Critical Infrastructure Protection Bill: deliberations

Meeting report

Chairperson’s opening remarks
The Chairperson said that the Portfolio Committee on Women in Presidency had requested to be present in the meeting when the Committee deals with human trafficking. This proposal was accepted by the Committee.

Mr P Mhlongo (EFF) said that the Committee was briefed by SAPS last week about harassment within SAPS and this briefing was live streamed and this resulted in female SAPS members coming forward to speak out about harassment within SAPS. He was flooded with emails and letters about female SAPS members being harassed by male SAPS colleagues. Some were even considering committing suicide and this spoke to the severity of the problem within SAPS. Some females are scared to report these cases because of possible reprisals from within SAPS management. There should be a platform in place for female SAPS members to be able to freely report cases of harassment by male SAPS colleagues. We cannot expect SAPS to deal decisively with harassment when its members are predators towards their colleagues.

The Chairperson said that the Committee would need to have a meeting with the Portfolio Committee on Women in Presidency to address the harassment of female SAPS members.

SAPS briefing on role of PSIRA and private security
Brigadier Bert van der Walt, SAPS Head: Legal Support, said that the Committee had requested a submission on the role and responsibility of the Private Security Industry Regulatory Authority, especially in view of clauses 24 and 25 in Chapter 3 Registration As Security Service Provider of the Bill. This was noted in the African Policing Civilian Oversight Forum (APCOF) submission. Brig van der Walt said there had also been a request to look at the offences in clause 26 of the Bill and the role and responsibility of Parliament in the promulgation of regulations in clause 27. Whenever the phrases “security personnel” or “security service provider” are used in the Bill, regard must be had to its definition in clause 1. It is compulsory for all security personnel in the Bill to register with the Private Security Industry Regulatory Authority (PSIRA) and in compliance with Code of Conduct for Security Service Providers, 2003.

APCOF expressed concern about powers of security personnel while Congress of South African Trade Union (COSATU) was concerned about strip searches and possible humiliation of workers. Private security did not have explicit powers of arrest, detention or dispersal in terms of the Bill, only those contained in Chapter 2 of the Criminal Procedure Act had the power to do so. If security personnel go beyond the explicit powers in the Bill, it is a violation of the Code of Conduct. The issue is therefore with conduct and not powers in the Bill.

Brig van der Walt proposed that the Bill states clearly that a person to whom functions are assigned in terms of this chapter must exercise those powers and perform such duties "subject to the Constitution and with due regard to the fundamental rights of every person". Section 29 of the Criminal Procedure Act must be made applicable to the conduct of searches.

Offences in Clause 26
It is proposed that clause 26 must be reviewed in its entirety. The drastic maximum penalties are reduced to reflect the severity of the offence proportionally. He suggested removing clause 26(1) as this offence is already covered in the Criminal Matters Amendment Act, 18 of 2015. There should also be a focus on the disclosure of information or photographs of security measures. He proposed the insertion of a clause where the evidence of intention with the offence will increase the maximum penalty relative to the risk category of the critical infrastructure. There should also be an insertion of a clause where the actual harm caused by the offence will increase the maximum penalty relative to the risk category of the critical infrastructure. There should also be a clause where a court may have regard to evidence that the security measures are in plain view of the public or in the public domain as a mitigating factor. The overriding government objective of securing critical infrastructure remains important.

Role of Parliament: Regulations
Brig van der Walt referred to Lourens du Plessis work Statute Law and Interpretation. In paragraph 296 there is a clear distinction between original and delegated legislation. Acts of Parliament are often in skeleton form while the flesh is added by delegated legislation. Not all legislative matters have to be dealt with and deliberated upon by elected representatives, as the executive if often in a better position to deal with certain matters once the parameters within which it is competent for them to do so have been set by empowering, original legislation. The regulations therefore owe its existence and its authority to the empowering original legislation. The capacity to make delegated legislation rests in the executive and may be reviewed as administrative action that may be set aside by a court if found to be ultra vires the empowering statute. Section 17 of the Interpretation Act 33 of 1957 requires a list of delegated legislation be submitted to Parliament within 14 days after publication. Clause 27(5) requires submission to Parliament for noting the regulations before promulgation. This is a courtesy extended to Parliament by the executive and an acknowledgment of the role of Parliament. However, when Parliament considers regulations before promulgation, it may be seen as usurping the role of the executive and the regulations could just as well be contained in the empowering statute.

