Critical Infrastructure Protection Bill: deliberations

Meeting report

The Chairperson indicated that the Committee is scheduled to meet with the National Commissioner next week so as to do deal with outstanding issues stemming from the Committee’s engagement with the SA Police Service (SAPS) management last week. This included cases of sexual harassment and the on-going protest in Northern Cape.

Submission by African Policing Civilian Oversight Forum (APCOF)

Mr Sean Tait, Director, APFOC, indicated that APCOF has a number of concerns about the constitutionality of the Critical Infrastructure Bill. Broadly, these concerns relate to:

(a) the scope of the definition of critical infrastructure – section 16(2)(a)(iii) of the Bill

(b) the delegation of responsibility for access control and public order management from SAPS to private security services – section 24 of the Bill

(c) limitations on the right of access to information – section 26 of the Bill.

The current definition of Critical Infrastructure in section 16(2)(a)(iii) of the Bill is broad and imprecise. This section provides that ‘When declaring an infrastructure to be critical infrastructure, the Minister must also consider the provision of basic public services’. In its current form, the Bill would allow public service institutions such as medical clinics, schools and universities to be declared critical infrastructure. APCOF recommends that to address these concerns, section 16(2)(a)(iii) of the Bill be amended to expressly exclude places from which basic public services, such as medical clinics, schools and universities are accessed.                                                                                          

Mr Tait stated that section 24 of the Bill provides for the powers and duties of persons in control of critical infrastructure, and in its current form, reads to permit the delegation of access control and other functions, such as public order management, from the purview of SAPS to private security companies. Section 24(1) states that, “On receipt of a notice referred to in section 20 (5) (e), the person in control of a critical infrastructure must, subject to subsection (4), take such steps as may be prescribed to secure such critical infrastructure at that person’s own expense”. In some situations, the delegation of responsibility for access control may be appropriate, with the caveat that it not infringe on an individual’s right to privacy and to access basic public services, as set out in detail in relation to issue one, above. However, the delegation of traditional policing powers, such as the powers to arrest, detain, and to disperse, raises significant concerns in relation to constitutional rights. Accordingly, APCOF recommends that section 24 of the Bill be amended to limit the powers of security companies to access and perimeter control of Critical Infrastructure, and expressly exclude private security companies from exercising the powers ordinarily held by SAPS under section 205(3) of the Constitution, and in particular, the maintenance of public order.

Section 26 of the Bill raises significant issues in relation to section 32 of the Constitution, namely that it limits access to information. In its current form, section 26 criminalises the legitimate disclosure of information about critical infrastructure when such disclosure does not undermine state security. The effect of this provision is to limit access to information, which is protected by section 32 of the Constitution, and limits the ability of researchers, academics, journalists and activists to record and report on information about critical infrastructure, which is in the public interest. Accordingly, APCOF recommends that section 26 of the Bill be amended to ensure that the disclosure of information about critical infrastructure, where that disclosure does not undermine state security, is not subject to criminal sanction.

Discussion

The Chairperson asked if there was a possibility of implementing stringent measures to conduct oversight over private security to ensure that there is compliance.

Ms D Kohler Barnard (DA) agreed that the initial draft of the Bill is coming across as draconian in nature and looked like it was a lot worse than the National Key Points Act in many instances. The ramification for contravening the Act is 20 to 30 years imprisonment - this was worse than sentencing of murder these days. The Bill needed to be read through the eyes of new South African dispensation and there is a need to be careful not to reintroduce a lot of old apartheid laws that the country managed to rid itself of. There are existing laws that deal with a potential threat like terrorism.  

Mr P Mhlongo (EFF) said that concerns flagged by APCOF sounded genuine especially regarding weak oversight on private security to enforce public order. There is a need to be careful on the use of private security considering the brutal nature of private security companies in maintaining public order. There is a tendency to use private security companies in the event of a deep state to undermine the rights of citizens and this needed to be avoided by all means.

Mr J Maake (ANC) asked about the specific clause that made reference to the use of private security as he was not aware of such clause.

