PRESENTATION TO PORTFOLIO COMMITTEE ON COMMUNICATIONS

ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL

Presentation by: Andile Ngcaba, Director-General

Department of Communications

14 May 2002

Table of Contents

Background and history.

Issues addressed in the Bill.

Objectives of the Bill.

Chapter I: Interpretation, definitions and applications.

Chapter II: Maximising benefits and electronic policy.

Chapter III: Facilitating electronic transactions.

Chapter IV: E-Government.

Chapter V: Cryptography providers.

Chapter VI ……

Table of Contents (contd..)

Chapter VI: Authentication Service Providers.Chapter VII: Consumer and privacy protection.Chapter VIII: Personal information and privacy protection.Chapter IX: Protection of critical data.Chapter X: Domain name authority and administration.Chapter XI: Limitation of liability of service providers.Chapter XII: Cyber inspectors.Chapter XIII: Cyber Crime.Conclusion.

Background and historyThe extensive consultation on the Electronic Communications and Transactions Bill started in July 1999.A draft discussion document was published for public comment followed by the Green paper launched in November 2000.January 2001, Cabinet agree to fast-track legislation, skipping White Paper process.April 2001, E-Law conference held culminating in the development of the ECT Bill.

ISSUES ADDRESSED IN THE BILLNational e-strategyElectronic Transactions PolicyFacilitating Electronic TransactionsE-governmentCryptography ProvidersAuthentication Service ProvidersConsumer ProtectionProtection of Critical DatabasesDomain Name Authority & AdministrationLimitation of Liability of service ProvidersCyber InspectorsCyber Crime

OBJECTIVES OF THE BILL

To enable and facilitate electronic transactions by creating legal certainty in the cyberspaceBridging the digital divide by developing a National e-StrategyTo ensure legal recognition and functional equivalence between electronic and paper based transactionsTo promote public confidence and trust in electronic transactionsTo promote universal access to electronic communications and transactionsTo promote the use of electronic transactions by SMME’s

OBJECTIVES OF THE BILL cont.

To encourage e-government services

To protect consumers, privacy and critical data

To prevent abuse of information systems and prevent cyber crime

To establish proper management regime with regard to domain names in the Republic

CHAPTER I: Interpretation, Objects And

Applications

This part of the Bill defines critical words and phrases and sets out the main objects of the Bill.

CHAPTER II:Maximising Benefits and Electronic

PolicyThe objective is to maximize the benefits the internet offers by promoting universal and affordable accessThe development of a National e-Strategy by the Minister in consultation with members of the CabinetThe national e-Strategy plan must include detailed plans and programs to address

1. The development of e-transaction strategy2. The promotion of universal access and e-readiness3. SMME’s development4. Empowerment of previously disadvantaged

persons and communities5. Human resources development

CHAPTER III:Facilitating Electronic Transactions

It provides for: Legal recognition of data messages and records Legal recognition of electronic transactions and

advanced electronic signatures Formation of contracts online Validity of sending notices and other expressions

of intent through data messages

CHAPTER IV:E-government

This chapter of the Bill promotes adoption of e-communications and transactions by government by providing for the following: Electronic filing of documents Issuing of permits, licences, approvals Electronic payments

Departments are free to specify their own formats for electronic documents and determine the criteriaA public body shall not be compelled to accept or issue any document in the form of an electronic data message

CHAPTER V:Cryptography Providers

WHAT IS CRYPTOGRAPHY?It’s a process of converting data into an unreadable form using a public key system (generated codes) to encrypt and decrypt data. How Public Key Cryptography works – key pair system.

Symmetric encryption – uses the same key to encrypt and decrypt.

Asymmetric uses one key to encrypt and a different but related key to decrypt.

One key is kept private and another can be made public – anyone can use it to decrypt a confidential message from the person who owns the private key.

Cryptography Providers (contd.)

Rationale: To curb security threats posed to consumers who transact online.

The Bill requires the suppliers of cryptographic material to register their products and services with the Department of Communications (DoC).

Provides for the establishment and maintenance of a cryptography provider register by the DoC.

This will assist investigative authorities in the event of any threat to National security by deciphering encrypted messages.

CHAPTER VI:Authentication Service Providers

The Bill provides for the establishment of an Accreditation Authority within the Department

It also provides for voluntary accreditation of authentication products and services

The purpose is to promote confidence and trust in the electronic environmentThe Bill further provides for the establishment and maintenance of a publicly accessible database in respect of accredited products and services, and revoked accreditations

CHAPTER VII:Consumer and Privacy ProtectionThis section deals with consumer protection issues pertaining to electronic transactions only.It affords consumers protection and privacy when transacting electronically thus ensuring their confidence.Protection is based largely on the following principles: Provision of as much information as is necessary to

the consumer before the transaction is concluded. A right afforded to the consumer to cancel the

agreement within 14 days if certain requirements have not been complied with.

Consumer And Privacy Protection (contd.)

Provision of a cooling-off period entitling the consumer to cancel without reason and without penalty, any transaction or any related credit agreement for the supply of goods within 7 days of receipt of goods.

A right not to be bound by unsolicited goods and services.

A right to complain to the Consumer Affairs Council.

CHAPTER VIII: Personal Information and Privacy

ProtectionThe principles contained in this chapter will only apply to data that is collected through electronic transactions.In terms of section 52 the following principles will apply when data controllers collect information: Collection may only take place with the express and

written permission of the data holder. Data controllers are prohibited from collecting

personal info which is not required for the purpose for which the info is collected.

South African Law Commission is currently developing specific data protection legislation.

CHAPTER IX: Protection of Critical Data

Critical data is information which, if compromised, may pose a risk to the national security of the Republic or to the economic or social well being of its citizens.Provision is made for the Minister to declare certain classes of information as being critical data and establish procedures to be followed in the identification and registration of such data.Standards/regulations for management, protection, storage, control of critical databases will be prescribed.A register will be maintained by the DoC containing the name(s) and address(es) of data custodian(s), location of and types of information stored in the critical database.

CHAPTER X:Domain Name Authority and

Administration

The Bill establishes .za Domain Name Authority (.zaDNA), as a section 21 company, and stipulates the objects, powers and functions of the Authority.

The Minister will assume responsibility for the .zaDNS public policy as it is a national asset.

The Authority will be controlled and managed by a fully representative board of between 8 and 16 directors.

CHAPTER XI:Limitation of Liability of Service

ProvidersThe Bill creates a safe harbour for service providers who are currently exposed to potential liability by virtue of only fulfilling their basic technical functions.

Service providers may seek to limit their liability where they have acted as mere conduits for the transmission of data messages provided they meet certain conditions.

The Bill provides for specific requirements that the service provider’s actions must meet before the clause may be invoked to limit his or her liability.

CHAPTER XII:Cyber Inspectors

The Bill provides for the appointment of Cyber Inspectors.Their powers include:

Monitoring Internet websites in the public domain. Investigating whether cryptography service

providers and authentication service providers comply with the Law.

They also have powers of search and seizure subject to a warrant.

They can also assist the police or investigative bodies on request.

CHAPTER XIII:Cyber Crime

The Bill introduces criminal offences relating to information systems into the SA law.These crimes relate to: Unlawful access to or interception of data. Unlawful interference with data that cause the

modification, destruction, erasure or corruption of data.

Computer-related extortion, fraud and forgery.

CONCLUSION

The Bill has undergone an extensive consultative process with stakeholders.

The Bill provides an enabling framework for the development of electronic communications and transactions in the country.

Ensure that that the interests of consumers are protected in the electronic transactions environment.

Address issues of cyber crime.

Ensure the stability of the domain naming environment.

THANK YOU