Out-Law News 1 min. read

South Africa cybersecurity bill set to ‘expand jurisdiction beyond national borders’


South Africa’s government has said it will lodge a proposed Cybercrime and Cybersecurity Bill with parliament “in the next few weeks” that will include measures to tackle illicit activities include fraud committed beyond the country’s physical borders.

“Offences provided for in the bill aim to protect the confidentiality, integrity and availability of computer data and systems by means of the offences of unlawful access, interception of protected data, malware-related offences, interference with data and computer systems and password-related offences,” the government said in a statement.

Deputy Minister of Justice and Constitutional Development John Jeffery said on 19 January the bill aims to “criminalise cyber-facilitated offences by means of the offences of fraud, forgery, uttering and extortion, which were adopted specifically for the cyber environment”.

Jeffery said: “Jurisdiction in respect of all offences which can be committed in cyberspace is expanded substantially in terms of the bill, mainly to deal with cybercrime which originates from outside our borders.”

“Since many cybercrimes originate from another country, the bill further provides for procedures which facilitate mutual assistance with other countries in the investigation of cybercrimes,” Jeffery said.

If enacted, the bill would make “data messages” a criminal offence if they are found to incite “the causing of any damage to any property belonging to, or violence against a person or a group of persons, which is harmful, intimate in nature and distributed without the consent of the person involved”.

However, Jeffery said there were “misconceptions surrounding the role of the State Security Agency” – which has been given responsibility to “coordinate the implementation of the cybersecurity initiative”.

Jeffery said: “The additional structures which need to be established within the State Security Agency do not give any powers to the agency to control the internet… In order to prove an offence in a court of law, data must be seized as evidence material. If the state cannot seize evidential material to adduce as evidence, it is impossible to prove the guilt of an accused person.”

The Africa-based Institute for Security Studies warned in 2014 that cyber crime had become “a significant problem in South Africa” and called for policymakers to “develop a cogent and multilayered response to cybercrime”.

South Africa’s National Cybersecurity Policy Framework (30-page / 1.50 MB PDF) released by the State Security Agency in December 2015, said: “South Africa like many other countries has become dependent on the internet to govern, to conduct business and for other social purposes. The internet has become indispensable to many South Africans and will continue to be, as more people access the information highway.”

“Taking into consideration the increase in national and international bandwidth in South Africa, cybercrimes and threats are and will continue to increase,” the document said. “These cybercrimes and threats have the potential to impact on our national security and economy. Currently there are various pieces of legislation, some with overlapping mandates administered by different government departments and whose implementation is not coordinated.”

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.