INFORMATION SERVICES: RESEARCH
14 June 2002
SUMMARY OF THE PORTFOLIO COMMITTEE ON COMMUNICATIONS DISCUSSIONS: ELECTRONIC TRANSACTIONS AND COMMUNICATIONS BILL
The Electronic Communications and Transactions Bill [B8-2002], was deliberated and voted on by the Portfolio Committee on Communications from 14 May until 4 June 2002.
The Bill seeks to address key policy issues, such as bridging the digital divide, by developing a national e-strategy. It aims to remove present barriers to electronic transactions in the country. In addition, the Bill seeks to encourage the public to communicate with government by making use of e-government.
The objective of the briefing paper is to outline the main concerns raised during the Public Hearings, the points clarified during the subsequent discussions and the clauses agreed upon ultimately during the voting stage in the Portfolio Committee.
An appendix (minutes of certain submissions made to the Committee) is thus attached. The aim is to provide the reader with insight into deliberations by the committee around the Bill and areas of concern raised by the stakeholders. These minutes should provide the reader with an understanding of the amendments that were made to the Bill.
The common themes throughout all the submissions and subsequent discussions were the following:
The following points were clarified during deliberations:
It was agreed that:
The tabled Bill version of this chapter as contained in the Electronic Communications and Transactions Bill [B8-2002] was deleted, and the version contained in the document entitled "Redraft of Chapter X" was adopted as the new template. A few slight amendments were made to Clauses 60, 61, 63, 65, 66 and 68.
The clauses in the "Redraft of Chapter X" were agreed to - but amended during the discussion.
The clauses in the "Redraft of Chapter X" were agreed to without
The Bill was passed by the Committee, with amendments, and referred to the National Council Of Provinces (NCOP).
1. Draft legislation
MINUTES OF DELIBERATIONS BY THE COMMITTEE WITH REFERENCE TO STAKEHOLDER’S INPUT
Deliberations with reference to the Department of Communications’ input
The discussions regarding the cryptography and the Accredited Authentication Service Provider (AASP) revolved around the provision and registration of cryptography services. The question was whether these measures will deal with the import of such services via downloads and the extent to which cyber-inspectors will be able to police compliance with this requirement. The Department replied that the cryptography services are used by business, government and criminals and that registration is aimed at the protection of citizens and users. It is thus required to establish a registry which require the user or provider of a cryptography service to register on-line. Registration is essential due to the specific nature of the product. Comparative research has been done and other jurisdictions have more stringent requirements for cryptography service providers. The department feels that the registration requirement will not hinder business or its growth and that it is a standard practice in foreign jurisdictions.
A question was raised, with reference to the America Chambers of Commerce submission, that whether the law relating to cryptography provides sufficient protection to users in transacting with government as the Bill attempts to legislate that such transactions be encrypted. The department replied that the use of cryptography is part of the import/export control regime in the United States. If an American service provider produces an encrypted product which it wishes to import or export, it has to be reported to the Accreditation Authority, including information regarding the recipient of the message, its purpose and manner in which it will be used. In other countries cryptography is used as a military product. The department reiterated that the intention that cryptography would infringe on the right to trade could not be supported.
The discussion regarding the AASP focused on the regulation of this service by cyber-inspectors. The Department responded that the intention is to render this as voluntary as possible but due to the technical nature of the field, it is difficult to ensure that users are not being sold digital signatures previously used. The department also reminded members that the registration is only required in transactions with government. It said that the AASP adds strength to the enterprise and the accreditation system of the country as a whole and ensures that such transactions be done with confidence. It is also envisaged to accredit Commissioner of Oaths, and only in areas that are in the best interest of the people of South Africa.
The department was asked whether it will work together with other government departments in assuring access by providing infrastructure in the previously disadvantaged and rural areas. The response from the department revealed that Multi-purpose centers will play an increasingly important role and that these centers will be pivotal in providing access. Furthermore, rural villages and communities will be given their own domain names to showcase their heritage, culture and lifestyle and possibly will have their own websites.
The submission by the South African Law Commission (SALC), that Chapter Eight which deals with privacy and data should be deleted in its entirety, evoked vigorous discussion. In its comment on this, the department acknowledged the point made by the SALC. It however stated that if it is considered that the current legal system that deal with hard or physical information and electronic data are different, the inclusion is justified. The department indicated its commitment to work with SALC on privacy legislation. It also added that it would be practically impossible to delete the issue of privacy and data from the bill.
The submission by the Treasury which averred that the bill does not contain any provision dealing with international consideration, foreign or local laws or its effect on existing tax laws was briefly entertained. The Department indicated that this matter had been addressed with the SARS and that cross-border trade must be regulated via treaties signed at international level. The department conceded that no treaty or convention currently exists to deal with this matter but that it is developing a best model, in conjunction with the World Trade Organization (WTO) via a discussion paper. The department further said that if a treaty is signed in this regard, it would be brought before the Committee for certification and be brought into South African Law. The Department concluded that a conscious decision was made to exclude international consequences and as such matters have to be dealt with on a case-by-case basis.
The role of the South African Certification Authority (SACA), which deals exclusively with domain name registration, in relation to the Chapter on domain names was questioned. The department responded by saying that there is no relationship with SACA as it is a privately owned company. The department continued by saying that it had long discussions, that culminated in an agreement with the industry, that an interim structure has to be established before the bill is introduced.
