed that this offence required the element of distribution of intimate images of a person, without consent. Harm was inherent within the act of distribution.

Michalsons Attorneys indicated that the limitation of the clause to only cover nudity was insufficient. Revenge porn could include pictures or descriptions that did not necessarily depict the victim fully nude, but could be equally damaging to their dignity. The Department replied that clause 18 was not aimed to deal with revenge pornography. Reference was made to the Schedule where it was proposed that section 10A be inserted in the Sexual Offences Act to deal with this aspect.

Michalsons Attorneys further stated that the requirement of “identifiable” also limited the clause and that the “reasonable expectation of privacy” limitation was unjustified. The department replied that the identifiable requirement was not an element of the offence in terms of section 10A(1). It was submitted that clause 18 and the proposed section 10A(1) of the Sexual Offences Act was broad enough to cover persons identifiable from surrounding circumstances.

SAHRC welcomed the clause but noted that the term ‘female’ in clause 18 (2)(ii) was limited to biological status. It was recommended that the term be replaced with the word ‘woman’ which was broader in terms of taking into account intersex, transgendered and persons with body variations who identify themselves as women. The Department replied that the word ‘female’ related to a person with certain characteristics that uniquely classified such a person as a female.

Digital Law Companies (DLC) noted that revenge pornography was an increasingly prevalent and alarming phenomenon and had a severe and adverse impact on the lives of persons. It was recommended that the provisions dealing with revenge pornography should be included in the Sexual Offences Act. The Department responded by stating that clause 18 did not address revenge pornography.

DLC made suggestions relating to the inclusion of culpa requirement; provisions applicable to not only images distributed via a computer system but also to images distributed through other means; the replacement of the words “knows that consent has not been given” for the purpose attaching criminal liability in order to place the burden of proof on the perpetrator; the extension of harmful material to include descriptions; privacy not being the only yardstick, and the need to consider dignity of persons; as well as the fact that revenge porn need not depict nudity or genitals. (See pages 118 to 121 of the attached document for details of suggestions and responses by the department respectively).

The Chairperson asked if it was still necessary to make use of Latin terms such as culpa instead of using English words directly.

Mr Sarel Robbertse, State Law Adviser, DJCD, replied that the term was used specifically in respect to the comment raised by the commentator, but it was advisable to do away with Latin terms.

Cell C, Telkom and Vodacom supported clause 19 but subject to a view expressed in paragraph 4.5.1 (a) (see page 121 of the attached document). The Department noted the concerns raised and noted that clause 19(1) provided for protection orders against service providers and persons.

The service providers further noted that clause 19 (1)(b) only made reference to “a computer system” and not “computer storage medium” or “computer program”. It was recommended that these phrases should be included. The Department replied that a “computer system” was defined as one or more computers. A computer is further defined to include “a data storage medium” and by implication also consists of a program that causes it to perform a function.

All Rise also sought clarity on how the issue of anonymity in cyber harassment would be addressed and managed. The Department replied that the question of anonymity was an international problem that ought to be addressed on another level. Most services originated from outside the country and were subject to the legislative jurisdiction of South Africa (see pages 122 to 123 for further details of response).

All Rise further remarked that the collection of information to prosecute cyber harassment cases was difficult in the light of anonymity, volume abuse and evidence outside jurisdiction. The Department’s responses to the issues raised in the light of the aforementioned three factors were highlighted.

All Rise referred to expedited preservation of data as contemplated in clause 39 of the Bill and raised a concern that the this may contribute to mental anguish and suicide. Also, this process may not be suitable for cyber harassment. The Department replied that preservation of evidence did not imply that evidence would be available to the victim or the public. A court may order electronic communications service providers to remove or disable access to the malicious content.

CCR noted that clause 19 made it possible for a person to make application to the court on an ex parte basis for essentially a protection order pending the finalisation of the criminal proceedings. The Department responded by noting that clause 19 dealt with the issuance of a protection order in the presence of a prima facie evidence that a malicious communication has taken place as contained in clause 19(3).

