IN OCTOBER of 2015, I warned readers of the many dangers inherent to the deeply flawed and draconian Cybercrime Bill, Medialternatives was one of the first publications in the country to break the story, followed by an opinion piece written by myself and published by the Cape Times, I therefore feel obligated to respond to the latest round of publicity on the subject.
The bill continues to threaten the ‘fundamental democratic spirit of the Internet and increases the state’s surveillance powers.’ The allegations have been denied (but not refuted) by deputy minister of justice and constitutional development, John Jeffery, at a media briefing on the Bill in Pretoria last week.
Although the latest version of the bill that will be introduced to Parliament is ‘considerably different in many respects to the Bill that was issued for public comment,’ it still contains provisions which are highly problematic from a civil rights perspective, in particular the erosion of the communications rights in our Constitution which favour individual data gathering and information sharing.
Advocacy group Right2Know Campaign (R2K), which is opposed to the Cyber Security Bill and has called for it to be scrapped, says (via ITWeb), that despite the revisions, the fundamental fatal flaws of the Bill are still there.
R2K advocacy coordinator Murray Hunter says the organisation recognises the Department of Justice has made some important revisions in the Bill: “But as far as we can see, the fundamental, fatal flaw of the Bill is still there − it would hand over the keys of the Internet to state security minister David Mahlobo.”
Particularly worrying is the bill criminalises the modification of computer programmes by users, in effect open intellectual inquiry is outlawed by a presumption that any curiosity for instance, is evidence of an ulterior motive. Why would users want to gain access to their operating systems, if only to engage in crime?
The bill is thus an amalgamation of paranoid and securocratic concerns about potential, online criminal activities, From hacking to interception of data, from forgery and uttering, to extortion and even terrorist activity. And most certainly there are very real reasons to be afraid these days of unwanted intrusions such as identity theft, fraud and surveillance, but should modifying computer data be grounds for the presumption of criminality?
Similarly, the use of common network tools, such as ping, finger, netstat and so on, would under the current version of the bill, also incur the legislators wrath. Why would anyone wish to analyse network traffic if only to commit crime? The mind boggles at the scope and sheer over-reach of the contemplated new statute.
Removing bloatware, adware and other unwanted intrusions by software companies, will not surprisingly, also run the risk of offending the new proposed law. There are many articles available online, on the issue of whether computer software users do have or ought to have the right to modify legally-obtained software, either themselves or through the services of another party.
“Private software consumers should have those same modification rights under intellectual property law that are recognized when the government is a consumer of software” says Pamela Samuelson of Berkeley Law Review. The Free Software Foundation has long campaigned for user rights to modify and alter computer programmes. The entire open source movement is predicated on the rights contained in the GNU/Linux General Public License (GPL), which expressly allows such modifications.
One of the novelties inside the bill is the new delict of “theft of an incorporeal”. One can only presume this is meant to convey the idea of virtual objects, which may be copied without permission and thus also “stolen”. In legal tradition the crime of theft usually deprives the owner of property, not simply by leaving behind the original and making a digital copy, which has lead many internet rights activists to point out the inherent contradiction.*
The overly-broad definition of “computer” by the bill, leaves much to be desired, and opens up users to unwanted litigation merely for possession of a personal computer, and thus an unnecessary attack against general purpose, personal computing. In today’s interconnected and networked world, it is often difficult to determine where an intrusion or ‘cyberattack’ originates, and what exactly is being conveyed by the noughts and ones of machine code.
Turning victims into criminals isn’t the solution.
You can read more about this debate on Itweb, with an excellent contribution by Simnikiwe Mzekandaba
See my separate article on how internet rights were included in South Africa’s Constitution.
(*NOTE: In 1991 South Press carried a pioneering article by myself, pointing out the problem of defining property in the computer age, the M&G refused to run a follow-up citing concerns to do with property-ownership. I later participated in the campaign to include Internet rights in the Constitution)