Discussion
The Chairperson welcomed the progress made by the legal team on the Bill especially on the penalties imposed for offences.
                          
Ms D Kohler-Barnard (DA) asked about the role of private security in and around the critical infrastructure especially in the case where protestors started invading the buildings. What are they supposed to do if the protestors starting invading critical infrastructure and possible endangering everyone in the building? The regulations should come before the Committee as there are things that are being snuck into regulations and this needed to be completely avoided. The proposal that the majority holding of foreign-owned private security companies must be taken over never really went through [was promulgated]. However, if one goes through Home Affairs it is clear that what is to be declared as “undesirable” included exotic dancers, hair dressers and anyone involved in any private security company.  

Mr P Mhlongo (EFF) noted the proposed amendments effected to the Bill. This was an improvement from the previous provisions especially on penalties for offences. It would be important to hear how the Bill would be able to deal with flying objects like drones that are being used to extract highly sensitive information within critical infrastructure. Was there a specific clause that catered for the prevention of gathering highly sensitive information via flying objects? The legal team should perhaps refer to existing legislation that deals specifically with breach of law on extraction of sensitive information in and around critical infrastructure. There was a private drone a few years ago that was found at the naval base in Cape Town but there was still no information on the ownership of the drone and what it was doing at that specific location. There should be a concerted effort to deal with those at the top who are extracting highly sensitive information.

Mr Z Mbhele (DA) commended the progress that had been made by the legal team especially incorporating inputs made on the removal of clause 26(1). However, there is a need to determine if the removal of this clause was not creating a loophole where there is an exclusion of aspects of this in the Criminal Matters Amendment Act. There might be grounds to retain clause 26(1) just to prevent this potential loophole. On the proposal to reduce the maximum penalties, was this implying that there would be a reduction of maximum penalties of 20 years and 10 years to only three years?
                          
Ms M Molebatsi (ANC) asked if there was a possibility of stipulating the maximum penalty of 20 years. The presentation seemed to be quiet on the proposal that was made about the need for risk categories to be clearly defined.

Brig van der Walt responded that the Criminal Procedure Act allows for private security personnel to implement defensive measures for the purposes of defending the property or self-defence in general, arrest and detection. The search provisions will simply be circumscribed very carefully within the regulations and even more in the Bill. On the regulations, indeed there could be a possibility the executive may overstep their powers. It is important to have legislation with enabling provisions that are very clear and specific and that is why the regulations clause might seem very long but those are very specific powers that are being given. The Minister may make regulations that are necessary for the implementation of the Act. The drafting team had been specific but it was in the hands of the Committee to make a decision on the regulations.

Brig van der Walt explained that drones are a very contemporary problem and the Civil Aviation Act has a regulation that regulates operation of drones. This Bill will kick-in in cases where a drone encroaches the precinct of a critical infrastructure. The typical taking of photographs by drones becomes an offence. It is often extremely difficult to catch the offenders linked to the drone as some of these drones are very powerful and can be operated from a distance. It would require good policing to be able to catch the offenders linked to drones. The drones flown illegally receive a lot of attention in the Joint Operational Planning for major events like the State of the Nation Address (SONA).

Ms Kohler-Barnard asked when a drone is flown illegally as there are many people that operate drones for leisure, taking pictures of events and parks.

Brig van der Walt replied that there is a specific height that these drones must not exceed and they may not fly in certain areas and all these regulations are covered in the Civil Aviation Act.

He said the drafting team did take into consideration the potential of creating a loophole in the removal of clause 26(1) and hence there was adaptation of the current clause 26(2). Clause 26(1) in the Criminal Matters Amendment Act is actually the legislative version of the old crime of sabotage which no longer exists. There would still be severe penalties but those would only be the case where there is evidence in court of aggravating factors. In essence, there are still harsh penalties but this is only proportional to the action and circumstances. The drafting team was proposing the insertion of a clause that would further explain the risk categories. There will be a prescribed system of categorising the infrastructure into low, medium and high risk categories. The drafting team did not want to stipulate these categories in the Bill because risk classification is very dynamic in nature and risks may change from year to year. For example, drones were not even known a few years ago but they are now considered a threat to security measures.

