Tag Archive | SAPS

Latest Cybercrime Bill free of state apparatchik

New Cybercrime Bill   

……Every business must have a battle plan

In the light of the fact that the Cybercrimes Bill, now passed by Parliament, places obligations on financial institutions and service providers to report incidents to SAPS, it would seem imperative that preparedness by business for a cybercrime incident must include a well-planned response plan.

Read more...New Cybercrime Bill

Posted in Communications, Finance, economic, Home Page Slider, Justice, constitutional, Police, Security, Security,police,defence, Trade & Industry0 Comments

Gigaba pushes for control of border posts

Treasury, Home Affairs at odds on customs issues

Parliament will be debating in the new session in August the Border Management Authority Bill.   What the Bill proposes is a single state entity known as the Border Management Authority (BMA) to oversee all aspects of the movement in the import/export of goods and to control movement of all persons either leaving or entering the country.

The idea is that all border law enforcement functions along South Africa’s fragmented 5,000 kilometres of border will be the responsibility of the BMA.   Read More……    Border Management Bill July 2018 PDF

Posted in Agriculture, Finance, economic, Security, Security,police,defence, Trade & Industry, Transport0 Comments

Border Management Authority around the corner

SARS role at border posts being clarified ….

In adopting the Border Management Authority (BMA) Bill, Parliament’s Portfolio Committee on Home Affairs agreed with a wording that at all future one-stop border posts, managed and administered by the envisaged agency and reporting to Department of Home Affairs (DHA), were to “facilitate” the collection of customs revenue and fines by SARS staff present.

However, on voting at the time of the meeting, Opposition members would not join in on the adoption of the Bill until the word “facilitate” was more clearly defined and the matter of how SARS would collect and staff a border post was resolved.

Haniff Hoosen, the DA’s Shadow Minister of Economic Development said that whilst they supported the Bill in general and its intentions, they also supported the view of National Treasury that the SARS value chain could not be put at risk until Treasury was satisfied on all points regarding their ability to collect duty on goods and how.

Keeping track

Most customs duty on goods arriving at border controls had already been paid in advance, parliamentarians were told; only 10% being physically collected at SA borders when goods were cleared.

However, with revenue targets very tight under current circumstances both SARS and Treasury have been adamant that it must be a SARS employee who collects any funds at border controls and the same to ensure that advance funds have indeed been paid into the SARS system.

The Bill, which enables the formation of the border authority itself, originally stated that it allowed for the “transfer, assignment and designation of law enforcement functions on the country’s borders and at points of entry to this agency.”

Long road

It was the broad nature of transferring the responsibility customs of collection from SARS to the agency that caused Treasury to block any further progress of the Bill through Parliament, much to the frustration of past Home Affairs Minister, Malusi Gigaba.   It has been two years since the Bill was first published for comment.

DHA have maintained throughout that their objective is to gain tighter control on immigration and improve trading and movement of goods internationally but Treasury has constantly insisted that customs monies and payments fall under their aegis. The relationships between custom duty paid on goods before arrival at a border to Reserve Bank and that which must be paid in passage, or from a bonded warehouse was not a typical DHA task, they said.

Breakthrough

It was eventually agreed by DHA that SARS officials must be taken aboard into the proposed structure and any duties or fines would go direct to SARS and not via the new agency to be created or DHA.

This was considered a major concession on the part of DHA in the light of their 5-year plan to create “one stop” border posts with common warehouses shared by any two countries at control points and run by one single agency. More efficient immigration and better policing at borders with improving passage of goods was their stated aim.

Already one pilot “one stop border post”, or OSBP, has been established by DHA at the main Mozambique border post by mixing SAPS, DHA and SARS functions, as previously reported.

To enable the current Bill, an MOU has been established with SAPS has allowed for the agency to run policing of SA borders in the future but Treasury subsequently baulked at the idea of a similar MOU with SARS regarding collection of customs dues and the ability to levy fines.
Bill adopted

At the last meeting of the relevant committee, Chairperson of the PC Committee on Home Affairs, Lemias Mashile (ANC) noted that in adopting the Bill by majority vote and not by total consensus, this meant the issue could be raised again in the National Council of Provinces when the Bill went for consensus by the NCOP.

Objectives

The Agency’s objectives stated in the Bill include the management of the movement of people crossing South African borders and putting in place “an enabling environment to boost legitimate trade.”

