The new cybercrimes bill is flawed, too broad and brings the country one step closer to the securitisation of the internet, the Right2Know Campaign (R2K) has said.
It was basically the secrecy bill of the internet as it stood now and handed the keys of the internet to the state security ministry, R2K said.
Public comments on the draft cybercrimes and cybersecurity bill, which was gazetted earlier this year by the justice department, closed on Monday November 30 and, so far, it has not been well received.
The bill seeks to create offences and impose penalties on cybercrime.
It also seeks to impose obligations on electronic communication service providers regarding aspects which may have an impact on cyber security.
R2K Media Freedom and Diversity Organiser, Micah Reddy, told News24 on Thursday that the bill was too broad in its current form and that a lot of it undermined privacy.
Should it come into law, it would also be bad news for investigative journalists as it not only penalised those who leaked classified documents, but also those in possession of it, he said.
In their submission to the department against the bill, the group said penalties ranged from a maximum of five to 15 years in jail, depending on whether the information was classified confidential, secret or top secret.
“There is no public interest defence and no whistleblower protection. Even the limited and flawed exemptions contained in the protection of state information bill are missing.
“Effectively, even more so than the secrecy bill, the draft cybercrimes bill cannot tell the difference between an act of espionage and an act of journalism.”
The rights group this week said they believed the bill was fatally flawed and should be scrapped it its entirety.
Will ‘criminalise a range of lawful activities’
Under the bill, creating, selling, purchasing, possessing or using malware for the purposes of causing damage to data would be illegal.
The possession of unauthorised passwords would also be illegal.
In their submission against the draft bill, R2K said it created a regime that was so broad and overarching that almost all possible crimes that could exist on the internet were dealt with by using the same set of tools.
“From the risk of terrorist cyber attacks to the imagined crimes of an ordinary Facebook or BBM user. In attempting to police practically all of the internet, the bill hands wide-ranging powers to state-security structures to secure vast parts of the internet as assets of state-security, rather than common spaces for the good of all.
R2K said the bill also put in place new offences which were open to abuse.
“These would criminalise a range of lawful activities and place dangerous penalties on freedom of expression and access to information, while also giving the state new invasive surveillance powers, with little protection for ordinary people’s privacy.”
In September, the Electronic Frontier Foundation also raised concerns about a clause in the bill that would essentially criminalise any infringement of copyright.
This would carry a penalty of up to three years in jail.
“The drafters of this South African bill need to take it down a notch. The right place for copyright enforcement measures is not in cybercrime law, it’s in the copyright law – which is already under review,” the group said.