What you need to know about So

Photo by Taskin Ashiq on Unsplash

What you need to know about South Africa’s incoming cybercrimes law

New laws to combat cyber fraud, forgery and extortion.

What you need to know about So

Photo by Taskin Ashiq on Unsplash

Important and far-reaching legislation to fight electronic and online crime in South Africa is currently serving before Parliament’s Select Committee on Security and Justice and could be on the law book by early next year.

If and when adopted, the Cybercrimes and Cyber security Bill will have an impact on every computer user in South Africa, and serious consequences for those who do not abide by it.

The Cybercrimes and Cyber security Bill

Any unlawful and intentional access to a computer or computer system (meaning access without specific authorisation or without it being defined in your job description) will carry a sanction of a fine, or a jail sentence of up to five years, or both.

The same sentence options will be applicable to anyone who unlawfully and intentionally secures access to data, uses or alters data without authorisation, deletes or uses data unlawfully, copies a computer programme or data without authorisation, stores data illegitimately or unlawfully communicates with a computer system.

Hackers are also targeted by the legislation. Anyone who unlawfully and intentionally overcomes any protection measure which is intended to prevent access to data and acquires data, within or which is transmitted to and from a computer system is guilty of an offence. This includes using, examining, capturing, moving, copying or diverting data, and carries penalties of ten years’ jail time or a fine or both.

Illegal possession of software or hardware tools to gain access to data illegally, interference to delete or alter data, interference with a computer programme or render it vulnerable or ineffective, to obstruct, interrupt or interfere with lawful use of a computer programme or to deny access to data or a computer programme will likewise be punishable by a jail term of ten years or a fine or both.

Anyone who unlawfully and intentionally acquires, possesses or uses a password (including for instance a pin, access card or biometric data) or provides it to another person can be sentenced to up to ten years in jail, fined, or both.

To combat cyber fraud, forgery and extortion

The legislation specifically refers to three delineated crimes namely cyber fraud, cyber forgery and cyber extortion.

Cyber fraud is the use of misrepresentation to defraud, prejudice or potentially prejudice another person. Cyber forgery is the creation of false information or identities to commit cyber fraud. Cyber extortion is the use of cyber information which was acquired unlawfully to gain advantage over another person.

The sanctions are similar to the existing fines and/or jail terms for fraud, forgery and extortion.

For all these transgressions, aggravating circumstances are added if it involves data or a computer system which has been declared confidential or secret by the state. The sanction under such aggravated circumstances is a jail term of up to 15 years or a fine or both.

Anyone who assists with or is an accomplice to any of these transgressions, or who steals any data or computer programmes, is guilty of theft.

The bill includes strong measures against malicious and harmful cyber communication. This includes making available, broadcasting or distributing any information which incites hate, violence or damage to property and intimidating anyone. Revenge porn is also outlawed. Each of these transgressions carries sanction of fines and/or up to three years in jail.

Once it becomes law, its stipulations will be applicable to any actions in South Africa, or any actions worldwide by South Africans and those with permanent South African residency.

Furthermore, the bill contains detailed clauses dealing with the investigation of cybercrimes, including rules for search and seizure operations, intercepting of data by the state and preservation of data. The way in which local and international authorities must cooperate to investigate cybercrime is set out in detail.

The bill stipulates how electronic service providers must cooperate with the authorities to combat cybercrime.

Cyber security in the civil service will be accommodated by the creation of a Cyber Response Committee, and the state must secure critical information infrastructure in the same way it secures and maintains national key points.