Cybercrimes Bill: proposed amendments; with Deputy Minister, Department & Parliamentary Legal Advisor

Meeting report

The Chairperson said that the briefing on the Cybercrimes Bill was necessary due to the complex subject matter. The Committee had had extensive deliberations on the Bill as well as public hearings. The Committee wanted to ensure that the National Prosecuting Authority and the South African Police Service was satisfied with the amendments made to the Bill especially with regards to how it would be implemented. The Committee had a meeting with the Department of Police on 05 February. One of the things discussed at that meeting is that Departments must consult amongst themselves and when they engaged with the Committee they needed to incorporate all of their concerns. On 11 March the Committee received a briefing from the Department of Justice and Constitutional Development on the proposed amendments to the Bill. In that meeting it was agreed that the proposed amendments be given to the Parliamentary legal team for further editing and further engagement with the Department. Much work has been done on the Bill and the Parliamentary legal advisor would present the proposed amendments. Members would be able to engage with the presentation and also ask further questions. The Chairperson hoped that extensive deliberation would be done today and that the Committee would move closer to the finalisation of the Bill.

Briefing by the Parliamentary Legal Advisor

Dr Barbara Loots, Legal Advisor, Constitutional and Legal Services Office, Parliament, highlighted the proposed amendments to the Cybercrimes Bill [B6B-2017]. These amendments were made with contributions from the NPA, SAPS and the Department of Justice and Constitutional Development. Most of the amendments were technical and language amendments. The most significant amendments made to the Bill were in clause 16 and then also the use of gender neutral language in the Bill.

Overview of the Bill

The Bill follows international trends to deal with the changing nature of cybercrimes:

• rationalise South African legislation dealing with cybercrimes;

• create offences and imposed penalties relating to cybercrimes;

• regulate the jurisdiction (transnational dimension) and powers to investigate;

• proof of certain facts by affidavit;

• impose obligations on electronic communications service providers and financial institutions to assist in the investigation of and report cybercrimes;

• mutual assistance between SA and other countries (cross-border investigation);

• establish a Point of Contact by the South African Police Service to facilitate mutual assistance in the investigation of cybercrimes;

• Executive to enter into agreements with foreign States to address cybercrime; and

• repeal and amendment of certain laws

Gender Neutral Language

There was discussion that the use of the singular ‘they’ was more inclusive, gender-neutral and fair with regards to dignity and identity. The non-binary replacing of ‘he or she’, and associated derivative forms was an accepted modern drafting technique and was recognised among the Commonwealth countries. The recommendation was to replace ‘he or she’, ‘him or her’, ‘he, she or it’ or alike with singular ‘they’ or where appropriate its derivative forms ‘them’, ‘their’, ‘theirs’ and ‘themselves’ or alike. Consequentially, sentence structure adjustments would be required.

Drafting Principles

Plain language was to be used in the Bill as much as possible. Therefore technical drafting amendments were made to ensure that it was easy to read. The Bill was structured according to the principle of ‘Subject, action, context’.

The rest of the presentation outlined the various amendments made to the Bill. The amendments were mostly non-binary grammatical amendments, technical and language amendments for the purpose of clarity and readability.

(See Presentation)

Discussion

Ms Z Ncitha (ANC, Eastern Cape) asked how does the proposed Bill addresses the issue of Cybercrime where there were mutual agreements and treaties between South Africa and other countries.

Mr C Dodovu (ANC, North West) recalled that on 11 March when the Bill was discussed he expressed that the Bill was important. Cybercrime had serious negative implications on the economy of South Africa. The sooner the process was finalised the better. Cybercrime, fraud and all crime related to the cyber environment needed to be dealt with seriously. This Bill dealt with how Cybercrime was to be rationalised in the country. His concern was that he did not see how government was demonstrating the capacity to deal with cybercrime itself. The Bill states that SAPS was a point of contact in respect of Cybercrime. What does that mean? Was it SAPS or another Department that would deal with matters relating to cybercrimes? Once the Bill was passed a rigorous campaign needed to be done to educate South African society on the seriousness of the Cybercrimes Bill. Cybercrime was happening often and that indicates that there was a lack of education on the part of the people on cybercrime. He was not certain about government’s capacity to unfold a communication campaign to educate South African society on cybercrime so that they understand it and its implications.

