Cybercrimes Bill [B6B-2017]: SAPS & DOJ response to submissions; with Deputy Minister

NCOP Security and Justice

05 February 2020
Chairperson: Ms S Shaikh (ANC, Limpopo)
Share this page:

Meeting Summary

Documents handed out: Department of Justice response to submissions [not available to public]

The South African Police Service responded to the public submissions on the approximately 20 clauses of the Cybercrimes Bill that applied to SAPS. On concerns about to search and seizure, it pointed out that in clause 32(2) there are limitations on police officials when they act without a warrant. SAPS proposed an amendment to the definition of "specifically designated police official”.

The Department of Justice and the National Prosecuting Authority response to submissions was cut short due to time constraints.

Members asked about capacity, resources and training available to SAPS to successfully implement and enforce the Bill once passed. The power of law enforcement to search and seize without a warrant in exigent circumstances in the reasonable belief that a warrant would be granted was also discussed with court case rulings from other countries used as examples. The Committee asked that the two departments meet prior to the next committee meeting as the security and justice cluster needed to work in unison for cybercrime to be prevented.


Meeting report

Cybercrimes Bill [B6B-2017]: SAPS response to submissions
The Deputy Minister of Police, SAPS National Commissioner and Head of the Directorate of Priority Crime Investigation (DPCI) were present, accompanied by a large delegation from SAPS, the Departments of Police and Justice and the NPA.

Brigadier Nicolaas van Graan, SAPS Head of Legal Services, provided a response to the public submissions on the Cybercrimes Bill [B6B-2017] for those clauses that directly impact on or relate to the SAPS, the Minister and the Department of Police which amounted to a third of the Bill.  

Responses were provided to submissions from First Rand, JP Morgan, Media Monitoring Africa, MTN, Telkom and Vodacom. Key concerns raised in the submissions were about the police’s power to search and seize without a search warrant in certain circumstances, and the capacity of security agencies to enact the Cybercrime Bill. SAPS explained why it supported or did not support the concerns (see document).

On concerns about to search and seizure, SAPS pointed out that in clause 32(2) there are indeed limitations on police officials when they act without a warrant. It noted it would be very challenging for it to obtain a warrant or even to apply for a warrant orally in circumstances where time is of the essence and SAPS does not know what information is stored on a cell phone picked up at a crime scene or even to whom the device belongs.

SAPS proposed an amendment to the definition of a "specifically designated police official” in clause 1: “Means a member of the SAPS with the rank of Captain [instead of commissioned officer] or higher who has been designated by the National Commissioner and the National Head of the Directorate, respectively…”.

The Chairperson asked Members if they wanted to ask questions of clarity on the SAPS presentation. The Department of Justice was the lead department for this legislation and it was expected that both the NPA and Department of Justice would respond to the proposals.

Mr G Michalakis (DA, Free State) referred to slide 13 where SAPS says that objections can be raised through court. With an economy already under pressure and government not having too much money to spend money on litigation, this would result in both the private sector and government spending quite a bit of money on litigation. It was not a practical or the best solution. He wanted to hear comments from SAPS on that specific point. It would be better option to find a way that is more agreeable even if it takes more dialogue. They need to find a way that is more agreeable between these companies and the State. He was not in favour of going on a case by case basis to court and incurring all this expense, especially in the current economic circumstances.

Mr Michalakis asked about the physical point of contact. If you are a victim of cyber-crime then you most likely have access to internet. He did not understand the need for a physical point of contact.

On the capacity of the police service. he suggested that once the Bill is passed that the Committee have a session with SAPS on training specifically. This was a good piece of legislation but the one place that ‘the ball might get dropped’ was at SAPS and specifically their capacity. The presentation states that SAPS has the capacity. However, on an earlier occasion when Mr Michalakis asked this question, the Minister of Police responded that SAPS would need, currently, an extra R20 million a year. That requirement would increase of the Bill's adoption. Another response had been that in the last six years, of the 937 cases investigated, 178 were successfully prosecuted. This is not a reflection of the commitment and the capabilities of police officers. They are excellent. It is rather a question of this unit not being prioritised in terms of budget, capacity and skills. This means that of the R8 billion value in crime investigated, only R23.7 million worth of crime was successfully prosecuted. To say that SAPS, at the moment, was properly capacitated was not completely accurate. He asked for a response how in the coming budget cycle the Department was going to properly capacitate the unit in terms of funding and then after the Bill has been adopted to take that step further. A lot of money would be required and given the current budget he did not think SAPS was prioritising the right things to fully capacitate. The Bill was excellent and the police were willing but they do not have the budget, firstly, and secondly they do not have the human resource capacity. There are excellent police men and women out there but they are overworked and underpaid and are not supported in making this legislation a success.