The department was asked to comment on the powers of cyber-inspectors with specific reference to Internet fraud. It was further contended by a member that SAPS officials are currently under-resourced to deal with internet crimes and therefore need support. The question was raised whether the Bill protects children and whether cyber-inspectors will be able to monitor and respond to these situations. Questions were also raised in relation to the constitutionality of powers conferred on cyber-inspectors. The department replied that the cyber-inspectors do have powers of search and seizure, subject to being granted a warrant compliant with the procedure, and the option of granting additional powers, if required, will be considered. The department emphasized that the cyber-inspectors will not be doing the work of SAPS officers, but will only be serving as a supportive structure. In addition, they will be following rules and procedures in executing their search and seizure powers. In the event of a crime being discovered, they would report it to SAPS. The cyber-inspectors are also responsible for the assimilation of research and advice. The department further outlined the requirements for appointment as a cyber-inspector on request. It said that a cyber-inspector will have to be a South African citizen, must possess the necessary ability and skill to properly execute his/her duty, have a fair understanding of South African Law, the internet and related issues. A question was posed with regard to clarity on the word "offence" as used in clause 87 of the Bill. The department replied that the cyber-inspectors need to be equipped with these responsibilities. It added that, in terms of the common-law requirement, permission for execution of these functions has to be lawfully obtained. He assured the committee that a secure process has been established to regulate this authorization. Should the cyber-inspectors act in contravention of this procedure, the consequent actions taken would be rendered unlawful. The provision complies with the Criminal Procedure Act as the matter was discussed with person responsible for the Criminal Procedure Act. The cyber-inspectors will play a supportive role to SAPS. The department emphasized that government functions in clusters and therefore all departments can contribute in other spheres as well. The department assured the committee that no overlap or duplication will take place as cyber-inspectors deal mainly with communications and will thus not become involve in the business of policing. Furthermore, clause 85 (a) suggests some form of censorship by the cyber-inspectors but South Africa no longer tolerates censorship. The Department said that this sub - clause is not necessarily unconstitutional as is to be used to inform users of potentially harmful websites.
It was suggested that the bill does not seem to deal with "big crimes" occurring outside the jurisdiction of South African law enforcement agencies. The department said that there are several legal uncertainties pertaining to things like "chatroom" and internet child pornography. It said that it is the responsibility of the committee to create a legal framework which it has done with this bill. The department alluded to the fact that no court has been dedicated to deal specifically with internet related matters. It has discussed this with the Department of Justice and Constitutional Development and it was agreed that there should be specialized judges in the cyber-crime sphere. In this regard, other countries make use of assessors who assist the legal system and the courts themselves to provide the necessary background information.
The department informed the committee that it is important to note that currently only the United States Courts have jurisdiction to preside over Internet disputes. He gave the example of the current South Africa.com case, in which a legal team representing the South African government is arguing the case in an American courthouse. This indicates that the governance of the Internet at a global level is far from being universal, but is still within the exclusive jurisdiction of the United States and not the World Intellectual Property Organization (WIPO). This essentially is reduced to a matter of country versus enterprise, whereas there should be consensus that such matters should be regulated via international treaties, bilateral agreements and world constitutions. No constitutional problems has been reported by the department’s legal team while investigating the legality of the bill.
In response to a question regarding separate legislation, the department answered that it has examined similar bills in other countries and that the bill address the core issues facing South African society. To have separate statutes dealing exclusively and comprehensively with a particular issue, is not necessary as the bill addresses electronic communications in general.
The department provided clarity on the definition of "data message" in Clause 1 of the bill and said it included audio files or a recording of oral communication.
SUMMARY OF STAKEHOLDER’S SUBMISSIONS
1. The South African Post Office (SAPO)
SAPO opined that it has a unique competitive advantage, namely the ability to offer face-to-face identity authentication. Both as an authentication service provider and also as a value-added service to other authentication service providers. It professed to have a wide, established and accessible ground network and that face-to-face meetings are the order of the day, as is the identification process and the addition of digital certification. It suggested that a new sub clause (A) be added to the current Clause 39(1) to provide for "face-to-face identification", as this measure would enhance the validity of the identification process and provide increased security, reliability and trustworthiness for all transactions requiring an advanced electronic signature.
The SAPO also submitted that there is a need for the designation of preferred authentication service providers in the Bill to give public bodies the option of referring to such designation for their clause 29 requirements. This would provide a guide to public bodies, that need to identify suitable and appropriate authentication service providers, to deal with the Government where the public bodies do not have the capacity to make such an assessment. It is thus proposed that the Post Office be named in the Bill as a preferred authentication service provider, while at the same time allowing other authentication service providers to apply for such designation.
Clause 18(2) deals with the certification of documents as true copies in the electronic environment. It is submitted that there is presently a lacuna in the Bill which will significantly reduce the ability of entities to convert paper-based documents into electronic documents and then to provide certified copies of such documents in electronic format. The SAPO proposed amendment is aimed at filling this gap. In addition, it is aimed at promoting the use and growth of electronic communications and transactions, not only in fields of document retention and archiving, but also in the service to the general public.
With regard to Clause 19 of the Bill, many pieces of legislation require documents or notices to be sent by prepaid registered post or a similar service. There is no provision in the Bill that covers this situation for electronic documents. The SAPO thus proposes that clause 19 of the Bill be amended to provide for electronic registration of a data message by the Post Office in order to comply with the requirement for registered post in various pieces of legislation. This new provision will make it unnecessary to amend every other piece of legislation where this requirement appears.
The committee requested clarity from the SAPO on the Clause 39 proposal.
SAPO replied that the electronic signatures should be underpinned by the face-to-face identification requirement, as this would provide greater certainty and security to the receiver of an electronic signature. The role of SAPO as the preferred provider relates to the specific realm of public bodies. It added that in this area, the Bill has to specifically designate a category of preferred authentication service provider, and the SAPO is uniquely positioned to fulfill this role.
The committee requested SAPO to explain the cases of corruption that have been reported within the SAPO and whether it has put sufficient measures in place to effectively deal with this problem.
