The South African Cybercrimes Bill is about to be enacted (i.e. turned into an Act and binding law), after having been tabled in Parliament more than 3 years ago. As cybercrimes are on the rise globally, the South African Cybercrimes Bill was tabled in Parliament as a reaction to this rise in cybercrimes.
Deputy Justice Minister John Jeffrey has explained Parliament’s logic in adopting the Bill:
The problems with cybercrime in South Africa; that it is a huge problem that we need legislation to comprehensively deal with it because the current legislation is not advanced enough, and that the cyber world is something we’re involved in.
What Are Cybercrimes?
The South African Cybercrimes Bill lists a few instances where certain actions or failure to act will be considered to be cybercrimes. For instance, the Bill makes mention of cybercrimes like “unlawfully acquiring data“, “unlawful acts involving software or tools“, etc.
The Bill makes various acts and omissions now unlawful and punishable by law, like hacking, revenge porn, cyber blackmail and extortion, online identity theft, etc. Although many of these acts and omissions were already considered unlawful under common or other law, the new South African Cybercrimes Bill codifies these crimes, which makes them easier to identify and possibly prosecute.
What Does The Bill Do?
Firstly, the South African Cybercrimes Bill codifies the law surrounding cybercrimes in South Africa. This gives the legal system certainty in dealing with these cases as the Bill, which will be enacted, serves to provide guidance and remedies when it comes to cybercrimes in South Africa.
Furthermore, the Bill is procedural and substantive in nature. The Bill provides substantive guidance to persons, the state and businesses on the do’s and don’t’s relating to cybercrimes. In Chapter 2 of the current version of the Bill, various offences are listed as cybercrimes. Chapter 3 deals with “malicious communications“, which could include threatening messages, cyberbullying and revenge porn.
The Bill goes on to provide procedural remedies for when cybercrimes have allegedly been committed. Various sections (Chapter 2, Sections 16, 17,18, 22, ) of the South African Cybercrimes Bill currently list appropriate penalties for those convicted of cybercrimes. Some of the penalties include, but are not limited to, jail time for up to 15 years and penalties. I’m just going to repeat that for you – 15 years in jail.
The Bill also gives various bodies, like the police, or the NPA, the ability to search, seize and investigate property and person who are suspected of committing crimes in terms of the Bill. For instance, Chapter 7 of the Bill in its current state, provides that a 12/7 “Point of Contact” needs to be established by Parliament to assist in preventing, investigating, and prosecuting of cybercrimes in South Africa.
The Bill goes on to place certain obligations on financial and data collection institutions when it comes to the alleged commission of cybercrimes in South Africa. Chapter 8 of the South African Cybercrimes Bill deals with the submission of evidence relating to the commission of cybercrimes.
The purpose of the South African Cybercrimes Bill is laid out in its preamble as:
- To create offences and impose penalties which have a bearing on cybercrime;
- to criminalise the distribution of data messages which is harmful and to provide for interim protection orders;
- to further regulate jurisdiction in respect of cybercrimes; to further regulate the powers to investigate cybercrimes;
- to further regulate aspects relating to mutual assistance in respect of the investigation of cybercrime;
- to provide for the establishment of a 24/7 Point of Contact;
- to further provide for the proof of certain facts by affidavit;
- to impose obligations on electronic communications service providers and financial institutions to assist in the investigation of cybercrimes and to report cybercrimes;
- to provide for the establishment of structures to promote cybersecurity and capacity building;
- to regulate the identification and declaration of critical information infrastructures and measures to protect critical information infrastructures;
- to provide that the Executive may enter into agreements with foreign States to promote cybersecurity;
- to delete and amend provisions of certain laws; and to provide for matters connected therewith.
It’s been a long road for the South African Cybercrimes Bill. It was first tabled in Parliament back in 2015. Now, the Bill has finally been passed and is in the process of being enacted. Once promulgated (basically signed) by the President, the Act will form part of South African legislative law and will hopefully assist in bringing justice to cybercriminals and provide protection to individuals and institutions online.