State may be able to get personal with PCs
By JAN-JAN JOUBERT
South Africans risk being spied on by their own government as strict new legislation — the Cybercrimes and Cybersecurity Bill — is tabled in parliament.
Watchdogs are warning that if the bill becomes law, the government will be able to access private information and the correspondence of ordinary citizens, which will have a chilling effect on the conduct of everyone who owns or uses a computer.
The bill is intended to fight cybercrime and computer-related abuses, but freedom of expression groups warn that the legislation’s powers go beyond this.
Murray Hunter of civil rights watchdog Right2Know said there was a risk, for instance, that state security structures could use these powers to gain access to private networks. The State Security Agency could declare that service providers were a critical information infrastructure, thereby accessing private citizens’ data. This would save it the trouble of obtaining a court order to access specific individuals’ data.
The legislation, if passed, will be applicable to all actions in South Africa and by South African citizens worldwide, and by anyone travelling to or from South Africa, and on all ships and planes registered in the country.
Right2Know’s spokeswoman Karabo Rajuili said the bill threatened internet freedom. “We reject provisions that will hand over further powers to state security structures to put themselves in control of internet governance in South Africa. These provisions will make the internet less secure.”
Rajuili said evidence of government surveillance abuse was piling up — including proof that the government has spent millions of rands on software that allows users to hack digital devices and spy on the user’s every move.
“Most recently, this has been linked to the alleged hacking of personal e-mails of Deputy President Cyril Ramaphosa.
“However, these powers remain unregulated in the cybercrimes bill,” she said.
Instead, the proposed legislation makes it a crime, punishable by up to five years in prison, to unlawfully and intentionally secure access to alter, modify, delete, copy, obtain output data or any other used data, or to secure access to a computer program to perform any function or store anything which has not been authorised by the owner of the material.
Anyone who overcomes protection measures to acquire data, or knowingly possesses data that was acquired illegally, faces up to 10 years in jail — and anyone who possesses data believed to have been acquired illegally, and cannot explain how they acquired it, can be imprisoned for five years.
The bill creates the crimes of cyberforgery and cyberextortion.
It also criminalises computer-based revenge porn (distributing intimate images without specific consent), and incitement to property or psychological damage, each punishable by up to three years in jail.