Mr John Jeffery, Deputy Minister of Justice and Constitutional Development, responded to the concern over capacity and the origin of the Bill. The Bill started off as the Cybercrime and Cybersecurity Bill. The cybersecurity section dealt with the issue of capacity. It involved the setting up of a number of statutory structures to deal with cybersecurity. It involved setting up infrastructure that was essential in dealing with cybersecurity. There were a number of contentious issues and concerns relating to the cybersecurity sections. There were also concerns that some Departments were not prepared on their positions to the Bill. It was agreed, by the then Minister of State Security, that only the Cybercrimes aspect of the Bill would be taken forward. This Bill was now a more Department of Justice, Police and NPA Bill. State Security would have to come back at a later stage on the cybersecurity provisions. The reason why the Department proceeded with the Bill was because of the urgency of ensuring that cybercrimes were better defined and therefore easier to prosecute. That it would make it easier for the police to investigate. Once the Bill was passed the Department would create explanatory documents on it. The Ministry of Communications would also be involved. The Department of Justice would advertise what the crimes are and what precautions needed to be taken to avoid falling victim to cybercrime.

Adv Sarel Robbertse, State Law Advisor, Department of Justice ad Constitutional Development, said there was also the cybersecurity hub that would provide information on cybersecurity and that was under the Department of Communications. Under government policy the Department of Communications had an obligation to embark on public education regarding cybersecurity and cybercrime matters as well as the protection of children in cyberspace. The provisions of the Bill will be explained further once it was passed. He then responded to Ms Ncitha’s question on how cybercrime would be dealt with when there were treaties in place between South Africa and other countries. The treaty that is most adhered to on cybercrime is the EU Convention, or Budapest Convention, on cybercrime. There was also an AU Convention on cybercrime. If a country adheres to a treaty, or international instrument, it usually operates in terms of that provision. If there was legislation in place and the legislation conforms with that treaty, or convention, then that legislation will be used as a basis for international cooperation between countries. The AU Convention would afford South Africa to use that convention on a regional basis to cooperate with other countries in Africa. South Africa did not adhere to the Budapest Convention although it was signed. Article 24 of the Budapest Convention expressly states that if in a country there is legislation in place and certain other conditions are met, in the proposed Bill these conditions are met, can be used as a basis for international cooperation. He then responded to the questions he received from Mr Michalakis. The first question related to clause 14 of the Bill. Clause 14 dealt with the offense when a person discloses a data message with the intention to incite damage to property or violence. The question was asked why was ‘intention’ removed from that clause. His response was that ‘intension’ was present in the clause. It does differ from other provisions in the Bill where expressions ‘unlawful and intentional’ were used. The offense that was criminalised in clause 14 was the offense of incitement. It was not necessary, according to the Department, to include ‘unlawful and intentional’ insofar as it has to do with the distribution of the data message due to those elements being included in the offense of incitement. He referred to a court case where the court indicated that criminal liability includes unlawfulness and intentional conduct. Even if legislation does not specify it the State must prove those elements to secure a conviction. The second question related to clause 26 of the Bill. Clause 26 deals with people applying to the court for amendment of protection orders. The Department specifically excluded the person who was accused of the offense. The question was why did the Department exclude the accused? The protection order of clause 20 was of an interim nature. It only applies until criminal proceedings are finalised. The protection order will expire on the conclusion of criminal proceedings when a person is convicted or acquitted of the offense. Clause 23 provides for additional orders that a court can issue. One of the reasons to exclude the accused from that provision is due to the fact that the issue that needs to be decided by the court to issue the protection order is going to be decided during the trial and criminal proceedings. If the accused is allowed, before the criminal process, to apply for the amendment of setting aside of the protection order the court in a civil case will decide on the merits of the offense in question. Clause 20 does provide that a person, the accused included, can appeal to the High Court to apply for amendment of the protection order. There is relief provided but the Department did exclude the accused for the reasons mentioned. The third question was on double jeopardy in relation to clause 24.

