Cybercrimes Bill: consideration and adoption; with Deputy Minister

Meeting report

Cybercrimes Bill consideration
Mr Sarel Robbertse, State Law Advisor, Department of Justice, said the Bill was before Members for adoption. Most of the corrections were made to the text although there were a few printing errors and other corrections the Department wished to propose but it would not change the context of the provisions of the Bill. 

Arrangement of Sections: Chapter 4
The first proposed amendment was to Chapter 4 to the heading “powers to investigate, search and access or seize” for the “and” to be omitted and a comma be inserted.

Clause 1
Line 41: move definition of “data” under and out of the same line as “Customs Control Act, 2014”.

Move the reference to Chapter 10 of the Protection of Personal Information Act, 2013 up to meet the end of the line of (1) (2) (c).

Clause 2
Amendment of 2 (d) (iii) to fix “acomputer system” to read “a computer system”.

Clause 18
Amendment of 18 (4) (c) to change the semicolon to a colon.

Chapter 4
Amendment of title to “powers to investigate, search and access or seize” - for the “and” to be omitted and a comma be inserted.

Clause 25
Amendment of 25 (b) to remove the comma after the word “to”.

Clause 41
Amendment of 41 (6) to omit the underline on line 50.

Clause 48
Amendment of section 48 (6) (e) to be a free standing paragraph

Amendment of 48 (7) (b) (bb) to omit “and” at the end of the paragraph.

Amendment to 48 (7) (b) (vi) to read “the indirect communications which are to be intercepted”.

Amendment to 48 (7) (c) (ii) to omit “and” at the end of the paragraph.

Schedule of the Bill
Amendment of subsection 4 on page 55 – “j” needs to be italicized.

Discussion
Mr W Horn (DA) questioned the difference in approach regarding clause 30 and the application for a warrant – what about the situation that power was built into the Bill, on the part of the judiciary, to amend or even cancel the warrant given after oral application. The same type of scenario was not seen in the situation where a search, preservation or seizure happens without the warrant. He argued that while the courts inherently have jurisdiction to deal with searches and seizures and preservations without a warrant. While the law was being codified in this respect, the power of review must also be included where the court may even set aside the warrant in the case of oral application and direct what should happen with the evidence so obtained, or amend the warrant. He strongly argued for such review power to be built into the Bill for such cases.

Mr Horn questioned the difference in the tenses used in respect of the wording in clause 29 (1) (a) and 41 (1) (i) for the wording to be expanded because in many cases, a warrant deals with causes where an offence has been commissioned.

Mr Robbertse said expedited preservation of data direction relates mainly to certain events relevant to an offence and there is reasonable suspicion.

Mr Horn clarified his question was about the built-in review for an oral application for a warrant whilst a search without a warrant did not have a similar situation built into the Bill.

Mr Robbertse said this related to clause 32 and 33 in the Bill currently before Members. In the current Criminal Procedure Act there is not review for a warrant. In clauses of the current Bill, police officials can only exercise the power if a warrant was granted to the official but there are other reasons why the official cannot apply for the warrant. Looking at clause 32, the provision provides for a police official performing certain actions in terms of an article mainly to cease the article but the official cannot access the article or perform any other investigation as set out in clause 32 and 33. He did not think there was a review process in this, if this was what the Member was referring to. There was also no review process under clause 29. However in the other clauses of the Bill where this is possibility for review, this mainly related to preservation of evidence or expedited preservation of data where a police official, on suspicion, thought it necessary to preserve certain data. If the person is entitled to a warrant, a certain standard is met that information under oath is reasonable cause to issue the warrant. In the other clauses there is no such reasonable cause unless referring to clause 42 which deals with expedited preservation of evidence direction. Clause 44 deals with disclosure of data direction. The main answer is that if a person thinks a warrant will be issued to him, it is fine to go ahead. Under the ordinary process of review applicable in SA law, it will be applicable to this – this was contained in the Criminal Procedure Act and some of the legislation dealing with search warrants. It is only in certain clauses that it is allowed mainly where there was suspicion and certain data was preserved.

Mr Horn felt his argument was missed – clause 30 specifically deals with oral application for a search warrant wherein subsection 6 and 7 gives the Magistrate or Judge power to amend or cancel a warrant issued on the basis of oral application. Subsection 7 said such a judicial officer may even make an order that he or she deems fit how any article affected by his or her decision is to be dealt with. The gist of the argument is that if it is deemed fit to build-in this review power on the basis of oral application but clause 32 spoke to seizure without a warrant, it cannot be that this area of the law is codified and amended for oral application built-in review but when acting without a warrant, without disputing good causes, there is no review of this process thereafter. He was in full agreement with what happened in clause 30 because a balance must be found between the rights of people affected and power of the police.