Mr Tait responded that the Bill is not quite clear on when the role of private security comes in for the purposes of public order management functions in the critical infrastructure building. There is use of private security for access control, as is the case in various airports. It is when there are situations of protests that the protection role of private security might expand beyond that access control environment and the Bill is not clear on this aspect. The dispersing of protesters in critical infrastructure, through the use of force, all comes into question in this instance. In relation to the oversight of private security, APCOF was concerned with the Private Security Industry Regulation Authority (PSIRA) Act as it was very strong on the regulation of companies and the oversight of their compliance with employment laws and registration of security companies and so forth. However, the Act is very weak it comes to the conduct of individual security guards. There were reported cases where private security guards in Limpopo were using sjamboks in one specific tertiary institution in order to create order during the registration period and this was completely unacceptable. The private security guards can behave as they like with impunity and this is the oversight gap that needed to be addressed. There is a need to deal with the training and equipment provided to private security guards and the oversight of the conduct of security guards.    

Ms Kohler Barnard commented that it must be detailed that private security can respond to a life- threatening situation and this is especially important since SAPS did not seem to be acting promptly and effectively in a number of protests in the country and this is a concern that needed to be addressed. There is a recent video circulating on social media and newspapers of an old woman being kicked by a man in a political protest – police officers stood by while this barbaric act was happening. There seemed to be a grey area on the use of private security and who is responsible to respond in a life-threatening situation involving critical infrastructure.

Mr Maake mentioned that public order is the mandate of the police and this responsibility should never be taken over by private security. It was unclear whether the Constitution was explicit on who was responsible for maintaining public order. It was evident during the #FeesMustFall that private security can be utilised to maintain public order.

Mr Mhlongo said that the Committee should seek alternative measures if there are gaps in the maintenance of public order to avoid the situation where there are grey areas in the Bill. It was clear in KZN that private security are often owned by vicious semi-mafia companies that always go for blood when trying to maintain public order. Critical infrastructure should be protected by the state and not by privately-owned companies that have absolutely no interest in nation building but generating profit. Protection of the civilian is the role and mandate of the state and this responsibility should never be transferred to private security. South Africa should take lessons from the past and present events especially on the use of private security in trying to maintain order.    

Briefing by Committee Researcher

Ms Nicolette van Zyl-Gous, Committee Researcher, stated that the Committee held public hearings on the Critical Infrastructure Protection Bill on 30 and 31 January 2018 during which stakeholders raised a number of concerns. The Congress of South African Trade Unions (COSATU) believed that the concept of “basic public service” was too broad and could include schools, universities and hospitals. Some representatives raised concerns about the exclusion of infrastructure under the control of the Department of Defence. The Banking Association of South Africa (BASA) raised concern that banks fall outside the definition of basic service, but can be declared as critical infrastructure under clause 16 of the Bill. The Committee should consider the review of section 2(b) that refers specifically to information pertaining to security measures, as the clause currently reflects that all information remains confidential, subject to the Promotion of Access to Information Act, 2000. This is in contradiction with the rest of the Bill.  

Ms Van Zyl-Gous said that there was a suggestion that the Committee consider strengthening the appointment process of the panel responsible for making recommendations to the Minister on the individuals to serve on the Critical Infrastructure Council. The oversight role of Parliament in the appointment of the Critical Infrastructure Panel should be strengthened. The vetting of private sector members of the Council is intrusive. There was also a concern about the four-year term of the Council, as the norm is a five-year term and the appointment process is onerous. There was an indication that in clause 17 that the Council and Minister should take into consideration any public comments and submissions when processing and deciding upon designated applications. BASA proposed that in clause 20, if the Minister declares a financial institution as defined in the Financial Sector Regulation Act of 2017 a critical infrastructure, it should be done in consultation with the Financial Stability Committee. It was also proposed that clause 24(3) should state that the security provider is private security subjected to the Private Security Industry Regulation Act.

