Upload
collin-houston
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
PRESENTATION TO SELECT COMMITTEE
ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL
ANDILE NGCABA 12 JUNE 2002
ISSUES ADDRESSED IN THE BILLNational e-strategyElectronic Transactions PolicyFacilitating Electronic TransactionsE-governmentCryptography ProvidersAuthentication Service ProvidersConsumer ProtectionProtection of Critical DatabasesDomain Name Authority & AdministrationLimitation of Liability of service ProvidersCyber InspectorsCyber Crime
OBJECTIVES OF THE BILL
To enable and facilitate electronic transactions by creating legal certainty on the cyberspaceBridging the digital divide by developing a National e-StrategyTo ensure legal recognition and functional equivalence between electronic and paper based transactionsTo promote public confidence and trust in electronic transactionsTo promote universal access to electronic communications and transactionsTo promote the use of electronic transactions by SMME’s
OBJECTIVES OF THE BILL cont.
To encourage e-government services
To protect consumers, privacy and critical data
To prevent abuse of information systems and prevent cyber crime
To establish proper management regime with regard to domain names in the Republic
MAXIMISING BENEFITS AND ELECTRONIC POLICY
The objective is to maximize the benefits internet offers by promoting universal and affordable accessThe development of the National e-Strategy plan by the Minister in consultation with members of CabinetThe national e-Strategy plan must include detailed plans and programs to address
1. The development of e-transaction strategy2. The promotion of universal access and e-readiness3. SMME’s development4. Empowerment of previously disadvantaged
persons and communities5. Human resources development
FACILITATING ELECTRONIC TRANSACTIONS
It provides for the legal recognition of data messages and records
Legal recognition of electronic transactions and advanced electronic signatures
Formation of contracts online
Validity of sending notices and other expressions of intent through data messages
E-GOVERNMENT
The Bill promotes adoption of e-communications and transactions by government by providing for the following: Electronic filing of documents Issuing of permits, licenses, approvals Electronic payments
Departments are free to specify their own formats for electronic documents and determine the criteriaThe public body shall not be compelled to accept or issue any document in the form of an electronic data message
CRYPTOGRAPHY PROVIDERS
Rationale: To curb security threats posed to consumers who transact online
The Bill requires the suppliers of crypto materials to register their products and services with the Dept.
Provides for the establishment and maintenance of a cryptography provider register by the Dept
This will assist the investigative authorities in the event of any threat to National security by deciphering of encrypted messages
WHAT IS CRYPTOGRAPHY?
It’s a process of converting data into an unreadable form using public key system (generated codes) to encrypt and decrypt data
How Public Key Cryptography works – key pair system Symmetric encryption – uses the same key to encrypt
and decrypt Asymmetric uses one key to encrypt and a different
but related key to decrypt One key is kept private and another can be made
public – anyone can use it to decrypt a confidential message from the person who owns the private key
AUTHENTICATION SERVICE PROVIDERS
The Bill provides for the establishment of an Accreditation Authority within the Department
It also provides for voluntary accreditation of authentication products and services
The purpose is to promote confidence and trust in the electronic environment
The Bill further provides for the establishment and maintenance of a publicly accessible database in respect of accredited products and services, and revoked accreditations
CONSUMER AND PRIVACY PROTECTION
This section deals with consumer protection issues pertaining to electronic transactions only
It afford consumers protection and privacy when transacting electronically thus ensuring their confidence.
Protection is based largely on the following principles: Provision of as much information as is necessary to
the consumer before the transaction is concluded A right afforded to the consumer to cancel the
agreement within 14 days if certain requirements have not been complied with
CONSUMER AND PRIVACY PROTECTION
Provision of a cooling period entitling the consumer to cancel without reason and without penalty, any transaction or any related credit agreement for the supply of goods within 7 days of receipt of goods.
A right not to be bound by unsolicited goods and services
A right to complain to the Consumer Affairs Council
PROTECTION OF PERSONAL INFORMATION
The principles contained in this chapter will only apply to data that is collected through electronic transactions.
In terms of section 52 the following principles will apply when data controllers collect information: Collection may only take place with the express and
written permission of the data holder Data controllers are prohibited to collect personal info
which is not required for the purpose for which the info is collected
South African Law Commission is currently developing specific data protection legislation
PROTECTION OF CRITICAL DATA
Critical data is information which, if compromised, may pose a risk to the national security of the Republic or to the economic or social well being of the citizensProvision is made for the Minister to declare certain classes of info as being critical data and establish procedures to be followed in the identification and registration of such data
PROTECTION OF CRITICAL DATA
Standards/regulations for management, protection, storage, control of critical databases will be prescribed
A register will be maintained by the Dept containing name and address of data custodian, location of info and types of info stored in the critical database
DOMAIN NAME AUTHORITY AND ADMINISTRATION
The Bill establishes .za Domain Name Authority (.zaDNA), a section 21 company, and stipulates the objects, powers and functions of the Authority
The Minister will assume responsibility for the .zaDNS public policy as it is a national asset
The Authority will be controlled and managed by a fully representative board of between 8 and 16 directors
LIMITATION OF LIABILITY OF SERVICE PROVIDERS
The Bill creates a safe harbour for service providers who are currently exposed to a wide variety of potential liability by virtue of only fulfilling their basic technical functionsService providers may seek to limit their liability where they have acted as mere conduits for the transmission of data messages provided they meet certain conditionsThe Bill provides for specific requirements that the service provider’s actions must meet before the clause may be invoked to limit his or her liability
CYBER INSPECTORS
The Bill provides for the appointment of Cyber InspectorsTheir powers include:
Monitoring Internet websites in the public domain Investigating whether cryptography service
providers and authentication service providers comply with the Law
They also have powers of search and seizure subject to a warrant
They can also assist the police or investigative bodies on request
CYBER CRIME
The Bill introduces criminal offences relating to information systems into the SA lawThese crimes relate to: Unlawful access to or interception of data Unlawful interference with data that cause the
modification, destruction, erasure or corruption of data
Computer-related extortion, fraud and forgery
CONCLUSION
The Bill will result in changes to certain Laws by other Departments
It also does not oblige other Government Departments to accept or issue documents in electronic form
The Bill will effect an increase in revenue collected by the Department in the form of fees payable for
THANK YOU