SA passes the Cybersecurity and Cybercrimes Acts

These two laws have been long on the legislative shelf, and their adoption is most welcomed. As this Newsletter has reported frequently, cybercrime in SA has grown rapidly and is a serious challenge for government, business and individuals. SA is considered to be the 3^rd most attacked countries in the world – partly due to the lack of any effective legal protection. These laws will help fill that gap and will provide the Cybercrimes Hub which government set up 2 years ago with teeth to act against threats. That is not to say that the Acts will not need some interpretation and that their implementation is simply a matter of application. The laws impose fines and other penalties on companies that spread malware etc. There will need to be interpretation. For example, the Act makes no provision for a company inadvertently passing on malware. We will include in the January Newsletter a legal opinion on the Acts prepared for us by Endcode. We are also working with PWC which is leading an opinion for the American Chamber of Commerce (EFSA is a member of AmCham’s Digital Economy Committee). Our objective will be to ensure the highest level of protection for our members while also ensuring that the Acts do not inadvertently penalize small companies which cannot afford state of the art malware protection.

Readers will recall that these 2 Acts (previously combined as one Act) were part of an attempt by the government to stifle opposition under the Zuma presidency. Other countries in Africa have introduced ‘cybersecurity’ laws that penalize political opposition. Angola, Tanzania, Uganda, Malawi, Eswatini and Zambia already introduced laws that regulate “social media abuse”. Zimbabwe and Lesotho are in the process of introducing new social media controls. While these regulations may appear essential and even reasonably progressive on the surface, they contain problematic clauses aligned to so-called “national security” imperatives.

Meanwhile, as readers will have seen, the USA has alleged that Russian hackers have penetrated key US government databases over a period of time. How much and what data was compromised is so far unknown. Another lesser-known, the breach has been discovered in iPhones. The vulnerability was found in the Apple Wireless Direct Link (AWDL), an important part of the iPhone’s software that among other things allows users to share files and photos over Wi-Fi through Apple’s AirDrop feature. If accessed this would allow hackers to gain access to the underlying iPhone software using Wi-Fi to gain control of messages, emails and photos, the camera and microphone without alerting the user.  Apple is scrambling to fix the issue and claim that they cannot find evidence of the vulnerability having been exploited.