Durban - The government has tabled a draft law to stock its armoury against cybercrime, that carries penalties of up to 10 years (and/or R10 million) for certain acts.
The 128-page Department of Justice bill creates a virtual police flying squad – similar to the FBI team in the hit TV series CSI Cyber – who are on 24/7 duty.
It also starts a national cybercrime centre at the SAPS, a “cyber-command” at the SA National Defence Force to prepare for cyberwar, and a cybersecurity hub at the Department of Telecommunications and Postal Services.
The Cybercrimes and Cybersecurity Bill, published on Friday for public comment, consolidates and overtakes about 15 existing laws, targeting a spray of crimes, including: phishing, illegal interception, dumpster diving, theft and online buying of personal information, hacking, and use of malware like viruses, worms, logic bombs or trojan horses.
“It is estimated that cyber-related offences are escalating and currently exceed a value of R1 billion annually,” the Justice Department said.
This law was aimed at protecting individuals, business and the government, it said. It addressed search and seizure over cybercrimes, international co-operation, and the building of structures to deal with cybersecurity.
“In 2011 more than one-third of the world’s population had access to the internet,” the department said.
“It is estimated that mobile broadband subscriptions will approach 70% of the world’s population by 2017.
“... In the future, hyper-connected society, it is hard to imagine a cybercrime or perhaps any crime, that does not involve electronic evidence linked with internet protocol activity.
“Both individuals and organised criminal groups exploit new criminal opportunities, driven by profit and personal gain,” it said, noting that cybercriminals no longer needed complex skills or techniques.
The bill gives the state security minister the power to determine what should be regarded and protected as “national critical information”.
Inclusion is possible, if it appears to the minister such information is of such “strategic nature” that any interferences, loss, damage, immobilisation or disruption may:
- Prejudice the security, defence, law enforcement or international relations of South Africa.
- Prejudice the health and safety of the public.
- Interfere or disrupt any essential service.
- Cause any major economic loss.
- Destabilise the economy of South Africa.
- Create a public emergency situation.
Other provisions of the bill require the various security ministers to establish a host of cyberspace-related structures.
A “cybersecurity centre” will be established under the auspices of the state security minister, a “national cybercrime centre” by the national police commissioner, and the defence minister is directed to establish a “cybercommand” as part of military intelligence.
The telecommunications and postal services minister must establish a “cybersecurity hub” to sign service level agreements with all private and public institutions.
Among this hub’s functions is to co-ordinate “general cybersecurity activities in the private sector”, obtain their compliance and to trigger incident response teams to be established by each sector.
The bill allows for fines of up to R10m, and/or 10 years’ jail, to be imposed in the event of a guilty verdict for unlawfully accessing or intercepting “national critical information infrastructure” and “critical data”.
Critical data is described as information that is “of importance for the protection of security, defence and international relations” of South Africa, “the enforcement of a law” and “the protection of public safety” in the country, and information relating to a confidential source in the enforcement of a criminal law.
Critical data also includes trade secrets and commercial information which would give undue advantage and financial institutions’ records.
Fines of up to R5m and/or five years’ imprisonment can be imposed for anyone found guilty of using illegally obtained personal or financial information of another person in the commission of a crime.
The bill has been published on the Justice Department’s website.
The deadline for public comment is November 30.
Daily News