State 'not seeking surveillance' with cybersecurity bill

19 January 2017

Johannesburg -The Cabinet-approved cybercrimes and cybersecurity bill’s final draft will not give any power for the State Security Agency (SSA) to control the internet or spy on local users.

This is according to the Justice and Constitutional Development Department which on Thursday held a media briefing on the bill, which is expected to be tabled in Parliament in coming weeks after receiving Cabinet approval.

“There are misconceptions around the interception of data and allegations of the bill increasing the state’s surveillance powers," deputy minister of justice and constitutional development, John Jeffery said at a media briefing on the bill in Pretoria.

"It is incorrect to equate search and seizure under clause 27 of the bill as an extension of surveillance powers.

“Data is merely a means to commit offences such as fraud, damage of programmes and computer systems, extortion, forgery and uttering. It can also be used to commit murder by remotely switching of a respiratory system or terrorism by overloading the centrifuges of a nuclear station or remotely opening the sluices of a dam which causes large scale flooding,” Jeffery added.

As part of the final draft of the bill, it says that to prove an offence in a court of law, data must be seized as evidential material.

If the state cannot seize evidential material to adduce as evidence, it is impossible to prove the guilt of an accused person.

Jeffery said that serious cyber offences have been committed since the enactment of the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA).

“Amendments which the bill aims to effect to the RICA fall within the general principles which were put in place to protect persons against unlawful interception of communications and are specifically aimed to address the increase of cybercrimes, there is thus no extension of the so-called 'surveillance powers' of the State,” he said.

The criminal procedure act is currently used to investigate cybercrimes.

Jeffrey said that data relevant to a cybercrime is seized in terms of a warrant issued in terms of section 21 of the criminal procedure act and not through RICA.

Late last year, the likes of the Right2Know (R2K) campaign and the Committee to Protect Journalists (CPJ) raised concerns about the draft bill's potential impact on the free flow of information online and the possession of classified state security information.

But the final draft of the bill says that journalists and whistle-blowers will now be protected by the protected disclosures act. Previous versions of the bill stated a person who did anything with state information that was classified as secret could go to jail for 10 years without the possibility of a fine.

Sarel Robertse, main technical drafter of the bill, said that the publishing of information of public interest, by a journalist or whistle-blower was subject to other legislation which would exonerate a person.

The bill will be introduced to parliament within the next few weeks.

This article first appeared on Fin24, see here.