1 / 32

ISOC-ZA

ISOC-ZA. South African Chapter of the Internet Society Submission to the PPCC on the ECT Bill, no 8 of 2002. Internet Society. ISOC was founded by the people who founded the Internet, e.g.: - Vint Cerf – co-inventor of TCP/IP Jon Postel – RFC Editor To this day, ISOC funds the RFC process.

xanti
Download Presentation

ISOC-ZA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ISOC-ZA South African Chapter of the Internet Society Submission to the PPCC on the ECT Bill, no 8 of 2002

  2. Internet Society • ISOC was founded by the people who founded the Internet, e.g.: - • Vint Cerf – co-inventor of TCP/IP • Jon Postel – RFC Editor • To this day, ISOC funds the RFC process.

  3. The Internet • A vast collection of privately owned networks in voluntary co-operation • All member networks agree to follow the rules as specified by the RFCs • Member networks agree to interconnect and exchange traffic, according to agreed rules • Failure to follow these rules results in a loss of connection to the Internet – no-one will talk to you.

  4. Who owns the Internet? • No one party – parts are owned and operated by many, many different organisations • Rules, protocols & procedures established by RFCs, by mutual agreement • ISOC manages RFCs • ICANN manages naming and numbering issues • Significant ICANN changes require US Dept of Commerce approval – never been refused to date

  5. ECT Bill • ISOC-ZA supports the introduction of this Bill • Legislation is required to provide much needed certainty • Will facilitate further growth, if appropriate legislation is passed • Some sections of the Bill require improvement

  6. Participation in ECT Bill Process • ISOC-ZA members have taken part in every stage of the process: - • E-Commerce Debate • Working Groups • E-Law Conference • Meetings with DoC

  7. DEFINITIONS • “advanced electronic signature” is a misnomer, we propose “accredited electronic signature” • “browser” is defined as a “computer program which allows a person to read hyperlinked data messages”. This should specify “web browser” as one can have programs to browse other things, and there are programs that read web pages that are not browsers.

  8. Cryptography • “cryptography product” and “cryptography service” need to be extensively revised • Three distinct issues here • Data integrity • Authentication • Encryption

  9. Data Integrity • Data Integrity simply ensures that the data transmitted or stored has not been corrupted in some way. • It has nothing to do with encryption, however, cryptographic techniques are often used to achieve assurance of integrity • Integrity can be checked using checksum algorithms or similar programs

  10. Authentication • Authentication verifies the identity of the authorship of a document • Authentication can be done in various ways including using digital certificates, passwords, etc

  11. Encryption • Encryption scrambles a message so that it is unintelligible to anyone who does not have the key to decrypting it. • The organization that provides software for a third party to encrypt data does not have any extra advantage when trying to decrypt a message using their technology • Encryption on its own does not guarantee authenticity or data integrity

  12. Combining these functions • There are a number of products that can do any two or all three in combination. • E.g. Microsoft Outlook, which comes standard with Microsoft Office, does all three. • You cannot include authentication and data integrity in the definition of cryptography just because some programs offer them together.

  13. Domain Name • The use of “…assigned in respect of an electronic address on the Internet” is inaccurate • “Address” in Internet terminology can refer to email addresses or IP addresses, and neither of these is relevant to domains • Suggest: “a hierarchical alphanumerical designation that is registered or assigned in respect of a resource record on the Internet”

  14. Electronic • What about analogue electronics? • “Intangible” is a very bad choice as there are plenty of intangible forms of data that are not electronic, e.g, air vibrations forming musical notes • We suggest: “in a form that can be stored or processed on a computer” or other electrical system.

  15. IP Address • Internet Protocol Address • Is a number e.g. 196.22.64.195 • Is assigned to computers or network equipment connected to a network or to the Internet • “data message” should be deleted from the definition as IP addresses are attached to or give information about data messages.

  16. World Wide Web • Suggest delete “…includes all data messages residing on all computers linked to the Internet” as this would include files that have nothing to do with the Internet, such as Word documents and password files.