Ms Z Ncitha (ANC, Eastern Cape) raised a point about capacity. She hoped that the Department was not defensive about capacity. It was important for the NCOP to pass a Bill that would be functional. The role of this House was not only to criticise but to assist the Department where possible. The NCOP wants to know that if the Cybercrimes Bill was implemented, SAPS would have the capacity? The Committee would like a factual answer without the Department being defensive so that it could assist. Secondly, search and seizure was a point that was coming up strongly from the stakeholders. Stakeholders were highlighting the point that search and seizure does not tamper with the running of their businesses.

Mr T Dodovu (ANC, North West) agreed with the points raised by Ms Ncitha. SAPS seemed to be very defensive in responding to the questions and the concerns raised by stakeholders. Any issue raised by the stakeholders was not being supported by SAPS. He raised this concern as the economic impact of cybercrime in the country was huge. R6 billion per annum was lost as a result of cybercrime. The victims of cybercrime, globally, was around 50% and in South Africa it was around 70%. People falling victim to smart phone scams globally was about 38% but here in South Africa it was 47%. The point was raised because the presentation said SAPS was ready, was equipped and had the capacity to investigate cybercrime. That assertion on the balance of evidence was not accurate when comparing global and local statistics. Cybercrime has changed in the country. There are problems now of impersonation where the profiles of people are changed and cloned. He was not sure what capacity SAPS had to investigate such crimes. It would be beneficial if SAPS presented to the Committee on how much capacity it had, the training offered to its members and the method for investigating cybercrime. Most stakeholders were raising capacity concerns and this was therefore worrying. He implored SAPS to take seriously this capacity concern as it was central to making the Bill a success.

Mr Dodovu's second question was on limited access. What does limited access to the phone without obtaining a warrant mean? As once a phone is opened, the investigator will go through it without limit, especially when it is not known who it belongs to or what crime, if any, has been committed via that cell phone. What does limited access actually mean because access is access? Be clear, be blunt and be honest about what limited access was.

Ms M Mmola (ANC, Mpumalanga) also commented about capacity on slide 17. Were SAPS members trained on cybercrime? How many were trained? When was your last training? What was meant by saying limited access?

Ms Ncitha raised search warrants and said the presentation indicated that SAPS wanted a leeway for this particular crime. She agreed with the Department of Justice that this crime was complicated and the people being dealt with were quite advanced. In terms of search warrants, it needs to be treated differently.

The Chairperson commented on the matter raised by Mr Dodovu on support and oppose. When a comment is opposed, it is explaining how it is covered in that legislation. She thought it might just be a matter of semantics and that the Committee generally avoids using oppose in that way. She handed over to the Department to respond to the questions.

SAPS National Commissioner, Gen Khehla Sitole, replied that they were not defensive. If it was interpreted in that way he apologised. On capacity, in the processing of a Bill up until the point where it becomes legislation there was a space for resource requirements for the Bill's implementation. SAPS was still getting to that particular stage. Therefore they were not confirming as a final statement that they were ready with resources. SAPS was at an advanced stage of developing a cybercrimes strategy which would also be attached to a resource requirement. That resource requirement is going to form part and parcel of capacity. Modern cyber-crimes have reached another level which then puts a strain on resource requirements. Cybercrime is a multi-dimensional type of crime that requires a multi-disciplinary approach and therefore an integration-of-resources approach is needed. Quite an investment is required. SAPS was moving towards establishing the first crime detection academic university in April. One of the first curricula was the cybercrimes training curriculum. That will help with capacity. Support will be needed from this Committee because at the moment there were no resources set aside for fighting cybercrime. The Bill will be read with all the other legislation. All the standard operating procedures (SOPs) emanating from those Acts will be read with the SOPs that come from this Bill. Complementing this was also the online policing strategy because cybercrime is also about exploiting the online platforms. Communities are rapidly relocating online.

