APC's Written Submission on the South Africa Cybercrimes and Cybersecurity Bill

Publication date: 
December 2015
Author: 
APC
Publisher: 
APC

Written Submission by the Association for Progressive Communications (APC) on the Cybercrimes and Cybersecurity Bill. Draft for public comment

1. The Association for Progressive Communications (APC), established in 1990, is an international network of civil society organisations dedicated to empowering and supporting groups and individuals working for peace, human rights, development and protection of the environment, through the strategic use of information and communication technologies (ICTs), including the internet. APC has 70 members in 46 countries, the majority from the developing world. APC’s chief operating office is in South Africa.

2. APC welcomes the invitation for public comment on the Cybercrimes and Cybersecurity Bill by the Department of Justice and Constitutional Development. We believe that this Bill has great potential to ensure that the internet becomes a safe environment for citizens to explore and use in their everyday lives and work, particularly as it relates to the safety and privacy of personal data, and in the prevention of online violence against groups such as women.

3. However, we have important reservations regarding the Bill as it now stands. To this end we endorse the submissions by the Mozilla Foundation and Media Monitoring Africa, and would like to emphasise the following reservations:

3.1. As it stands, the definitions in the Bill are far too vague and all encompassing. In many instances this is likely to impact negatively on personal and public freedoms online. In this regard we specifically refer you to the Mozilla Foundation submission.

3.2. The Bill is not framed from the perspective of public interest and therefore compromises those in possession of information or data, such as journalists, journalists’ sources, bloggers and whistleblowers, with the intention of sharing this data or publishing it to expose corruption or wrong-doing. This is likely to create a chilling environment on free expression, access to information, transparency and accountability in South Africa.

3.3. The Bill as it stands does not make sufficient distinction between unlawful intention and a lack of intention by an internet user, such as an inexperienced internet user downloading illegal malware, but being ignorant of this fact. Given the low levels of digital literacy in this country, this is an important concern. Similarly, the Bill lacks a clear perspective on the culpability of minors and the evolving capacity of minors.

3.4. Chapter 9, which deals with the obligations and liability of electronic communications service providers, does not adhere to established best practice with regard to internet intermediary liability. In that regard we wish to draw your attention to the very helpful Manila Principles. Provisions in Chapter 9 make service providers – even if somewhat indirectly – responsible for monitoring the behaviour of their clients. This could encourage service providers to violate users’ rights to privacy, and comes very close to making service providers liable for client behaviour. This is known to stifle freedom of expression and the free flow of information. Actions by service providers to monitor client behaviour and retain data about this behaviour should only take place following due process such as a court order.

3.5. The powers granted to authorities are at times problematic, in that the level of discretion granted the South African Police Service and the state’s security cluster is a concern. There is often a worrying lack of judicial oversight of the authority granted, with particular reference to Section 32.

3.6. Finally, the Bill, as a general point, does not reference other legal precedent and South African legislation sufficiently, including copyright law, the law on hate speech (Promotion of Equality and Prevention of Unfair Discrimination Act), privacy laws (the Protection of Personal Information Act), those to do with access to information (Promotion of Access to Information Act), transparency (institutions, processes and people) and accountability mechanisms. In this respect, it also does not make reference to the pending legislation on abusive content involving children.

We trust that the above concerns will be considered in the Bill’s revision.

Sincerely

Anriette Esterhuysen
APC Executive Director