SAPO responded that this problem has been dealt with in an open and transparent manner. It is believed that the SAPO has repositioned itself without too much cause for concern.
The committee requested SAPO to explain the role of languages in providing an
SAPO replied that it currently uses all eleven official languages in its services, and is thus in a very good position to promote universal access to such services.
The Committee requested the SAPO to relate the lessons it has learnt from its experiences with fraud and corruption in the electronic world. In addition how it would turn this around or prevent "paper crimes" not being repeated in the electronic sphere. It referred to the United States government which has apparently proposed a severe penalty for such fraud.
SAPO replied that it has a lot of experience with cyber crime. It has put measures in place within electronic transactions to ensure all Internet transactions can be traced, and these are archived in a facility off the SAPO premises.
The committee suggested that appointing the SAPO as a Preferred Authentication Service Provider (PASP) could be seen as a political decision because the SAPO, as mentioned in the presentation, does provide welfare services to the public. The Department was requested to explain why it has not given this Committee any thinking on this matter, especially in view of the significant roll-out of the SAPO.
The Department replied that at the time of the drafting of this Bill, the Department did not envision any particular institution having a particular role. Yet when the Department was engaged in strategy planning with the SAPO, a Universal Internet Strategy was devised, and it was felt that the SAPO would have an important role to play here. Several stakeholders were consulted in the drafting of the bill.
The committee requested further clarity on the face-to-face protocol. The Bill has to ensure technical neutrality. It could be argued that specifically requiring this protocol in the Bill, could hinder the any further growth of the Internet, which is really geared toward telecommunications.
The committee requested the precise definition of "authentication service providers" as the current definition refers to two separate provisions in the Bill. Furthermore, what precisely preferred authentic service provider (PASP) means, and how it operates when the platform is basically open for anyone to gain access.
The SAPO responded by stating that a high level of authentification is being dealt with and that the Bill includes objectives other than ensuring neutrality. Therefore attempts are being made to provide a secure identification service together with other technology that would provide the best product to the public.
The committee asked the SAPO to explain face-to-face protocol at the first point of contact, and how this protocol would work with the Bill and its ability to improve the identification process.
The SAPO stated that without first clearing this point of entry via the face-to-face protocol, the user would not be able to gain access into the SAPO system. It is thus important that this stringent but necessary requirement be placed at the very beginning of the transaction, so that any mala fide intention when transacting may be avoided.
The committee stated that some Post Offices within the Republic are not up to scratch. It further stated that if the SAPO is so confident and sure that it is best suited to be the PASP, and if it is ready to provide this service while welcoming competition, why is it expressly asking to be named as the official PASP. This suggests that it is requesting that its competitors must be excluded.
The SAPO replied that it has found a niche in the urban areas and not the rural and other remote areas, and it is nearly certain that these services would not take off as well in the rural areas.
The committee contended that the SAPO is not really challenging anything currently contained in the Bill, and should its proposal under Clause 29 be accepted, it might be a good reason for the problem raised earlier by the committee.
The SAPO responded that the local authority could appoint anyone in this regard. The thinking here would be that often the smaller bodies do not possess the requisite expertise in this regard, and it is thus proposed that a special category of PASP be provided for. The proposed amendment does include "any other authentication service provider", and not just the SAPO. The advantage of a body designated by statute is that once the Bill comes into place the public bodies can
immediately utilize the service provided.
The committee enquired whether the changes proposed to Clauses 18 and 19 change the bill in any way.
The SAPO believed that it is necessary to amend these clauses.
Telkom submitted that it supported the guiding objectives stated in the Preamble, but proposed that the title of the Bill be altered to the "Electronic Transactions Act" without any reference to "communications". The reason for this is that the Bill relates essentially to commercial electronic interaction and transactions, and not to electronic communications as provided for in the Telecommunications Act as amended.
It was suggested that the following definitions be amended to clarify its content and scope:
Clause 45 should be deleted in its entirety as it defeats that purpose of, and discourages the use of the Internet as a quick and efficient way of doing business.
Telkom proposed that Clauses 54 and 57, that deal with critical data, be amended to provide that the Minister of Communications (the Minister) may not make public any information that has been categorized as "critical data".
The committee inquired what the implication would be if the clause relating to the cooling-off period be amended to reduce the number of days allowing users to avoid the cooling-off period.
The committee further inquired how the proposed amendment would benefit the consumer in practice, and stated that at this point decisions cannot be taken to delete an entire clause.
Telkom replied that the effect of the cooling-off period affects Telkom’s business as well. It said that it is not only a benefit for virtual consumers, but also affects a range of other services provided by Telkom. Clause 44 does provide a list of protection and Telkom is of the opinion that this clause does afford consumers more safeguards. The creation of additional protection via Clause 45 is thus unnecessary.
The committee requested clarity on the precise nature of the conflict caused by the current definition of "data" as suggested in the presentation.
Telkom replied that the inclusion of the phrase "in any form" in the current definition of this term is too wide, as the Bill only relates to electronic data and interactions.
The committee further felt that the proposal that the current definition of "electronic" be reformulated could not be entertained, as there is still a need to retain this definition in the Bill.
Telkom replied that various precedents were consulted on this matter, and it was found that no definition of this term exists. The inclusion of the phrase "intangible form" in the current definition of this term in the Bill is problematic. It said that this phrase could be interpreted to include emotions, which clearly cannot be the intention.
The committee suggested that the cooling-off period serves the interest of the consumer, as s/he is granted the opportunity to return the product should s/he not be satisfied. Should this be deleted, as suggested by Telkom, consumers would have no other recourse if the product they have purchased, does not live up to its promise.