Deputy Minister of Police, Cassel Mathale, said that as the South African Police Service, they were doing everything possible to enhance their current capacity. There were personnel that dealt with cybercrime but it was necessary to enhance that capacity internally. The Minister of Police said towards the end of last year that under the direction of the Deputy Minister and National Commissioner, SAPS was to develop the facilities being used to train detectives so that it was on par with the rest of the world. SAPS was working with the law institutions of countries like the US, China and the United Kingdom to see how they were handling the challenges.

South Africa was not necessarily backward. The police do have the capability but that ability needs to be enhanced. The Bill was clear in clause 55 that the Minister must build capacity in SAPS to deal with cybercrime. Clause 55 is saying that what is there must be enhanced. Even looking at the United States, they are grappling with similar challenges to South Africa. The United States was developing its capacity and China too. With cybercrime, it will be impossible to say that SAPS has everything it needs – that would be lying because technology is evolving. There is 5G today but South Africa is not yet there. By the time South Africa arrives at 5G as a country there will probably be 6G or 7G so the need to continually capacitate will always be there.

Deputy Minister Mathale said that the NCOP has a role to play. SAPS will never succeed in implementing this Bill once it becomes an Act without the NCOP playing a central role. Members of the NCOP before they come here are community members. They have experiences. The Committee has a role to play and the Department will willingly engage with the Committee. If the presentation created an impression of SAPS being defensive that was not the intention. It was required that SAPS consult and not for the sake of consultion. The intention was for SAPS to interact and be influenced through those interactions. Where SAPS receives advice which would enhance the Bill, they would gladly accept that.

The Chairperson said the questions on point of contact and limited access still needed to be discussed. She asked the delegation from the Department of Justice to comment on those concerns.

Department of Justice response to submissions
Mr Sarel Robbertse, Senior Legal Advisor: Department of Justice, said that initially when the Bill was drafted the police, in certain instances, were granted the power to access an electronic device without a warrant when they believed that a warrant would be issued to them. That is something similar to what is in the Criminal Procedure Act. It was taken out in the finalisation of the Bill. The Police then approached Mr Robbertse to reconsider the matter.

He did research on the matter in clauses 32 and 33. The international position is more or less as follows. Canada had two Supreme Court cases on that matter. In the first case the court judgement declared that a warrant was always needed to access a computer system. In the second case, which involved cell phones and drug transactions where the police did access them, the Supreme Court of Canada did make an exception to the general rule. In exigent circumstances where evidence was going to be lost the police may access without a warrant.

In the United States there was a case where search and seizure took place and the court ultimately decided that a warrant was needed to access. The latest case that happened in the District Court of Massachusetts the court ruled that warrants were in all cases necessary to search and seize a device.

Section 22(b) of the Criminal Procedure Act does allow for warrantless searches in exigent circumstances. In a South African case that dealt with a warrantless search of a cellular phone the court ruled it permissible so it can take place. Universally there was no clear authority. On one hand they require a warrant; on the other hand not. Mr Robbertse submitted that if it related to certain crime scene investigations which were situations of life and limb, exceptions should be provided similar to those exceptions in the Criminal Procedure Act that provide for warrantless searches. Adv Louw of the NPA could provide further insight with this as he was part of the drafting process.

The Chairperson requested that the NPA make its input. She asked if the NPA had a presentation.

Mr Robbertse replied that Adv Louw provided substantial input to the Department of Justice presentation. Most of the input relates to the full mandate of the National Prosecuting Authority. Adv Louw can give his impressions of the Bill. He was involved from the start of the drafting of the Bill and he has extensive experience in cyber investigations as well as foreign legislation. The presentation that I am going to give to the Committee will cover both the NPA and the Department of Justice.

The Chairperson asked if the input from SAPS was also covered in his presentation?

Mr Robbertse replied that every aspect that SAPS addressed was also addressed in his presentation.

Adv Paul Louw, NPA Senior Deputy Director of Public Prosecutions, said he had been working on cybercrime since 2001. Working in the trenches of Johannesburg, Pretoria and Cape Town, he had been grappling with these questions – for example, shall a search take place with or without a warrant? This Parliament has always done well with legislation because it has given law enforcement the tools to fight crime. The level of implementation was always the challenge. Since 1998 law enforcement has had tools thanks to this Parliament.