With regard to clause 20, TBCSA sought clarity on whether the reference in clause 20 to electronic communication service providers included a reference to internet cafes, since they are used to commit the bulk of fraud that takes place in guest houses. The Department replied that internet cafes should be seen as a medium to access a computer system and a tool that may be used to store or distribute malicious communications. Any person in control of a computer system which was wide enough to include internet cafes fell within the ambit of clauses 19, 20, and 21. The same obligations applicable to electronic communication service providers would apply to these persons/businesses.

Deloitte proposed that a minimum sentence for non-compliance would render the provisions more effective. The Department replied that a minimum sentence did not take into account the circumstances under which an offence was committed. This in effect, interfered with the discretion of the court to impose a suitable sentence with regard to the circumstances under which the offence was committed, as well as other principles applicable to punishment.

The only comment made on chapter 4 in respect of jurisdiction was made by Cell C, Telkom and Vodacom and they supported clause 23.

Discussion

Ms Christine Silkstone, Parliamentary Legal Adviser requested the Department to go through the amendments made to the Sexual offences Act as contained in the Schedule to the Bill.

Ms C Pilane-Majeke (ANC) sought clarity on the definition of malicious communications and data message. She supported MMA’s suggestion to replace “intimidate, harass and encourage” with “incitement” in order to utilise the concept of incitement. As far as enforcement was concerned, it was necessary to consider what was being said about availability of equipment in order to identify cyber users. With regard to internet cafés, it has been indicated that they should apply for affidavits to affect the order of the court. However, she opined that internet cafés should be saddled with the responsibility of assisting the courts in identifying abusers of cyberspace. A mechanism should be built in the Bill to compel internet cafés to assist the court in this regard. On the MMA’s comment regarding fake news, she noted that fake news was dangerous and should be addressed as a matter of urgency.

Ms M Mothapo (ANC) appreciated the Department’s efforts in dealing with the issue of malicious communication and distribution of data message of intimate image without consent. She recalled that NGOs and some other foreign organisations exposed the operations of initiation schools. The findings of the Films and Publications report (which found nothing from the initial findings of the traditional leaders on the said exposure of operations in initiation schools) should normally be carried out in court and the other party should consent to such investigations. Clause 18 was therefore, very relevant in this regard.

Mr J Skosana (ANC) asked for the means by which the definition of data message in the Bill would be reconciled with the one contained in the Hate Crimes Bill. He also wanted to know the difficulties faced by the Department in addressing the concern around the replacement of the word ‘female’ with ‘woman’ as per the submission by SAHRC.

The Chairperson commented on the debate around the use of term ‘woman’ and ‘female’, noting that in African language, the word ‘ma’ is used for female while ‘ra’ is used for male.  English has complicated things to suggest that a difference existed between ‘female’ and ‘woman’.

On the request made in relation to explanation of the amendments affected in the Sexual Offences Act and in the Schedule, Mr Robbertse noted that the said amendment was of a dual nature as it aimed to comprehensively deal with crime pornography on the one hand, and also to put certain offences in place to criminalise the unlawful and intentional distribution of adult pornography without the consent of such adults on the other hand. This was similar to what was dealt with in the chapter addressing wrongful communication but it was more elevated to offences with penalties. The protection measures provided for in chapter 3 of the Bill (namely powers to get court order to prohibit the further distribution of such pornography and also to ensure the deletion of such harmful material) were also part of the amendments in the Sexual offences Act. The offence created to deal with the distribution of pornography was firstly the criminalisation of distribution of pornography without consent. It also provided for instances where pornography was used in extorting other people. The elements of criminal liability included unlawfulness, intention, and the distribution of material without consent. The element of other offence was in cases where a person threatened to disclose such pornography and the other person did not consent to the distribution of such material.

Penalties were substantially increased in terms of chapter 3 of the Bill. Penalties were up to two years for cases of intentional distribution of pornography. Penalties can be imposed for up to five years in terms of the Sexual Offences Act while in some other instances, the penalties may be increased.

On the clarification of the term ‘malicious communication’ and its relationship with data message, it was pointed out that a data message was defined in clause 1 of the Bill as the exchange of information in electronic form. In other words, the distribution of data message in this regard entailed sending information via email and SMS, posting things on a webpage or creating a website that posted malicious communications. Not only the creator of such content would be held liable but also those that subsequently distribute the data message.

The content of malicious communications was defined in chapter 2 of the Bill. Data message was harmful for the purposes of the Bill if a person threatened another with harm or damage to property or also with violence. A data message was also considered harmful in terms of clause 17 (2) if it intimidated, encouraged, or harassed a person to harm himself or herself or any other person. This type of offence was specifically aimed at addressing cyber bullying. Also, the harmfulness of a communication must also be considered in terms of criminalising fake news that can be used or considered as a form of malicious communication. For instance, a well-respected member of the society can become the subject of malicious communication. Also worthy of note was the safety guards built in to evaluate a harmful message. There has to be a specific intention to do harm to another person and this must be evaluated against a reasonable person test to ensure that insignificant conduct did not qualify as harm.

The Chairperson asked if the process was not trying to get the law to deal with moral issues. He cited the example of a funeral where people were dressed in white and children were around them, and the man who lost his wife dancing around the grave naked in order to demonstrate the notion of coming to the world with nothing and leaving with nothing, which was a misinterpretation of the scripture. The effect of such misinterpretation would cause harm to the children at the graveyard.  How would malicious intent to harm the children be proved in this regard as well as in instances of abuse of religion and culture?

Ms Pilane-Majeke said that South Africa was in trouble as it had become part of the global community that has been affected by migration. People have come into the country with various practices and cultures but how such practices/cultures are dealt with was the issue at hand. The new trend in South Africa was to find people under trees with white clothes who are supposed to be worshipping but which has not been regulated. She opined that such practices and cultures should be regulated in South Africa.

The Chairperson added that the scope of moral degeneration should be widened and dealt with. This would prevent the use of criminal law to address these issues.

Ms Pilane-Majeke emphasised the need for regulation of the activities of religious activities and cultural practices by citing the example of the absence of a priest or organiser of activities of those that worship under the tree. It showed that no one could be held accountable should anything go wrong. This issue was beyond moral degeneration.

The Chairperson clarified that his point was around the debate on law and morality. It was necessary for a social dialogue to take place in this regard. This was because regulating the cultural practices and religious activities may lead to the prohibition or punishment of people who practice or carry out such activities in good faith and belief that they are doing the right thing. He cited the example of a group of people known as ‘quakers’ referred to themselves as societal friends. Any one of them could preach. It was difficult to identify a leader among them, as they believed that the spirit could talk to any of them individually and the spirit had the right to address them.

The Chairperson said he was trying to highlight the complexity of the issue at hand. This issue could not be solved by law alone. There was an interaction between law and morality and it was important that the Department and other government institutions addressed these societal concerns without being too legalistic.

Ms Pilane-Majeke opined that the Chairperson was being too pragmatic about the issue. The point she was trying to make was around the need for monitoring without oppressing people. Understanding what everyone in the country was doing was part of the peace and stability approach. It would be necessary to engage with other departments and committees in order to address this issue.

Ms Pillay said that there was a recent report that came from CRL commission on religious practices. On the Hate Crimes Bill, she pointed out that it was necessary for the content of the Bill at hand to be aligned with the Hate Crimes Bill when introduced. This issue would be dealt with at the presentation of the clause by clause comments and responses relating to both Bills. In terms of ‘woman’ and ‘female’, the Department may have overlooked the issue of what would be acceptable to the LGBTI community. The Department will do some research on the implications of changing the word used in order to avoid the prevention or discrimination of certain groups of people.

The Chairperson asked if it was possible to allow exceptions to the main exception, as the normal order of things was to have female and male; and this should be clear. However, the LGBTI community should be recognised and protected by the law. Crafting the law to displace the existence of female and male did not seem like the best option. Are we not stretching the recognition of the LGBTI community much further than it was? It was necessary to be specific and more engagement should be had on this issue.

