PRESENTATION TO SELECT COMMITTEE ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL ANDILE NGCABA12 JUNE 2002

ISSUES ADDRESSED IN THE BILL National e-strategy Electronic Transactions Policy Facilitating Electronic Transactions E-government Cryptography Providers Authentication Service Providers Consumer Protection Protection of Critical Databases Domain Name Authority & Administration Limitation of Liability of service Providers Cyber Inspectors Cyber Crime

OBJECTIVES OF THE BILL To enable and facilitate electronic transactions by creating legal certainty on the cyberspace Bridging the digital divide by developing a National e- Strategy To ensure legal recognition and functional equivalence between electronic and paper based transactions To promote public confidence and trust in electronic transactions To promote universal access to electronic communications and transactions To promote the use of electronic transactions by SMME’s

OBJECTIVES OF THE BILL cont. To encourage e-government services To protect consumers, privacy and critical data To prevent abuse of information systems and prevent cyber crime To establish proper management regime with regard to domain names in the Republic

MAXIMISING BENEFITS AND ELECTRONIC POLICY The objective is to maximize the benefits internet offers by promoting universal and affordable access The development of the National e-Strategy plan by the Minister in consultation with members of Cabinet The national e-Strategy plan must include detailed plans and programs to address 1. The development of e-transaction strategy 2. The promotion of universal access and e-readiness 3. SMME’s development 4. Empowerment of previously disadvantaged persons and communities 5. Human resources development

FACILITATING ELECTRONIC TRANSACTIONS It provides for the legal recognition of data messages and records Legal recognition of electronic transactions and advanced electronic signatures Formation of contracts online Validity of sending notices and other expressions of intent through data messages

E-GOVERNMENT The Bill promotes adoption of e-communications and transactions by government by providing for the following: Electronic filing of documents Issuing of permits, licenses, approvals Electronic payments Departments are free to specify their own formats for electronic documents and determine the criteria The public body shall not be compelled to accept or issue any document in the form of an electronic data message

CRYPTOGRAPHY PROVIDERS Rationale: To curb security threats posed to consumers who transact online The Bill requires the suppliers of crypto materials to register their products and services with the Dept. Provides for the establishment and maintenance of a cryptography provider register by the Dept This will assist the investigative authorities in the event of any threat to National security by deciphering of encrypted messages

WHAT IS CRYPTOGRAPHY? It’s a process of converting data into an unreadable form using public key system (generated codes) to encrypt and decrypt data How Public Key Cryptography works – key pair system Symmetric encryption – uses the same key to encrypt and decrypt Asymmetric uses one key to encrypt and a different but related key to decrypt One key is kept private and another can be made public – anyone can use it to decrypt a confidential message from the person who owns the private key

AUTHENTICATION SERVICE PROVIDERS The Bill provides for the establishment of an Accreditation Authority within the Department It also provides for voluntary accreditation of authentication products and services The purpose is to promote confidence and trust in the electronic environment The Bill further provides for the establishment and maintenance of a publicly accessible database in respect of accredited products and services, and revoked accreditations

CONSUMER AND PRIVACY PROTECTION This section deals with consumer protection issues pertaining to electronic transactions only It afford consumers protection and privacy when transacting electronically thus ensuring their confidence. Protection is based largely on the following principles: Provision of as much information as is necessary to the consumer before the transaction is concluded A right afforded to the consumer to cancel the agreement within 14 days if certain requirements have not been complied with

CONSUMER AND PRIVACY PROTECTION Provision of a cooling period entitling the consumer to cancel without reason and without penalty, any transaction or any related credit agreement for the supply of goods within 7 days of receipt of goods. A right not to be bound by unsolicited goods and services A right to complain to the Consumer Affairs Council

PROTECTION OF PERSONAL INFORMATION The principles contained in this chapter will only apply to data that is collected through electronic transactions. In terms of section 52 the following principles will apply when data controllers collect information: Collection may only take place with the express and written permission of the data holder Data controllers are prohibited to collect personal info which is not required for the purpose for which the info is collected South African Law Commission is currently developing specific data protection legislation

PROTECTION OF CRITICAL DATA Critical data is information which, if compromised, may pose a risk to the national security of the Republic or to the economic or social well being of the citizens Provision is made for the Minister to declare certain classes of info as being critical data and establish procedures to be followed in the identification and registration of such data

PROTECTION OF CRITICAL DATA Standards/regulations for management, protection, storage, control of critical databases will be prescribed A register will be maintained by the Dept containing name and address of data custodian, location of info and types of info stored in the critical database

DOMAIN NAME AUTHORITY AND ADMINISTRATION The Bill establishes.za Domain Name Authority (.zaDNA), a section 21 company, and stipulates the objects, powers and functions of the Authority The Minister will assume responsibility for the.zaDNS public policy as it is a national asset The Authority will be controlled and managed by a fully representative board of between 8 and 16 directors

LIMITATION OF LIABILITY OF SERVICE PROVIDERS The Bill creates a safe harbour for service providers who are currently exposed to a wide variety of potential liability by virtue of only fulfilling their basic technical functions Service providers may seek to limit their liability where they have acted as mere conduits for the transmission of data messages provided they meet certain conditions The Bill provides for specific requirements that the service provider’s actions must meet before the clause may be invoked to limit his or her liability

CYBER INSPECTORS The Bill provides for the appointment of Cyber Inspectors Their powers include: Monitoring Internet websites in the public domain Investigating whether cryptography service providers and authentication service providers comply with the Law They also have powers of search and seizure subject to a warrant They can also assist the police or investigative bodies on request

CYBER CRIME The Bill introduces criminal offences relating to information systems into the SA law These crimes relate to: Unlawful access to or interception of data Unlawful interference with data that cause the modification, destruction, erasure or corruption of data Computer-related extortion, fraud and forgery

CONCLUSION The Bill will result in changes to certain Laws by other Departments It also does not oblige other Government Departments to accept or issue documents in electronic form The Bill will effect an increase in revenue collected by the Department in the form of fees payable for

THANK YOU