PRESENTATION TO PORTFOLIO COMMITTEE ON COMMUNICATIONS

1
PRESENTATION TO PORTFOLIO COMMITTEE ON
COMMUNICATIONS

• ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL
• Presentation by Andile Ngcaba, Director-General
• Department of Communications
• 14 May 2002

2
Table of Contents

• Background and history.
• Issues addressed in the Bill.
• Objectives of the Bill.
• Chapter I Interpretation, definitions and
  applications.
• Chapter II Maximising benefits and electronic
  policy.
• Chapter III Facilitating electronic
  transactions.
• Chapter IV E-Government.
• Chapter V Cryptography providers.
• Chapter VI

3
Table of Contents (contd..)

• Chapter VI Authentication Service Providers.
• Chapter VII Consumer and privacy protection.
• Chapter VIII Personal information and privacy
  protection.
• Chapter IX Protection of critical data.
• Chapter X Domain name authority and
  administration.
• Chapter XI Limitation of liability of service
  providers.
• Chapter XII Cyber inspectors.
• Chapter XIII Cyber Crime.
• Conclusion.

4
Background and history

• The extensive consultation on the Electronic
  Communications and Transactions Bill started in
  July 1999.
• A draft discussion document was published for
  public comment followed by the Green paper
  launched in November 2000.
• January 2001, Cabinet agree to fast-track
  legislation, skipping White Paper process.
• April 2001, E-Law conference held culminating in
  the development of the ECT Bill.

5
ISSUES ADDRESSED IN THE BILL

• National e-strategy
• Electronic Transactions Policy
• Facilitating Electronic Transactions
• E-government
• Cryptography Providers
• Authentication Service Providers
• Consumer Protection
• Protection of Critical Databases
• Domain Name Authority Administration
• Limitation of Liability of service Providers
• Cyber Inspectors
• Cyber Crime

6
OBJECTIVES OF THE BILL

• To enable and facilitate electronic transactions
  by creating legal certainty in the cyberspace
• Bridging the digital divide by developing a
  National e-Strategy
• To ensure legal recognition and functional
  equivalence between electronic and paper based
  transactions
• To promote public confidence and trust in
  electronic transactions
• To promote universal access to electronic
  communications and transactions
• To promote the use of electronic transactions by
  SMMEs

7
OBJECTIVES OF THE BILL cont.

• To encourage e-government services
• To protect consumers, privacy and critical data
• To prevent abuse of information systems and
  prevent cyber crime
• To establish proper management regime with regard
  to domain names in the Republic

8
CHAPTER I Interpretation, Objects And
Applications

• This part of the Bill defines critical words and
  phrases and sets out the main objects of the
  Bill.

9
CHAPTER IIMaximising Benefits and Electronic
Policy

• The objective is to maximize the benefits the
  internet offers by promoting universal and
  affordable access
• The development of a National e-Strategy by the
  Minister in consultation with members of the
  Cabinet
• The national e-Strategy plan must include
  detailed plans and programs to address
• 1. The development of e-transaction strategy
• 2. The promotion of universal access and
  e-readiness
• 3. SMMEs development
• 4. Empowerment of previously disadvantaged
  persons and communities
• 5. Human resources development

10
CHAPTER IIIFacilitating Electronic Transactions

• It provides for
• Legal recognition of data messages and records
• Legal recognition of electronic transactions and
  advanced electronic signatures
• Formation of contracts online
• Validity of sending notices and other expressions
  of intent through data messages

11
CHAPTER IVE-government

• This chapter of the Bill promotes adoption of
  e-communications and transactions by government
  by providing for the following
• Electronic filing of documents
• Issuing of permits, licences, approvals
• Electronic payments
• Departments are free to specify their own formats
  for electronic documents and determine the
  criteria
• A public body shall not be compelled to accept or
  issue any document in the form of an electronic
  data message

12
CHAPTER VCryptography Providers

• WHAT IS CRYPTOGRAPHY?
• Its a process of converting data into an
  unreadable form using a public key system
  (generated codes) to encrypt and decrypt data.
• How Public Key Cryptography works key pair
  system.
• Symmetric encryption uses the same key to
  encrypt and decrypt.
• Asymmetric uses one key to encrypt and a
  different but related key to decrypt.
• One key is kept private and another can be made
  public anyone can use it to decrypt a
  confidential message from the person who owns the
  private key.