Mr John Jeffery, Deputy Minister of Justice, did not think the Member was speaking to review – it is basically an ability to amend the warrant because the oral application process was rushed. Clause 32 spoke to proceeding on the basis of assuming a warrant would be issued. If the defence wanted to challenge this, it would challenge admissibility of evidence obtained. It would depend on what is in the Criminal Procedure Act. The police officer has acted and seized on the belief he or she was acting in compliance with clause 32 so, in a sense, no review can take place –it is a question of challenging the evidence at the appropriate time. Clause 30 is the oral application made before the Magistrate, Judge or judicial officer because it rushed. He asked the Member how he would want a similar provision inserted into the Bill in clause 32, for example.

Mr Horn answered that while the word “review” might be technically incorrect, one might look into working on the assumption that the police officer would have obtained a warrant in an event and putting this assumption before a Magistrate or Judge to make a determination as to whether the action was proper. It is about preventing the abuse of the rights of individuals.

Deputy Minister Jeffery responded that this was not in the Criminal Procedure Act so the law would be changed quite substantially. In terms of the Criminal Procedure Act, if there was a search without a warrant, there is no process to say that once the articles have been seized, the police officer would need to go back to the Magistrate to confirm. It is a matter of, if during the trial, the defence disputes the circumstances giving rise to a search without a warrant – if the circumstances were not there and the defence would use this to get the evidence kicked out. What the Member was proposing would be quite new and would be quite onerous each time there was a search without a warrant – if this was done in the Cybercrimes Bill it would also have to be done to the Criminal Procedure Act.

Mr Horn said that was not necessarily the case – this specific Bill deals with cybercrimes and one must be mindful that this type of seizure can lead to huge scale interruptions even the prevention of business. It was not always as simple as removing a tangible asset from someone – it may lead to interruption and the prevention of businesses functioning if such seizure happened without a warrant. In order to balance rights, he strongly suggested this type of review be looked into in the case of seizures without warrants.

Mr Robbertse responded that a scales clause is provided in clause 36 – the power to issue a warrant can only be issued with regard to rights, responsibilities and legitimate interests of other persons in proportion to severity of the offence. It is already established that cyber searches and seizures must be carried out with the least possible infringement, as already precedent in SA law. Taking into account clause 36 and the case law, no ordinary Magistrate will give a warrant to search or seize or take in possession the communication of, for example, a big service provider - there is always a balanced approach when dealing with a warrant.

Mr Horn pointed out the discussion was about cases without a warrant.
Deputy Minister Jeffery noted sections 28 and 38 of the Criminal Procedure Act criminalise police who do not behave properly in terms of the chapter and criminalise the giving of false information to ensure a warrant is obtained. If material was seized and the aggrieved felt it was incorrectly seized, they would be able to approach the court. To require confirmation that the search was correctly done would be new in SA law.
Ms G Breytenbach (DA) noted that search and seize without a warrant is open to abuse – everyone knew this would be the easy way to go this route because obtaining a search warrant is too hard or onerous. She asked what the harm would be of building in a requirement that prior to accessing the material so seized without a warrant, for the police to approach a Judge or Magistrate in order to get the warrant – the fear of losing the data or material would be alleviated but access was prevented before there was proper authorisation.

Mr Robbertse said clause 32 (2) outlined that a police official may only access or perform the powers referred to in paragraphs (c) or (d)….

Ms Breytenbach pointed out her argument was about where there was no search warrant- reading the section would not help.

Mr Robbertse said the clause further provides only if the police official believes on reasonable grounds that he can access the data, he may then proceed so there is an additional onerous burden on the police official to prove that he or she can access the data.

Ms Breytenbach stated her question was not answered – her question was about the harm of building in a provision that requires proper authorisation from a Judge or Magistrate prior to accessing the material so seized. She was not interested in what the police thought were reasonable grounds – everyone knew this is a nebulous provision.

Mr Robbertse responded that it is a provision which actually existed in the Criminal Procedure Act – the Cybercrimes Bill is building in additional safeguards which he thought was enough to protect any harm which can be done. He thought the clause was fine.

Ms Breytenbach suggested a safeguard be built in that prior to the police accessing anything or information they have seized without a search warrant, in terms of the Cybercrimes Bill, they get authorisation from a Judge or Magistrate. She did not see the harm in this.

Mr Dingaan Mangena, State Law Advisor, Department of Justice, asked if this would not frustrate the police’s investigation in instances where there would be a delay in securing the necessary warrant for the investigation to take place.

Ms Breytenbach did not think it would frustrate the investigation. In her experience as a prosecutor, it would take a very short amount of time to get that authorisation from a Judge or Magistrate. It can be done on an urgent basis in the Chambers. The information would already have been seized so the fear of having it destroyed, removed or hidden would be alleviated. The point was about access – the information could not be viewed or read without authorisation – the built in is a safeguard for the person whose material was taken without a warrant. The rights of South African citizens needed to be balanced against the rights of the police. The process would not result in a delay of more than a couple of hours in urgent matters.

