Consumer-rights group Right2Know (R2K) will appear before Parliament’s justice committee on Wednesday to explain why the new Cybercrimes and Cybersecurity Bill is a threat to internet freedom.
In its written submission, it stated that parts of the bill could be salvaged – specifically the sections that aim to improve the state’s capacities to fight actual cyber crime, through the police and justice departments.
However, there are serious issues with other parts of the bill that will hand over further powers to state security structures and put them in control of internet governance in South Africa, it said.
R2K indicated that the following provisions will have the opposite of the bill’s desired effect and make the internet less secure.
Social media regulation
In early 2016, State Security Minister David Mahlobo proposed ‘regulating’ social media.
“The Cybercrimes Bill will do exactly that,” said R2K.
According to the organisation, in terms of the bill it would be a crime to send a message that:
- Incites violence or property damage;
- Threatens a person with violence or property damage;
- Threatens violence or property damage against a group of people, or any person who is associated with a group of people.
It would also a crime to send or resend a message that “intimidates, encourages or harasses” a person to harm themselves or someone else.
Other new criminal offences include “fake news” – defined as the sending or resending of any message that is “inherently false in nature and aimed at causing mental, psychological, physical or economic harm”, and punishments for social media users who simply re-publish ‘harmful’ messages.
“These provisions are the source of State Security Minister David Mahlobo’s proposals to regulate social media,” said R2K.
“Freedom of expression must be protected online, and we do not believe the Minister of State Security should be passing judgement on what is true or false online.”
Spooks in the networks
Chapter 11 of the Cybercrimes Bill allows the Minister of State Security to declare any device, network or infrastructure on the internet to be ‘critical information infrastructure’, said R2K.
“This can be likened to creating ‘national key points of the internet’ – it could apply to literally thousands of entities, in national and local government as well as the private sector.”
This provision is a recipe for State Security control of the internet, it said.
“Once an entity has been declared critical information infrastructure, the State Security Minister can set down new directives on whether that department or company must classify certain data on their networks, how they must store and archive that data, and any other relevant matter which is necessary or expedient in order to promote cybersecurity.”
According to R2K, this could mean that information held by the company that connects you to the internet could now become classified as a national security secret.
There is also risk that the State Security structures could use these powers to give themselves backdoor access to private networks or give itself new surveillance and monitoring powers, it said.
You can read R2K’s full submission here.