Published July 2021
This article involved such a chore for me: studying law. It is essential that I study legislation related to technology, and because I do this I am able to offer an easy to digest summary of the most important points (and they are important because we are all subject to the law of this land) on the Cybercrimes Act 19 of 2020. (An Act that is somewhat blood related to POPI.)
The Act has three ‘themes’ covered in 9 chapters:
Although I have already received kick back on my opinion of this Act (which is the Act is a step in the right direction), I can appreciate that some people might feel that it may impose on their e-liberties.
With that said: ‘law’ is never written in stone. It is not a constant, not always right, and always a work in progress. I can give so many examples of how law has changed over time: what was once illegal in one year is now legal in 2021, but that would be off the point. Suffice to say, e-services have ushered in many new ways of doing things. You cannot have great advantages and no responsibilities, which is why I believe this Act is on the right path: it attempts to hold people responsible for their e-actions.
Spanner in the works.
The challenge of ‘implementation’ of the Act largely falls on the shoulders of the South African Police Service, and their knowledge (on this subject) is meagre.
SAPS are responsible for creating a 24/7 response ‘centre’ for all cybercrimes related to private and commercial matters. This is not a small task.
In addition, the cabinet minister responsible for policing needs to ensure ‘their office’ has enough trained staff and operational structures to detect, prevent and investigate cybercrimes.
Parliament expects a report each year on progress made and I am looking forward to the first report.
Objectives of the Act.
In summary: to ‘create’, ‘define’ and explain ‘e-offences’ linked to cybercrime / e-crimes. In addition, the Act explains how the powers to investigate work and how e-acts are criminalised and their severity.
In addition, it paints out the ‘dos’ and ‘don’ts’: regulation and jurisdiction of all involved and aims to iron out the process of reporting e-crimes and also dealing with foreign states. It is impossible to explain all 9 chapters in one article, but here is the elevator pitch:
Important nuggets from the Act.
The Act ‘creates’ or defines ‘new’ unlawful e-shananigans related to:
The Act empowers SAPS and its deputized / delegated ‘minions’ or officials / investigators, to enforce, investigate, search, access and seize various articles (hardware or software), such as computers, databases or even entire networks.
The Act insists (requires) that electronic communications service providers (such as ISPs but excludes broadcasters) and financial institutions report suspicious activities within 72 hours and failure to act can result in their business being fined up to R50 000 if convicted or even some jail time.
The Act makes provisions about how to deal with nasty communications or e-messages, addressing a situation for example: when one references or incites damage to property or violence, threatening a person (or persons) with damage to property or violence, or discloses an inappropriate image / video.
What I believe to be possible now is if a political party says something with intent to hinder, damage (reputational or physical) or provoke harm, using e-communications, they can be reported and prosecuted.
Types of e-shananigans.
The Act does not really define ‘cybercrime’ itself, but does explain the offences, and here they are in no order of particular severity:
Some points on ‘ramifications’.
Of course, if you are involved with e-shananigans, you can get arrested.
Depending on the offence, a fine or imprisonment, or both may be applied. From my understanding of the Act, imprisonment can be up to 15 years. A matter can also (depending on the circumstances) be reviewed under the Criminal Procedures Act.
An electronic communications services provider can be compelled to disclose certain information, records, and perhaps in some instances even logs and copies of personal or business communications.
Your equipment, data and devices may be subjected to search and seizure. In general circumstances a warrant is needed, however, if ‘the powers that be’ believe the ‘e-crime’ is ongoing or there is a time sensitive consideration at play, a warrant might not be required at all.
A person (or their equipment) can be searched. In some instances you may have the right to deny permission, and in others you might not. Chat to a lawyer if you get into a pickle. SAPS can get into a lot of trouble themselves if they do not follow due process, for example, if they fail to audibly announce themselves and purpose before entering a premises they would be breaking the law. It’s a ‘fine line’ because if you hinder a search or even the access to e-equipment, you could be committing an offence, of course, conditions apply.
Notes on ‘responsibilities and actions’.
Always report an e-crime. No matter how trivial.
If you or your ‘group’ feel like you are victim/s of an e-attack and need protection, EG: a protection order, this can be applied for at the time the crime is being reported with SAPS via the magistrates court.
Depending on the circumstances, one could also use provisions in the Protection and Harassment Act.
When it comes to jurisdiction of e-crimes, the ‘space’ becomes blurry because the crime is often done online and there might not be a specific physical spot to pin point. To work out where the ‘bad person’ is actually sitting at the time they ‘click’ ‘send’ can be tricky, and of course each country has its own laws. Suffice to say, an e-criminal in South Africa, or in South African waters or airspace can be prosecuted regardless of if the victim/s are elsewhere in the World. If the crime is made by a South African, outside of South Africa, and against a South African or S.A. entity, you can also be prosecuted. In other instances an international court may be appointed to review a crime or help extradite the criminal.
Not detailed in the Act, but a wonderful resource to learn more or report an e-crime, visit website: http://cybercrime.org.za/
E-behaviour is something we all need to work on. If you or your business needs additional information or clarity on an e-situation, please feel free to make contact.
About Jean-Pierre Murray-Kline
He is a Business and Environmental Technologist. An entrepreneur who runs several online businesses. He is a published Author who researches, consults and facilitates strategy sessions about the most important matters affecting our generation and the changes to technology, business and the environment. Services include:
Future Thinker. Innovator. Change Expert. Industry 4.0 & IoT Specialist. Green & Sustainable Solutions. Digital Marketing, Security, Devices & Trends. Author, Consultant, Project Manager & Scenario Planner.
Facebook: (100k Followers): https://www.facebook.com/jeanpierremurrayklineSA/
Published July 2021Read more articles