Ms Pillay said the aim was to ensure the protection of the group that this clause of the Bill was aimed at. A proper submission would be made on this to clarify the appropriate word that should be used.

The Chairperson also noted that creating such an exception to the rule may lead to difficulties in educating children.

Ms Silkstone asked for the rationale behind the inclusion of incitement of violence to property in clause 16. She also sought more information on child pornography and the distribution of intimate images by children on their cell phones and computers.

Mr Robbertse replied that the distribution of images containing children or child pornography was criminalised in the Sexual Offences Act and the new proposals to the Bill contained in the Schedule to the Bill where the Act was amended to specifically deal with the distribution of child pornography through electronic media. This has been criminalised and additional protection was not needed.

On the inclusion of damage to property and violence against a person, research conducted by the department revealed that there were basically two subjects of incitement of violence, namely violence directed at a person or violence directed at the property of a person. Clause 17 further elaborated on this type of offence involving specific threats made to a person or threats made to a group of persons.

Ms Pilane-Majeke referred to the definition of malicious communication involving incitement leading to damage of property and noted that provision should be made for incitement that leads to instability, as instability could cause violence involving damage to property.

Mr Robbertse replied that this would be considered.

The Chairperson asked if other laws had addressed the issue of incitement.

Mr Robbertse replied that it was covered by other laws but it was a very general law. In addressing incitement specifically as it related to cyberspace, the Department criminalised the distribution of adult data message that would incite.

Ms Pilane-Majeke clarified that her suggestion was for the Department to consider the possibility of incitement leading to or resulting from instability.

On the request to explain the vulnerability of processes to identify places where cyber harassment takes place, Mr Robbertse said that the Protection from Harassment Act (PHA) was enacted some time ago and there was a regulation in terms of that Act that dealt comprehensively with similar aspects. It should be noted that certain regulations have been put in place requiring certain service providers to obtain, report and store information about phone calls that takes place. This would be utilised in the tracing of a cyber harasser.  This was currently used in terms of the PHA to trace the person who made the information. The Department submitted that this issue had been sufficiently covered. However, there was a problem regarding social media networks, one of which was anonymity. The issue around internet cafés was one that the Department could not deal with. However, the Bill could be used to obtain information from internet cafés that was necessary for the prosecution of an offence.

Continuation of submissions and responses on the Bill

Mr Robbertse continued with the comments on chapter 5 that dealt with powers to investigate, search, access or seize in so far as it relates to cybercrime. The Criminal Procedures Act (CPA) currently dealt with the procedural aspects but there were shortcomings. Provisions of the Bill were primarily aimed at ensuring that investigations can take place in cyberspace and also that sufficient safeguards were put in place to deal with search and seizures.

Service providers raised a concern on the seizure of devices and information on devices that can be infringed as a result of such an investigation. The Department’s response was that clause 27 of the Bill contained sufficient checks and balances to ensure the protection of privacy. Clause 27 also specified the extent of the investigation that needed to take place and privacy had been adequately dealt with.

The service providers recommended that investigator assistance could fulfil the role of an independent oversight mechanism, but the Department replied that this was not necessary. Search and seizures required judicial authority and oversight was usually done by the court. Civil liability could also be incurred in the presence of unlawful infringement of privacy.

Legal Aid SA raised a concern around persons being frequently spied on and monitored through their devices. The Department replied that the Regulation of Interception of Communication Act (RICA) and communication relating to the Information Act prohibited the monitoring or the interception of any communications and if a person embarked on such conduct, that person would be committing a criminal offence.

MTN said that the words ‘integrity’ and ‘availability’ of certain evidence obtained in terms of certain clauses should align with section 17 of the Electronic Communications and Transactions Act (ECTA). The ECTA used for electronic evidence prescribed the procedures or circumstances under which a court can accept evidence. This was usually done in instances where it was proved that such information could be relied upon. The Department submitted that this would be in line with standard operating procedures of ECTA in terms of clause 24 of the Bill that further provided for measures to ensure the integrity and availability of electronic communications in criminal trials.