The Chairperson indicated that the Committee would be dealing with the Bill on a clause-by-clause basis with a specific focus on the consolidated summary of public submissions on the Bill.

Tagging of the Bill
The Chairperson stated that the tagging was still a contentious issue and the State Law Advisor and Parliamentary Law Advisor provided the Committee with reasons the Bill should be classified under section 75. What is the view of Members on the tagging? There is still a view that the Bill should be classified under section 76.

Mr Mbhele said that he could see the perspective conveyed by the State Law Advisor and Parliamentary Legal Advisor on the tagging of the Bill. However, his party is still of the view that there should be substantial consideration of classifying the Bill under section 76 and this was still their position.

Ms Kohler-Barnard admitted that she was initially a bit concerned about the input of the State Law Advisor and Parliamentary Legal Advisor as the reality is that there are still factors in the Bill that affect provinces.

The Chairperson suggested that perhaps Parliament should provide the Committee with a legal opinion on the tagging and this could be discussed by Members in detail.

The Committee agreed to the suggestion.
                          
Chapter 1: Definitions, Purpose and Application of the Act
Long title
The Chairperson said that it was raised that the long title should state that the measures referred to are in the public interest. The response by the Department was that this concern was adequately captured in clause 2(e).

Members did not raise any issue.

Preamble
The Chairperson noted that there was a concern that the preamble should refer to rights that are affected. The Department responded that the Constitution already guarantees these rights.

Members did not raise any issue.

Clause 1: Definitions
The Chairperson indicated that there was a concern that the Bill does not provide a clear definition of precisely what critical infrastructure is. The definition refers to section 20(4) of the Bill.

Ms Kohler-Barnard expressed concern about the exclusion of the link to the cyber security legislation in terms of infrastructure.

Brig van der Walt responded that the submission on 6 February 2018 showed that there is clarity that the Bill only deals with physical infrastructure and there was a suggestion that some words must be taken out to strengthen this. There is no proposal at the moment that was drafted to include critical information infrastructure.

The Chairperson suggested that the issue raised by Ms Kohler-Barnard should be taken into consideration in further discussion on the matter.

Strategic Installations
The Chairperson said that there was a concern that “strategic installations” are unaccounted for in the Bill.

Brig van der Walt explained that the concept of “strategic installations” will disappear and be taken into the critical infrastructure process. The concept had no legal meaning and therefore when the Bill becomes the legislation then the concept will be replaced by critical infrastructure.

Mr Mbhele stated that the only concern he had on the concept of “strategic installations” was that if the concept is only the internal policy framework or internal reference within SAPS then it could create a situation where we have unofficial National Key Points regime. In essence, SAPS could have power to make a determination that a certain building is not critical infrastructure but rather strategic installations. Therefore, the concern about the fact that strategic installations are unaccounted for in the Bill was valid.

Brig van der Walt clarified that the whole concept of “strategic installations” will disappear permanently from the Bill and it will not exist anymore. It must be noted that government departments were often not considered as critical infrastructure.

Cybercrime
Brig van der Walt said that the drafting team will make a proposal to the Committee during the clause-by-clause deliberations to ensure that this issue had been addressed. The matter will be directed to the Minister of State Security to make a determination on how to deal with this moving forward. The Minister of State Security was the one specifically mandated to deal with information. There will be a request for the State Law Advisor that deals with cybercrime and cyber security to look at the interaction between the two bills.

Members agreed with the suggestion.

Cyber response committee
Mr Mbhele wanted to know if any reference to cyber response committee will be deleted from this Bill both in the definitions and in any other clauses.

Brig van der Walt replied that there is a reference from the Bill on cyber response committee where the committee will act as a standing committee to advise the National Commissioner on the planning process.

Ms Molebatsi asked if the State Law Advisor could be able to clarify better the definition of cyber response committee.