The department responded that the reality of the matter is that the vast majority of South Africans have not yet been integrated into the environment of the Internet. The result being that they get themselves into on-line transactions, shopping for example, but they do not know how to get out should they change their minds. Clause 45 currently ensures that these users are protected. Furthermore, in traditional practice, people are allowed to take their time in making the decision, yet this same practice has not been extended to the electronic sphere. Thus the importance of Clause 45.
The committee requested further clarity on Telkom’s reasons for the deletion of
Clause 45, and how precisely it affects their business.
Telkom replied that it is not averse to consumer protection, but the question is whether Internet transactions are afforded the same degree of protection under the South African common law. Clause 44 provides a sufficient description of goods and services relevant here, and also contains a comprehensive refund policy which affords more protection to on-line users. It also covers corporate and private users.
The committee inquired whether an oral communication is included in the current
definition of "data message" in Clause 1 of the Bill.
Telkom replied that voice is included in that definition, if it is used in an automated transaction, and both data and voice traffic would fall within the ambit of the Bill. It further said that it is important to note that the term "electronic communication" is expressly defined in Clause 1 of the Bill, yet it only appears in one other provision in the Bill, despite the fact that the title of the Bill includes this term. It was thus argued, that this term should be excluded, as it properly falls within the ambit of the Telecommunications Act as amended.
KPMG submitted that the definitions of the terms "electronic signature" and "advanced electronic signature" implies that the former may incorporate all the attributes of the latter. It added that the critical difference here is that an electronic signature only has to satisfy the requirement of ‘authenticity" or identity. The result is that an advanced electronic signature has a superior quality, and thus this is the preferred option where an electronic signature is required by law.
It further averred that accreditation does create an artificial distinction, which has little to do with the quality of the signature. It thus suggested that linking of "advanced electronic signature" with accreditation should be done away with. Accreditation should become a purely voluntary concept, as argued by the Bill’s Green Paper. It was also suggested that the Computer Evidence Act of 1983 be repealed, as it has no bearing on the current impact of electronic data of the weight of such evidence in a court of law.
It also submitted that the clauses dealing with cryptography providers and critical databases should not be dealt with in this Bill, as this matter relates to national security. In addition, that the cyber- inspectors should not fall within the jurisdiction of the Department, as they serve a law enforcement function. Also, that the issue of consumer protection under the Bill has to be improved.
The committee inquired whether KPMG was of the opinion that the Department is not the appropriate body to deal with this Bill and, if so, whether this is because KPMG believes that the Department does not possess the necessary technological expertise.
KPMG replied that the comments made during the presentation is not a reflection on the department, although there are certain parallels with the work done by that department. It claimed that the Department does have experience in the Information Technology (IT) industry, and it increasingly permeates everything they do. Certain matters are driven by IT aspects, whereas they should properly be handled by business. It is important here that this Bill is driven by all areas of government, and in this regard it has to be questioned whether the Department in fact has the ability to do this.
The committee disagreed and said that no other government department has the level of experience and expertise that the Department has amassed which is necessary to understand the IT environment.
The department responded that the specific area of expertise of a particular department is immaterial, and this is clearly illustrated by the fact that the E-Government campaign originated with the Department but was then taken over by the Department of Public Service and Administration. The reason for this shift is that it was felt that they would be better placed, as they dealt with all public servants. The same transpired with the ICU University mentioned by the President during the State of the Nation Address, as it was introduced by the Cabinet Lekgotla by the Director General of the Departments of Agriculture and Trade and Industry. Yet the Department was later asked to lead this initiative. This illustrates that a particular issue is not only dealt with by one department.
The committee agreed with KPMG that the Bill should clearly state the body responsible for leading the bill.
A member of the committee declared that the European approach is one of co-operation between government and the private sector, and that this approach has generated huge success in their e-commerce industry. This calls into question the need for mandatory accreditation when the majority of business already provide this service very successfully.
KPMG responded that the accreditation mechanism required here needs a high level of expertise and knowledge of encryption. An additional problem created by the Bill, is that it requires advanced electronic signatures which needs substantial funds to implement this, yet finances cannot be used to buy the time needed to properly train these service providers. This could result in a lacuna being created until the Department is able to address this matter. Taking into account the infrastructure, it has to be accepted that it is a huge task to implement.
The committee further stated that the Bill emphasized the role of government, and the definition of "public body" has to be considered further because it mirrors the definition contained in the Constitution. Furthermore, it is not just about government departments who actually form the focus of Chapter 4. It submitted that clarity is needed as it might not even refer to private bodies.
KPMG confirmed that it expected that the drafting process envisaged a distinction between public and private bodies because Clause 1 does contain a definition of "Private body". It however observed that this term is not mentioned anywhere else in the bill.
The committee requested KPMG to respond to the assertion by the SAPO that it
could be a PSAP.
KPMG replied that the SAPO would have to show that it is truly a PASP in every sense and that its information security capabilities in all its services are adequate to gain the public’s trust. It added that too much value could not be placed in the face-to-face protocol alone as it does not fully explain how it ensures security. Furthermore, the SAPO does not provide a digital signature but only a digital certificate, which relates only to the identity of the user, and the technology for this application is provided by another party.
4. Cape Telecommunications User Forum (CTUF)
CTUF stated that it supports the objects of the Bill, as much of the contemporary law cannot cater for electronic transactions, but contended that the bill is over-ambitious and over-prescriptive in certain areas. It added that it raises the very real danger of creating new obstacles to frustrate its own aims.
CTUF is particularly concerned that the Bill locates a very wide range of functions and powers within the exclusive domain of the Minister of Communications and the Department of Communications. In almost every case it believes these powers and functions concern a far greater range of stakeholders.