Clause 24 dealt with jurisdiction of courts. Courts would be granted extended jurisdiction to hear cybercrime matters. The double jeopardy rule was not applicable there. It may happen that a person is prosecuted overseas for an offense and may be acquitted or convicted. If the person comes to South Africa the person can again be charged in South Africa. The Criminal Procedure Act was clear on that matter. Section 106 sets out a number of pleas an accused person can raise in respect of a charge. That was that he was previously acquitted of the offense or that he was previously convicted of an offense. Section 35 of the Constitution expressly states that cannot again be charged or prosecuted in a case where a person was either convicted or acquitted. That was a constitutional right. He provided examples of cases where the Courts clarified the conditions that qualifies double jeopardy. Double jeopardy was one of the rules that prohibit international cooperation. Under international law if a person was convicted or acquitted of an offense they cannot be extradited to stand trial in another country for the same offense. The question asked was why clause 26 changed to allow SAPS up to 12 months to issue standard operating procedures. There was an extensive consultation process that must take place. The Minister of Police must be in consultation with the Minister of Justice and the National Director of Public Prosecutions before issuing standard operating procedures. That clause specifically provides for an extensive public consultation process. Involving public consultation usually takes up three months. His submission was that 12 months was a reasonable period. However, if the standard operating procedures were finalised before that, the Minister of Police would issue it. The Department would assist the Department of Police in issuing the standard operating procedures.

Question five related to clauses 32 and 33 of the Bill. The amendment stated that police officials may, in certain circumstances, access, search and seize computer data storage mediums without a warrant. In Canada there were two cases. The one court ruled access to computer storage data was allowed without a warrant and in another case it was not allowed. In the US a court ruling established that a warrant was necessary. In South African, there was a case where the court said it was alright for the police official to search and seize a cellular phone without a warrant. In terms of the Criminal Procedure Act, the police may without a warrant search and seize an article relating to this. The conditions that must be met is that the police officer must believe that a warrant will be given to them if it is applied for and the delay in apply for such a warrant impeded the investigation. During the public consultations the main concern was that the police may access commercial networks without a warrant. He said that other measures were put in place in the Bill that can be utilised. His submission was that looking at the current South African court cases and the Criminal Procedure Act the Department had sufficient authority to allow for search and seizure of data devices, in exigent circumstances, without a warrant. The conditions a police official must meet before embarking on search and seizure without a warrant was given. The police officer must, on reasonable grounds, believe that the search warrant will be given if they apply for such a warrant. The second condition related to the practical urgency of the case and the existence of exceptional circumstances why they could not make an oral application.

The sixth question asked if the fact that South Africa did not adhere to international agreement will impede on the implementation of the Cybercrimes Bill. The second part of the question was on whether SAPS had the necessary capacity and if that will impede on the implementation of the Act. He said that double jeopardy could also be applied to international cooperation. It was based on two principles. The first principle was that if double jeopardy applied then the person can be extradited. The second principle was that there must be offenses between countries before international cooperation can be embarked upon. Since the Bill was based on international principles it was in line with the legislation of most countries. If South Africa did not sign a treaty or adhere to a convention the law does provide that on a reciprocal basis the Executive may enter into agreements with a foreign country to deal with international cooperation. The AU Convention and the Budapest Convention do provide for international cooperation. On capacity, he added that every country in the world was struggling to come to terms with cybercrime. There was not one country that can say it has sufficient capacity to deal with cybercrime. Clause 55 of the Bill puts certain measures in place to ensure that SAPS does acquire the necessary capacity to investigate and deal with cybercrimes matters. The Minister of Police was accountable to Parliament in that regard.