Liquid Telecoms appealed to the Committee on the need to revise certain aspects of the RICA. The Department replied that the RICA was currently being revised and it was looking into all comments received in this regard. However, there was a clause that can be accommodated in the Bill at a later stage, namely section 39 of RICA that provides for the registration of customer information. Currently, there was disparity between section 39 and 40 of the Act but this could be rectified through an amendment of the RICA.

IAB noted that an absolute legal lacuna existed in the current law that dealt with the investigation of cybercrime. IAB cautioned the Committee to ensure that these powers were actually exercised carefully and in line with the Constitution. The Department considered this aspect and noted that extensive safeguards have been provided for in chapter 5 to ensure that search and seizures were constitutionally sound.

The Credit Bureau Association (CBA) raised a concern on the shortcomings in capacity to investigate cybercrime. The Department responded that the Constitution provided that SAPS must investigate cybercrime. It was discussed at the previous meeting that specialised investigators could be appointed to assist the police in the investigation of cybercrime, and this may cater for incapacity. On the other hand, if electronic communication system was damaged through certain conduct, the wronged body can institute criminal proceedings against SAPS. Proper explanation of the constitutionality of the search and seizure process has been explained in page 153 of the attached document.

MTN recommended that the six principles relating to SOPs should be taken into account. The Department clarified that there were four principles and these would be taken into account.

A suggestion was made that private persons carrying out forensic investigation should also be subject to search and seizures. The Department noted that the Bill could only go as far as dealing with investigations of a criminal nature and cannot be subjected to civil cases.

A comment was received that the Information Regulator (IR) should be specifically included in the drafting of SOPs. The Department disagreed with this notion and clarified that this was a decision-making process that may involve personal information at a later stage. The participation of the IR in the actual drafting of the SOPs may result in a conflict of interest when a complaint was later made to the IR that the SOPs may unjustifiably infringe the protection of personal information.

With regard to clause 27 (articles should be searched with a search warrant issued by a judicial officer), service providers raised a concern that it was mainly trite law for search and seizure to be limited to an extent, and must not cause undue interference with any kind of system or business. The Department referred to the various judgments applicable to search and seizures in South African law. Clause 27 of the Bill provided for the necessary safeguards in respect of everything. It was also pointed out that the powers to search and seize was limited in terms of clause 34(1) of the Bill.

Service providers also raised a concern that the mere fact that data message was distributed through their networks should not be regarded or seen that those service providers were involved in the commission of the offence. The Department submitted that this could not take place. Electronic communication services or network providers were merely vehicles to commit the offence.

Legal Aid SA raised a concern on the failure of the Bill to outline the particularity requirement in search and seizures, namely the location of an article. The Department noted this comment and submitted that search and seizures for computer systems was more complicated. It was impossible to precisely indicate where data was situated in a computer system. It could be in transit from one place to the other; it could be in multiple devices or it could even be stored in the cloud. Some cases were referred to in order to explain that where invasion of privacy occurred during a possible investigation, such invasion of privacy must be restricted specifically to the extent that was necessary for the search and seizure.

MTN suggested that the issuing of search and seizure warrants in terms of clause 27 should be considered by the designated RICA judge. The Department replied that this was not necessary as the RICA judge had a specific function. Search and seizure warrants were considered by magistrates on a daily basis.

MTN also referred to the fact that a complete electronic communication system may be seized. The Department clarified that an electronic communication system would only be seized where it is proven that it was involved in the commission of a crime. The mere fact that an offence is committed via transmission through an electronic system would not be sufficient to search and seize an electronic communication system.

MTN further referred to the fact that business activities may be disrupted where a search and seizure takes place. It referred to a possible Anton Piller order that the Department should consider. The Department replied that if damage was done in the commitment of cybercrime, the wronged party can institute civil claims. However, in terms of the proposal on Anton Piller order, what MTN did not foresee was the existence of clause 14 in the Bill which was a criminal Anton Piller order that can be issued by a judicial officer. There were also other recent measures that can be invoked to investigate cybercrime and would not necessarily require the use of the search and seizure measure. This was contained in clause 42 (1)(b) where a court can order a service provider to provide certain information relevant to a cyber-offence. In most cases, the courts and the police referred to this clause.