CTUF believes that South Africa should be vigilant about the dangers of over-regulation, and government should not seek to regulate online transactions except to the extent that such regulation is required to create an enabling environment and to remove restrictions.
Furthermore, the CTUF is concerned that the drafters of the Bill have not always adequately grappled with the implications of a global information sphere. There are several provisions. It referred the committee to Chapter V that deal with cryptography providers in which it seek to impose conditions on service providers who may be located anywhere in the world. CTUF believes that the most likely effect of such provisions is that many global e-commerce entities will simply refuse to do business with South Africans.
The committee noted that CTUF objected to the manner in which Clauses 6 to 10 deal with small, medium, and micro enterprises (SMME’s), and questioned whether this means that CTUF is of the opinion that SMME’s should not be included in the Bill.
The committee further noted that the presentation calls for the deletion of the needs of the special community, and requested CTUF to explain the reasoning behind this assertion.
The committee further stated that one of the objects of the Bill is the promotion of SMME’s, yet the presentation lists, in detail, the ways in which the Bill hampers the promotion of SMME’s. It asked the department to clarify this matter.
CTUF replied by informing Members that it does not discount the need for redress in the social and equity framework, but that the Bill deals exclusively with the electronic medium outside of the political sphere. The focus of this Bill is on institutional power and not political power, and the White Paper process is preferred to devise a better strategy to meet the needs of those communities.
CTUF added that it wants this deletion as it is of the opinion that the "promises" made by the Bill are empty and merely paying lip-service to the needs of these communities. It averred that actual details are needed.
The committee requested examples of countries with Ministers or a government that is not much involved in this field.
CTUF concluded by saying that this problem has been recognized in Australia many years ago, and that they have taken proactive steps to establishing a national office for information on matters included in the Bill. In the United Kingdom their Department of Trade and Industry deals with the telecommunications industry, and thus the Departments of Trade and Industry and Telecommunications are subsumed into a single government department. Zimbabwe has adopted a similar approach by creating the office of the E-Envoy, which deals with issues closely related to those covered by the Bill.
5. Cell-C submission
One of the most pressing issues was Clause 45 which deals with consumer protection. They submitted that there are certain areas where this clause should not apply such as when a consumer is buying intangible goods such as a pre-paid voucher, recharge and sim card.
Another matter was that of protection of personal information. Cell-C indicated that the current law in South Africa does not adequately protect information privacy. Cell-C views this as a barrier to development of e-commerce as there is no confidence in the protection of privacy while engaging in e-commerce transactions.
In sum, Cell-C’s view is that "the bill creates a barrier to the entry of South Africans by introducing complex and uncertain provisions in law". Therefore, attention should be focused on creating simple, effective and clear law. Cell C emphasized that the issues should be addressed with the recognition of the unique nature of e-commerce and the inherently dynamic nature of information technology. While it is necessary to protect the consumers and privacy, there is a need to develop effective and legitimate policy and regulatory frameworks.
6. Johannesburg Securities Exchange (JSE)
JSE noted that a significant amount of its share trading is dealt with through the Internet. The Bill directly affects its scope and manner of operation. Though welcoming the Bill, they stated that government had to ensure that the Bill does not cause any confusion in the electronic commerce field.
The committee asked whether the JSE was in favour of self-regulation or co- regulation. It appeared that this question was not responded to.
The committee commented about the JSE move to London and asked how it was
going to affect South African citizens who trade with the JSE.
JSE said that the move was both stressful and advantageous to South African traders. Strenuous because they will have to learn to adjust to new rules but advantageous since they are now part of the broader international market.
7. CO.ZA Administrator
CO.ZA expressed concern regarding Chapter 10 of the Bill. In addition it stated that the government seemed not to have had enough consultation with the experts on communication technology. CO.Za further reiterated that technology "is not a political issue" and that "there should be only participation - not control - by government plus a legal framework on the management and administration of .ZA".
The committee warned that CO.ZA should not claim the Internet. It said that the roots of the Internet could be traced back to the military.
8. Uniforum SA
Uniform SA also commented on Chapter 10 of the Bill. It said that it does not comply with the process that must be followed for the hand-over from the .ZA administrators. It warned the committee that there was still no mutual consensus and that the Bill cannot be passed under those circumstances. It further said that it would undoubtedly lead to unintended consequences. It held the view that the government has to comply with the Internet community.
It used the examples of Japan and Australia where their governments gave the authority and administration of these services to private people but retained the right to step in if things go wrong. It was concerned that restrictions and costs may drive investment away.
The committee felt that while the submission made by the Uniforum was of significant importance, Uniforum should realize that the primary thrust of the Bill was to protect consumers.
Multi Choice opined that Chapters 2 and 4 were redundant and that the government will still be able to achieve its objectives without these two chapters.
It added that Chapter 5 does not comply with international best practice. It referred to the UK and US models as examples. It said that in the UK, registration is voluntary in order to encourage the use and development of Internet generally. They urged the government to adopt the US and UK approach.
It also viewed Chapter 6 with scepticism. It indicated that this will affect their daily operations. It advised the government to adopt a two tier approach like that of the European Union (EU). It also stated that Chapter 6 needed to be amended to ensure that it is in line with international best practice.
Multichoice believes that Chapter 7 should be deleted since the business community has its own standards for consumer protection. It prefers self-regulation by the business community, as done in the US and Canada. It also says that Chapter 7 will be duplication since there are organs such as the South African Bureau of Standards and consumer protection organizations that protect consumers in South Africa.
It also proposed the deletion of Chapter 8. It advised the government to wait for the South African Law Commission’s Report before enacting the Bill. It saw that chapter as "rigid", "bureaucratic" and "unjust". It was stressed that the issues which Chapter 8 aims to address should be dealt with through co-operation and partnership between the state and the business community.
Multi-Choice also dismissed Chapters 11, 12 and 14. It professed that these chapters impose a heavy burden on business and that it will block innovation and the development of electronic commerce and telecommunication industries in South Africa.
In conclusion, it reminded the Committee that the purpose of electronic commerce was to lower the cost of transactions.
10. The South African Chapter of Internet Society (ISOC-ZA)
ISOC opined that there are no provisions to benefit the disabled and the previously disadvantaged. It further said that the US had legislation in section 508 of the Rehabilitation Act that was specific about how WebPages should be structured to make it easier for the disabled.
ISOC said that it had a key concern with Chapter 5 and the provisions dealing with cryptography. It maintained that the provisions are not clear and as it stands could have various unintended consequences. It further submitted that the provisions have no public benefit and that the whole chapter should be deleted.
It stated that the provision regarding Authentication Service Providers does not serve a purpose and that it should be deleted. It referred to the US situation as an example and said that they attempted to regulate this area as well but that it damaged US credibility and profits and that regulation was subsequently relaxed.
It felt that the consumer protection provisions in Chapter 7 does not go far enough to protect organizations. In addition, that the compliance process for SMME’s in this chapter is very cumbersome.
It felt that the provisions with regard to domain name and authorization are problematic. It professed that the appointment of members by the Board is a gross violation of democracy. It submitted that excessive control by the department will not benefit the industry. ISOC agrees with the submission of Namespace on this chapter and feel that the government will not be able to administer the .za name space better than the private sector. It was submitted that parts 1, 2 & 3 must be deleted and an external private sector body should administer the .zap name space.
It declared that the cyber–inspectors should be under the Department of Justice as it is of vital importance that these officials be well - trained and an extensive knowledge of desktop operating systems.
It welcomed Chapter 13 which deals with cyber crime but asked for clarification of the word ‘unlawful’ in clause 90(3). It said that this definition is too wide.
In summary, ISOC welcomed the Bill but felt that there are certain provisions that must be deleted. It stated that a revision of certain provisions will boost the economy and benefit the citizens.
The committee asked for clarity on the reference to section 508 of the Rehabilitation Act (USA) that takes into account the disabled.
ISOC explained that the section provides a standard for HTML WebPages. The purpose is to make it easier for sight impaired people to read the web page. The section also provides standards on how to structure the content of the WebPages.
The committee further asked if South Africa had anything like this, to which ISOC
responded that it did not.
The committee asked if the technology was not yet available or if the services had not been rolled out yet.
ISOC replied that the technology is available. It added that something similar to section 508 should be mandatory for government departments. It further said that it is very expensive to re-code the WebPages but that government should lead by example.
The committee commented that at the hearings people were quoting from Australia, Canada and the US to illustrate their advancement and their balanced legislation that makes it easy for the industry to operate. It inquired whether there were any other countries with technology as advanced. The committee further commented that when the industry makes presentations they do so because they do not want to loose profit. It felt that the industry was resistant to change. It opined that industry want to be part of the new South Africa but still want to hold on to the policies of the past by not allowing government to fully exercise their legislative and policy making powers. The member making the input added that SA was a developing country and that government is trying to build and make it a
more normal society.
ISOC replied that ISOC-ZA was not a company and did not make a profit. In response to the rest of the comment, he said that it was not a question of technology but rather legislation. South Africa is a leader in many areas. There are also many people in Africa that are leaders in their field. South Africa leads Africa in terms of telecommunications but not in telecommunications legislation. As far as internet legislation is concerned, there is very little to compare the ECT
The committee referred to the presenter’s concern that the Minister appoints the Board. It inquired whether ISOC-ZA had other suggestions. Secondly, it referred to the continuous mentioning of the cyber inspectors. The committee was not sure who should enforce the legislation because if new law was created then a mechanism must be provided monitor it.
The committee then asked if the presenters would be happy if the law linked the cyber -inspectors tot the SAPS
ISOC-ZA replied that the Board should be elected not appointed. In respect of the cyber inspectors, it submitted that there are crimes that are unique to the internet but there are also crimes like fraud that just use the internet as a tool. An example is the 419 scam. It further submitted that the SAPS are the correct agency to address internet crime. It stated that if the Bill provides that resources will be allocated to SAPS, a lot will be achieved in resolving the problems.
The committee asked if clause 7 did not adequately take into account previously
ISOC-ZA replied that that it was difficult to provide for internet connectivity to disadvantaged communities in legislation. It was suggested that the Bill provide a process on how to start addressing the problem.
The committee also inquired why the presenters had not mentioned the critical databases and asked what could the possible impact be if the Bill’s provisions in relation to domain name authority be enacted.
ISOC-ZA replied that the provisions relating to critical databases were dangerous and that too much power is given to the Minister. The provisions further do not provide an appeal mechanism or a process for consultation. It responded that people without technical knowledge will be responsible for a highly technical subject. If things should go wrong, South African companies will register domains elsewhere, funds will move out of the country and SA will loose its credibility as a significant internet player.
11. The Banking Council
The Banking Council warned against unintended consequences.
It continued and said that e-commerce has nothing that is broken. It pointed out that there seems to be a conflict between the intention and what the Bill is doing.
It submitted that several whole chapters should be excised because in its opinion government cannot do better than what is currently being done.
The committee said that SARS has its own officers who enforce their legislation. The cyber inspectors will only act in terns of the ECT legislation and will be accompanied with SAPS when arrests need to be made. It inquired who the watchdog of the legislation would be if the SAPS will be responsible for enforcement.
Secondly, the committee requested more clarification on authentification as submissions require deletion. It said that it must be kept in mind that there is no legislation currently governing this.