The Agency would also be empowered to co-ordinate activities with other relevant state bodies and will also set up an inter-ministerial committee to handle departmental cross-cutting issues, a border technical committee and an advisory committee, it was said.

Mozambique border

As far as the OSBP established at the Mozambique border was concerned, an original document of intention was signed in September 2007 by both countries. Consensus on all issues was reached between the two covering all the departments affected by cross-border matters.

Parliament was told at the time that the benefit of an OSBP was that goods would be inspected and cleared by the authorities of both countries with only one stop, which would encourage trade. In any country, he explained, there had to be two warehouses established, both bonded and state warehouses.

Bonded and State warehouses

Bonded warehouses which were privately managed and licensed subject to certain conditions, were to allow imported goods to be stored temporarily to defer the payment of customs duties.

Duties and taxes were suspended for an approved period – generally two years but these had to be paid before the goods entered the market or were exported, MPs were told. The licensee bore full responsibility for the duty and taxes payable on the goods.

State warehouses on the other hand, SARS said at the time, were managed by SARS for the safekeeping of uncleared, seized or abandoned goods. They provided a secure environment for the storage of goods in which the State had an interest. Counterfeit and dangerous or hazardous goods were moved to specialised warehouses.

Slow process

MPs noted that it had taken over six years for the Mozambique OSBP to be finalised. SARS said there were many ramifications at international law but added two discussions with Zimbabwe for the same idea had now taken place. It was hoped it would take less time to reach an agreement as lessons had been learnt with the Mozambican experience.

On evasion of and tax, SARS said in answer to a question that losses obviously occurred through customs avoidance and evasion, so it was consequently it was difficult to provide an overall figure on customs duty not being paid, as evasion was evasion. Smuggling of goods such as narcotics, or copper, which could only be quantified based on what had been seized.

The same applied to the Beit Bridge border with Zimbabwe where cigarette smuggling was of serious concern and through Botswana.

In general, it now seems that Home Affairs is to adopt an overall principle of what was referred to as having one set of common warehouses for one-stop declaration, search, VAT payment and vehicle movement with a SARS presence involving one common process for both countries subject to a final wording on the SARS issue before the Bill is submitted for signature.

Previous articles on category subject
Border Authority to get grip on immigration – ParlyReportSA
Mozambique One Stop Border Post almost there – ParlyReportSA

Posted in Finance, economic, Fuel,oil,renewables, Justice, constitutional, Mining, beneficiation, Public utilities, Security,police,defence, Trade & Industry, Transport0 Comments

Cybercrime and Cybersecurity Bill invokes suspicion

Cybercrime Bill stated as invasive

…sent to clients 28 Jan…   A new law to assist in enforcing South Africa’s fight against cybercrime, hacking and unlawful interception of data is about to be tabled in Parliament. As expected, the proposals are not without considerable misgivings in the private sector and involve claims that the state may have designs upon the control of free speech and/or are intent upon the control or manipulation of cyberspace.

The draft Cybercrime and Cybersecurity Bill (C&C Bill) has now been approved by Cabinet, the draft having been published for comment as far back as September 2015.  Industry players are deeply involved and the next platform for their involvement moves to the actual wording of the document that will form the basis for regulations.

Agents for the state

The legislation states that the proposals are designed to give powers to the State Security, Defence, Police and Telecommunications Ministers, which powers will not only extend into many aspects of South Africa’s key economic, financial and labour environments but will impose responsibilities on service providers.

The Bill clearly states it will call upon the private sector for compliance into order to meet its objectives and will also change the way the public service goes about its business to reflect the call for security.  Cross hairs are to zero in on the criminalisation of cyber-facilitated offenses including circulation of messages aimed at economic harm, contain pornography or could cause mental or psychological harm.

Parliamentary stage

The next stage of public sector involvement will be extensive parliamentary hearings, no doubt involving joint portfolio committees, to cover the many aspects involved.  Also to allow for further submissions on deep concerns in the private sector regarding compliance and intrusion of free speech rights.

The long and quite complicated process of drafting such legislation has been undertaken by the Department of Justice and Constitutional Development.  It is stated that the proposals are of an umbrella approach towards legislation already in the ambit of the new Bill, the objective of which is to extend any new regulations over a wide range of business endeavours and activities “in the public interest”.

