Cybercrimes Bill: Deputy Minister briefing on proposed changes to Bill

This premium content has been made freely available

Justice and Correctional Services

23 October 2018
Chairperson: Mrs M Mothapo (ANC)
Share this page:

Meeting Summary

The Committee was briefed by the Deputy Minister of Justice and Constitutional Development and the Department on the changes made to the Cybercrimes and Cybersecurity Bill. The Deputy Minister explained why the changes had been made. The Department went through the chapters of the Bill noting the changes such as the structures to deal with cybersecurity, crimes relating to critical infrastructure and child pornography had been removed.  The Bill was now named the Cybercrimes Bill

The Committee asked about fake news, critical infrastructure offences, and spontaneous information, the public participation comments, time lines to finalise chapter 2 (cybercrimes offences) and 3 (Malicious communication offences). The Committee agreed that it would continue with deliberations after it had reflected on the proposed changes.

Meeting report

Cybercrimes and Cybersecurity Bill: Deputy Minister briefing
Deputy Minister of Justice and Constitutional Development, John Jeffery, said the purpose of the brief was to address the proposed changes to Bill after considering the comments from the public. They included:

Removing Cybersecurity part of the Bill
Cybersecurity was removed as another Bill would address cybersecurity. Hence Cybersecurity was removed from the title as well as the structures to deal with Cybersecurity in Chapter 10 (clauses 53, 53, 55, 56).

Definition of Unlawful
He proposed that unlawful be defined where it was used because it was contentious. Attempts were made on page 17 to limit and specify conditions for lawful processing of personal information.

Malicious communications
Proposals to drop clause 19 were made because it was too wide. It is now limited to data messages of an intimate image without consent that threaten people to violence and bodily harm.

Change of 24/7 point of contact request from police
The 24/7 point of contact request from police has been changed to designated point of contact.

Removal of crimes relating to critical infrastructure
The crimes relating to critical infrastructure in the Schedules have been removed as it had been removed in other parts of the Bill.

Removal of child pornography
Child pornography has been taking out of the Bill and would be inserted the Criminal Law (Sexual Offences and Related Matters). The Cybercrimes Bill had been tabled before the Committee because of the challenges of cybercrime in the country.

The Chairperson informed members that the Cybercrimes Bill had come before the Committee and invited DoJ & CS to deal with the critical issues.

The State Law Advisor from the Department of Justice and Constitutional Development (DoJ&CD), Mr Sarel Robbertse, went through the Bill point out all the proposed changes:

Title and Long Title
Changes were made to these to remove Cybersecurity and the new name of the Bill was Cybercrimes Bill. The '24/7 Point of Contact' has been changed to 'designated Point of Contact'.

Chapter 1 Definitions
The Arbitration Act was omitted because it referred to offences to do with cybersecurity. The definition of ‘computer’ was amended to include ‘any data, computer program or computer data storage medium that are related to, connected with or used with such a device’ and the word ‘cloud computing’ was omitted. The definition of designated point of contact was proposed by the public. The Financial Intelligence Centre Act was omitted because it related to cybersecurity. ‘Payment system institution’ was omitted and Protection of Personal Information Act would be added. The Public Finance Management Act and the Public Service Act were omitted.

Clause 1(2) was inserted to deal with the way personal information would be protected. This concern was raised during public participation about access to passwords and how data could be unlawfully intercepted and accessed and that information accessed unlawfully needed protection.

Deputy Minister Jeffery added that the headings for clauses 2 and 3 had been changed to: Unlawful [securing of] access  and Unlawful [acquiring] interception of data. The Department was reviewing the legislation and would come up with appropriate offences that involved either unlawful access or interception of data.

Chapter 2 Cybercrimes
Mr Sarel Robbertse said clause 11(1)(b)(iii) on critical information infrastructure would be omitted while an insertion on things that could lead to prosecution on malicious communications would be inserted in 11(3) on page 28. In clause 12 an insertion was proposed to criminalise offences in clauses 17, 18 or 19. A proposal was made to deal with Penalties (now Sentencing) for malicious communications offences under clause13. A proposal was made in the public comments to include competent verdicts to deal with adjudication on cybercrime in clause 14. The phrase ‘or possession’ was added to clause 15 (2)(C), (3)(b), (4)(b), (5)(a)(iii), and (6)(b).On page 35 new paragraphs were proposed in the public comments to cover competent verdicts and address malicious communication at the end of clause 15.

Chapter 3 Malicious communication
In clause 16 a group of people was defined and the phrase ‘threatens persons with damage to property or violence’ was inserted after data message in clause 17 as mentioned by the Minister. Proposals to delete aspects of cell phone and fake news offences in clause 18(c) and clause 19(i), (ii), (ii) and (iv) were made and further proposals were drafted to ensure that the clause related to specific threats of violence. The language used in the clause on distribution of data message of intimate image [without consent] was reviewed to be more specific.

