Increased focus is vital after splitting of cybercrimes bill
Disregard for civil liberties characterised certain cybersecurity provisions before the amendment
A revised version of the Cybercrimes Bill was tabled before parliament in October. The most obvious change is that the cybersecurity section of what was previously the Cybercrimes and Cybersecurity Bill has been split from the provisions addressing cybercrime.
As legislation addressing the scourge of cybercrime is long overdue this development is to be welcomed. Hopefully the splitting of the bill will allow for greater focus to be placed on cybercrime without having to deal with the disregard for civil liberties that was a feature of certain of the cybersecurity provisions in the bill before its amendment.
As long ago as February 2015 the drafters and deputy justice and constitutional development minister were strongly urged to separate cybercrimes and cybersecurity. Even at that time, apparently, the zenith of state capture and plunder of SA’s resources by members of the Gupta-Zuma cabal, it was clear that the same granting of unfettered powers to national security and law enforcement that made the Secrecy Bill so objectionable it would hamstring consultation, debate and promulgation of appropriate cybercrime legislation. It has taken the powers that be four years of valuable time and untold more victims of cybercrime to come to their senses.
Welcoming the splitting of the bill should not suggest that cybersecurity is any less urgent an issue. On the contrary, SA citizens are the second-most targeted victims of cybercrime globally, and their protection demands meaningful attention without further delay. Hopefully the governing ANC party will see the need to remove those in the security cluster who are deeply discredited by recent events and appoint people whose priority is not to control information without any accountability for the benefit of a few, to the detriment of the civil liberties of South Africans.
While issues of cybersecurity are another debate and one that requires urgent and thorough attention, the influence of the justice, crime prevention and security cluster on the cybercrimes provisions of the bill should not be ignored. Many issues still require proper consideration, but I highlight the issue of the standard operating procedures that are contemplated to govern the conduct of the SA Police Service (SAPS) and others in the investigation and prosecution of cybercrime.
The bill makes provision for the police minister, in consultation with others and following public consultation, to publish standard operating procedures within six months. These are to be observed by the SAPS and others in the investigation of an offence or suspected offence. That clear direction is urgently required and it will be attested to by many lawyers and information security practitioners who have experienced or witnessed the disregard by the SAPS for internationally recognised principles governing cyber-investigation, to ensure that evidence is not contaminated and that the civil liberties of the subjects of these investigations are respected.
This issue was raised in a comment placed before the parliamentary portfolio committee that gave the graphic example of the injustice and disregard for citizens’ rights in the case of Graeme Eatwell. In that matter the SAPS relied on the false evidence of a so-called expert in unlawfully seizing the computer equipment of Eatwell and third parties, and arresting Eatwell. Since then no fewer than seven of SA’s top digital forensic experts have characterised the evidence of the self-proclaimed expert upon whose testimony these injustices were founded as untrue and unreliable.
Two issues present themselves relating to the standard operating procedures in the bill. Regarding the issue of whether standard operating procedures have legal standing, regulations certainly do but can the police minister make law? What weight will public opinion and comment have on what may appear to be arbitrary decisions by the minister in developing the SAPS?
Regarding the issue of why the standard operating procedures contemplated are not being made public for scrutiny at this time, I have it on excellent authority that they were close to finalisation almost a year ago. One must assume unless there has been a dereliction of duty by the police minister they have in fact been finalised.
In a public address on September 28 at the function marking International Right to Know Day, the deputy minister waxed lyrical about the importance of access to information and transparency in a democratic society. In stark contrast to this the drafters of the bill and others who act under the authority of the deputy minister with regard to the bill perpetuate the cloak-and-dagger behaviour and lack of transparency and accountability that have characterised state capture and the irreparable harm that it has done to SA.
• Heyink, an information attorney, is director of Information Governance Consulting.