When he started working on this Bill he asked the following questions. Will our defences cover evolving crime and newer technologies? Can a charge sheet be drafted based on the crimes that occur internationally? The answer is yes. The modern notion is that these criminals need to be caught in hours and not weeks or months. When Brig van Graan said that when SAPS received a proposal for five days. Five days is ancient history. These criminals need to be caught in a matter of hours. When it comes to reporting he trusts Brig van Graan’s approach to it. It was on par with modern trends.

On the question of training he was thankful for the police university because mistakes made early in the investigation ‘can blow up in your face’. Digital evidence was something that needed to be treated and handled carefully. He fully supported the emphasis on training.

In response to the question of search and seizure, he gave the instance of where he instructed his teams to go for a warrantless search at three in the afternoon but at one in the afternoon they decided to apply for a search warrant. Why? Because we want to stand with clean hands before the Court and we respect the constitutional rights of any person. The question of access to a cell phone was very topical because in the American case, the Californian Court initially decided that in searching a person, the body, searching the phone was allowed but that was overturned by the US Supreme Court. He thought South Africa was right up there in those matters as limited access was only allowed in exigent circumstances.

He was glad that point of contact was formalised. It was a question of good will and consent. He would call a service provider and ask them to preserve a certain amount of data and most often they cooperated. The problem was police-to-police intelligence because information is needed immediately to catch a criminal. He would hand over to Mr Robbertse to deal with the technical aspects of the presentation.

Mr Robbertse’s presentation incorporated submissions and the responses from the Department of Police, NPA and the Department of Justice. The presentation discussed the need for capacity building and training and how technological advancement outpaced that capacity building. The right of privacy and the right of access to information all needed to be taken into consideration when drafting this Bill.

Mr Robbertse confirmed that the Bill takes into consideration all constitutional rights. The presentation went through each submission made on the Bill and then commented on those submissions. The important points raised in the presentation dealt with capacity building, protection of children online, sexual offences that occurred with regard to cybercrime, protection of personal information, definitions within the Bill and then malicious communication.

Due to time constraints, Mr Robbertse could not finish his presentation. The Chairperson stated that this was all still a process and that they would finish the presentation by the Department of Justice at a later stage. Committee members should note the comments that they wished to raise and keep them for later. They would reschedule to allow the Department to finish their presentation.

Gen Sitole commented that cybercrime affects economic growth and social stability. It therefore requires prevention. The Bill, however, is largely more reactive. The Bill needed to be more proactive. Capacity and resourcing requires community mobilisation.

Lt Gen Godfrey Lebeya, National Head: Directorate for Priority Crime Investigation, said that this type of Bill needed to be passed for a long time. With the Act coming in to place it will remove any confusion. When this becomes an Act it will generate over seventy new crimes and that will clarify various areas where there has been confusion. With this law in place, it will remove any confusion and will help law enforcement to do training and assist in fighting cybercrime.

The Chairperson thanked the Deputy Minister and Department of Police for coming. It was always best for the legislative process when, at the level of the Executive, there was synergy and agreement between the various roleplayers in the drafting of this Bill.

Deputy Minister Mathale agreed with the Chairperson and said that government wants to work together and with synergy. There was not a single Minister who did not belong to a cluster. The security and justice cluster needed to approach crime from the same platform and same perspective. There must be only one strategy. He wanted to help the Committee create legislation that once passed will be able to stand the test of time.

Mr Dodovu said that there were some differences in what SAPS was saying and what the Department of Justice was saying yet the Deputy Minister was saying ‘we are one government in one cluster’. Was it possible before they come here again for the two to meet and find common ground before finalising the Bill.

The Chairperson agreed that when the Department of Justice, SAPS and NPA return, they should be speaking with one voice. Cybercrime was ever evolving and that required government to move with speed on the Bill. At a later stage, as the crime evolves the Committee would have to look at amendments to the Bill. She requested the two departments communicate on the matters discussed. In the next meeting there would be one presentation from the Executive.

The meeting was adjourned.

Download as PDF

You can download this page as a PDF using your browser's print functionality. Click on the "Print" button below and select the "PDF" option under destinations/printers.

See detailed instructions for your browser here.

Share this page: