The Cybercrimes and Cybersecurity Bill is in the process of being enacted. We have summarised the 2017 version to help you understand what the current position is. This article is a summary of the 2015 Cybercrimes Bill.
The 2015 Cybercrimes Bill created many new offences (about 50). Some are related to data, messages, computers, and networks. For example:
- using personal information or financial information to commit an offence,
- unlawful interception of data,
- computer related forgery and uttering,
- extortion or terrorist activity.
The penalties ranged from one year to ten years imprisonment or R 1million to R 10million. So, R1million for each year in jail. Lots of penalties are either R 5million or five year, or R 10million or ten years.
The CAC Bill gives the South African courts jurisdiction to try these offences is some cases where there is uncertainty.
The 2015 Cybercrimes Bill gave the South African Police Service and the State Security Agency (and their members and investigators) extensive powers to investigate, search, access and seize just about anything (like a computer, database or network) wherever it might be located, provided they have a search warrant. Foreign states and South Africa will co-operate to investigate cybercrimes.
To deal with cybercrime, the Minister of Police must establish and operate a:
- 24/7 Point of Contact center for cyber crimes and appoint a Director of it, and
- National Cybercrime Centre and appoint a Director of it.
To improve Cyber Security, the 2015 Cybercrimes Bill creates a Cyber Response Committee made up of about 13 people. The chairperson will be the Director-General: State Security. The Minister of State Security must establish and operate:
- a Cyber Security Centre and appoint someone from the State Security Agency as its Director, and
- one or more Government Security Incident Response Teams and appoint someone from the State Security Agency as the head of each one.
The Minister of Defence must establish and operate a Cyber Command and appoint someone as the General Officer Commanding.
- establish and operate a Cyber Security Hub and appoint a Director of it, and
- make different sectors which provide an electronic communications service establish and operate (at their cost) Private Sector Security Incident Response Teams.
Critical Information and Electronic Communication Service Providers
The CaC Bill aims to identify, declare and protect National Critical Information Infrastructures, like the Department of Home Affairs database. The 2015 Cybercrimes Bill created a National Critical Information Infrastructure Fund to be used to manage disasters. There are various obligations on the owner of (or person in control of) a National Critical Information Infrastructure.
The CAC Bill helps people to admit evidence of cybercrimes.
An ECSP must:
- inform its client of cybercrime trends,
- enable clients to report cybercrimes to it,
- tell clients how to protect themselves.
An ECSP must:
- immediately report offences to the National Cybercrime Centre,
- preserve any information that relates to it.
If an ECSP doesn’t it was liable on conviction to a fine of R10 000 for each day on which such failure to comply continues.