The Cybercrime Bill is a bill (draft law) that has been published for comment. Its full name is the Cybercrimes and Cybersecurity Bill. The Cybercrime Bill is necessary, but not in its current form. We need to protect the people of South Africa and the country from harm. But the Cybercrime Bill has a serious impact on many important things, like:
- The processing of Data
- The Freedom of the Media
- Free Speech
- Electronic Communications Service Providers (ECSP)
- Anyone whose IT infrastructure gets declared a Critical Information Infrastructure (CII)
- Internet users
- Journalists and whistleblowers
- The Judiciary
- IT professionals
- Civil Rights Groups
Most of the sections in the Cybercrime Bill are defined too broadly. For example, the definition of an ECSP is so broad that it could include regular internet users like you and me. If we do not comply with our obligations as ECSPs, we could pay R10 000 for each day we fail to do not comply.
The Cybercrimes bill also gives authorities extensive powers of investigation, access, search, or seizure.
The Cybercrimes Bill is 128 pages of new offences, new structures, and new obligations for stakeholders. The Bill also overlaps with many existing laws with a focus on the cyber aspects of many existing crimes. Various new structures will need to be created by the bill to deal with cybersecurity. Each structure has a person in charge of it and is overseen by a Cabinet member for example, most of the new structures answer to the Minister of State Security. There is a lot of interplay between the structures as many of them must co-ordinate their activities with the other structures as well. This can create an unnecessarily complex and confusing system where their activities overlap.
With these newly created structures, it is unclear where the funding for them will come from or whether we need any of them at all.
The Cybercrimes Bill overlaps with many existing laws
The Cybercrime Bill is badly drafted. Its sections are not in plain, simple and easy to understand language.
- There are many references to other parts of the Bill which creates confusion.
- The sentences are poorly worded, too long and unclear.
Freedom of expression
Freedom of expression is a big concern in the Cybercrimes Bill. Criminal offences are also broadly-defined in the bill, and this has huge implications for freedom of expression. For example, if you do anything with State information that is classified as ‘secret’, you could go to jail for 10 years without the possibility of even a fine. So a journalist who possesses State secret information to write an exposé would probably be committing an offence. The same goes for whistleblowers as the bill does not have a public interest defence, or any journalistic exclusions. These exclusions are necessary to promote freedom of expression and should have been included in the bill.
Another example is found in section 17. If you disseminate a data message that promotes or incites hate, discrimination or violence against a person, you are guilty of an offence. On the face of it, this seems a necessary thing to criminalise. However, in the current social media age, many links, video, or articles are shared online to raise awareness or comment on an issue. They are not shared to incite violence or hate. So if the Cybercrimes bill was law today, all of these acts would be crimes and you could go to jail for 2 years for it. Sections like this illustrate the tension between protecting freedom of expression and national security concerns.
Do we need the Cybercrime Bill?
Yes, we do need to protect our country against cybercrimes and other cyber threats, but the bill in its current state would cause more harm and complicate the matter more than it needs to. The bill must strike the correct balance, and not prioritise national security over an individual’s rights.
Find out more about the Cybercrime Bill
If you want a more in-depth analysis of it, you can read more about the Cybercrimes and Cybersecurity Bill.