13
Cryptography Providers (contd.)

• Rationale To curb security threats posed to
  consumers who transact online.
• The Bill requires the suppliers of cryptographic
  material to register their products and services
  with the Department of Communications (DoC).
• Provides for the establishment and maintenance of
  a cryptography provider register by the DoC.
• This will assist investigative authorities in the
  event of any threat to National security by
  deciphering encrypted messages.

14
CHAPTER VIAuthentication Service Providers

• The Bill provides for the establishment of an
  Accreditation Authority within the Department
• It also provides for voluntary accreditation of
  authentication products and services
• The purpose is to promote confidence and trust in
  the electronic environment
• The Bill further provides for the establishment
  and maintenance of a publicly accessible
  database in respect of accredited products and
  services, and revoked accreditations

15
CHAPTER VIIConsumer and Privacy Protection

• This section deals with consumer protection
  issues pertaining to electronic transactions
  only.
• It affords consumers protection and privacy when
  transacting electronically thus ensuring their
  confidence.
• Protection is based largely on the following
  principles
• Provision of as much information as is necessary
  to the consumer before the transaction is
  concluded.
• A right afforded to the consumer to cancel the
  agreement within 14 days if certain requirements
  have not been complied with.

16
Consumer And Privacy Protection (contd.)

• Provision of a cooling-off period entitling the
  consumer to cancel without reason and without
  penalty, any transaction or any related credit
  agreement for the supply of goods within 7 days
  of receipt of goods.
• A right not to be bound by unsolicited goods and
  services.
• A right to complain to the Consumer Affairs
  Council.

17
CHAPTER VIII Personal Information and Privacy
Protection

• The principles contained in this chapter will
  only apply to data that is collected through
  electronic transactions.
• In terms of section 52 the following principles
  will apply when data controllers collect
  information
• Collection may only take place with the express
  and written permission of the data holder.
• Data controllers are prohibited from collecting
  personal info which is not required for the
  purpose for which the info is collected.
• South African Law Commission is currently
  developing specific data protection legislation.

18
CHAPTER IX Protection of Critical Data

• Critical data is information which, if
  compromised, may pose a risk to the national
  security of the Republic or to the economic or
  social well being of its citizens.
• Provision is made for the Minister to declare
  certain classes of information as being critical
  data and establish procedures to be followed in
  the identification and registration of such data.
• Standards/regulations for management, protection,
  storage, control of critical databases will be
  prescribed.
• A register will be maintained by the DoC
  containing the name(s) and address(es) of data
  custodian(s), location of and types of
  information stored in the critical database.

19
CHAPTER XDomain Name Authority and
Administration

• The Bill establishes .za Domain Name Authority
  (.zaDNA), as a section 21 company, and
  stipulates the objects, powers and functions of
  the Authority.
• The Minister will assume responsibility for the
  .zaDNS public policy as it is a national asset.
• The Authority will be controlled and managed by a
  fully representative board of between 8 and 16
  directors.

20
CHAPTER XILimitation of Liability of Service
Providers

• The Bill creates a safe harbour for service
  providers who are currently exposed to potential
  liability by virtue of only fulfilling their
  basic technical functions.
• Service providers may seek to limit their
  liability where they have acted as mere conduits
  for the transmission of data messages provided
  they meet certain conditions.
• The Bill provides for specific requirements that
  the service providers actions must meet before
  the clause may be invoked to limit his or her
  liability.

21
CHAPTER XIICyber Inspectors

• The Bill provides for the appointment of Cyber
  Inspectors.
• Their powers include
• Monitoring Internet websites in the public
  domain.
• Investigating whether cryptography service
  providers and authentication service providers
  comply with the Law.
• They also have powers of search and seizure
  subject to a warrant.
• They can also assist the police or investigative
  bodies on request.

22
CHAPTER XIIICyber Crime

• The Bill introduces criminal offences relating to
  information systems into the SA law.
• These crimes relate to
• Unlawful access to or interception of data.
• Unlawful interference with data that cause the
  modification, destruction, erasure or corruption
  of data.
• Computer-related extortion, fraud and forgery.

23
CONCLUSION

• The Bill has undergone an extensive consultative
  process with stakeholders.
• The Bill provides an enabling framework for the
  development of electronic communications and
  transactions in the country.
• Ensure that that the interests of consumers are
  protected in the electronic transactions
  environment.
• Address issues of cyber crime.
• Ensure the stability of the domain naming
  environment.

24
THANK YOU