Cybercrimes & cybersecurity

The COVID-19 pandemic has forced many businesses to use information technology to keep afloat. In this age of technology, social medial and communication, it is vital to be aware of all risks pertaining to information technology. One of these risks is cybercrime, a global phenomenon which affects all industries around the world. It is important for every South African to familiarise themselves with these cybercrimes as they may soon become the law in South Africa. The Cybercrimes and Cybersecurity Bill (“Bill”) is in the process of being passed into law with the National Council of Provinces currently processing responses to public submissions that were made. The purpose of this article is to describe the meaning of “cybercrime” and the various cybercrimes that are provided in the Bill.

What is cybercrime?

A cybercrime is an offence which involves the use of electronic communications or information systems, including any device and/or the Internet.  Cybercrimes are therefore criminal activities carried out by means of computers or the Internet.

Cybercrimes

The following are examples of cybercrimes as provided for in the Bill:

• unlawfully and intentionally securing access to any data, a computer program, a computer data storage medium (for example hard drive, flash drive or server) or a computer system. This is commonly referred to as “hacking”;
• unlawful and intentional acquisition of data;
• unlawful and intentional acts in respect of hardware and software tools (e.g. malware and ransomware) which are used to secure unauthorised access, acquire data, interfere with data or computer programmes, clone passwords etc.,
• unlawful and intentional interference with data or computer programs by inter alia deleting or altering such data or computer programs, denying access to such data or computer programs etc;
• unlawful and intentional interference with any computer data storage medium or computer system by permanently or temporarily altering any resource or impairing the functioning/confidentiality/integrity/availability of such computer data storage medium or computer system;
• unlawfully and intentionally using or possessing inter alia a password, access code, secret pin, biometric data etc.;
• cyber fraud. This crime entails the making of misrepresentations for the purposes of defrauding by using data/computer programs or by interfering with data/computer programs/computer data storage mediums/computer systems. There must be actual or potential prejudice caused before a person will be guilty of this offence;
• cyber forgery and cyber uttering. This crime entails the making (forgery) or passing off (uttering) of false data or computer programs for the purposes of defrauding another person. Once again there must be actual or potential prejudice caused before a person will be guilty of these offences;
• cyber extortion. This crime involves the commission of some other cybercrime (e.g. unlawfully acquiring a secret pin) in order to gain advantage from another person (e.g. funds from that person’s bank account) or to compel another person to perform/abstain from performing any act;
• theft of incorporeal property. The Bill therefore extends the common law definition of theft to now include incorporeal property;
• malicious communications which often involve cyber bullying, threats, intimidation and harassment. Examples of some of these cybercrimes created by the Bill are as follows:
  • the unlawfully making available of any data message to any person or group of persons with the intention to incite violence against such person/s or to cause damage to such person’s /s’ property;
  • the unlawfully and intentionally broadcasting or distribution of a harmful data message. A data message is harmful if it is inter alia inherently false and is aimed at causing mental or psychological harm to a person or group of persons or threatens a person with violence against him/his family;
  • the unlawfully and intentionally broadcasting or distribution of an intimate image of an identifiable person without his or her consent.

Penalties

Depending on the applicable cybercrime, penalties may include a fine, or a prison sentence of up between five to fifteen years, or both. Higher penalties may be imposed if the crime involves inter alia financial institutions or organs of state.

The Bill therefore seeks to regulate cybercrimes and prescribe penalties for offenders.  It is important for every South African in this age of communication to familiarise themselves with these cybercrimes as these offences which may soon become the law in South Africa.

This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)