Premium content from before 2023 is now available for everyone!
  1. Committees
  2. National Council of Provinces
  3. NCOP Security and Justice
  4. Tabled Reports

ATC181127: Report of the Select Committee on Security and Justice on the Critical Infrastructure Protection Bill [B 22B – 2017] (National Assembly – sec 75), dated 27 November 2018

NCOP Security and Justice

Report of the Select Committee on Security and Justice on the Critical Infrastructure Protection Bill [B 22B – 2017] (National Assembly – sec 75), dated 27 November 2018:
 

The Select Committee on Security and Justice, having deliberated on and considered the subject of the Critical Infrastructure Protection Bill [B 22B – 2017] (National Assembly – sec 75), referred to it and classified by the JTM as a section 75 Bill, reports that it has agreed to the Bill with the following proposed amendments:

 

  1. Amendments agreed to:

 

Critical Infrastructure Protection Bill [B 22B – 2017]

 

AMENDMENTS PROPOSED TO

___________

 

CRITICAL INFRASTRUCTURE PROTECTION BILL

[B22B-2017]

___________

 

CLAUSE 4

  1. On page 7, from line 18, to insert after 4(2)(c)(ii) new sub-section 4(2)(c)(iii)

“at least one of the five members stated above should be appropriately qualified in the field of cyber security”.

 

CLAUSE 7

  1. On page 9, from line 51, after “must” to omit “submit a report to the Minister within three months after the end of each financial year” and to substitute “, on a bi-annual basis, submit a report to the Minister.”
  2. On page 9, from line 53, after “during” to omit “the preceding financial year” and to substitute “the period preceding the report.”
  3. On page 9, from line 57, after “contemplated in” to omit “section 17(8)(b)” and to substitute “Section 17(7)(b).

 

CLAUSE 11

  1. On page 11, from line 22, after “contemplated in” to omit “section 17(5)(c)(i) and to substitute “section 17(4)(c)(i).”

 

CLAUSE 12

  1. On page 13, from line 10, to omit subsection (8).

 

CLAUSE 17

  1. On page 15, from line 31, to omit subsection (4).
  2. On page 15, from line 35, to omit “(5) Subject to subsection (6)” and to substitute “(4) Subject to subsection (5).”
  3. On page 15, from line 60, to omit subsection (6) and to substitute:

“(5) In the event that the applicant shows good cause why the procedure in subsection (4)(a) should not be followed, the National Commissioner must refer the request to the Council who may dispense with the publication as referred to in subsection (4)(a) after considering the factors in subsection (6).”

  1. On page 16, from line 1, to omit “(7) For purposes of subsections (5) and (6), the applicant must show that a departure from the procedure in subsection (5)(a) is reasonable and justifiable in the circumstances” and to substitute:

“(6) For purposes of subsections (4) and (5), the applicant must show that a departure from the procedure in subsection (4)(a) is reasonable and justifiable in the circumstances.”

  1. On page 16, from line 7, to omit “subsection (5)(a)” and to substitute “subsection 4(a).
  2. On page 16, from line 11, to omit “(8)” and to substitute “(7).”
  3. On page 16, from line 14, to omit “subsection 5(a)” and to substitute “subsection 4(a).
  4. On page 16, from line 18, to omit “subsection 5(a)” and to substitute “subsection 4(a).”
  5. On page 16, from line 20, to omit “(9)” and to substitute “(8).”
  6. On page 16, from line 23, to omit “subsection 5(b)” and to substitute “subsection 4(b).
  7. On page 16, from line 24, to omit “(10)” and to substitute “(9).”
  8. On page 16, from line 27, to omit “(11)” and to substitute “(10).”

 

  1. On page 16, from line 28, after “contemplated in “ to omit “subsection (5)” and to substitute “subsection (4).”

 

  1. On page 16, from line 31, to omit “(12)” and to substitute (11).”

 

  1. On page 16, from line 31, after “contemplated in” to omit “subsection (11) and to substitute “subsection 10).”

 

 

CLAUSE 20

 

  1. On page 18, and from line 17, to omit subsection (4).
  2. On page 18, and from line 20, to omit subsection (5).
  3. On page 18, and from line 26, to omit subsection (6).

 

CLAUSE 27’

  1. On page 24, on line 17, after “Parliament for” to omit “scrutiny” and to substitute “notification.”
  2. On page 24, from line 21, after “contemplated in” to omit “section 17(5)(a)” and to substitute “section 17(4)(a).
  3. On page 24, from line 22, after “contemplated in” to omit “section 17(11)” and to substitute “section 17(10).”

