South Africa’s cabinet has approved the Cybersecurity Bill. If the Bill becomes an Act there will be very definite changes to the legal landscape for all businesses – partly because the cybersecurity bill is a very wide (in other words ‘over-broad’) and introduces a whole raft of new criminal penalties.
Comments by the Right to Know Campaign (R2K) put it quite nicely:
The interesting part about the Cybersecurity Bill is that the South African Police Service clearly does not have the capacity to actually implement it. For example it would now be a crime (section 20) to be part of a Bittorrent network which would allows you to download copyrighted content such as movies or music. Clearly policing the end user in this case is an exercise in futility. The only way that this part of the Bill could be successfully policed is by placing the duty to protect copyrighted content on the Internet Service Providers. Even then there would be limited success as all that needs to happen to bypass any restrictions by the ISP is for the file-sharing site to use SSL encryption. (There are more actions and counter-actions to combat this, but essentially what this ends up being is a digital arms race between the security agencies vs the pirate content providers).
The real tragedy here is that the Cybersecurity Bill is a good idea. We actually need it – but it needs to be practical and target criminal activity while still allowing whistle blowers to root out corruption, journalists to protect their confidential sources and for us to be free to air our opinions without fear of being censured. The Cybercrime bill is a classic example of inexact drafting which in turn leads to unenforceable legislation.
If only we can say what we truly mean…