Another law that can make it “illegal” for journalists and others to own sensitive information has seen the light.
A new bill that aims to crack down on cyber crime, will, in its current format, provide detailed power to the State Security Agency, including the classification of information and information storage devices of individuals.
It contains provisions reminiscent of the controversial secrecy bill and the National Key Points Act.
The Cybercrimes and Cybersecurity Bill was announced in August by Michael Masutha, minister of justice and constitutional development, and proposals closed on Monday.
When Masutha introduced the bill, he said: “It was estimated that cyber-related crime was on the increase, and its value has grown to more than R1 billion a year.
“The draft bill proposes putting a coherent and integrated framework in place to deal with several shortcomings regarding cyber crime.”
Good, but what is cyber crime?
It refers to the use of data, a computer device, a computer network, a database or an electronic communication network to commit a crime.
According to the bill this includes procurement, supply or use of personal and financial information without written consent, as well as the use of malicious programs (malware).
The bill provides that a 24/7 contact point for cyber crime should be created. A police member with appropriate expertise should be the director of the unit.
The director must be assisted by:
» Appropriately qualified members of the South African Police Service;
» A member of the National Prosecuting Authority who has particular knowledge and skills in respect of any aspect dealt with in this Act and who is seconded or designated to the 24/7 point of contact to assist the director; and
» Persons or entities who are, from time to time, appointed to assist the director.
Under the bill, a dedicated cyber security response committee would be established.
The State Security Agency will chair the committee, while various heads of government departments would serve on the committee. The chairperson would be the director-general of state security.
The committee would report to the minister of state security.
A Cyber Security Centre would be established. Its responsibilities would include:
security;
» To facilitate the identification of and protection and securing of “national critical information infrastructures”; and
» To respond to and to provide coordination and leadership.
What are “national critical information infrastructures”?
As the bill stands now, they are whatever the minister of state security says they are.
The Bill defines a “national critical information infrastructure” as “any data, computer data storage medium, computer device, database, computer network, electronic communications network, electronic communications infrastructure or any part thereof or any building, structure, facility, system or equipment associated therewith”.
This includes private property.
The use of and access to “national critical information infrastructure” are governed by regulations that are determined by the State Security Agency.
Thus, in the (hopefully) unlikely event that the agency classifies my computer as “national critical information infrastructure”, I will have to apply to a court to have this classification set aside.
According to the Right 2 Know Campaign (R2K) this creates, in effect, “national key points” for the internet and gives the government power over it, including regulations to classify certain information.
But if I were a journalist or someone who wanted to reveal corruption, the bill would surely not curb me?
Not if R2K is correct. According to the watchdog, the bill would criminalise journalists and whistle blowers by “sneaking in the worst clauses of the ‘secrecy bill’ by the back door”.
“Section 16 of the draft bill introduces a range of offences under the banner of ‘computer-related espionage’ that are practically a copy-and-paste of the worst parts of the Protection of State Information Bill (“the secrecy bill”).
These provisions make it an offence to ‘unlawfully and intentionally’ possess, communicate, deliver, make available, or receive data ‘which is in possession of the state and which is classified’,” said R2K’s statement.
As with the draconian secrecy bill, which is still on President Jacob Zuma’s desk, waiting for his signature, there is no public interest defence or protections for whistleblowers and journalists.
What do others say?
The Electronic Frontier Foundation, an international cyber watchdog organisation that is campaigning for civil liberties in the digital sphere, said the bill could “scare researchers into silence” .
“The wording of the bill shouldn’t criminalise the legitimate activities and use of tools required for independent security research, academic research and other activities that are carried out in good faith and serve the public interest and in the end make the public safer,” read the organisation’s statement.