Critical Infrastructure Protection Bill [B22B-2017]: public hearings

Meeting report

Opening Remarks

The Chairperson said the Committee had received submissions from three different organisations on the Critical Infrastructure Protection Bill. They were the South African National Editors Forum (SANEF), the Banking Association of South Africa (BASA) and the amaBhungane Centre for Investigative Journalism. However, amaBhungane had requested that the hearing be postponed because they could not make it, but the request could not be granted due to the time pressures that the Committee had. This had been communicated to them and that they had decided to not avail themselves of the opportunity to present.

Submissions on Critical Infrastructure Protection Bill

SANEF

Ms Duduetsang Makuse, National Coordinator: SOS Support Public Broadcasting Coalition, supported by Ms Justine Limpitlaw, electronic communications lawyer, presented a joint submission on the bill on behalf of the South African National Editors Forum (SANEF), the SOS Support Public Broadcasting Coalition (SOS), and Media Monitoring Africa (MMA).

Ms Makuse said that journalists from these organisations were being vetted and investigated before being employed. The State Security Agency (SSA) had used section 2A(1)(b)(ii) of the National Strategic Intelligence Act (NSIA) to require non-security staff at the SABC -- more specifically editorial staff -- to fill in a detailed and invasive security vetting questionnaire, including information about family members and previous relationships.

Ms Limpitlaw continued that the vetting of SABC journalists was intimidatory and put them “under watch” of the SSA. The NSIA power was being exercised in an unconstitutional manner, and this violated the right to freedom of the press, section 16(1)(a) of the Constitution. She then requested the introduction of a new section 24 in Chapter 3 of the Bill:

“Specific Protections for the SABC as the independent public broadcaster

“24. In recognition of the vital role that the SABC, the independent public broadcaster, plays in ensuring that the public has access to a wide range of news and information, nothing in this Act shall require the security vetting, other than of the SABC’s security staff, of the SABC staff, in particular, no journalist or non-security staff member shall be required to disclose any communication undertaken in the course of his or her employment and sources of journalistic information as a result of the SABC being declared critical infrastructure and/or a critical infrastructure complex.” This would not prevent any SSA security scrutiny of any SABC journalist should there be reasonable grounds to consider a journalist a real security threat, but would avoid routine scrutinising of SABC journalists.

She said the bill imposed unconstitutional limitations on practising journalism in sections 26(1)(a), (b), (e) and (f). It contained severe penalties for violations, such penalties of up to three years’ imprisonment for activities that could be described as journalism, including publishing information, or being at or taking photos of critical infrastructure. While these must be done “unlawfully,” that was not defined, and had a potentially chilling effect on reporting.

She suggested a new subsection, 26(3):

 “Notwithstanding the provisions of sub-sections (1)(a), (b), (e) and (f), where a disclosure of information regarding critical infrastructure would reveal evidence of:

(a) a substantial contravention of, or failure to comply with, the law; or

(b) an imminent and serious public health, safety or environmental risk; and

(c) the public interest in the disclosure clearly outweighs the harm in question,

the disclosure and related activities falling within those listed in section 26(1)(a), (b), (e) and (f), shall be lawful.”

In conclusion Ms Limpitlaw suggested that a new clause 24 to protect SABC journalists from routine SSA scrutiny and a new subsection 26(3) to protect journalism, would provide the Bill with the elusive balance between protecting the public’s legitimate national security interests and allowing a free press and the free flow of information.

AmaBhungane: Trengrove Legal Opinion

AmaBhungane had made representations on the Bill to the Portfolio Committee and provided it with an opinion by Dr Dario Milo and Advocate Ben Winks, dated 25 April 2018. They had expressed the view that the clause 26 prohibitions would fall foul of the right to freedom of expression in Section 16 of the Constitution unless they were made subject to a defence of publication in the public interest. The Portfolio Committee amendments were as follows:

• In terms of the original Clause 26 it was an offence, for example, to photograph security measures that were visible to the public.
• The PC on Police had delayed the adoption of the Bill, pending a second legal opinion from Senior Counsel on the Constitutionality of Clause 26.
• The PC had considered the legal opinion by Adv Wim Trengrove SC on 3 July 2018. Adv Trengrove had concluded that the prohibitions, as currently formulated, would not pass constitutional muster because they unjustifiably limited the right to freedom of expression in section 16 of the Constitution.
• To render them constitutionally compliant, they should be limited to the disclosure of information and the taking of pictures, of the security measures of critical infrastructure that were not in the public domain.
• According to Adv Trengrove, an amendment of the definition of “security measures” to limit them to those not clearly visible to the public eye, would make Clause 26 Constitutionally compliant and remove the need for a public interest defence.

Adv Trengrove also proposed that the Bill prescribe objective criteria for the determination of critical infrastructure to guide the Minister’s determination of critical infrastructure in order to prevent unfettered discretion in this regard. The Department had presented the redrafted clauses in line with the legal opinion to the PC on 14 August 2018. The PC had accepted the proposals and adopted the whole Bill with amendments on 14 August 2018

Adv Milo had requested the insertion of a public interest defence clause, with which Adv Trengrove had disagreed. In his legal opinion, he addressed this eventuality by stating that the question would be whether, if the prohibitions were so limited, they should still be made subject to a public interest defence. His view was that such a defence would then not be necessary. He also stated that the prohibitions would go no further than to prevent the disclosure of information, or the taking of pictures, of the secret features of the security measures at critical infrastructure. The justification for prohibitions of this kind was obvious. The importance of the confidentiality of the security measures at critical infrastructure was paramount.

Adv Trengrove found it impossible to imagine circumstances in which it would be necessary to disclose secret information of the security measures at a critical infrastructure, or to take pictures of the secret features of those security measures, in order to reveal misconduct in the public interest. He went further to indicate that even if he was mistaken and if there were indeed circumstances in which such a need may arise, it would be a rare occurrence. It did not seem to be justified to risk the disclosure of secret information or features of the security measures at critical infrastructure to cater for the very rare circumstances in which it might be necessary to reveal wrongdoing.

Adv Trengrove had concluded that, if the prohibitions were reformulated along the lines he suggested, then they should pass constitutional muster without a public interest defence. The reformulation of the prohibitions and amendments he suggested had been effected by the Police Committee, who had adopted the Bill in line with the legal opinion on 14 August 2018.

Discussion

Mr G Michalakis (DA, Free State) said that the National Strategic Intelligence Act, which referred to the National Key Points Act of 1980, and which the journalists relied on, would be repealed by the new bill and the sections that they had quoted would be replaced by sections that were entirely different. The new bill did not make provision for the vetting of journalists in the way presented by the SABC, so he wondered what the issue was if the section that was the problem was being replaced by a different section.

Ms T Wana (ANC, Eastern Cape) asked if the journalists employed by SABC were included in the summary. She also asked if the legal opinion was trying to oppose issues of vetting other company journalists, or just the journalists who were employed by the SABC.

Dr H Mateme (ANC, Limpopo) asked if the opinion of the senior counsel had addressed the concerns raised.

Ms T Mokwele (EFF, North West) asked how SABC staff would be affected if the requested amendment was not clearly stipulated in the bill. If the SABC`s suggested amendment of Sections 26 was not included in the bill but the counsel’s suggestion was, how would they be affected, especially their journalists?

The Chairperson asked why the SABC, in their submission, had not obtained an opinion from a security expert.

SANEF’s response

Ms Makuse responded to the question of whether SANEF’s proposals were limited to only SABC staff, and said SANEF’s solution was broad. It included the private sector and SABC’s broadcasting, the print and all community media -- staff, editors and management -- so it was a broad spectrum.

Ms Limpitlaw said there was no need to make changes to 1A and 1B of Section 26(2). However, Section 26(2) which dealt with things visible to the public did not address their concerns, specifically 1 E and 1 F. For instance, say a journalist gained access to a critical infrastructure without the consent of a security manager or entered and gained access in contravention of a note stipulated in Section 24(A). In gaining such access, if he was be able to record on gross contraventions of law where there was a clear threat to public safety or health and it would be in the public interest if the information was disclosed, it then should be possible for the information to be reported. That was why there should be a narrowly focused public interest override against such offences. She said that the provisions of Section 26(2) dealt only with one area and did not cover their concerns in E and F.

She was also concerned with the issue around the National Strategic Intelligence Act, saying they needed the legislation of the National Key Points Act of 1980 to remain unamended. However, the request was that the heading of Section 29, which deals with appeals and amendments, should be changed to say “repeal of legislation.” Furthermore, the section in the Intelligence Act should be removed entirely.

The Chairperson asked Ms Justine Limpitlaw to respond on the section of the Act where it affected SABC journalists only.

Ms Limpitlaw apologized for missing the question, and responded by saying that the answer was yes -- the Act applied only to SABC journalists. She was not aware of any other media house that was a national key point -- it was only the SABC.

Banking Association of South Africa

Ms Ayanda Baepi, Senior Specialist: Market Conduct, Banking Association of South Africa (BASA), said BASA was the industry association that was mandated to represent the banking sector on regulatory and other issues. BASA supported the tenor of the Bill, which was aimed at ensuring that South Africa maintained a robust and sustainable approach to the protection of its critical infrastructure in the interests of the state and all citizens. BASA noticed with appreciation the concerns addressed in the draft legislation they had submitted over the last two years. There were a few issues remaining that needed to be addressed, which were Sections 17(4) and 20(4-6) and the powers of the Minister. She read sections 17(1), (3), (4) and section 20(4-6) in context, and said that to have banks potentially declared as critical infrastructures would have far reaching effects and implications on the economy.

BASA was concerned about the constitutionality of the decision-making powers granted in section 20(5 and 6) on the basis that legislation should clearly set out objective criteria for decision making, where administrative discretion was granted to the executive. These empowering provisions did not set out such criteria (or any scope of such discretion), and the executive was given unfettered power to legislate as to when the Act applied, which potentially impinged on the constitutional principle of separation of powers. Certainty was needed for an owner or controller of such information structures as to which legislation would apply and how decisions would be made, especially because both pieces of legislation place onerous compliance obligations, and failure to comply with them would result in substantial fines or imprisonment.

Ms Baepi put forward BASA’s suggestions of what must be done. She said that where a Cabinet Minister for state security decides that information infrastructure should be dealt under the Critical Infrastructure Protection legislation, and where the impacted infrastructure is owned or controlled by a regulated sector, the relevant regulator must form part of the decision-making process to refer the information infrastructure back within the ambit of this legislation. She further suggested that Section 17(3)2 purports to include the head of a government department or head of an organ of state in an application to declare an infrastructure as critical, but for certainty -- given that information infrastructure had been specifically excluded from the definition of infrastructure -- she suggested that a similar provision should be set out in section 20(4)-(6), so that the head of a government department or head of an organ of state with functional control over an impacted sector forms part of the decision-making process to bring such information infrastructure back into the ambit of the Critical Infrastructure Protection legislation.

She also suggested that whilst the Bill gives the Minister power to declare critical infrastructure, it did not adequately circumscribe the extent, limitations and duties associated with this power. Importantly, the Bill did not define the rights of, and protections for, critical infrastructure controllers and owners in the event of such a declaration by the Minister, especially where such owners or controllers were not government agencies.

BASA recommended that the bill provide:

• The designation of a function in the Minister’s office that may have access to a critical infrastructure for non-governmental infrastructures;
• The conditions and regularity of the access to a critical non-governmental infrastructures;
• Authorisation and identification of individuals who will have access to a critical non-governmental infrastructure;
• Consequences for acting contrary to authorisation;
• Rights of the owner or controller of a critical infrastructure; and
• Prohibition on disclosure of information by members of law enforcement/investigation on such critical infrastructures.

Discussion

Mr Michalakis asked what consequences would be there if the bill got repealed.

Dr Mateme asked how SANEF would consider the opinion that would be given them. In terms of infrastructure, what did non-governmental mean, and how would it be regulated?

Adv Dawn Bell, Chief Director: Legioslation, Civilian Secretariat for Police, said that no bank would be declared a critical infrastructure unless they themselves applied for it. The inspectors appointed by the National Commissioner would then carry out routine inspections of equipment such as their computers etc. She said that clause 24 talked about critical information infrastructure in terms of dealing with cybercrimes and cyber security, but the only thing that remained was the cybercrimes. Cyber security fell away, and this came back during the discussion two weeks ago. This was why they were suggesting that the clauses be taken out completely.

The meeting was adjourned.