210 likes | 224 Views
PRESENTATION TO SELECT COMMITTEE. ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL ANDILE NGCABA 12 JUNE 2002. ISSUES ADDRESSED IN THE BILL. National e-strategy Electronic Transactions Policy Facilitating Electronic Transactions E-government Cryptography Providers
E N D
PRESENTATION TO SELECT COMMITTEE ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL ANDILE NGCABA 12 JUNE 2002
ISSUES ADDRESSED IN THE BILL • National e-strategy • Electronic Transactions Policy • Facilitating Electronic Transactions • E-government • Cryptography Providers • Authentication Service Providers • Consumer Protection • Protection of Critical Databases • Domain Name Authority & Administration • Limitation of Liability of service Providers • Cyber Inspectors • Cyber Crime
OBJECTIVES OF THE BILL • To enable and facilitate electronic transactions by creating legal certainty on the cyberspace • Bridging the digital divide by developing a National e-Strategy • To ensure legal recognition and functional equivalence between electronic and paper based transactions • To promote public confidence and trust in electronic transactions • To promote universal access to electronic communications and transactions • To promote the use of electronic transactions by SMME’s
OBJECTIVES OF THE BILL cont. • To encourage e-government services • To protect consumers, privacy and critical data • To prevent abuse of information systems and prevent cyber crime • To establish proper management regime with regard to domain names in the Republic
MAXIMISING BENEFITS AND ELECTRONIC POLICY • The objective is to maximize the benefits internet offers by promoting universal and affordable access • The development of the National e-Strategy plan by the Minister in consultation with members of Cabinet • The national e-Strategy plan must include detailed plans and programs to address 1. The development of e-transaction strategy 2. The promotion of universal access and e-readiness 3. SMME’s development 4. Empowerment of previously disadvantaged persons and communities 5. Human resources development
FACILITATING ELECTRONIC TRANSACTIONS • It provides for the legal recognition of data messages and records • Legal recognition of electronic transactions and advanced electronic signatures • Formation of contracts online • Validity of sending notices and other expressions of intent through data messages
E-GOVERNMENT • The Bill promotes adoption of e-communications and transactions by government by providing for the following: • Electronic filing of documents • Issuing of permits, licenses, approvals • Electronic payments • Departments are free to specify their own formats for electronic documents and determine the criteria • The public body shall not be compelled to accept or issue any document in the form of an electronic data message
CRYPTOGRAPHY PROVIDERS • Rationale: To curb security threats posed to consumers who transact online • The Bill requires the suppliers of crypto materials to register their products and services with the Dept. • Provides for the establishment and maintenance of a cryptography provider register by the Dept • This will assist the investigative authorities in the event of any threat to National security by deciphering of encrypted messages
WHAT IS CRYPTOGRAPHY? • It’s a process of converting data into an unreadable form using public key system (generated codes) to encrypt and decrypt data • How Public Key Cryptography works – key pair system • Symmetric encryption – uses the same key to encrypt and decrypt • Asymmetric uses one key to encrypt and a different but related key to decrypt • One key is kept private and another can be made public – anyone can use it to decrypt a confidential message from the person who owns the private key
AUTHENTICATION SERVICE PROVIDERS • The Bill provides for the establishment of an Accreditation Authority within the Department • It also provides for voluntary accreditation of authentication products and services • The purpose is to promote confidence and trust in the electronic environment • The Bill further provides for the establishment and maintenance of a publicly accessible database in respect of accredited products and services, and revoked accreditations
CONSUMER AND PRIVACY PROTECTION • This section deals with consumer protection issues pertaining to electronic transactions only • It afford consumers protection and privacy when transacting electronically thus ensuring their confidence. • Protection is based largely on the following principles: • Provision of as much information as is necessary to the consumer before the transaction is concluded • A right afforded to the consumer to cancel the agreement within 14 days if certain requirements have not been complied with
CONSUMER AND PRIVACY PROTECTION • Provision of a cooling period entitling the consumer to cancel without reason and without penalty, any transaction or any related credit agreement for the supply of goods within 7 days of receipt of goods. • A right not to be bound by unsolicited goods and services • A right to complain to the Consumer Affairs Council
PROTECTION OF PERSONAL INFORMATION • The principles contained in this chapter will only apply to data that is collected through electronic transactions. • In terms of section 52 the following principles will apply when data controllers collect information: • Collection may only take place with the express and written permission of the data holder • Data controllers are prohibited to collect personal info which is not required for the purpose for which the info is collected • South African Law Commission is currently developing specific data protection legislation
PROTECTION OF CRITICAL DATA • Critical data is information which, if compromised, may pose a risk to the national security of the Republic or to the economic or social well being of the citizens • Provision is made for the Minister to declare certain classes of info as being critical data and establish procedures to be followed in the identification and registration of such data
PROTECTION OF CRITICAL DATA • Standards/regulations for management, protection, storage, control of critical databases will be prescribed • A register will be maintained by the Dept containing name and address of data custodian, location of info and types of info stored in the critical database
DOMAIN NAME AUTHORITY AND ADMINISTRATION • The Bill establishes .za Domain Name Authority (.zaDNA), a section 21 company, and stipulates the objects, powers and functions of the Authority • The Minister will assume responsibility for the .zaDNS public policy as it is a national asset • The Authority will be controlled and managed by a fully representative board of between 8 and 16 directors
LIMITATION OF LIABILITY OF SERVICE PROVIDERS • The Bill creates a safe harbour for service providers who are currently exposed to a wide variety of potential liability by virtue of only fulfilling their basic technical functions • Service providers may seek to limit their liability where they have acted as mere conduits for the transmission of data messages provided they meet certain conditions • The Bill provides for specific requirements that the service provider’s actions must meet before the clause may be invoked to limit his or her liability
CYBER INSPECTORS • The Bill provides for the appointment of Cyber Inspectors • Their powers include: • Monitoring Internet websites in the public domain • Investigating whether cryptography service providers and authentication service providers comply with the Law • They also have powers of search and seizure subject to a warrant • They can also assist the police or investigative bodies on request
CYBER CRIME • The Bill introduces criminal offences relating to information systems into the SA law • These crimes relate to: • Unlawful access to or interception of data • Unlawful interference with data that cause the modification, destruction, erasure or corruption of data • Computer-related extortion, fraud and forgery
CONCLUSION • The Bill will result in changes to certain Laws by other Departments • It also does not oblige other Government Departments to accept or issue documents in electronic form • The Bill will effect an increase in revenue collected by the Department in the form of fees payable for