Mr L Mpumlwana (ANC) asked what the procedure would be if information on a computer seized, if opened, pointed to more information or items which needed to be seized before authorisation was obtained. As the authorisation mechanism is in process, the person whose computer was seized would know to get rid of any further incriminating information or items.

Deputy Minister Jeffery said the clause in question was 32 (2). 32 (1) is about the seizure and 32 (2) is about access. Effectively the suggestion from Ms Breytenbach is to delete the proviso. The question was about whether there would be urgency and there is no time to make written or oral submissions for a search warrant. He did not know whether there would ever be a search where the matter was that urgent.

Ms Breytenbach clarified the search and seizure can be urgent.

Deputy Minister Jeffery said the discussion was about access because under clause 32 (2), a search warrant is needed for access. There is however the proviso that a police officer may, on reasonable grounds, if he or she believed he or she would have got a search warrant and it is not reasonably practicable seize without a search warrant. The Deputy Minister did not know whether such situation would exist. The suggestion from Ms Breytenbach is effectively to delete the proviso under clause 32 (2) to ensure a warrant must be obtained to access information. He asked Ms Breytenbach if there would never be grounds for such great urgency to get access without a warrant.

Ms Breytenbach answered that this was not the case in her experience. She had considerable experience in cybercrime prosecution. If such urgent access is required, it can take literally 20 minutes to obtain – it is not difficult, there is no hold up and it can be done urgently in Chambers. She could not foresee that a situation would arise where 20 minutes could not be taken to obtain the authorisation.

Mr Robbertse pointed out the clause took into account a Canadian decision where a situation of urgency was demonstrated and it was a 5:4 to decision to grant access.

Ms Breytenbach said there was a vast difference between how the police conducted itself in SA and Canada.

Mr S Swart (ACDP) recommended the deletion of the proviso as it may satisfy concerns and strike the right balance. The point of this discussion was access not seizure – the implication is to apply for a warrant to obtain access. The other alternative is to lift the bar to retain the proviso but say it only applies in exceptional circumstances.

Deputy Minister Jeffery said the proviso must be deleted.

Ms Christine Silkstone, Committee Content Advisor, pointed to clause 33 (3) which also contained a proviso, but on the arrest of a person, however she thought the reasoning was the same.

Deputy Minister Jeffery responded that it was also about access not the seizure. The important aspect was the seizure but it seemed there can be a short wait to actually get a warrant to access the data or material.

Mr Mpumlwana asked if the proviso under 33 (3) would also be removed.

Deputy Minister Jeffery answered that it is a similar proviso that speaks to the arrest of a person, with or without a warrant, and equipment can be seized but a warrant would have to be contained to access the data. He did not see a problem in deleting the proviso under clause 33 (3).

Mr Swart asked if his understanding was correct that the removal of the proviso would only apply to (c) and (d) of the definition of “seize”.

Mr Robbertse replied the data can be seized but cannot be accessed or a printout of the data could not be obtained.

Mr Swart pointed out the proviso only referred to (c) and (d).

Deputy Minister Jeffery said (c) and (d) was about making and retaining a copy of the data and/or making a printout of the output of the data – a warrant would be needed to do this because it is linked specially to the word access, in 32 (2), and making a printout or copy, in 33 (3).

Mr Swart was not clear – what happened with access of an item seized under clause 25 (a)? He wanted to ensure there were no unintended consequences.

Deputy Minister Jeffery responded this was accounted for under clause 32 (2) where a warrant was also needed to access or make a copy of the data seized.

Mr Mpumlwana asked what happened if someone had an Apple computer, which was seized by a police official, but the person then had another Apple device to block access to the data seized during the time the police was obtaining the warrant to access it. This is a challenge given today’s technology. He did not see why South Africans could not trust their policemen as Canadians trusted theirs. The element of surprise is important here in accessing the data.

Deputy Minister Jeffery understood that a policeman would seize a laptop without a warrant and the data could not be wiped out by the individual to whom it belongs because the laptop is now in the possession of the police.

Mr Robbertse pointed out there is the possibility that data can be accessed remotely. It would be part of the Standard Operating Procedure that if something is seized, certain steps and measures would be taken to ensure the data cannot be accessed remotely.

Ms Breytenbach said the seizing the material meant it can also be secured – processes can be triggered to prevent data from being wiped remotely. The only matter under discussion here was access for which authorisation is required. With today’s technology it is perfectly possible that any data on a laptop, phone, server, hard drive etc can be secured once seized so that no one, not the police or owner of the material, can access it until authorisation was obtained. Access is only granted via authorisation but the preservation of the data is secured through seizure.