Brig van der Walt promised to alert the State Law Advisor on how the committee functions including the definition of the committee.

Members agreed with the proposal.

Security measures
Brig van der Walt indicated that there was a proposal for the exclusion of “information infrastructure”.

Mr Mbhele asked if this made reference to the definition in the Bill as the Bill currently did not make any reference to “information infrastructure”.

Brig van der Walt explained that the concern on the definition of infrastructure was the word “systems”.

Mr Mbhele noted the clarification.

Infrastructure
Brig van der Walt said that the National Commissioner is the one that may apply to have the bank declared as critical infrastructure and it is highly unlikely that such declaration could ever happen because banks could not comply with all the factors set out in clause 16 and 17. The South African Reserve Bank (SARB) is only covered under the definition of “organ of state”. The SARB is currently a national key point. They will fall into the transitional provision where they will be deemed and later declared as critical infrastructure.

Ms Kohler-Barnard commented that it was difficult to legislate things that are highly improbable.

Brig van der Walt explained that the concern was that the National Commissioner can apply for the declaration of banks as critical infrastructure without any consultation. The Department was tightening the National Commissioner’s power to apply for the declaration of critical infrastructure and this would be limited to government infrastructure.
 
The Chairperson said that the input would be noted and deliberated further on clause-by-clause basis.

National security
Brig van der Walt proposed a definition of “national security” and section 198 of the Constitution provides a good definition of “national security” and this would be referred to in the Bill.

Ms Molebatsi wanted to know if it was better to include or exclude the definition of “national security”
                          
Brig van der Walt replied that the inclusion of the definition of “national security” will enhance application of the Bill and therefore it is better to include the definition in the Bill.

Members agreed with the proposal.

Person in control of a critical infrastructure
Brig van der Walt said that there was a proposal for the insertion of “whether by way of Public Private Partnership or similar agreement”.

Adv Dawn Bell, Chief Director: Legislation, Civilian Secretariat for Police (CSP), agreed with the insertion that had been made as this would also cover the concern of Gautrain Management Agency.

Republic
 Brig van der Walt explained that the legislation only had national application and therefore it would be unnecessary to define “Republic”.

Members agreed with the explanation.

Risk category
Brig van der Walt proposed to deal with risk categories in clause 20 where there will be an insertion of a sub-clause. The drafting team will like this to be in the regulations considering the dynamic nature of risk categories. For example, the possibility of failure of Koeberg station is very low but the impact and consequence of failure is massive.

Ms Kohler-Barnard asked if the general public would be able to see the risk categories for critical infrastructure like Parliament or Koeberg.

Brig van der Walt said that it is critically important that risk category is predictable and therefore anyone can be able to predict the potential risk in a particular critical infrastructure.

Security
The Chairperson noted that there was a concern that the definition for “security” is open-ended and may be abused.

Brig van der Walt responded that clause 27(1)(n) adequately provides for the standards. It is necessary to provide the definition of “security” in the regulations than in the Principal Act.

Members noted the input.

Clause 2: Purpose of Act
The Chairperson said that there was a proposal for insertion of the words “security measures applicable” in section 2(b).

Brig van der Walt replied that this recommendation is sound and should be taken into consideration. There will be an insertion of the words “security measures applicable” in section 2(b).

Members agreed with the suggestion.

Clause 3: Application of Act
The Chairperson indicated that there was a concern about the exclusion of infrastructure under the Department of Defence.

Adv Bell responded that the exclusion is based on section 104(4) and 104(9) of the Defence Act 42 of 2002.

Brig van der Walt added that this is something that still needed to be considered more closely as he was not an expert on the Defence Act. The drafting team will like to consult someone in the Department of Defence on the issue and make a recommendation based on the consultation.

Mr Mbhele mentioned that his understanding was that the exclusion of infrastructure under the Department of Defence was at their request.

The Chairperson stated that the Committee would get a response from the drafting team when they are done with the consultation.

Chapter 2: Critical Infrastructure Council and Structures

Clause 4 Establishment and composition of Critical Infrastructure Council
On 4(3)(c), the Chairperson mentioned that the consensus that was reached was that the Committee should use the process that was followed for the appointment of the SABC Board in the selection of members to serve in the Council.

