On Wednesday, the Right2Know Campaign will appear before parliament’s justice committee to spell out why the new Cybercrimes and Cybersecurity Bill (the Cybercrimes Bill) is a threat to Internet freedom.
Though R2K supports initiatives to fight actual cybercrimes that affect many South Africans, such as fraud, identity theft and illegal spying, we reject provisions in the Cybercrimes Bill that will hand over further powers to state security structures, putting them in control of Internet governance in South Africa.
These provisions will make the Internet less safe, not more safe.
In early 2016, state security minister David Mahlobo proposed “regulating” social media. The Cybercrimes Bill will do exactly that.
Chapter 3 of the bill lays the groundwork for heavy-handed state policing of social media users, as various kinds of “harmful messages” will now be a new form of crime. The bill will even make it a crime to post “inherently false” information on social media.
These provisions are the source of Mahlobo’s proposals to “regulate social media”. R2K rejects this move in its entirety. Freedom of expression must be protected online, and we do not believe the minister should be passing judgement on what is true or false online.
The evidence of government surveillance abuses is piling up, including evidence that the government has spent millions of rand on spying software that allows the user to “hack” someone’s device and spy on their every move. Most recently, this has been linked to the alleged hacking of the personal e-mails of deputy President Cyril Ramaphosa.
Abuses
However, these powers remain unregulated in the Cybercrimes Bill. R2K has called on parliament to confront the extent of government spying abuses in South Africa and to pass urgent legal reform to bring the spooks under control.
Chapter 11 of the bill allows the minister of state security to declare any device, network or infrastructure on the Internet to be “critical information infrastructure”. This can be likened to creating “national key points of the Internet” and could apply to literally thousands of entities, in national and local government as well as the private sector.
This provision is a recipe for state security control of the Internet. Once an entity has been declared “critical information infrastructure”, the minister can set down new directives on whether a department or company must classify certain data on their networks, how they must store and archive that data, and “any other relevant matter which is necessary or expedient in order to promote cybersecurity”.
This could mean that information held by the company that connects you to the Internet could now become classified as a national security secret. There is also a risk that the state security structures could use these powers to give themselves backdoor access to private networks or give itself new surveillance and monitoring powers.
This matters because securing the freedom of digital spaces is vital for democracy. All people in South Africa must have access to the Internet, with freedom of expression and freedom from surveillance. The state security structures have shown that they are willing to use their powers to spy on journalists, whistleblowers, activists, unionists, politicians and ordinary members of the public. We reject any law that attempts to give over more power to the spooks and securocrats.
R2K’s submission does state that certain parts of the Cybercrimes Bill can be salvaged, namely the sections that aim to improve the state’s capacity to fight actual cybercrime, through the police and justice departments. R2K’s recommendations include that those sections must be redrafted to narrow their scope. The bill’s “cybersecurity” provisions must be split into a separate Cybersecurity Bill, and taken back for full redrafting, to be driven by the department of communications or telecommunications & postal services, not the spooks. — Written by the Right2Know Campaign
- Read R2K’s full submission