Mr G Michalakis (DA, Free State) thanked Adv Robbertse for his replies and said that the Department needed to know how lucky they were to have an asset like him. He had a question on the warrantless search and seizure. If a police officer were to act in bad faith what would the consequences for that police officer be? The Committee should also consider at a later stage to call the Department of International Relations to a meeting to explain these various international agreements. The AU Convention has not be signed or ratified by South Africa. He did not understand why South Africa has signed the Budapest Convention but not ratified it. The Budapest Convention would assist South Africa in the implementation of the proposed Bill. It would be necessary for the Committee to follow up with the Department of Police and the Department of International Relations so that everything that needed to be in place from a departmental side could be monitored by the Committee.

Mr E Mthethwa (ANC, KwaZulu Natal) asked how the protection from malicious communication was going to be done. He wanted examples of that so that he could familiarise himself with how it would be done. He then had a question on search and seizure. What was the international standard procedure? The Covid-19 pandemic has shown how some government officials have been on the wrong side of the law, most of them being the police. If the Department gave the police a policy like this would it not allow them to abuse their power? If yes, at what level of protocol must search and seize be installed? How was it going to be done?

Mr Dodovu agreed with Mr Michalakis and said that the Committee needed an engagement with the Department of International Relations especially on the double jeopardy principle. What if another country’s laws are in contention with South Africa’s laws? It was important that the Committee met with the Department of International Relations to discuss the international treaties, conventions and agreements between South African and other countries.

Deputy Minister Jeffery responded to the questions on the Budapest Convention. This was an international relations issue. This was a convention of the European Union which other parties can sign. The issue some countries are raising is that they did not have the opportunity to participate in the drafting of the treaty and would rather have a UN Convention on Cybercrime.

Adv Robbertse said that the Budapest Convention was an EU, therefore a regional, Convention. There are currently steps being taken, under the auspices of the UN, to try and establish a universal convention that deals with cybercrime. He then responded to the questions on warrantless searches. If a police officer embarks on a warrantless search and was not entitled to do so that officer will have performed a delict. It operates the same as an ordinary warrant. SAPS will incur a civil liability if they have been found to do anything wrong. Clause 37 has specific provisions that criminalises search and seizures if a person is not entitled to do that. That clause also provides for civil liability.

He responded to the concern of malicious communications and how the Bill affords protections to such communications. That was dealt with in clauses 14, 15 and 16 of the Bill. Those clauses specify what malicious communications is. The Sexual Offences Act is also amended. There is a new section which deals with the harmful distribution of pornography which is a more serious offense. In both instances the victim can apply to the court for a protection order pending the finalisation of criminal proceedings to first prohibit the person from further distributing the content in question or secondly, for an electronic service provider to block the transmission or take down the malicious communications. That order would be valid until the criminal proceedings are finalised. Once the criminal proceedings have been finalised the court may order for that person to destroy the malicious content as well as the electronic communication service providers to make sure that no one gets access to such malicious communications. He once again clarified that the Bill sets out specific conditions which allows for police officers to search and seize computer data systems without a warrant. This Bill was only one part of the electronic communications set up in South Africa. There are other mechanisms which provide for the investigation of offenses. One such piece of legislation is RICA. In terms of RICA, if communications are intercepted without direction from a judge that is a serious offense and civil liability will follow.

Mr Dodovu commended the Department and the Deputy Minister for their work. He said once the Bill becomes an Act of Parliament he would love to see a massive campaign being rolled out to educate South Africans on the implications of cybercrime.

The Chairperson thanked the Department, the Deputy Minister and the Parliamentary Legal Advisor for their contributions. The Department has adequately covered the Committee’s concerns. The Committee looked forward to finalising the Bill as soon as possible given that the amendments have been explained and discussed. This Bill would be the first piece of non-binary legislation in South Africa’s democratic history and that would be a beautiful achievement. Her office would put a report together detailing all the discussions that had taken place. The Committee needed to have a follow up meeting with the Department of International Relations in terms of the ratification of international agreements and conventions.

The Chairperson also raised one issue that did arise that was not directly related to the Cybercrimes Bill. During the public deliberations it was raised that provisions should be made for victims of live broadcasting of sexual assault and rape through social media. The Department had responded that an amendment should be made to the Sexual Offences Act to address those concerns. This was an area that the Committee would like to further discuss with the Department.

The meeting was adjourned.