 

CLAUSE 30

  1. On page 26, and from line 27, to omit subsection (9).

 

 

  1. Public participation process on the Critical Infrastructure Protection Bill [B 22B – 2017]

The Select Committee on Security and Justice advertised the Bill in the following newspapers and on the following dates with a deadline of 24 October 2018:

134792 – Critical Infrastructure Protections Bill [B22B - 2017]:

 

  1. Sunday Times – 30 Sep 2018
  2. Free State Sun – 05 Oct 2018
  3. Pondo News – 05 Oct 2018
  4. Nthavela – 05 Oct 2018
  5. Die Burger – 06 Oct 2018
  6. Isolezwe Nge Sonto – 07 Oct 2018
  7. Bushbuckridge News – 10 Oct 2018
  8. Business Ink – 10 Oct 2018
  9. Ngoho News – 10 Oct 2018
  10. Coal City – 10 Oct 2018
  11. Thembisile Hani News – 10 Oct 2018

 

The Committee received three written submissions from the following organisations:

Summary of Submissions

ORGANISATION

RELEVANT SECTION OF THE BILL

MOTIVATION FOR SUBMISSION

 

RECOMMENDED CHANGES
  1. AmaBhungane

S 26 Any person who unlawfully … furnishes, disseminates or publishes in any manner whatsoever information relating to the security measures applicable at or in respect of a critical infrastructure other than in accordance with the Protected Disclosures Act, 2000 (Act No. 26 of 2000), Prevention and Combating of Corrupt Activities Act, 2004 (Act No. 12 of 2004) or any other Act of Parliament that provides for the lawful disclosure of information …commits an offence and is … liable upon conviction to a fine or to imprisonment for a period not exceeding three years, or to both a fine and imprisonment

Concerned that the Bill in its current form still imposes undue, and potentially unconstitutional limitations to the right of freedom of expression and right to information entrenched in section 16 and 32 of the Constitution.

 

Our view therefore is that an express public interest defence clause against the criminal sanctions contained at s26 of the Bill must inserted for it to meet constitutional muster. The public domain defence now contained in the Bill is important improvement, but still falls short of an adequate defence.

(1) No person shall be guilty of an offence under section 26(2)(b) to the extent that the disclosure was in the public interest or was made in the reasonable belief that it was in the public interest.

(2) For the purposes of this section, a disclosure is in the public interest if:

(a) it reveals wrongdoing that has occurred, is occurring or is likely to

occur, including:

(i) any criminal offence or other contravention of law;

(ii) any danger to public health, safety or the environment;

(iii) any abuse of public office, neglect of public duty, misleading

of the public in the purported performance of public duties or

functions, or misuse, mismanagement or waste of public

resources;

(iv) any miscarriage of justice; or

(v) deliberate concealment of any such wrongdoing; and (b) any reasonably foreseeable risk of harm caused by the disclosure is

outweighed by the need to bring the wrongdoing to the attention

of the person or persons to whom it is disclosed.

 
  1. BASA (The Banking Association of South Africa)

Section 17 (4) Where it appears from the application that the infrastructure contemplated in subsection (1) partly consists of, incorporates or houses, any information infrastructure as contemplated in any legislation on cybersecurity, the National Commissioner must follow the procedure contemplated in section 20(4).

 

Powers of Minister to declare infrastructure as critical infrastructure

 

(4) The Minister must, in consultation with the Cabinet member responsible for State security, determine the procedure that the National Commissioner and the State Security Agency must follow when dealing with an application contemplated in section 17(4).

 

(5) Where an application contemplated in section 17(4) is referred to the Cabinet member responsible for State security in terms of any legislation on cybersecurity, the Cabinet member responsible for State security must, within 60 days or such further period as agreed upon between the Ministers, decide whether the infrastructure in question, or any part thereof must be dealt with in terms of any legislation on cybersecurity or not, and inform the Minister in writing of the decision.

 

(6) Where the Cabinet member responsible for State security decides that an application must not be dealt with in terms of legislation on cybersecurity, the Cabinet member responsible for State security must return the application to the Minister, whereafter the application must be dealt with in terms of this Act.

Sections 17(4) and 20(4) – (6):

  • There is concern that the application of sections 17(4) and 20(4) – (6) of the Bill may be constitutionally questionable on the basis, inter alia, that legislation should clearly set out objective criteria for decision making, where administrative discretion is granted to the executive.

