PRESENTATION TO SELECT COMMITTEE

1
PRESENTATION TO SELECT COMMITTEE

• ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL
• ANDILE NGCABA 12 JUNE 2002

2
ISSUES ADDRESSED IN THE BILL

• National e-strategy
• Electronic Transactions Policy
• Facilitating Electronic Transactions
• E-government
• Cryptography Providers
• Authentication Service Providers
• Consumer Protection
• Protection of Critical Databases
• Domain Name Authority Administration
• Limitation of Liability of service Providers
• Cyber Inspectors
• Cyber Crime

3
OBJECTIVES OF THE BILL

• To enable and facilitate electronic transactions
  by creating legal certainty on the cyberspace
• Bridging the digital divide by developing a
  National e-Strategy
• To ensure legal recognition and functional
  equivalence between electronic and paper based
  transactions
• To promote public confidence and trust in
  electronic transactions
• To promote universal access to electronic
  communications and transactions
• To promote the use of electronic transactions by
  SMMEs

4
OBJECTIVES OF THE BILL cont.

• To encourage e-government services
• To protect consumers, privacy and critical data
• To prevent abuse of information systems and
  prevent cyber crime
• To establish proper management regime with regard
  to domain names in the Republic

5
MAXIMISING BENEFITS AND ELECTRONIC POLICY

• The objective is to maximize the benefits
  internet offers by promoting universal and
  affordable access
• The development of the National e-Strategy plan
  by the Minister in consultation with members of
  Cabinet
• The national e-Strategy plan must include
  detailed plans and programs to address
• 1. The development of e-transaction strategy
• 2. The promotion of universal access and
  e-readiness
• 3. SMMEs development
• 4. Empowerment of previously disadvantaged
  persons and communities
• 5. Human resources development

6
FACILITATING ELECTRONIC TRANSACTIONS

• It provides for the legal recognition of data
  messages and records
• Legal recognition of electronic transactions and
  advanced electronic signatures
• Formation of contracts online
• Validity of sending notices and other expressions
  of intent through data messages

7
E-GOVERNMENT

• The Bill promotes adoption of e-communications
  and transactions by government by providing for
  the following
• Electronic filing of documents
• Issuing of permits, licenses, approvals
• Electronic payments
• Departments are free to specify their own formats
  for electronic documents and determine the
  criteria
• The public body shall not be compelled to accept
  or issue any document in the form of an
  electronic data message

8
CRYPTOGRAPHY PROVIDERS

• Rationale To curb security threats posed to
  consumers who transact online
• The Bill requires the suppliers of crypto
  materials to register their products and
  services with the Dept.
• Provides for the establishment and maintenance of
  a cryptography provider register by the Dept
• This will assist the investigative authorities in
  the event of any threat to National security by
  deciphering of encrypted messages

9
WHAT IS CRYPTOGRAPHY?

• Its a process of converting data into an
  unreadable form using public key system
  (generated codes) to encrypt and decrypt data
• How Public Key Cryptography works key pair
  system
• Symmetric encryption uses the same key to
  encrypt and decrypt
• Asymmetric uses one key to encrypt and a
  different but related key to decrypt
• One key is kept private and another can be made
  public anyone can use it to decrypt a
  confidential message from the person who owns the
  private key

10
AUTHENTICATION SERVICE PROVIDERS

• The Bill provides for the establishment of an
  Accreditation Authority within the Department
• It also provides for voluntary accreditation of
  authentication products and services
• The purpose is to promote confidence and trust in
  the electronic environment
• The Bill further provides for the establishment
  and maintenance of a publicly accessible
  database in respect of accredited products and
  services, and revoked accreditations

11
CONSUMER AND PRIVACY PROTECTION

• This section deals with consumer protection
  issues pertaining to electronic transactions only
• It afford consumers protection and privacy when
  transacting electronically thus ensuring their
  confidence.
• Protection is based largely on the following
  principles
• Provision of as much information as is necessary
  to the consumer before the transaction is
  concluded
• A right afforded to the consumer to cancel the
  agreement within 14 days if certain requirements
  have not been complied with

12
CONSUMER AND PRIVACY PROTECTION

• Provision of a cooling period entitling the
  consumer to cancel without reason and without
  penalty, any transaction or any related credit
  agreement for the supply of goods within 7 days
  of receipt of goods.
• A right not to be bound by unsolicited goods and
  services
• A right to complain to the Consumer Affairs
  Council

13
PROTECTION OF PERSONAL INFORMATION

• The principles contained in this chapter will
  only apply to data that is collected through
  electronic transactions.
• In terms of section 52 the following principles
  will apply when data controllers collect
  information
• Collection may only take place with the express
  and written permission of the data holder
• Data controllers are prohibited to collect
  personal info which is not required for the
  purpose for which the info is collected
• South African Law Commission is currently
  developing specific data protection legislation

14
PROTECTION OF CRITICAL DATA

• Critical data is information which, if
  compromised, may pose a risk to the national
  security of the Republic or to the economic or
  social well being of the citizens
• Provision is made for the Minister to declare
  certain classes of info as being critical data
  and establish procedures to be followed in the
  identification and registration of such data

15
PROTECTION OF CRITICAL DATA

• Standards/regulations for management, protection,
  storage, control of critical databases will be
  prescribed
• A register will be maintained by the Dept
  containing name and address of data custodian,
  location of info and types of info stored in the
  critical database

16
DOMAIN NAME AUTHORITY AND ADMINISTRATION

• The Bill establishes .za Domain Name Authority
  (.zaDNA), a section 21 company, and stipulates
  the objects, powers and functions of the
  Authority
• The Minister will assume responsibility for the
  .zaDNS public policy as it is a national asset
• The Authority will be controlled and managed by a
  fully representative board of between 8 and 16
  directors

17
LIMITATION OF LIABILITY OF SERVICE PROVIDERS

• The Bill creates a safe harbour for service
  providers who are currently exposed to a wide
  variety of potential liability by virtue of only
  fulfilling their basic technical functions
• Service providers may seek to limit their
  liability where they have acted as mere conduits
  for the transmission of data messages provided
  they meet certain conditions
• The Bill provides for specific requirements that
  the service providers actions must meet before
  the clause may be invoked to limit his or her
  liability

18
CYBER INSPECTORS

• The Bill provides for the appointment of Cyber
  Inspectors
• Their powers include
• Monitoring Internet websites in the public domain
• Investigating whether cryptography service
  providers and authentication service providers
  comply with the Law
• They also have powers of search and seizure
  subject to a warrant
• They can also assist the police or investigative
  bodies on request

19
CYBER CRIME

• The Bill introduces criminal offences relating to
  information systems into the SA law
• These crimes relate to
• Unlawful access to or interception of data
• Unlawful interference with data that cause the
  modification, destruction, erasure or corruption
  of data
• Computer-related extortion, fraud and forgery

20
CONCLUSION

• The Bill will result in changes to certain Laws
  by other Departments
• It also does not oblige other Government
  Departments to accept or issue documents in
  electronic form
• The Bill will effect an increase in revenue
  collected by the Department in the form of fees
  payable for

21
THANK YOU