Cyber-crime, the new scourge
Providing the Welcoming Address at the recent Cyber Cerebral South Africa Summit 2019, Advocate Jacqueline Fick, CEO of Viz Strat Solutions, outlined the scourge of cyber-crime
WHEN dealing with cyber-crime we need to understand that it is a borderless crime and that makes it extremely difficult to successfully investigate and prosecute these types of crimes. The need for legislation and international cooperation that enables us to cooperate and react to cyber-crime remains key. South Africa is a signatory to the Council of Europe Convention on CyberCrime (COECC), but has however never ratified the convention (also commonly referred to as the Budapest Convention). South Africa currently has a number of different Acts that deal with cyber-crime, the most important being the Electronic Communications and Transactions Act, No. 25 of 2002.
There has also been a four year delay in finalising the Cyber-crimes Bill and to date we are still awaiting implementation of the Protection of Personal Information Act. Although the ECT Act does make provision for the prosecution of some cybercrimes, the sentences attached to the said Act does not reflect the seriousness of the offences. The new Cyber-crimes Bill will assist in taking the profit out of cyber-crime and to provide for the prosecution of offences that were not covered in previous legislation. Why is this of importance? Imagine that you fall victim to a cyber-crime in South Africa but there is no provision that criminalises the conduct. An example is the theft of an incorporeal which is now criminalised under the new Bill. Although the so-called “fake news” clause has been removed, the Bill still makes provision for the prosecution of offences relating to a data message which incites damage to property or violence, which threatens persons with damage to property or violence, and for the distribution of a data message of an intimate image. South Africa is currently facing an increase of fake news and the example was provided of where advanced software can be utilised to create fake video footage of an incident. If this does not fall into the category of malicious communications as described above, it could still be prosecuted under the Bill under the section dealing with Cyber Fraud.
Further to the borderless nature in which cyber-crime operates is the speed at which these crimes are committed. This also stresses the need for international cooperation to ensure that we are able to secure the relevant evidence, and more importantly share intelligence regarding cyber trends. There is also a dire need for more effective and efficient public private partnerships in South Africa when it comes to the prevention and detection of cyber-crimes and matters relating to cyber security. One of the biggest risks we are facing is the lack of education and awareness when it comes to cyber-crime and cyber security.
When we specifically look at law enforcement it is not only the training of specialists that are involved in the forensic acquisition and analysis of cyber evidence, but also the first responders that attend any scene. Do they know to secure cell phones and computers as potential evidence and secondly, do they know how to do this so that the evidence is not rendered inadmissible? One of the benefits of the new Bill is that it provides for assistance from “investigators” to assist law enforcement with the search and seizure of evidence. [‘‘investigator’’ means any fit and proper person, who is not a member of the South African Police Service and who is— (a) identified and authorised in terms of a search warrant contemplated in section 29(3); or (b) requested by a police official in terms of section 31(2), 32(3) or 33(4), to, subject to the direction and control of the police official, assist a police official with the search for, access or seizure of an article;…] In this way the public sector would also be able to effectively assist law enforcement where they lack the necessary skills and experience to deal with a cyber investigation. Also take note of the provision of a “fit and proper” person.
Identity theft remains rife in South Africa. We need to bear in mind that it is not about stealing e.g. money. It is all about stealing information that would enable a criminal to act as a “believable you”. Your personal information can then be used to commit a variety of other (cyber) offences. No information is sacred. The digital world is akin to a young democracy: people know that they have rights in this world, but need to also pay heed to their responsibilities when going online. This is where the concept of digital citizenship is going to play an ever-increasing role. My advice to people remains the same: do not do online what you would not do in the real world.