Chapter 4 Jurisdiction
The Department wanted to reflect on jurisdiction and would present its opinions to the Committee to ensure that the legislation covered every aspect.

Chapter 5 Powers to investigate, search and access or seize
Proposals were made by Department to include the purpose of Chapter 5 in clause 25. Also the officials that could assist the investigator to perform investigations, search and access or seize were specified in clause 33. The phrase ‘contemplated in Chapter 10; or’ was omitted in clause 39 which deals with how information could be released. The proposals by the public about traffic data  as well as the redraft of clause 45 about how a person that had data could release it, were noted.

Chapter 6 Mutual assistance
In clause 47 there were proposals to substitute ‘intended’ for ‘suspected’ and ‘forward’ for ‘furnish’. In clause 48 proposals were made by the public on how to cater for disclosure of traffic data to a foreign state and in clause 51 proposals were made on how requests for mutual assistance on traffic data from a foreign state would be directed.

Chapter 7 [24/7] point of contact
Changes were made to reflect the proposal to change '24/7 point of contact' to 'designated point of contact'.

Chapter 10 Structures to deal with cybersecurity
This chapter on structures to deal with cybersecurity was deleted due to the proposal to move the cybersecurity portion to the Cybersecurity Bill but relevant portions were redrafted.

Chapter 11 Critical information infrastructure protection
The chapter on critical information infrastructure protection was also deleted

New chapter General provisions
A new chapter on general provisions was created as new Chapter 10. The chapter captured clause 57, 58, 59 and 60. The Bill is now called Cybercrimes Bill and the South African terrorism offences in the Bill have been omitted.

The Chairperson asked if the Department had any other comment to add before the report was interrogated.

Mr Robbertse replied that as earlier mentioned by the Minister, the Department was looking into the review of clause 2 unlawful access and clause 3 unlawful interception of data to ensure that it was restricted to the subject matter. Thereafter, the Department would then deal with competent verdicts and sentences.

The Chairperson asked which Bill would capture fake news and critical infrastructure offences.

Ms G Breytenbach (DA) asked how the National Director of Public Prosecutions would know of cases in the Republic of South Africa to ensure that spontaneous information could be granted to the National Commissioner as projected in clause 47(2).

The Deputy Minister replied that the portion in clause 47(2) had been omitted and was being replaced by clause 47(3).

Mr G Skosana (ANC) noted that the Bill had not changed much except for the removal of cybersecurity and the essential elements on cybercrime were still intact. He asked if the Department agreed with the suggestions made by the public. He asked for the time line for finalising the drafting of Chapters 2 and 3.

Mr L Mpumlwana (ANC) asked the Minister to define what a 'fixed platform' was and where it could be found. He remarked that he had not received a copy of the Department report on the Bill.

The Deputy Minister responded to the questions that during the public participation there was lots of criticism about the fake news provision saying that it was trying to control the freedom of speech. Hence one clause could not capture fake news. It has to be dealt with extensively. He said Chapters 2 and 3 needed a re-ordering which was not done initially and would now have to be done. He defined the term 'fixed platform' and stated that the Department report had been sent to the Committee Secretary on 22 October 2018. He apologised for the delay and said the submission included the track changes on the Cybercrimes Bill and the clean Cybercrimes Bill. He emphasised that the Bill only captured Cybercrimes. He said the Department needed to do more work on the review of public interest.

Mr Sarel Robbertse said the critical infrastructure portion in the old Bill was taken out because Parliament was about to pass a Bill on critical infrastructure. He further explained what a fixed platform was.

Mr W Horn (DA) expressed concern that the public participation comments were not captured in the original way the Bill was structured.

The Deputy Minister explained how the Department had structured the track changes to the Cybercrimes Bill.

Mr Horn said the track changes should have been captured in the usual way that had been used to deal with bills to ensure that Members process the proposed Bill and make comments properly.

The Deputy Minister explained that the Department provided the track changes after considering the comments made during the public participation process.

The Chairperson noted that Mr Horn was not satisfied. She recalled that there were concerns about critical infrastructure and even the police had issues with it. The cybersecurity portion has been taken out of the Bill and the Committee is left only with the cybercrime portion. She asked if the Department should take the Committee clause by clause through the proposed changes to the Bill. She reminded the Committee that there was a plenary function to attend.

The Committee agreed that clause by clause deliberations would take place after Members had reflected on the proposed changes to the Bill.

The Deputy Minister pleaded with Members to review the changes. He raised concern about the way the Legal Practice amendment regulations had been ATCed which resulted in their non-finalisation.

The Chairperson said the Committee did what was supposed to be done and remarked that the issue with its finalisation would be sorted out.

The meeting was adjourned.


Share this page: