Electronic Communications and Transaction Bill submission

1
Electronic Communications and Transaction Bill
submission

• Internet Service
• Providers Association
• Ant Brooks
• (ant_at_ispa.org.za)

2
About ISPA

• Internet Service Providers Association
• Industry body not for gain
• Founded in 1996
• Currently has 45 members
• includes small, medium-sized and large companies
• includes NGOs and educational networks
• Provides a forum for industry co-operation
• Participates actively in policy development
  processes

3
General comments

• ISPA supports the bill.
• There is a need for legislation in this highly
  technical area of law.
• ISPAs view is that legislation should
• Only remove existing barriers for electronic
  commerce.
• Avoid creating new structures or processes where
  these are not necessary.
• Be light touch and allow for self-regulation
  where appropriate.
• Some chapters introduce excessive state
  involvement where a monitoring function would be
  more appropriate.
• Bill also lack clear universal service targets
  for bridging the digital divide.
• May be dealt with in subordinate legislation.

4
Chapter XIV General provisions

• Suggestion "Electronic Commerce Act" would be a
  more appropriate title.

5
Chapter XIII Cyber crime

• ISPA welcomes these provisions
• They will enable effective action against
  destructive Internet activity
• Penalties stated in the bill may be too lenient
  for some crimes. (Section 93)
• The exact penalties should perhaps be left to the
  presiding judicial officer to determine.

6
Chapter XII Cyber inspectors

• ISPA understands the need to have technically
  competent persons investigating and enforcing
  electronic commerce activities.
• However, the creation of a separate resource to
  do this does not seem efficient.
• Instead, existing entities (SAPS, NIA, FPB,
  SABS) should be trained to fulfil this role.

7
Chapter XI Limitation of liability of service
providers

• ISPA strongly supports the balanced and measured
  approach reflected in the bill, subject to a few
  concerns.
• ISPA believes that it can meet the requirements
  for an industry representative body. (Section 75)
• Discrepancies between the limitations of
  liability
• caching and mere conduit (Sections 77 and 78)
• covers criminal and civil liability
• hosting and information location tools (Sections
  79 and 80)
• covers only civil claims
• All sections should covers both civil and
  criminal liability
• Example Currently, an ISP hosting a search
  engine with a link to an illegal web page could
  still be criminally liable for the link

8
Chapter XI Limitation of liability of service
providers

• Take down notification (Section 81)
• Who will be authorised to issue the take down
  notice?
• It doesnt help for the notifying party to
  indemnify the ISP from liability. What happens if
  an ISP takes down content and is then sued by the
  owner of that content?
• Blanket indemnity needs to be included in the
  legislation for ISPs following legislated take
  down procedures.
• No general obligation to monitor (Section 82)
• Minister can force ISPs to provide information,
  but the ISPs can still be sued. Again, a general
  indemnity clause is needed.
• Savings (Section 83)
• Potential clash with proposed amendments to the
  Film and Publications Act. Closer co-ordination
  is encouraged.

9
Chapter X Domain name authority and
administration

• Chapter appears to be completely unnecessary
• Seeks to replace a functioning, self-funding
  organisation with an untested, government body
  funded (in part) by tax-payers money. Why?
• Change to a critical system is proposed
• The domain name system is of crucial importance
  to the future of electronic commerce in South
  Africa.
• Any change to the established DNS administration
  could seriously impact the functioning of the
  Internet in SA.
• Changes to the existing set-up should only take
  place following extensive consultation with the
  Internet industry and existing domain name
  administrators. It is ISPA's view that no such
  consultation has taken place.

10
Chapter X Domain name authority and
administration

• ISPs represent the single largest group of domain
  name registrants in South Africa
• The majority of domain names registered in .ZA
  are registered by ISPs (mostly on behalf of
  clients).
• In ISPA's view, this chapter should be deleted
  entirely. Alternative approaches to government
  involvement in domain name issues should be
  investigated.

11
Chapter IX Protection of critical databases

• ISPA applauds the goal of this chapter
• the protection of critical databases from
  unscrupulous exploitation and the protection of
  national security.
• Unfortunately, the result is so broad as to
  possibly be unconstitutional
• Minister's unilateral ability to make
  declarations and determine "minimum standards or
  prohibitions" is cause for concern.
• Cabinet Members must be consulted on regulations
  that affect them, but no such opportunity is
  accorded the private sector.

12
Chapter VIII Protection of personal information

• This chapter seeks to remedy the lack of
  protection of personal information in SA
  legislation on an interim basis pending work by
  the Law Commission on final legislation.
• Although this section is purely voluntary, there
  are still some concerns. Self-regulation may be
  more appropriate that legislative intervention. A
  number of self-regulation programs already exist
  globally.

13
Chapter VII Consumer protection

• The requirements of this chapter are extremely
  onerous
• This will likely inhibit the growth of e-commerce
  in South Africa
• It will also make SA a less attractive market
  internationally
• Self-regulation would be a far better option
• Example GBDes trustmark program
• Clashes with existing consumer protection
  legislation
• Consumer Affairs (Harmful Business Practices) Act
  71 of 1988
• Extra-territoriality problematic (Section 48)
• Could limit consumers, not enforceable
• SPAM -- unsolicited communications (Section 46)
• The legislation does not go far enough in dealing
  with SPAM (unsolicited bulk email). An opt-out
  provision is insufficient.

14
Chapter VI Authentication service providers

• Who should be the Authentication Authority?
• Is the Director-General best qualified to act as
  the Accreditation Authority?
• Wouldn't the SABS or ICASA be more appropriate
  for this highly technical role?
• More consultation needed with the private sector
• The Authority should be required to consult with
  the private sector on authentication issues and
  should not be purely prescriptive.
• Similarly, the Minister should be required to
  consult broadly prior to making regulations
  relating to accreditation.

15
Chapter V Cryptography providers

• This chapter is poorly written and confuses many
  issues.
• Serious problems with basic definitions -- overly
  broad.
• These impact the substantive law, making it
  unfeasible.
• Who must register?
• As currently written, the law could require
  public libraries to register as cryptography
  providers if they contain any books on secret
  codes or cryptography.
• This Chapter relates to the consequences of the
  Monitoring and Interception Prohibition Act, and
  would probably be better dealt with there.
• Timing of implementation is similar

16
Chapter III Facilitating electronic transactions

• This chapter is the meat of the Bill, and is very
  welcome.
• Evidence (Section 15)
• The continued existence of the Computer Evidence
  Act may impede the adoption of this section. That
  Act should be amended or repeal simultaneously
  with the passing of the Bill.
• Production of documentation (Section 17)
• Should not only apply to documents required by
  law, but also to other documents not specifically
  required by law, including contracts.

17
Chapter II Maximising benefits and policy
framework

• Objectives of a national e-strategy are
  commendable and will commit government to
  research and set objectives.
• More consultation with the private sector
  required
• Especially on universal access, human resources
  and SMMEs

18
Chapter I Interpretation, objects and application

• Definitions (Section 1)
• There are many problematic definitions,
  particularly those relating to cryptography and
  domain name issues
• ISPA strongly advises that all of the definitions
  be carefully reviewed, especially where public
  comment has drawn attention to potential problems.

19
Summary

• What should be scrapped?
• Cryptography, Domain name authority
• What needs a major overhaul?
• Definitions, Consumer protection, Protection of
  critical databases, Cyber inspectors
• What needs some minor adjustments?
• Maximising benefits, Facilitating electronic
  transactions, Authentication providers,
  Protection of personal information, Limitation of
  liability
• Fine as is
• E-government, Cyber crime, General provisions