The prosecution of cybercrime in South Africa is regulated by the Electronic Communications and Transactions Act 25 of 2002 (“the ECTA”) and the Cybercrimes and Cybersecurity and Related Matters Bill (“the Bill”). Alongside these pieces of legislation exists the common law, as well as the Constitution of the Republic of South Africa, 1996 (“the Constitution”). The ECTA and the Bill are to be read in conjunction with the common law (where it is applicable) and the Constitution in order to obtain a holistic understanding of the improvement of cybersecurity and the prosecution of cybercrimes in South Africa. It should be noted that where the ECTA fails to impose criminal sanctions on cybercrime, the common law sanctions will apply.
The ineffectiveness of the common law to deal with and combat cybercrime led to the promulgation of the ECTA in 2002. The ECTA has as its objective the facilitation and regulation of electronic communications and transactions.
The ECTA deals with cybercrime in Chapter XIII, in which several new cybercrime-related offences were created. These new offences include obtaining unauthorised access to, interception of or interference with data; computer-related extortion, fraud and forgery; and attempt, and aiding and abetting regarding the aforementioned offences.
The ECTA also created the “cyber inspector” who may “enter any premises or access any information that has a bearing on an investigation” into a cybercrime.
The arrival of the ECTA was applauded, as it was an attempt made by the South African legislature to address and improve cybersecurity and to create and prosecute new cybercrimes. However, the ECTA received some criticism and it is generally accepted that there is still room for improvement.
It is argued that the penalties for engaging in cybercrime, as stipulated in section 89 of the ECTA, are not severe enough. This is because it is argued, a person convicted of certain offences in the ECTA can, at most, be liable for a fine or be imprisoned for a period of one year.
For other offences in the ECTA, a person can be liable for a fine or be imprisoned for, at the most, a period not exceeding five years. It is argued that these punishments are not enough of a deterrent to prevent the commission of cybercrimes and that the ECTA should be amended to include harsher penalties. It is also argued that the police, the private sector and academia should be involved in the fight against cybercrime. As noted above, the ECTA created cyber inspectors, though none have been appointed to date, and therefore no actors are currently exercising their power to conduct investigations into cybercrimes.
The Bill was promulgated to address the shortcomings of the ECTA, and it is apparent that the Bill has in fact done so.
First, the Bill imposes a fine with a minimum amount of 5 million Rand and a maximum amount of 10 million Rand. The Bill also prescribes a minimum period of imprisonment of five years and a maximum period of imprisonment of 10 years. Moreover, the Bill makes provision for the combined penalty of a fine as well as imprisonment.
Secondly, the Bill addresses the lack of involvement of police, the private sector and academia in the fight against cybercrime in the ECTA by creating several structures to assist in the eradication of cybercrime. These structures include a Cyber Response Committee and a Cybersecurity Centre.
These penalties are considerably stricter than those of the ECTA, and it is believed that the Bill will have a greater deterrent effect on the commission of cybercrimes.
Upon examination of the ECTA and the Bill, as well as the amount of criticism that the respective pieces of legislation have attracted, it becomes apparent that the prosecution of cybercrime in South Africa is not, and will not be, without challenges. This is because these pieces of legislation are grappling simultaneously with an all-new type of criminal activity and the advanced phenomenon called cyberspace. Developing legislation that effectively prosecutes cybercrime will, therefore, take legislatures and experts on cybercrime some time to perfect.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)