The Banking Council replied that the SARS could not be compared to the structures in this Bill because it is unique. It has its own special tax courts and have confidential requirements that stops then form sharing information with SAPS. Currently the police do not have the capacity to investigate complicated fraud, so rather than creating a parallel investigating unit, the resources should be placed at SAPS. It added that the cyber inspectors do not monitor the implementation of the legislation. Their function is to investigate and prosecute offences and this SAPS would be doing.
In respect of authentication, it said that it ensures that you are who you say you are when using a computer. This has been in the market for a long time.
The committee referred to the submission that ‘advanced electronic signature’ should be debated further. It understood this to be an attempt to legitimize electronic communications and wanted to know why this objection was lodged.
The Banking Council replied that the ‘advanced’ electronic signature is not practical because a notary will not attest an electronic document without proper identification of the person sending the data and the verification of the underlying original. He submitted that these provisions were opening an avenue for fraud because the commissioner does not know who he is dealing with.
The committee commented that there were still many questions but said that it would be useful to have all the presenters present when the committee deliberates as it would afford another opportunity to interact with the submissions.
The committee referred to the submission that government should protect consumers but not business-to-business relationships. It wanted the presenter to elaborate what he meant as SMME’s also needed protection.
Comparex replied that business-to-business relationships are governed by contract. If SMME’s need protection then it should be done through the Department of Trade and Industry rather than in telecommunications legislation.
The committee followed up and said that the definition of consumer implies someone at the end of the food chain. In this regard the SMME's could be consumers. It asked if in this context SMME’s should not be protected by government.
Comparex reiterated its previous point and added that there are initiatives in DTI
which allows SMME’s to compete on an equal footing with big business.
13. Namespace ZA
Namespace ZA submitted that a country code top level domain (ccTLD) is a national and communal asset. It however does not mean it must be subsumed or otherwise taken over by the State.
Namespace ZA said that it is the current administrator of the ZA ccTLD (country code top level domain).
Namespace ZA submitted that the provisions of Chapter X of the ECT Bill seek to remove this administrative function from Namespace ZA and assign it to a new body. It submitted that it is vehemently opposed to this process for a number of reasons, including
The committee commented that many presenters are concerned with the Nationalization of a communal asset. It asked how the democratic process undertook by Namespace and the one in the Bill can be compared.
Namespace said that a notice of elections are sent out to everyone on the mailing list. Three additional board positions were formed. One for the Service Providers, one for ISOC and one for the Department. Namespace wanted government to be involved and if government requested that they be given 2 positions on the board that would have been fine. An official from the department sat on the board in a personal capacity until the Director-General decided that it was inappropriate.
It said that the Bill provided for nominations from 8 sectors. He said that he was not even sure about the relevance of these sectors to the IT industry.
The Minister also has unfettered discretion to appoint anyone she wants from the list. The process is undemocratic, confused and can be done secretly.
The committee said that the discussions revolved around a national asset and that everyone agrees that it must have a custodian. It was of the opinion that in this instance it should be the state and used a constitutional justification for this view. Secondly, it referred to a comment that suggested that the DG prevented Namespace from talking to black technology business and questioned the authority of the DG in this regard.
Namespace replied that meetings were set up with the Black IT forum and other forums and it was explained that Namespace ZA must be representative. Namespace wanted the black IT sector to volunteer for the Board and stand for elections. There were fruitful discussions until they spoke to the DG who told them not to get involved in the process. He added that should have been expected since the Department had broken off negotiations with Namespace.
It added that there is a real possibility of over regulating. Domain Name is a significant area with lots of politics and flexibility is needed.
The committee scrutinized the names on the Board of Namespace and said that it was not representative of the country. The committee commented that in the submission it is stated that the Bill is not clear on the dispute resolution process. It requested a proposal from Namespace in this regard.
Namespace replied that he did not want to propose a dispute resolution process because it had nothing to do with Namespace. Namespace suggested a mechanism that creates precedent and stated that one of the inadequacies in the
current clause is that no precedent is created.
The committee inquired about the consequences if a registration authority is set
up by the government.
Namespace said that the ICANN requirements must be complied with or else the administrator will loose legitimacy to administer the domain. Worse than loosing this legitimacy is that if at a technical level South Africa will not be able to connect to the Internet.
The committee concluded by saying that it seems that the parties are reaching consensus on the issue of ownership of the Internet.
14. Internet Service Providers Association (ISPA)
ISPA identified the chapters dealing with cryptography and domain name authority as its main areas of concern. It submitted that these chapters should be deleted.
In respect of cyber crime it submitted that it is a good chapter but that the penalties are too lenient.
It said that it understood the provisions on cyber inspectors. It however could not comprehend the reason for the separation from SAPS.
It applauded Chapter 10 that deals with critical databases but warned that excessive power given to the Minister could be constitutionally challenged.
It submitted that Chapter 7 that deals with consumer protection creates difficulties for the little guy. It felt that there was not enough protection from Spam. It also submitted that in this area self-regulation would be more appropriate.
It further submitted that Chapter 8 that deals with protection of personal information should be self-regulatory.
It submitted with reference to Chapter 6, which deals with authentication service providers, that the DG is not the best person to act as the accreditation authority as it is a very technical role and stated that more consultation is needed.
It felt that the definitions chapter could present real problems.
15. Linux Professional Association (LPA)
The LPA submitted that a reading of the bill indicates there are several clauses that could have severe consequences for the adoption and implementation of free software. It also added that the aims of the Bill will be well served by the adoption of Free Software Policies.
16. Electronic Commerce Association of South Africa (ECASA)
ECASA opined that the Bill is supported as well as the role of the department in facilitating and regulating. It however believed that e-commerce must be led by the private sector. ECASA stated its support for the Objects of the Act with the
the use of e-commerce.
