Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kpm g © 2000 KPMG Electronic Communications and Transactions Bill Representations to the Parliamentary Portfolio Committee Mark Heyink 14 th May 2002.

Published byBridget Shannon Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "Kpm g © 2000 KPMG Electronic Communications and Transactions Bill Representations to the Parliamentary Portfolio Committee Mark Heyink 14 th May 2002."— Presentation transcript:

1 kpm g © 2000 KPMG Electronic Communications and Transactions Bill Representations to the Parliamentary Portfolio Committee Mark Heyink 14 th May 2002

2 kpm g © 2000 KPMG KPMG FACILITATED COMMENT Green Paper General Group -Business ranging from Technology Companies, Financial Institutions, Information Security Specialists Special Group -Information Security Officers of Banks, Leading Providers Providers of Electronic Signature technologies, Experts in technology of electronic signature and legal workings if Electronic Signatures.

3 kpm g © 2000 KPMG Agenda Objects of the Bill and Maximising Benefits Chapter III “Facilitation of Electronic Transactions” Infrastructure Provisions Protections

4 kpm g © 2000 KPMG Objects of the Act: Chapter I Places an enormous burden on the Dept of Communications iro regulation of e-Commerce Education is a key issue and goes beyond the scope of one department Considering the scope of work to be done the lack of emphasis on collaboration with the Private sector is a serious weakness Consideration should be given to the establishment of an e-Commerce Directorate outside of any existing Ministry and directly responsible to the State President

5 kpm g © 2000 KPMG Maximising Benefits and Policy: Framework Chapter II 24 months to develop a five year strategy On acceptance government must declare strategy a national priority No emphasis on private sector involvement is evident in the Bill Little evidence of “Government as a model user”

6 kpm g © 2000 KPMG Facilitating Electronic Transactions Chapter III “s 11(1) information is not without legal force and effect merely on the grounds that it is wholly or partly in the form of a data message” This is the heart and soul of the Bill It is critical that we ensure that the infrastructure relating to the use of data messages provides the environment that engenders trust

7 kpm g © 2000 KPMG Purpose of the Chapter III Primary purpose is to change our substantive law to bring certainty to our law One of the key elements of this is the use of electronic signatures Ensuring that the law achieves this purpose is critical to the future-well being of business in South Africa Ensuring that the law relating to signatures in the e-world, is certain and engenders the trust required, is one of the most critical duties of the Parliamentary portfolio committee

8 kpm g © 2000 KPMG Electronic vs Advanced Electronic Signatures “’Electronic signature’ means data in an electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication” “’Advanced electronic signature’ means an electronic signature which meets the following requirements: -(a) it is uniquely linked to the signatory; -(b) it is capable of identifying the signatory; -© it is created using means that the signatory can maintain under his sole control; and -(d)it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.” An “electronic signature’ may incorporate all the attributes of an “advanced electronic signature’

9 kpm g © 2000 KPMG Critical Difference An electronic signature only has to satisfy the element of “authenticity’ (identity) The criteria in section 39 incorporate the concepts of both authenticity and tamper evident qualities (integrity) It is this second element that is critical to ensuring trust in the e world In this regard a digital or “advance electronic signature” has a superior quality to a handwritten signature That is why a digital or advanced electronic signature is mandated where a signature is required by law

10 kpm g © 2000 KPMG Signature s13 Subsections (2) and (3) follow the wording of the Uncitral Model Law and electronic signatures are recognised Sect 13 (1) introduces an “advanced electronic signature” By definition an “advanced electronic signature” results from a process accredited by an accreditation authority established by the DG of DoC. Where a signature is required by law an advanced electronic signature must be used

11 kpm g © 2000 KPMG Problems Accreditation creates an artificial distinction which has little to do with the quality of the signature Interpretation of “required by law” will include any legislative or regulatory provision requiring “signature”, “certification” or “verification” Delay in the establishment of an accreditation authority will affect every instance where signature is required by law The benefit conferred in subsection (4) will only accrue to “accredited signatures” regardless of the quality of the signature Potential for a proliferation of standards see s 29 Does this sect include regulatory bodies in the private and public sectors?

12 kpm g © 2000 KPMG EU Directive 1999/93 The distinction between “advanced electronic signature” and “electronic signature” is made Voluntary accreditation is also recognised “The legal recognition of electronic signatures should be based upon objective criteria and not linked to authorisation of the certification of the service provider involved:”

13 kpm g © 2000 KPMG Integrity of Information or Data Messages s 14 Original : Must pass the integrity test and be capable of being displayed or produced to the person to whom it is presented the integrity must be assessed — -by considering whether the information has remained complete and unaltered, except for the addition of any endorsement and any change which arises in the normal course of communication, storage and display; -in the light of the purpose for which the information was generated; and - having regard to all other relevant circumstances.