Ms Van Zyl-Gous indicated that in relation to clause 26(2) (4), the length of imprisonment was heavily criticised as draconian. The validity of a 30 year sentence was questioned, as it is more than a life sentence (25 years served before consideration for parole). Stakeholders warned that the provision for lengthy sentences could lead to “upwards pressure” on Magistrates to impose strict sentences for minor offences. There was also a need to take into consideration cost implications of the Bill as the current allocated budget for the Civilian Secretariat for Police (CSP) was under significant pressure and the Department was struggling to perform its core mandate with the allocated budget.

Discussion

Ms Kohler Barnard asked for clarification on clause 17(d) as it was extremely difficult to follow the sentence. There was also vagueness on clause 20(4) (iv) and the point being made.  

Mr Maake asked about the vetting process of the private security members and whether there were available alternatives for vetting of members. It was unclear as to where the budget of the Bill would be located - it would be problematic if the Bill was located under the CSP. Where is the best place to locate the Bill?

Ms A Molebatsi (ANC) wanted to know whether there would be a way to clearly state the issue of remuneration on the Bill. The Committee should be briefed on the issue of an ad hoc committee and who was supposed to serve in this committee.

Ms Van Zyl-Gous responded that there is no alternative to vetting of private security members and private security members are not used to being vetted.

Mr Z Mbhele (DA) appreciated that the Committee received clarity on aspects that are problematic on the Bill. The general feeling is that the existing bills had already covered numerous concerns expressed in the Bill and therefore it is pointless to repeat concerns that are covered in other bills.

Ms Van Zyl-Gous replied that it was difficult to answer the question on where the Bill will be located at the moment but the general belief is that ring fencing is not ideal at the moment.

Civilian Secretariat of Police (CSP) and SAPS Response to Submissions

Brig J van der Walt, Section Head: Legal Support, SAPS, noted that in relation to the concern of APCOF, the Bill makes it clear that critical infrastructure is only the infrastructure declared as such by the Minister. If there is no declaration, it is not critical infrastructure and the provisions of the Bill are not applicable. The critical infrastructure complex is declared when multiple critical infrastructures need to be managed together – Durban Harbour is an example. Right2Know raised a concern that “strategic installations” are unaccounted for in the Bill. This concept will disappear and be taken into the critical infrastructure process. Right2Know was also concerned that the risk categories are not clearly defined.  The comment is noted and will be discussed with the State Law Adviser. A proposal will be drafted for submission to the Committee during the clause-by-clause deliberations. Greenpeace Africa raised a concern that the Bill should state that it does not limit certain constitutional rights except to the extent necessary to prevent significant harm or damage etc. The Constitution already guarantees the rights stated.

Brig van der Walt said that the Western Cape Government maintained that the chairperson should be appointed on recommendation of Parliament. It is submitted that this is typically an oversight role that falls within the functions of the Secretary. The South African Reserve Bank (SARB) proposes insertion of clause 12(9) to ensure consultation with the Reserve Bank in cases where financial stability is an issue.  The comment is noted and a proposal will be drafted for submission to the Committee during the clause-by-clause deliberations. APCOF and Right2Know were concerned about basic public service institutions that could be deemed critical – this could include clinics, schools, universities as well as a Right2Know concern about the proliferation of critical infrastructure.  It is clear that “infrastructure” may include clinics, schools universities. However, with regard to 16(2)(b), it is clear that the declaration of critical infrastructure is limited to only infrastructure where the loss, damage, unlawful disruption or immobilisation of such infrastructure may severely prejudice—

(i) the functioning or stability of the economy of the Republic;

(ii) the public interest with regard to safety and the maintenance of law and order;

(iii) the provision of basic public services; or

(iv) national security.  

