R2K: Cybercrimes Bill is a threat to internet freedom

[UPDATE Oct 2018 — As of 23 October 2018, a substantially revised version of the Cybercrimes Bill was tabled in Parliament, with the cybersecurity portions of the Bill tripped out. The 23 Oct 2018 version of the Bill is here.]

On Wednesday 12 September, R2K will appear before Parliament’s justice committee to spell out why the new Cybercrimes and Cybersecurity Bill (the Cybercrimes Bill) is a threat to internet freedom.

Though R2K supports initiatives to fight actual cybercrimes that affect many South Africans, such as fraud, identity theft and illegal spying, we reject provisions in the Cybercrimes Bill that will hand over further powers to State Security structures, putting them in control of internet governance in South Africa.

These provisions will make the Internet less safe, not more safe.

Social media regulation

In early 2016, State Security Minister David Mahlobo proposed ‘regulating’ social media. The Cybercrimes Bill will do exactly that.

Chapter 3 of the Bill lays the groundwork for heavy-handed state policing of social media users, as various kinds of ‘harmful messages’ will now be a new form of crime. The Bill will even make it a crime to post ‘inherently false’ information on social media. These provisions are the source of State Security Minister David Mahlobo’s proposals to ‘regulate social media’. R2K rejects this move in its entirety. Freedom of expression must be protected online, and we do not believe the Minister of State Security should be passing judgement on what is true or false online.

No protections against surveillance abuses

The evidence of government surveillance abuses is piling up – including evidence that the South African government has spent millions of rands on spying software that allows the user to ‘hack’ someone’s device and spy on their every move. Most recently, this has been linked to the alleged hacking of personal emails of Deputy President Cyril Ramaphosa.

However, these powers remain unregulated in the Cybercrimes Bill. R2K has called on Parliament to confront the extent of government spying abuses in South Africa and to pass urgent legal reform to bring the spooks under control.

Spooks in the networks

Chapter 11 of the Cybercrimes Bill allows the Minister of State Security to declare any device, network or infrastructure on the internet to be ‘critical information infrastructure. This can be likened to creating ‘national key points of the internet’ – it could apply to literally thousands of entities, in national and local government as well as the private sector.

This provision is a recipe for State Security control of the internet. Once an entity has been declared “critical information infrastructure”, the State Security Minister can set down new directives on whether that department or company must classify certain data on their networks, how they must store and archive that data, and “any other relevant matter which is necessary or expedient in order to promote cybersecurity”. This could mean that information held by the company that connects you to the internet could now become classified as a national security secret. There is also risk that the State Security structures could use these powers to give themselves backdoor access to private networks or give itself new surveillance and monitoring powers.

Defending internet freedom

This matters because securing the freedom of digital spaces is vital for democracy. All people of South Africa must have access to the internet, with freedom of expression and freedom from surveillance. The State Security structures have shown that they are willing to use their powers to spy on journalists, whistleblowers, activists, unionists, politicians and ordinary members of the public. We reject any law that attempts to give over more power to the spooks and securocrats.

R2K’s submission does state that certain parts of the Cybercrimes Bill can be salvaged – the sections that aim to improve the state’s capacities to fight actual cybercrime, through the police and justice departments. R2K’s recommendations include that those sections must be redrafted to narrow their scope. The Bill’s ‘cybersecurity’ provisions must be split into a separate cybersecurity Bill, and taken back for full redrafting – to be driven by the Department of Communications or Telecommunications, not the spooks.

 

Also see, further reading on the Cybercrimes Bill:

You may also like...