There are many things wrong with South Africa but our Constitution remains something to be proud of. With the computer age and especially the Internet, instant communication has embarrassed governments and politicians the world over. Has that has prompted the draconian Cybercrimes Bill published for comment during August 2015? The National Cybersecurity Policy Framework approved during 2012 and kept secret until 4 December 2015 repeatedly claims that the state’s cybercrimes policy is aimed at achieving an outcome in which "All people in South Africa and feel safe". The reality is that anyone who reads this bill feels far from safe.
Submissions responding to the bill have many of the same criticisms of it. It is far too widely framed. It goes far beyond what is necessary even to protect us against terrorism. In doing so, it disregards constitutional rights, especially the rights to freedom of expression and privacy. It doesn't even take the same unsatisfactory precautions which exist in other invasive legislation such as RICA to protect privacy and guard against the overzealous use by the state of the enormous powers given to it by the bill. In trying to cover everything from cyberterrorism to copyright theft, the bill uses powers which might be appropriate when investigating and enforcing terrorism in relation to a host of computer-related crimes which have nothing to do with terrorism such as copyright theft. It duplicates existing law and by stating that the crimes it creates do not affect criminal liability under any other law, it creates multiple offences for the same conduct. Apparently intended to improve, consolidate and tidy up the law relating to cyberspace, the bill creates a muddle of “new” crimes by adding to the statute book “cybercrimes” which are exactly the same as existing crimes except that they are committed using a computer device.
As many submissions point out, the definitions in the bill, including that of a computer device are so wide that they include any computerized equipment. Your cell phone is a computer device subject to the bill and the bill is so widely framed that sending a irritated message to a friend saying that you hate men or women (whichever applies to you) might make you guilty of hate speech.
The bill gives the state, controlled by a committee run by the Director-General of State Security, the power to declare any computer network on which any "critical data" is stored (and this includes any trade secrets, financial institution records and commercial information which could help or hinder anyone) to be a National Critical Information Infrastructure. That then gives the state a host of rights in relation to that system, including access to that system, an annual audit of that system ultimate controlled by State Security, the right to impose minimum security standards on it, how it must store and archive information.
As if all that isn't scary enough, the bill allows the powers that be the right to appoint investigators who are not members of any “law-enforcement agency" to participate in the investigation of cybercrimes including having access to information obtained in any search or seizure exercise. These investigators may not be employees of the state and may not have been properly checked out, including subjected to security clearances. Not only do these investigators have access to the information, section 38 of the bill allows the disclosure of any information obtained by exercising powers in terms of the bill "if it is information which is required in terms of any law or as evidence in any court of law" or for the institution of criminal proceedings or a criminal investigation. This means that the information can be disclosed to any regulatory authority such as the Competition Commission, SARS or Customs officials, if any of the information may in any way relate to a possible investigation or be "required in terms of any law or as evidence" (whatever that means in real terms). So what does that mean in practical terms? If your bank records are seized during an unrelated investigation they could end up being freely disclosed to any regulatory authority. And how do you feel about this happening to your private and commercial information in circumstances where stories about state corruption make the headlines almost every day?
In a country which has prided itself on staunchly defending hard-fought constitutional freedoms, the Cybercrimes Bill is a disgrace.