CCR raised a concern around the application of clause 38 of the Bill. Reference was made to section 22 of the RICA that provided for an order by the designated judge that a person may enter premises for the purposes of interception of direct communication. CCR sought clarity on whether clause 27 of the Bill extended the surveillance powers of the State in terms of other legislation. The Department submitted that clause 27 could be explained on the same basis as section 21 of the CPA. In terms of clause 27, searches and seizures could only be carried out on articles that do not qualify as indirect communication or other communications on an on-going basis. Clause 27 did not therefore, extend the surveillance powers of the State to intercept communications.

CCR referred to clause 27(2) that provided that a person may enter premises and use any device in the investigation of a cybercrime. CCR’s concern was that the said device was not defined in the Bill and such device could be an interception device prohibited in terms of section 24 of the RICA. The Department replied that the devices referred to were not interception devices. Instead, they were devices used only by forensic investigators to investigate cybercrime and copy available or stored data.

SAHRC raised a concern that the word ‘near’ in clause 27(2)(d) was contextually unclear. In terms of that clause, provision was made that a police official may inter alia search a person found near a computer. This was a subjective power afforded to law enforcement agencies. Section 21 of the CPA contained a similar provision. The Department submitted that additional safeguards have been put in place in terms of clause 27 (2)(d). These safeguards are discussed on page 147 of the attached document.

SAHRC raised a concern around clause 31 (1)(b) that provided that a police official may without a warrant, as contemplated in section 40 of the CPA, arrest any person whom he or she reasonably suspected of having committed an offence in terms of chapter 2 of the Bill. SAHRC regarded this as a concern and recommended the use of the standard of ‘reasonable suspicion’. The Department’s response to this was that the CPA currently provided for such a procedure and this power has been extensively interpreted by the courts in South Africa. Whenever a police official wanted to act in terms of this clause, the same safeguards that protected other persons in terms of the CPA would also protect the police official. Reference was made to various cases where this power was debated upon extensively.

MTN referred to the fact that seizure of critical information may hamper the day-to-day operations of service providers. It was proposed that only a digital copy of the information should be provided to the police official. The Department replied that forensic investigators usually copied data from a computer device and put a hash tag on it to indicate that the completion of an investigation or a complete data. In most instances, this procedure was followed but was subject to the rendering of assistance by persons of electronic communication service provider who knows where the information was located on the system.

In terms of clause 37 of the Bill, there was a general prohibition of persons involved in cybercrime that discloses any information of cybercrime to anybody. Service providers were worried about the fact that the clause prohibited the divulging of information where crime was committed. The Department submitted that such cases have been comprehensively covered in the prohibition clause. The clause did not prohibit the sharing of information that related to a person’s work.

The Banking Association of South Africa (BASA) recommended that the prohibition clause should be extended to information used as evidence in a court of law. The Department replied that this cannot be done as all information collected was not always used as evidence in criminal proceedings. Other information may be necessary to first investigate and determine whether a crime has been committed.

The Department noted that there was a lot of misunderstanding relating to clause 38 that dealt with interception of communications. Clause 38 was included in the Bill to provide that the Bill cannot be used in instances where the interception of communications needs to take place as required by the RICA; rather the provisions of the RICA should be used. The aim was to ensure that a police official cannot obtain a warrant to use in gaining access to a service provider. The clause therefore, made it obligatory to use the RICA to obtain the communications in question. This was a safety mechanism inserted in the Bill.

Discussion

Ms Mothapo asked if the complexity around RICA and the Bill would affect law enforcement agencies in dealing with the Bill. She suggested that proper emphasis should be placed in clarify these complexities.