14 kpm g © 2000 KPMG Integrity of Information or Data Messages s16 Retention : - accessible so as to be useable for subsequent reference - is in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received - origin and destination of that data message and the date and time it was sent or received can be determined

15 kpm g © 2000 KPMG Integrity of Information or Data Messages s17 Production of document or information : -where a law requires a person to produce a document or information -the method of generating the electronic form of that document provided a reliable means of assuring the maintenance of the integrity of the information contained in that document -the integrity of the information contained in a document is maintained if the information has remained complete and unaltered

16 kpm g © 2000 KPMG Comments and Observations “Original”, “Retention” and “Production of documents” are underpinned by the concept of integrity This integrity will typically be maintained by a digital signature (fulfilling criteria of sect39 (1)) If signature, verification, certification of a data message is required by law it can only be signed by use an advanced electronic signature. What will result be if any of the above is signed by an electronic signature?

17 kpm g © 2000 KPMG Authentication Service Providers ss 34 & 36 Accreditation of authentication products and services voluntary “ Authentication products and services ” products designed to identify the holder of an electronic signature to others "authentication service provider" means a person whose authentication products or services have been accredited by the Authority under section 38 or recognised under section 41 (recognition of foreign accreditation)

18 kpm g © 2000 KPMG Remedial Recommendations The linking of “advanced electronic signature” to accreditation must be done away with The criteria for “advanced electronic signatures” must be objective Accreditation must revert to the truly voluntary concept set out in the Green Paper and not the de facto mandatory provisions manifest in the Bill

19 kpm g © 2000 KPMG Evidence: Admission and Weight s15 In any legal proceedings, the rules of evidence must not be applied so as to deny the admissibility of a data message, in evidence — -on the mere grounds that it is constituted by a data message; or -if it is the best evidence that the person adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form The Computer Evidence Act contradicts this and is not repealed To ensure consistency in our law the Computer Evidence Act must be repealed

20 kpm g © 2000 KPMG Computer Evidence Act 57 of 83 “In Civil proceedings an authenticated computer printout (a computer printout accompanied by the authenticating affidavit which relates to it) shall be admissible on its production as evidence…” The affidavit authenticating the printout has to comply with certain principles which in the networked world, are impractical, if not, impossible to comply with The Act is not nearly as extensive as the Bill in the consideration that needs to be given to determine the weight of evidence

21 kpm g © 2000 KPMG Notarisation, Acknowledgement and Certification s18 Where law requires a signature, statement or document to be acknowledged, verified or made under oath this can be done by way of an “ advanced electronic signature ” attached to data message Certification of a printout where a document is in electronic form is provided for but no requirement is included iro time and date

22 kpm g © 2000 KPMG Automated Transactions s21 Electronic “ agency ” provided for In essence the terms of the agreement must be accessible and a natural person must be in a position to rectify an error in contracting and take reasonable steps to rectify the error

23 kpm g © 2000 KPMG Communication of Data Messages s22 Can be varied by agreement s23(1) Not without legal force merely because agreement is concluded by means of a data message s23(2) Time and place of agreement is where acceptance received by the offeror s24 Communication regarded as having been sent when it enters an information system outside the control of the originator or if recipient on the same information system when capable of being retrieved by the addressee

24 kpm g © 2000 KPMG Attribution of data messages s26 Data message that of originator if sent by: -the originator personally; -a person who had authority to act on behalf of the originator in respect of that data message; or -an information system programmed by or on behalf of the originator to operate automatically.

25 kpm g © 2000 KPMG E-Government ss28 & 29 Disappointing to see so little relating to e- government considering government is the most obvious stimulus to e-business on a broad scale Public body may accept electronic filing, issue permits ect by way of data message and receive payment by electronic means May also stipulate in the gazette its requirements in this regard

26 kpm g © 2000 KPMG Infrastructure Cryptography Providers Critical Data Bases Cyber Inspectors Accreditation Authority Domain Naming Authority

27 kpm g © 2000 KPMG Cryptography Providers s30 In the wrong piece of legislation This really relates to national security The drafting is far too loose and will need considerable tightening up Needs to be a greater emphasis on engagement of the private sector by government instead of the prescriptive approach adopted Comment: Strongly suggest that this is excised from the Bill

28 kpm g © 2000 KPMG Criteria for Accreditation s39(1) electronic signature is : - -uniquely linked to the user; -is capable of identifying that user; -is created using means that can be maintained under the sole control of that user; and - will be linked to the data or data message to which it relates in such a manner that any subsequent change of the data or data message is detectible

29 kpm g © 2000 KPMG Criteria for Accreditation s39 (a)Its financial and human resources, including its assets; (b)the quality of its hardware and software systems; (c)its procedures for processing of products or services; (d)the availability of information to third parties relying on the authentication product or service; (e)the regularity and extent of audits by an independent body; (f)the factors referred to in subsection (4) where the products and services are rendered by a certification service provider; and (g)any other relevant factor which may be prescribed. (3)For the purposes of subsections (2)(b) and (c), the hardware and software systems and procedures must at least — (a)be reasonably secure from intrusion and misuse; (b)provide a reasonable level of availability, reliability and correct operation; (c)be reasonably suited to performing their intended functions; and (d)adhere to generally accepted security standards and procedures.