Long history

The process started at a point in the cybercrime history log which seems a century ago.  A government gazette articulated what was necessary. “I, Mbangiseni David Mahlobo, Minister of State Security, hereby publish the National Cybersecurity Policy Framework as approved by Cabinet in March 2012 for public information.”

The long journey has finally resulted in a 130-page draft which firstly creates offences, prescribes penalties and regulates for powers to investigate, gain access, search and seize items. It gives such powers to the South African Police Service (SAPS) and the State Security Agency (SSA).

Future structures

The Bill then proposes that structurally the Minister of Police establish both a National Cybercrime Centre and appoint a director in charge – a person currently serving with the SSA – and similarly appoint such a director in charge for a “point of contact centre” for cybercrime activity, outreach and contact.

Monitoring all structures will be a Cyber Response Committee (CRC) made up of 13 experienced persons chaired by the DG, Dept. of State Security.

Any interventions at this level will be, by nature of the vastly changing business environment and the global challenge of the subject matter of the Bill, “which will form the critical point of balance between the forces of state control and public endeavour”.

Ground troops

Initially, the Minister of State Security is to appoint a director in charge of a proposed Cyber Security Centre, such person also serving with SSA and for the Minister to establish Government Security Incident Response teams, also appointing a person from the State Security Agency as the head of each specialised investigating team.

Finally, on structures, the Minister of Defence is to establish and operate a Cyber Command and appoint a General Officer Commanding.

Furthermore, provision in the Bill is made for the Minister of Telecommunications and Postal Services to establish and operate a Cyber Security Hub and appoint a director of same. It is in this area that assumedly the main interface between private and public sectors will take place.

Key points

An example of a database to be protected is given in the Bill as the Home Affairs database and the mandate for dealing with cybercrime clearly includes the fact that foreign states and South Africa will be co-operating to investigate possible offences.

Also, powers are granted to the President who may enter agreements with foreign states to promote cybersecurity. The proposals make it quite clear that international crime fighting and the local protection of cyberspace are to be woven together. This will involve changes to the anchor Electronic Communications and Transactions Act, particularly where the Act deals with attempts to deal with abuse of information systems.

The nitty gritty

Where the C&C Bill ventures into the private sector there will no doubt be, and certainly has been to date, plenty of debate.  The Bill as proposed, broadly and perhaps too grandly, allows for the imposition of obligations on electronic communications service providers (ECSPs) and financial institutions in respect of aspects “which may impact on cybersecurity”.

The difference between obligations and compliance seems a fine line but already the Dept. of Telecommunications has set up a website on https://www.cybersecurityhub.gov.za/ to try and clarify issues.

At what point?

The general obligations of ECSPs are a set out in the draft bill but an obligation is proposed that as soon as a ECSP “becomes aware of an offence being committed on its network”, the matter must be declared to the National Cybercrime Centre.

The offences are enumerated in the Bill but it is possible that clarity is required, according to stakeholders who have voiced opinions so far, as to who decides at and at what level the retention of a suspicion becomes an offence or to restate the problem, at what point does a suspicion become a reportable fact.

Proposed offences include unlawful interception of data; unlawful access, personal information and financial information-related offences; unlawful acts in respect of software or hardware tools; unlawful acts in respect of malware; unlawful acquisition, possession, provision, receipt or use of passwords, access codes or similar data or devices; computer-related fraud and computer-related extortion.

Extensive powers

Most focus on the fact that the Bill’s clause 58 gives the State Security Minister powers to determine what should be included in a “national critical information infrastructure”.

The Bill goes on to state that should it “appear” to the Minister that any information presented is of such “strategic nature” that any interferences, loss, damage, immobilisation or disruption which may result in prejudice to the “security, defence, law enforcement or international relations of South Africa; or prejudice the health and safety of the public; interfere or disrupt any essential service’, then the Minister may implement the powers granted by the Bill.

The “Apple” problem

Broadly speaking, also included is any malevolent act which “causes any major economic loss, destabilises the economy of South Africa or creates any form of public emergency’’ with the proviso that the organisation must “at its own cost take steps to the satisfaction of the Cabinet minister” to comply with a state request.

Any “affected organisation may be given the right to be afforded an opportunity to make representation” but, to repeat, players in the industry note that a great amount of responsibility has been delegated without clear definitions of what is reportable.

