By David Jenkin

There is agreement across the board that there is a need for legislation to protect South Africa’s cyber landscape. When the draft Cybercrimes and Cybersecurity Bill was published in August 2015 for public comments, it was accompanied by a statement from The Department of Justice and Constitutional Development that read, “It is estimated that cyber-related offences are escalating and currently exceed a value in excess of R1-billion annually.” It explains that the Bill aims to create safer communities by addressing shortcomings in dealing with cyber related offences through a coherent and integrated cybersecurity legislative framework.

An imperfect bill

Right2Know, the non-profit advocacy group, has written a great deal about the Bill and their concerns for the flaws they say it contains. Micah Reddy, Right2Know’s media freedom and diversity campaign co-ordinator, has said repeatedly that the Bill is too broad and effectively gives state security control over the internet.

“We are not saying there is no need for legislation dealing with cyber-crime,” he told News24 in December 2015, “There is definitely a need, as South Africa is a cyber-crime hotspot. We are not, in principle, against the legislation to curb down on cyber-crimes but it cannot in any way censor the internet. It has to be carefully designed.”

Reddy says that should it come into law, it would have dire consequences for investigative journalists who could face five to 15 years in prison for being in possession of leaked classified documents, depending on whether the information was classified as confidential, secret or top secret.

"There is no public interest defence and no whistle-blower protection. Even the limited and flawed exemptions contained in the protection of state information bill are missing,” said Reddy. He added, "Effectively, even more so than the secrecy bill, the draft Cybercrimes Bill cannot tell the difference between an act of espionage and an act of journalism."

Flaws outlined

Right2Know have summarised their written submission on the draft with a list of the “seven deadly sins” the Bill contains, published on their website (with the offending clauses specified). They are as follows:

  1. “Hands control of the internet to the Ministry of State Security. Stewardship of the internet should rest with a civilian agency with a mandate to promote freedom of and access to communications systems.”
  2. “Gives the state security structures the power to effectively declare ‘national key points’ of the internet — and potentially grants backdoor access to any network. State-security structures have the right to declare any part of the internet to be ‘National Critical Information Infrastructure’ – this could include any privately owned data, device, network or physical infrastructure or building, and all government networks, devices and infrastructure.”
  3. “Criminalises journalists and whistle-blowers by sneaking in the worst parts of the ‘Secrecy Bill’. Section 16 of the draft Bill introduces a range of offences under the banner of ‘computer-related espionage’ that are practically a copy-and-paste of the worst parts of the Protection of State Information Bill.”
  4. “Increases the state’s surveillance powers and is even more invasive than RICA. The Bill would in fact make a bad surveillance law worse, by creating a parallel procedure to run alongside RICA. This goes beyond the mere interception of communication-related data (e.g. a call or email), to apply to the interception of practically any possible data that may exist.”
  5. “Undermines South Africa’s civil liberties and particularly the constitutional right to privacy. This is contrary not only to the National Cybersecurity Policy Framework but also to global developments and the conventions to which South Africa is signed, which demand that the development of cybersecurity is balanced by privacy legislation.”
  6. “Contains 59 new criminal offences involving computer usage – many of which are so broad that they could ensnare ordinary computer users. The Bill considers suspects guilty until proven innocent.”
  7. “Contains anti-copyright provisions so harsh you could be criminalised for even posting a meme.”

Right2Know states directly after the above list their suggestions to remedy the Bill: scrap it and start again, “… this time with the proper public participation and the need to protect and preserve the democratic spirit of the internet and ordinary users’ right to privacy at the heart of any drafting.”

International criticism

The Committee to Protect Journalists (CPJ), an independent, non-profit organisation headquartered in New York City that promotes press freedom worldwide, has also weighed in, calling on the South African government to revise provisions in the Bill so as not to limit journalists’ ability to work.

In a statement dated December 2015, CPJ Africa programme coordinator Sue Valentine writes, “While we appreciate that South Africa must define and proscribe cybercrime, it must do so in line with international best practice regarding access to information and with respect to its own constitution.”

South Africa has shown a marked decline in global press freedom rankings in recent years. Freedom House, an independent watchdog organisation dedicated to the expansion of freedom and democracy around the world, gives South Africa a score of 37 (100 being the worst) and a label of ‘partly free’. In 2010, the score was 33.