Mr Mbhele agreed with the process to be followed but then it did not make sense to have the member from the Department of Defence when the infrastructure of the Department is excluded. There is a question as to the immediate relevance of some of the government departments to be Council members.

The Chairperson suggested that Members should get a rationale on the inclusion of some of government departments in the clause-by-clause deliberations.

Brig van der Walt replied that the drafting team had already made recommendation on the composition of the Council for private members. The Minister will compile short-listing of 20 members and this will be submitted to Parliament for the Committee to conduct interviews and provide the Minister with 10 members. Only five members will be appointed to serve in the Council. The Department was open to suggestions from the Committee on the relevant government departments to be included in the Council.

Ms Kohler-Barnard said that it was pointless to include the Department of Defence when their infrastructure is not going to be included. The priority should be to get a smaller committee that would be able to operate efficiently and productively.

The Chairperson also agreed that the committee should be smaller especially in consideration of the budget implications and resource allocation.

Clause 4(6)(d): Vetting of private-sector members
The Chairperson said that it was critical important that members to serve on these boards are vetted.

Ms Kohler-Barnard agreed that the vetting should be prioritised and the Committee should state clearly that the appointment of members to serve in these boards should be undertaken once vetting is completed. It is always embarrassing to make appointments before the vetting is concluded and then later on one finds out that some of the members that had been appointed, had a criminal record.

Mr Mhlongo agreed with Ms Kohler-Barnard. It must be made clear that what comes first is the vetting process then followed by the appointment. The vetting process is usually time-consuming and this is something that should be taken into consideration.

The Chairperson stated that what usually happens in other instances is that there is an initial screening and vetting that is undertaken before the formal vetting process.

Brig van der Walt responded that there was a proposal that these members must be drafted at a certain point in the process. There should be a stipulation that the 20 candidates to be forwarded to Parliament must be vetted so that the appointment can take place.

Mr Mbhele accepted the proposal but maintained that it should be made clear that members who are not vetted or issued with a security clearance would be excluded from appointment so as to avoid cases where one has someone appointed pending a security clearance.
 
Clause 4(7): Appointment of the Chairperson
The Chairperson indicated that it was suggested that the chairperson of the Council should be appointed on recommendation of Parliament.

Brig van der Walt explained that this was typically an oversight role that falls within the functions of the Secretary. The deputy chairperson will be coming from the five members that had been appointed to serve in the Council.

Ms Kohler-Barnard proposed that an advertisement should be undertaken for the appointments to be made instead of having the Minister drawing from the pool to choose 20 members to be interviewed by Parliament.
The Chairperson proposed that this should be deliberated further during clause-by-clause deliberations. The SABC process would be used as a template as this was a process that involved the general public so as to build public confidence.

Clause 6: Funding and remuneration of Critical Infrastructure Council
Mr Mbhele asked about how the Department arrived at the determination of the preliminary costing of the Council of R918 719.16 especially since the assumption was that the administrative secretariat function would be absorbed by the operational costs of the Secretariat itself.

Brig van der Walt responded that it was indeed correct that the administrative secretariat function would be absorbed by the operational costs of the Secretariat itself.

The Chairperson mentioned that there was a proposal that the Council should be allocated its own budget to enhance independence.

Ms Kohler-Barnard said that there should be a legal clever way in which the Council would be able to operate independently.

The Chairperson indicated that the budget to the DNA Board is ring-fenced and therefore the Committee should find a way to ensure that the budget for the Council is ring-fenced as well. The issue is still to be discussed by the Committee.

Members agreed with the proposal to discuss the issue further.

Clause 8: Meetings of Critical Infrastructure Council
Brig van der Walt proposed an insertion to state that “nine members of the Council which must include the Chairperson or Deputy Chairperson will constitute a quorum in any meeting”.

The Chairperson said that this was a good proposal as it was important to emphasis the quorum.

The Chairperson noted the inputs that had been made and indicated that the Committee would continue with deliberation tomorrow.

The meeting was adjourned.