Cybercrimes and Cybersecurity Bill
The Department of Justice and Constitutional Development has recently published a draft Cybercrimes and Cybersecurity Bill for public comment. This is accompanied by the invitation to comment on the Bill, the deadline of which is the 30th November 2015. A discussion document is also provided which provides some insight into the background of the drafting of the Bill.
The link to view the Invitation, Bill and Discussion Paper is http://www.justice.gov.za/legislation/invitations/invites.htm.
I have also been advised by the Deputy Minister of Justice and Constitutional Development that the long awaited National Cybersecurity Policy Framework, approved in 2012 but astonishingly not yet made a public document, will be declassified and be made available. This will also give important insight into what is being sought to be achieved by the Bill.
The proposed Bill is an important step in the creation of appropriate law to address the realities of 21st century life and in particular the abuses that have been spawned by the unscrupulous use of modern technologies in the processing of information, particularly personal information. I have been calling for legislative responses to these abuses for many years and despite the delays in government dealing with these issues, the development is to be welcomed. This having been said, care needs to be taken in assessing the proposed legislation to ensure that the protection of citizens can be effective, and that the powers of both law enforcement and national security agencies are properly balanced with constitutional protections of citizens, particularly in light of privacy and the protection of personal information not yet being a reality.
While recent advertising for nominations for the position of Information Regulator in terms of the Protection of Personal Information Act are encouraging, it must be recognised that data protection South Africa is nothing more than a piece of paper. Until we, as citizens, are properly protected the potential for overzealous law enforcement, without regard to these rights, exists.
It is sincerely hoped that the political will to achieve the appropriate balance between privacy and the powers of law enforcement agencies will be demonstrated by government before the proposed Bill is enacted.
A further aspect of cybersecurity which was absent to the point of being ignored in initial drafts of the legislation is the universally accepted principle that cybersecurity is dependent upon public/private partnerships. Unlike days of old where theatres of war were typically defined geographically and defence was the sole prerogative of security forces, cybercrime and cyber warfare know no borders and much of the infrastructure that will be used for the perpetration of cybercrime and the waging of cyberwar is not in the control of government but is owned and controlled by the private sector. It is not only a glaring deficiency but also extremely concerning that those responsible for the draft legislation appear to have ignored this principle and have instead adopted a rather dictatorial approach relating to the relationship between the public and private sectors. This will simply not work and it is a highly presumptuous attitude given the patent cybersecurity failures of government going back to at least 2002.
At this stage my consideration of the proposed legislation has by circumstances been confined to a cursory reading of the documents published for comment. I will, over the course of following months, analyse the proposed legislation more carefully, where necessary consult with experts in particular areas and provide a more in-depth analysis and comment on the proposed legislation. Should you wish to be part of the dialog in providing comment on the legislation, please will you provide your contact detail to Denise Jacobs at email@example.com and they will be included in a separate database dealing solely with this proposed legislation.
©Mark Heyink 2015