  17. Maximising Benefits • This Bill lacks any specific provisions to benefit the disabled. We suggest that reference is made to the US example of Section 508 of the Rehabilitation Act: Electronic and Information Technology Accessibility Standards. See http://www.access-board.gov/508.htm

  18. Chapter 3 • This Chapter is the heart of the Bill, and is very welcome indeed. • It provides much needed certainty in the “virtual world”. • Chapter 3 goes a long way towards providing parity between paper-based transactions and electronic transactions

  19. E-Government • ISOC-ZA welcomes the provisions allowing “Public Bodies” to make use of electronic transactions • ISOC-ZA is disappointed that a principle agreed at the E-Law Conference was omitted from the Bill • Should require Government Departments to implement electronic transactions within a reasonable timeframe • Would act as an important boost to E-Commerce in RSA, “kick start” the economy

  20. Cryptography Providers • This Chapter does not seem to lead to any discernable benefit to the consumer, or to law enforcement Agencies. • Knowing the “provider” of cryptography software is of little use in decoding an encoded message

  21. Cryptography Provider • Considerable confusion as to who is the “provider” – the inventor, manufacturer, importer, distributor, wholesaler, retailer, installer, manager or user? • If an end user (e.g. an SMME) buys and installs SSL on a web site for E-Commerce purposes, which is used by visitors to the site for secure transactions, does the web site owner become a “Cryptography Provider”?

  22. Authentication Providers • Similarly, this Chapter is a dangerous step down the slippery slope of “crypto regulation” • All current web browsers and most operating systems include both authentication & cryptography facilities • Are we expecting every PC vendor to register as a provider?

  23. US Example • The US Government attempted to regulate cryptography, classifying it as a “munition” • This severely damaged US credibility and US business interests • This was a direct contributing factor to Thawte Consulting being paid R3bn by Verisign, and Mark Shuttleworth being in space last week.

  24. Consumer Protection • An important chapter, and one that meets with ISOC-ZA’s support. • Only protects individuals and not organisations – especially SMMEs • No obligation on the consumer to return the goods during the cooling off period.

  25. Consumer Protection – cont’d • Suggest that Section 43 (f) read: - • “where the goods or services - ” • Will address cellular networks concerns about sale of airtime, as does Section 43 (d)

  26. Domain Name Authority • Appointment of ALL board members by the Minister is a gross violation of democracy. • Provisions of Parts 1, 2 & 3 of this Chapter are in direct contradiction of Objectives (d),(i),(k),(m),(o),(p) and (q) of Section 2 – Objects of the Act.

  27. Domain Name Authority – cont’d • ISOC-ZA supports NameSpace ZA as the best body for management of the .ZA ccTLD in the public trust • NameSpace ZA was formed as the result of an inclusive and fully democratic process • Request legislative recognition of NameSpace ZA, as per line 1, phrase 2, page 41 of the Bill, as gazetted.

  28. Liability of ISPs • An excellent addition to the Act • We don’t understand why an ISP should have to belong to any particular Association in order to be protected – surely objective standards and adherence to a Code of Conduct would be better. • Meets with global best practice

  29. Cyber Inspectors • The contents of this Chapter are surely a matter for the Department of Justice, not of Communications • The SAPS does have a Computer Crime Unit. Let’s rather give them adequate resources to do their job properly, rather than creating another police force or “Inspectorate”. • Where Inspectorates exist in other industries, e.g. Mining, they have specific and well defined roles to play, as laid out in Legislation & Regulation. Their function isn’t something as nebulous as “surfing the web” at the tax-payer’s expense.

  30. Cyber Crime • We welcome the introduction of this Chapter. It’s high time that my “virtual property” was as well protected, legally, as my physical property • Section 90 (3) “ … unlawfully … possess a computer program … an offence” • E.g. Master keys in a hotel

  31. Summary • ISOC-ZA welcomes the introduction of this Bill, and supports its objectives • Chapter 3 especially gives much needed legal ‘weight’ to electronic evidence. • Consumer protection is to be welcomed • Privacy protection does not go far enough • Cyber crime provisions much needed • Some sections – even whole chapters – are ill-conceived. • Revision of this Bill will be a valuable boost to the SA economy and will benefit its citizens.

  32. Conclusion • ISOC-ZA is ready and willing to assist the PPCC in its deliberations, in answering questions, and in any other way we can. Thank you

More Related