 

  • Section 17(3) purports to include the head of a government department or head of an organ of state in an application to declare an infrastructure as critical, but for certainty (given that information infrastructure has been specifically excluded from the definition of infrastructure), a similar provision should be set out in section 20(4)-(6), so that the head of a government department or head of an organ of state with functional control over an impacted sector forms part of the decision making process to bring such information infrastructure back into the ambit of the Critical Infrastructure Protection legislation.

 

Powers of the Minister:

  • There is a concern that while the Bill gives the Minister the power to declare infrastructure as critical infrastructure, it does not adequately circumscribe the extent, limitations and duties associated with this power. Importantly, the Bill does not define the rights of, and protections for, critical infrastructure controllers and owners in the event of such a declaration by the Minister (especially where such owners or controllers are not government agencies).

 

BASA recommends that the Bill provides for the following:

• the designation of a function in the Minister’s office that may have access to a critical infrastructure for non-governmental infrastructures;

• the conditions and regularity of the access to a critical non-governmental infrastructure;

• authorisation and identification (certificate of authorisation) of individuals who will have access to a critical non-governmental infrastructure;

• consequences of acting contrary to authorisation;

• the rights of the owner or controller of a critical infrastructure; and

• prohibition on disclosure of information by members of law enforcement/investigator on such critical infrastructures.

 
  1. SANEF (South African National Editors Forum)

 

 

 

These submissions are made jointly by the South African National Editors Forum (SANEF), the SOS: Support Public Broadcasting Coalition (SOS) and Media Monitoring Africa (MMA) (collectively, the Group)

 

 

Suggests introduction of new provision.

SABC has been appointed as a NKP and as a result they have concerns with:

 

  • the State Security Agency (SSA) has been approaching non-security personnel at the SABC and more specifically, editorial staff, that is journalists and/or management personnel and informing them of the necessity of completing a very detailed and invasive security vetting questionnaire,
  • power is being exercised in a manner that we believe to be an unconstitutional violation of the right to freedom of the press which is a specifically protected aspect of the right to freedom of expression as is provided for in section 16(1)(a) of the Constitution of the Republic of South Africa, 1996 (the Constitution).
  • The Group requests the NCOP to ensure that specific protection of editorial integrity and freedom of work as a journalist be provided for with regard to the staff of the SABC, other than, of course, in respect of the security staff needed to secure the SABC as a National Key Point or, in due course, a Critical Infrastructure or Critical Infrastructure Complex.

 

 

 

The group suggests the introduction of a new section 24 to be contained in Chapter 3 of the Bill as follows:

 

 

“Specific Protections for the SABC as the independent public broadcaster

 

24. In recognition of the vital role that the SABC, the independent public broadcaster, plays in ensuring that the public has access to a wide range of news and information, nothing in this Act shall require the security vetting, other than of the SABC’s security staff, of the SABC staff, in particular, no journalist or non-security staff member shall be required to disclose any communication undertaken in the course of his or her employment and sources of journalistic information as a result of the SABC being declared critical infrastructure and/or a critical infrastructure complex.”

 

Offences and penalties

26. (1) Any person who unlawfully—

(a) furnishes, disseminates or publishes in any manner whatsoever information relating to the security measures applicable at or in respect of a critical infrastructure other than in accordance with the Protected Disclosures Act, 2000 (Act No. 26 of 2000), the Prevention and Combating of Corrupt Activities Act, 2004 (Act No. 12 of 2004) or any other Act of Parliament that provides for the lawful disclosure of information;

(b) takes or records, or causes to take or record, an analog or digital photographic image, video or film of the security measures at a critical infrastructure;

(c) hinders, obstructs or disobeys a person in control of a critical infrastructure in taking any steps required or ordered in terms of this Act in relation to the security of any critical infrastructure;

(d) hinders, obstructs or disobeys any person while performing a function or in doing anything required to be done in terms of this Act;

(e) enters or gains access to critical infrastructure without the consent of the security manager or person in control of that critical infrastructure;

enters or gains access to critical infrastructure in contravention of the notice contemplated in section 24(8) or 25(8);

(g) damages, endangers or disrupts a critical infrastructure or threatens the safety or security at a critical infrastructure or part thereof;

(h) threatens to damage critical infrastructure; or

(i) colludes with or assists another person in the commission, performance or carrying out of an activity referred to in paragraphs (a) to (h), commits an offence and is, subject to subsection (3) and (4), liable on conviction to a fine or to imprisonment for a period not exceeding three years, or to both a fine and imprisonment.