Brig van der Walt indicated that Greenpeace Africa highlighted that Parliament should play a role in the declaration of critical infrastructure. It is submitted that Parliament will play such a role in respect of the reports that must be submitted. The Banking Association of South Africa (BASA) submitted that banks can be declared critical infrastructure if the National Commissioner applies. If such a declaration is done, it must be in consultation with the Financial Stability Oversight Committee (Financial Sector Regulation Act 9 of 2017).  It is submitted that banks do not, on the face of it, comply with the requirements in clause 16(2) (a). However, the comment is noted. A proposal will be drafted and submitted to the Committee during clause-by-clause deliberations. The Congress of South African Trade Unions (COSATU) mentioned that clause 25(6) requires that searches be done with regard to decency and order. Reference should be made to section 29 of the Criminal Procedure Act 51 of 1977. The comment is noted and a proposal will be drafted for submission to the Committee during clause-by-clause deliberations. The South African Catholic Bishops’ Conference commented that clause 25 is too wide and allows for abuse. There should be a note that the words “lawful steps” in clause 25(1) (a) and also clause 27(1) (n) where regulations on the issue will be made. 

Discussion

The Chairperson indicated that Members would be afforded an opportunity to ask additional questions on Tuesday and then get a briefing by the Parliamentary Legal Adviser on all issues flagged by Members including whether the Bill was constitutionally compliant.

Ms Kohler Barnard asked the Committee’s Researcher to sit down with the CSP for both to discuss points flagged on the Bill and the response provided to come up with a document dealing with outstanding issues.

Mr Mbhele commented that there is a flow-chart process outlined in the Bill but it was unclear if that flow-chart process was correct. Clause 18 and 19 suggest that there is a two step process before an application goes to the Council. The first step is that the person in control of the infrastructure applies to the National Commissioner and then a security assessment will be conducted. The National Commissioner would then take the application to the Council and then the Council would make recommendations to the Minister. It seemed like there is at least space for the National Commissioner to make an application at his own volition to conduct an assessment to determine a critical infrastructure. If this is the case then there is a possibility of the escalation of costs or budget that had been allocated.

Brig Van Der Walt responded that indeed there is a possibility that the National Commissioner could conduct an assessment to identify a critical infrastructure building. An application by the National Commissioner for identification of the privately-owned infrastructure would be very rare as the application often happens where a government department or state owned entity is involved. The matter of cost escalation could only happen if the National Commissioner abuses the powers of making an application.  

Mr Maake noted that critical infrastructure referred to the physical infrastructure and it was unclear as to where the cyber network fell under the ambit of the Bill. It would be important to ascertain if the defence force was also considered under critical infrastructure. The defence force is a community on its own with hospitals, clinics and schools. Do we have critical infrastructure outside of South Africa? The Bill is clear that the Minister must nominate a deputy chairperson to serve on the Council but it would be important to determine whether it was necessary for the Minister to be the one nominating the chairperson.

Brig Van Der Walt responded that the Cybercrimes Bill deals with information infrastructure while physical infrastructure falls under SAPS. The question on whether the defence force could be considered under the Bill should be directed to the Committee’s Researcher. There is PetroSA gas power about 70 km into the sea of the coast of Mossel Bay which could be considered as falling outside the territority of South Africa but this is protected under the international convention and therefore SAPS cannot exercise jurisdiction in this regard. The deputy chairperson is to assume the responsibility when the chairperson is sick due to illness or any other reason.  

Ms Molebatsi asked whether the Bill would be implementable in its current state with suggested amendments. Could the Committee be assured that the Bill would be implementable and be able to meet constitutional master? The Committee should be briefed on whether private security companies are in compliance with the rebates. Were the companies in compliance with the Private Security Industry Regulatory Authority (PSIRA) regulations and requirements?

Brig Van Der Walt replied that the Critical Infrastructure Protection Bill is an important piece of legislation and therefore it is critically important that the Bill is implemented and passed by Parliament especially since the Right2Know campaign court decision. Private security companies cannot qualify for the rebate.

Mr Maake wanted to know why the Council cannot choose its own deputy chairperson itself instead of being chosen by the Minister – this was only logical.

Brig Van Der Walt explained that there was no major problem in having the Council choosing its own deputy chairperson instead of the Minister.

The Chairperson appreciated the contribution made on the Bill. The Committee will continue deliberating on the Bill on Tuesday.

The meeting was adjourned.