Under the Cybercrimes Act, which President Cyril Ramaphosa signed into law on Tuesday, Internet service providers (ISPs) in South Africa must now report their clients if they commit any cybercrime using their networks.
This includes unlawfully downloading copyrighted content, according to Fatima Kader, a director in Cliffe Dekker Hofmeyr’s technology, media and telecommunications practice.
Kader previously explained the new law places an obligation on network operators, service providers, and financial institutions to report any cybercrimes that are committed over their networks to the police.
This must be done “without undue delay and, where feasible, not later than 72 hours after having become aware of the offence”.
Should a network operator fail to report the offence, they may be given a fine of up to R50,000.
The Cybercrimes Act also explicitly states that theft of non-physical or virtual property must be treated the same as theft of physical property.
“The common law offence of theft must be interpreted so as not to exclude the theft of incorporeal property,” Section 12 of the Cybercrimes Act reads.
Kader argued that when these two sections of the new law are read together, it makes ISPs responsible for reporting any piracy they detect on their networks to the police.
In addition, ISPs are compelled to preserve any information which may help the South African Police Service in investigating the offence.
While the Cybercrimes Act makes provision for sentences of up to 15 years in jail, for an offence involving theft of incorporeal property the sentence will be in-line with common law theft.
However, it directs courts to consider several aggravating factors when a person is convicted of a theft perpetrated electronically.
Without excluding other relevant factors, these aggravating circumstances which must be taken into account are:
- The fact that the offence was committed by electronic means.
- The extent of the prejudice and loss suffered by the complainant or any other person.
- The extent to which the person gained financially, or received any favour, benefit, reward, compensation or any other advantage from the commission of the offence.
- Whether the offence was committed in concert with one or more persons.
ISPs dispute requirement of Cybercrimes Act to report clients
The Internet Service Providers’ Association of South Africa (ISPA) has stated that ISPs cannot be put under any obligation to monitor the traffic of their subscribers, otherwise they would violate the Electronic Communications Act.
“ISPA does not believe that this is a correct interpretation of the Bill as it currently stands: rather it is an explicit provision of the Electronic Communications Act that ISPs are under no general obligation to monitor electronic communications conveyed over or stored on their networks — and they may be liable of a criminal offence if they do,” the organisation argued.
However, another legal opinion is that although ISPs may not monitor the traffic of their clients, should they become aware through different means of copyright infringement being done on their network, they will need to report it to the police and preserve any evidence which may help the investigating officer.