The Bill contains severe penalties for violations in relation to critical infrastructure as provided for in section 26. These range from 20 years’ imprisonment for tampering with, damaging or destroying critical infrastructure (section 26(4)) to a fine and/or three years’ imprisonment.

  • A penalty of up to 3 years’ imprisonment is currently provided in section 26(1) for activities that could be described as journalism, namely section 26(1)(a), (b), (e) and (f), which sections prohibit, inter alia, publishing information, being at or taking photographs of critical infrastructure. While it is true that these are subject to this being done “unlawfully” – this term is never defined - and we are concerned that this would have a chilling effect on reporting about activities taking place at critical infrastructure sites.
  • The Group therefore supports the call that the Bill specifically contains a public interest override to ensure, in particular, that the information-disclosure activities contained in what is currently section 26(1) of the Latest Bill would not constitute offenses if the disclosure of information and related activities regarding critical infrastructure would be in the public interest.

 

 

 

It is suggested that a new sub-section (3) be inserted into what is currently section 26 the Bill as follows:

 

 

“(3) Notwithstanding the provisions of sections (1)(a), (b), (e) and (f), where a disclosure of information regarding critical infrastructure would reveal evidence of:

(a) a substantial contravention of, or failure to comply with, the law; or

(b) an imminent and serious public health, safety or environmental risk; and

(c) the public interest in the disclosure clearly outweighs the harm in question, the disclosure and related activities falling within those listed in section 26(1)(a), (b), (e) and (f), shall be lawful.”

 

 

 

  1. Amendment considered but rejected

 

New CLAUSE 24

The SANEF, SOS and MMA group suggested the introduction of a new section 24 to be contained in Chapter 3 of the Bill as follows:

 

“Specific Protections for the SABC as the independent public broadcaster

 

24. In recognition of the vital role that the SABC, the independent public broadcaster, plays in ensuring that the public has access to a wide range of news and information, nothing in this Act shall require the security vetting, other than of the SABC’s security staff, of the SABC staff, in particular, no journalist or non-security staff member shall be required to disclose any communication undertaken in the course of his or her employment and sources of journalistic information as a result of the SABC being declared critical infrastructure and/or a critical infrastructure complex.”

 

The SAPS legal advisor noted that there is a distinction between low, medium and high risk. The SABC would be a low risk. The SAPS legal advisor noted that the Minister may determine provisions for a specific infrastructure and may determine that journalists or editors would not be subject to this vetting.

 

The State Legal Advisor confirmed that the Critical Infrastructure Protection Bill would repeal the National Key Points Act but that the provision in the National Strategic Intelligence Act, Act No 39 of 1994 would not be automatically repealed. The National Strategic Intelligence Act provision would still apply but the interpretation would relate to the Critical Infrastructure Protection Bill once it becomes an Act.

 

The Committee agreed with the opinions of the Department and the State Legal Advisor that the Section as recommended for insertion by SANEF does not need to be included.

 

 

CLAUSE 26

In terms of the original Clause 26 it was an offence to for example to photograph security measures that are visible to the public.

The Select Committee considered the legal opinion commissioned by the Portfolio Committee on Police and expressed by Adv. Wim Trengrove, SC on 3 July 2018. Trengrove concluded that the prohibitions, as then formulated, would not pass constitutional muster because they unjustifiably limited the right to freedom of expression in s16 of the Constitution.

According to Trengrove, SC an amendment of the definition of “security measures” to limit them to those not clearly visible to the public eye, would

(a) make Clause 26 Constitutionally compliant and

(b) remove the need for a public interest defence.

 

The Department presented the redrafted clauses in line with the legal opinion to the PC on 14 August 2018. The PC accepted the proposals and adopted the whole Bill with amendments on 14 August 2018.

 

The Select Committee in considering the public submissions on the public interest defence clause proposed by SANEF, SOS and the MMA concluded that the amendment by the Portfolio Committee on Police to Clause 26 sufficiently covers any constitutional concerns raised by the organizations in their submissions and that a public interest defence clause would not be included in the current bill.

 

 

  1. Certification of the Bill

 

The Select Committee certifies that –

  1. all amendments are constitutionally and procedurally in order within the meaning of Joint Rule 161; and
  2. no amendments affect the classification of the Bill.

 

 

  1. Consensus on the Bill

 

  1. Support for the adoption of the Bill was unanimous.

 

 

Report to be considered.

 

 

Documents

No related documents

What's wrong with this page?