ECASA are concerned that, in the absence of any defined categories of national interest, this may represent a derogation of citizen's civil liberties and result in a reduced international participation in electronic commerce in South Africa to the
detriment of all.
The committee commented that self-regulation was a common theme. It said that in SA poverty levels are very high and many people are not exposed to technology. It asked how else could government compel delivery to such people if it was not legislated.
ECASA replied that legislation is needed but a balance needs to be created.
It added that universal access could not be self – regulated but other areas such as cryptography must be self-regulated. It further said that regulation will not achieve universal access. Consumers cannot be protected if they do not yet exist.
The committee asked if ISPA had a problem with the prior authorization that is required before ISP’s benefit from limited liability. Secondly, whether Spam would be difficult to stop if it came from other countries.
ISPA replied that Spam should be made a crime. People should not be receiving unsolicited mail. He agreed that it could not be stopped if it came from other countries but said that all the countries should move in this direction.
The committee requested other reasons why the domain name must not be regulated by government.
ISPA replied that there is sufficient use and management of the domain name environment. It was not convinced that there were valid grounds for government intervention. The cost of administration is estimated at R20 million for the first three years. It submitted that this money is more desperately required elsewhere. It added that government must have proper participation and have the right to ask for certain services and capabilities but this does not warrant government wrestling responsibility and ownership away from the private sector. It
further added that there has been a lack of consultation in respect of Chapter 10. ISPA submitted that it registers the most names but it was never consulted on Chapter 10. It said Zimbabwe was an example where in 1995 the government took control of the .zw domain name and the internet did not work for 4 days. It said that with US intervention control was returned to the former administrator.
The committee replied that examples from Zimbabwe should not be used because it just weakens the argument of the presenter. It added that the SA government does consult and that this process of hearings is a form of consultation. It said that the committee will try its best to find solutions to all the submissions. It added that once the law has been passed, anybody has the right to petition the President or challenge it in court. However, if there is no violation of any rights, then all that can be done is negotiate with government.
17. Versfeld & Nkosi and AfricaBio
The Versfeld & Nkosi and AfricaBio submission submitted and requested clarity on:
to International Suppliers;
Versfeld & Nkosi Inc, noted that its submission would focus primarily on the manner in which the issues of conflict of laws and evidence are dealt with in the bill. It requested that the current definitions of the terms "addressee", "consumer", "critical data", "data", "a stored record", "electronic", "originator", "person", "information system", "public domain", "electronic signature" and ".za domain
Namespace had to be considered. It explained that the conflict exists in so far as Clause 21 of the Financial Intelligence Centre Act specifically provides for the identification of clients and other persons by an accountable institution. However, identification of a prospective client would be difficult if not impossible if in terms of Clause 17 of the Electronic Communications Bill, a prospective client were to be allowed to submit proof of identity by way of a data message. It submitted that special attention need to be given to "data messages" and the interpretation thereof. It further submitted that the normal rules applicable to the interpretation of statutes and contracts should also find application here. As e-contracts are still contracts in electronic format, legal principles still evolves around consensus and
the intention of the parties.
In as far as the issue of evidence is concerned, it argued that Clause 3 seems to imply that this Bill is without any consequence and does not substantially or materially affect the common law and other statutory provisions. However, the opposite is true. Clauses 12, 13, 14, 15, 16, 17, 18 and 19 contain provisions which render other statutory provisions obsolete and/or in effect, "amend" them. It averred that scant regard has also been shown to the Bill’s implications, as reflected by inter alia, the inadequate and/or incomplete list of Acts affected by Schedules 1 and 2 of the Bill. It requested clarity on the precise implications of Clauses 24, 25 and 27 in Part 2 of the Bill. It suggested that clarity regarding acceptance of downloading be given and that greater understanding of the time, place and formation of a contract be given. In this regard, it was specifically suggested that the spirit of the UNCITRAL Model Law on Electronic Commerce be followed, namely that the law is there to facilitate and that the intention is to create international co-operation in electronic matters. Furthermore, the e-com Legal Guide of Malaysia suggests "acceptance is deemed to take place at the time and in the place where it is received. Confirmation by answer back in telex communication is normally evidence of receipt". It is suggested that this or a similar concept be considered.
The committee stated that the critical databases are important for AfricaBio regarding data of the Genome Project, for example, as well as recording medical data on people and animals. Versfled & Nkosi were requested to comment on this issue.
It replied that clients in this sector have to take extreme care and precaution. The intellectual property rights of this data is one of the greatest concerns with medical research. In this regard SMME’s can be employed to do the diagnostics needed to create a framework to bridge the digital divide and stimulate the economy. This should be considered on a national level, and the assistance of the country’s tertiary institutions should be employed, so that the rights of the people involved are protected. Yet the current position is that this data lies as dead information, when it should be used by those who so desperately need it. It proposed that a body be established to regulate this.
The committee requested that concise statements from interested public groups be heard first. It then referred to a United States ruling in 1991 which indicated that raw data cannot be owned and protected under copyright law. This ruling raises the issue of property rights in intellectual property. In this regard, the Internet is redefining the notion of ‘theft’. Specifically this challenges the music and film industry's whole ownership structure. It also leads on to the question of what exactly is a "critical database".
The committee read out a British newspaper article which indicated that the information on smart cards was now able to be gleaned using a simple camera flash. This was put forward as a point of interest.
The committee indicated that the English language within the Electronic Communications and Transactions Bill is "very simple", and expressed the desire to ensure that the Bill was in line with the Constitution. It noted that the one point that every submission agreed upon was that there was a need for the ECT Bill and that there was currently legal uncertainty in the area of electronic communications and transactions. It added that all the public submissions were taken seriously by the committee.
1. Draft legislation