The Select Committee on Security and Justice has invited comments on the incoming Cybercrimes Bill.
BusinessTech reported that the latest version of the Cybercrimes Bill differs “quite substantially” from previous versions.
The report quoted Fatima Ameer-Mia, a senior associate at Cliffe Dekker Hofmeyr, who said the bill was divided into two parts: cybercrimes and cybersecurity.
“The cyber crimes section, bar a few criticisms, was lauded. However, it was the proposed cybersecurity section which raised very serious concerns about the government’s encroachment on freedom of expression and freedom of the Internet.”
The Portfolio Committee on Justice and Correctional Services has decided to “strip out all clauses in the bill pertaining to cybersecurity”, and to proceed only with cyber-related crimes.
According to Ameer-Mia, the new bill now deals with offences relating to cybercrimes, seizure and access, evidence gathering, and reporting obligations and penalties, among other aspects.
Key clauses in the bill include.
- New offences – Includes the distribution of a data message of an intimate image, the infringement of copyright by peer-to-peer sharing, and sending hate speech messages.
- Jurisdiction – South African courts will have extraterritorial jurisdiction, even when certain offences are committed outside of South Africa.
- Prison time – Provisions which provide for a maximum penalty of up to 15 years imprisonment.
- Obligations – Electronic communications service providers and financial institutions must report offences they become aware of within 72 hours.
Copyright and piracy
Ameer-Mia said that the new bill has been structured to primarily focus on cybercrimes and that when it comes to copyright infringement, there is an obligation on electronic communications service providers to report offences.
The copyright infringement is covered in the bill under the theft of incorporeal property – which is effectively piracy, she said.
“It is unlikely that these companies would proactively hand over information, but if a cybercrime or one of these offences become public then I think for reputational reasons they will have to comply.”
“Once they become aware of it then they have a duty to report it to the SAPS and have a duty to preserve any information which may be of assistance to the law enforcement agencies in investigating the offence,” she said.
“This reporting must be done without undue delay and, where feasible, not later than 72 hours after they become aware of the offence”.