The background

The seriousness of the Bill and the recognition that cybercrime must be dealt with firmly is measured by the background given to the Bill.    It is estimated that cyber-related offences currently exceed a value of more than R1bn annually. This is escalating at speed, the Department of Justice states.

In general terms, one of the tasks of the Cybercrime Centre is stated in the revised draft as informing all of cybercrime trends and creating an environment which enables parties to report cybercrime without being suspected of whistle-blowing with the accompanying commercial disadvantages.

In other words, the fear with the original draft expressed by the Right2Know campaign that the draconian powers of seizure worried many in the IT industry and that lack of protection for whistle blowers was out of kilter with free speech requirements, may have to some extent been responded to.

Heavy hand of the law

Still, fines of up to R10m and/or 10 years’ imprisonment are involved following a guilty verdict for unlawfully accessing or intercepting “a national critical information infrastructure” involving “critical data”, which makes for a tricky scenario for ECSPs handling traffic and journalists handling information.

This is in the light that an ECSP could be liable on conviction to a fine of R10 000 for each day on which such failure to comply with disclosure requirements continues, it was noted.    To be specific, some fifty offences are detailed in the areas of data, messages, computers, and networks.

This is serious talk.   Whilst national cybersecurity needs are recognised as paramount, as the latest draft explains, the extent of state powers in the hands of uncontrolled and misdirected state effort gives concern to many in the ECSP business community, particularly in the light of the public nature of the internet.

No warrantless searches

On the other hand, whilst the C&C Bill gives SAPS and SSA extensive powers to investigate, search, access and seize assets wherever they might be located, the search powers granted are not emanating from the proposed Bill.

Search powers are only possible provided the search entity has a search warrant granted in the normal way, the department says.  SSA will be purely looking, they say, for data that has a feature of malevolence and commits crime in terms of the need to protect the State and its citizens.

At a briefing for the media, the Justice and Constitutional Development Department in Pretoria Deputy Minister of Justice and Constitutional Development, John Jeffery, gave a further assurance that what is about to arrive in Cape Town “will not give any powers to the State Security Agency (SSA) to control the internet or spy on local users”.

Criminal data

The search and seizure powers granted in terms of the latest draft of the C&C Bill around the interception of data “do not represent increasing the state’s surveillance powers”, the Minister said.

“As part of the final draft of the bill, it says that to prove an offence in a court of law, data must be seized as evidential material.  If the State cannot seize evidential material to adduce as evidence, it is impossible to prove the guilt of an accused person. “

The criminal procedure act is currently used to investigate cybercrimes, Minister Jeffery said, and to this end the Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA) “are already in the tool box”.

Anchor still RICA

The C&C Bill is merely extending the RICA from that aspect, he said, which already has basic general principles in place to protect persons against unlawful interception of communications. “There is thus no extension of the so-called ‘surveillance powers’ of the State”, he added.

He confirmed that previous versions of the Bill, whilst stating a person who fell foul on the issue of state information that was classified as secret could go to jail for 10 years without the possibility of a fine, now, the final draft of the Bill acknowledges that journalists and whistle-blowers have protection under the Protected Disclosures Act.

Minister Jeffrey said was satisfied that the C&C Bill, now headed towards its final shape, gives the State the tools to halt crime and bring those who used data as a tool of crime to book.

 Defining data

He concluded, “Data is merely a means to commit offences such as fraud, damage of programmes and computer systems, extortion, forgery and uttering. It can also be used to commit murder by remotely switching of a respiratory system or terrorism by overloading the centrifuges of a nuclear station or remotely opening the sluices of a dam which causes large scale flooding.”

Much of what will come up in the parliamentary hearings of submissions will most likely involve the space occupied by the ECSPs and their responsibilities as perceived by the State. Furthermore, the role to be played by any business institution using large amounts of data needs to be clarified as far as areas of compliance are concerned.

Previous articles on category subject

Draft Cybercrime Bill drafts industry – ParlyReportSA

South Africa on international cybersecurity – ParlyReportSA

Broadband allocation could involve SABC – ParlyReportSA

Posted in Communications, LinkedIn, Security,police,defence, Trade & Industry0 Comments


This website is Archival

If you want your publications as they come from Parliament please contact ParlyReportSA directly. All information on this site is posted two weeks after client alert reports sent out.

Upcoming Articles

  1. PIC Bill passage indicates sleight of hand by governing party
  2. Climate legislation Bill links on carbon tax

Earlier Editorials

Earlier Stories