Mr Mpumlwana said that if someone seized his Apply computer, he could wipe off the data on it via his Apple phone because the two are synchronized.

Ms Breytenbach responded that any policeman who did not take a person’s phone during such search and seizure, deserves to have all the information wiped off.

Mr Mpumlwana said a person can have more than one phone.

Ms Breytenbach agreed that it is possible to wipe information off a laptop with a phone but when the computer is secured, and access to it is denied, it secures it completely even from remote access. It is entirely possible to do this and any computer expert worth his or her salt would be able to do this and the information will be preserved. It is also important to remember that information wiped off a computer can be stored elsewhere such as in the cloud.

Mr Mpumlwana thought the emphasis was on surprise. Four or five gadgets can all be synchronised – if four were seized, the one at home which was not taken could be used to rub off all the information on the other four devices. Even in the Pistorius case, there was a problem accessing his iCloud. The element of surprise would be there if the policemen can be trusted. The law needs to keep up with technology. He did not think there was any harm in retaining the proviso and the policemen need to be trusted.

Ms Breytenbach responded that when a computer was secured, a wall would be built around it which could not be broken through. With the rights of search and seizure, it would then do no harm whatsoever to secure authorisation before the data was accessed. Moving onto a different point, she had a problem with clause 39 (3). Under clause 52 (6) (a) she had a problem that all reporting would be in secret and no one would ever know what was going on in the criminal justice system with regards to cybercrime. She asked that the clause read “The Cabinet member responsible for policing must report to the Portfolio Committee on Police with regards to cybercrime and that the necessary Cabinet member must report to the Portfolio Committee on Justice on cybercrime and also to the Joint Standing Committee on Intelligence particularly in regard to international matters”.

Mr Mpumlwana asked if perhaps clause 52 (6) (a) was perhaps drafted in this way because certain information must be kept secret. He was concerned about the liberalisation of everything including top secret information of the country.

Mr Robbertse said usually international cooperation and criminal matters are not reported very openly. International cooperation also refers to the interception of certain communications and in terms of the Regulation of Interception of Communications and Provision of Communication-Related Information Act  (RICA) there is an absolute ban on the provision of any information related to interception of communication – it is from this perspective that the clause was included. Looking at international trends and tendencies related to interception of communications, in general, statistics are made available. The other ground to be considered is international cooperation and criminal matters – his submission was that this has some secrecy attached. He was comfortable to extend the reporting obligations as proposed although it should be left at the Portfolio Committee on Police but exclude international matters.

Mr Mpumlwana noted that the Act dealt with some permanency. He felt there are matters the state must keep secret. He stood firm on this. 

Ms Breytenbach asked Mr Robbertse why he thought mutual legal assistance matters with other countries should be kept secret – it becomes a subject of court proceedings which are public in any event. She was not suggesting state secrets be published in the Portfolio Committee but certainly some reporting on what is happening in cybercrime and the kind of attacks happening is entitled for South Africans and Members of Parliament.

Mr G Skosana (ANC) did not have a problem with the proposal to extend reporting to the Portfolio Committee on Police and Justice as long as it did not include matters secret in nature which would require intelligence – those matters would go to the Joint Standing Committee on Intelligence. He cautioned Members that the Bill was being finalised today and the process was not starting afresh. 

Deputy Minister Jeffery said the report is only about the functioning and activities of the designated Point of Contact particularly the number of matters on which assistance was provided and number of matters in which assistance was received from a foreign state – the problem with assistance from a foreign state is that not every investigation results in a prosecution. This is reported to Parliament’s Joint Standing Committee on Intelligence although it has nothing to do with state security. This should not be confused with the other reporting on the activities of the Point of Contact to provide assistance. Is it safer if this is reported to Parliament’s Joint Standing Committee on Intelligence which has some kind of security clearance but it is a multiparty body? He suggested the clause remain as is.

The Chairperson noted the meeting was to follow up on matters.

Mr Horn noted his suggestion on clause 29 (2) (ii) to read “being used or is involved, or has been used or was involved, in the commission of an offence”.

The Chairperson asked how Members would like to move forward.

Ms Breytenbach said the Committee needed to see what the Bill looks like with the new amendments. 

Deputy Minister Jeffery confirmed the removal of the proviso under clause 32 (2) and 33 (3) and putting in intent. He did not see why Members wanted to view the Bill again.

Mr Skosana proposed the Bill be adopted by the Committee with the proposed amendments.

The proposal was seconded by Mr Mpumlwana.

A vote by show of hands was taken.

Mr Swart abstained from voting – while he did not have any objections to the Bill, he did want to consider amendments made today.

Ms Breytenbach said the Bill would be taken to the DA caucus but it was unlikely to be supported.

The meeting was adjourned.