30 kpm g © 2000 KPMG Protection of Critical Databases ss53-59 These provisions are out of place in this Bill They relate to national security The prescriptive nature of the provisions is out of line with comparative legislation in other jurisdictions which provides for collaboration between private and public sector Comment : This does not belong and should be excised from the Bill

31 kpm g © 2000 KPMG Domain Name Authority and Administration Chap X Government see the.za domain as a national asset The provisions establish an authority (sect 21 company) to control domain naming function Comment : Doubt whether this is necessary even if Private sector share in governance

32 kpm g © 2000 KPMG Cyber Inspectors ss84-88 DG of DoC may appoint cyber inspectors Powers -Investigate the activities of a cryptography provider, authentication service provider or audit a critical database -A statutory body including the SAPS with powers of search and seizure may apply for assistance of a cyber inspector in prescribed manner Comment : This is a law enforcement function and should not be developed within DoC.

33 kpm g © 2000 KPMG Protections Welcomed as interim Legislation cannot be regarded as fully adequate Consumer Protection sections brings SA in line with International development Protection of Personal Information -Voluntary - not yet “adequate law’ - Law Commission has been appointed Cyber Crime limited to anti hacking – the European Council Convention on Cyber crime signed by SA but must be implemented

34 kpm g © 2000 KPMG Consumer Protection ss43-50 South African law is not rich relating to distance or remote contracting The provisions of this section bring us into line with similar law in other jurisdictions s 44 sets out the information requirement s 45 sets out the provision for a cooling off period which is subject to certain exclusions Performance must be executed in 30days SA Law will apply Cannot agree to exclude these provisions

35 kpm g © 2000 KPMG Protection of Personal Information ss51-52 Applies only to information obtained through electronic means A voluntary dispensation Sets out the principles of collection of personal information on the basis of informed consent Is not “adequate law” but issue of privacy is being referred to a working group of the law commission recently established Business should use the guide to get its “house in order”

36 kpm g © 2000 KPMG Limitation of liability of SPs “Service provider” means a person operation an information system for generating, sending, receiving, storing, or displaying or processing data messages including Internet and WAP communications Representative body and code of conduct Recognises position as “mere conduit” Provides generally for the good conduct and “take down notices”

37 kpm g © 2000 KPMG Cyber Crime ss89- 94 Anti-Cracking crimes not easily accommodated in our current law are addressed: -Unauthorized access to,interception of, or interference with data -Computer related extortion, fraud and forgery Attempting, aiding and abetting also offences Penalty a fine or imprisonment not exceeding five years SA is a signatory to the European Council’s Convention on Cyber crime which is extensive and these provisions need to be implemented in harmony with its provisions

38 kpm g © 2000 KPMG

Download ppt "Kpm g © 2000 KPMG Electronic Communications and Transactions Bill Representations to the Parliamentary Portfolio Committee Mark Heyink 14 th May 2002."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
International forum on eNotarization and eApostilles The impact of e-technology on notarial acts: legal and technical possibilities and limits -relevance.

International forum on eNotarization and eApostilles The impact of e-technology on notarial acts: legal and technical possibilities and limits -relevance.
International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa.

International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa.
KSTCD Branch/HRD Section/TrainForTrade & STICT Branch/ ICT Analysis Section1 Module 2 Legal validity of data messages.

KSTCD Branch/HRD Section/TrainForTrade & STICT Branch/ ICT Analysis Section1 Module 2 Legal validity of data messages.
International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry.

International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry.
Legality of Electronic Images under the Electronic Transactions Ordinance Presentation by Mr Alan Siu, Deputy Secretary for Information Technology and.

Legality of Electronic Images under the Electronic Transactions Ordinance Presentation by Mr Alan Siu, Deputy Secretary for Information Technology and.
Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, 16.3. – 17.3. 2015.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
I NFORMATION T ECHNOLOGY A CT 2000. B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.

I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.
International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa.

International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa.
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Per Anders Eriksson

Per Anders Eriksson
1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.

1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.
Cyber Law & Islamic Ethics

Cyber Law & Islamic Ethics
UNITED NATIONS COMMISSION ON INTERNATIONAL TRADE LAW UNCITRAL Model Law on Electronic Commerce www.uncitral.org Renaud Sorieul Senior legal Officer UNCITRAL.

UNITED NATIONS COMMISSION ON INTERNATIONAL TRADE LAW UNCITRAL Model Law on Electronic Commerce Renaud Sorieul Senior legal Officer UNCITRAL.
Dr. Diganta Biswas School of Law Christ University, Bangalore.

Dr. Diganta Biswas School of Law Christ University, Bangalore.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Security Issues Report.

National Smartcard Project Work Package 8 – Security Issues Report.

Similar presentations

Ads by Google