Today is your last chance to voice your opinions, suggestions and/or objections on South Africa’s rather controversial Cybercrimes and Cybersecurity Bill, as the deadline for public comments and submissions is today.
Published at the end of August this year, the draft Cybercrimes and Cybersecurity Bill aims to “put in place measures to effectively deal with cybercrimes and address aspects relating to cybersecurity”, according to the government.
But the Bill has been widely criticised for being too vague in parts, and overly draconian in others. Jane Duncan, Professor of Journalism at the University of Johannesburg and an outspoken advocate of media freedom gave htxt.africa an interesting analysis of the Bill, which can be read here in detail.
The Bill aims to make the internet a safer place for everybody who makes use of it, and while R2K isn’t against that principle, there are a number of points that it doesn’t agree with – and calls for government to rethink.
“While R2K does not contest the need for policy that regulates and combats legitimate and malicious cybercrimes, this draft Bill fundamentally threatens the democratic character of the internet. We do not believe it can be tweaked or salvaged – it should be withdrawn and redrafted in its entirety,” it explains.
The organisation says that at the heart of its objection to the bill is that “it hands stewardship of the internet to the Ministry of State Security. The past few years have seen cybersecurity policy wrested from the organs of state responsible for promoting access to communication systems (the former Ministry of Communications), and handed to the Ministry of State Security. This is quite simply, a task for which the State Security structures are an inappropriate guardian.”
As with Duncan’s initial analysis, R2K says that many of the problems in the draft Bill are that it is poorly defined and overbroad in its extension of powers. Almost any government data could become protected by the Bill, turning it into a tool to use against whistleblowers.
The Open Web Application Security Project’s (OWASP) Cape Town branch has also submitted comment, and its extensive document contains a large number of points that it wants to have clarified, changed or better defined. As with R2K, it says that it will begin a campaign to oppose the Bill now that public comments are closed.
Among other clauses, OWASP cites one section as problematic that deals with “Unlawful acts in respect of software or hardware tools” – which includes software or hardware that could be used to commit a crime, such as malware.
According to OWASP, that doesn’t bode very well for open-source software and researchers in the online security cluster.
“This section is exceptionally inaccurate and does not consider the implications of open source software models. Additionally, obtaining/possessing and use of software does not constitute unlawful intent. The user could merely acquire software for research and analysis. For example, a white hat researcher who is in possession of malware samples or source code for the purpose of research,” it explains.
The Bill is controversial, and relevant government departments can expect some heavy push-back as a result. Once the public consultation has concluded, the comments should be made accessible to all.
Yo’ll have to hurry, but there is still some time to submit your comments by writing to the Department of Justice and Constitutional Development at [email protected] Or, if you prefer, you can fax it to (012) 406 4632.[Image – CC by 2.0/Brian Klug]