Mr Robbertse replied that the RICA legislation dealt comprehensively with the interception of communications over electronic communication systems, as well as the storing of certain related information. There were specific directives that should be issued in terms of the RICA, with various safeguards in place. Only very serious offences were subject to RICA. The Cybercrimes Bill on the other hand, provided for procedures to investigate cybercrime. Clause 38 of the Bill specifically provided for interception of communications via electronic communication system to be carried out in terms of the RICA provisions. Clause 38 specifically states that the Bill cannot be used to obtain RICA information.

Mr Mpumlwana asked if the communications referred to in the said clause only related to audio communications or other electronic communications.

Mr Robbertse replied that a definition existed for indirect communication. Usually, communication that could be intercepted was one that was communicated to another person audibly, through email or other means such as Whatsapp. As long as such communication takes place in real time, it would be subject to RICA. Such communication covered data, music, speech, electronic commissions, and so on.

Mr Mpumlwana further sought clarification on the workings of RICA in instances where police officers investigated a crime by intercepting the telephone conversations of two individuals to use as evidence in court.

Mr Robbertse replied that such police officials would be in the possession of a device that would record calls that are made. Accessing such a device (a cell phone in this instance) has to be done on the authorisation in terms of the Bill. The cell phone would be taken to the laboratory where a program would be run on it for the purpose of acquiring detailed information on the calls made on such phone. The police also utilised the process of obtaining an order in terms of section 205 of CPA or section 19 of the RICA where electronic communication service providers are requested to give records of calls made in the past to the police. If a call was made on a system, such call will be recorded by electronic communication service providers who can the commission of an offence and the details surrounding such offence. This information with service providers cannot be obtained in terms of the Bill. RICA would be applicable in this regard.

Mr M Maila (ANC) suggested that the process should be continued, especially since there were other regulations that would guide the Committee in considering the implementation and engagement on the Bill.

Ms Mothapo agreed.

Mr Maila asked that the Department should conclude on clause 38 and then continue with the rest of the presentation at the next meeting.

Ms Silkstone recommended that the Department should begin with submissions and explanations at the next meeting from clause 38 as it was a complex clause that required proper explanation.

The Department agreed.

Review of Executive Members Ethics Act (EMEA)

Ms Pilane-Majeke said the issue at hand was about the communication received from the Office of the Speaker for the Committee to conduct follow-up on the recommendation on the State of Capture report about the remedial action that needed to be taken in relation to the EMEA.

The Committee has deliberated on this in a previous meeting and it was agreed at the meeting that the Committee should seek legal opinion as the opposition party was dissatisfied with the outcome of the discussion. This was regardless of the fact that the Committee had concluded that a consideration of the powers of the three arms of the State showed that initiation or amendment of legislation ought to be a competency of the Members of the Executive.

Based on the announcement of a proclamation, Ms Pilane-Majeke said that the Committee ought to consider the fact that such a proclamation had been made and the President had referred the matter to the Minister of Justice. The Committee should therefore, consider the matter in a different light instead of considering whether the matter had set a precedence or not.

Mr Maila proposed that the matter be taken off from the business of the Committee since there was already a proclamation. The matter should be left to the Executives to address.

Ms Pilane-Majeke suggested that a letter be written to the Office of the Speaker to convey this development to the Speaker.

The Committee Secretary clarified that the referral was for the Committee to consider any report on the matter. This meant that the Committee would have to draft a report that would be considered and formally adopted.

Mr Mpumlwana said that the report conveyed the same message that has been communicated at the meeting. There was a proclamation on the matter that stopped the Committee from taking any further action. A report had been previously drafted, considered and adopted by the Committee.  However, drafting a new report was not the issue. In his opinion, the matter had already been finalised.

Ms Pilane-Majeke said it was procedural for a formal report to be drafted and adopted on the matter.

Ms Mothapo seconded Ms Pilane-Majeke noting that it was Committee procedure to have a written report on the matter.

Mr Maila said that MPs have agreed to have a written report that would cover the issues discussed by the Committee and the decision reached on the matter.

The meeting was adjourned.

Share this page: