The Electronic Communications and Transactions Act 25 of 2002 (ECT Act) (Guide to the ECT Act, 2005) was drafted into South African law on 30 August 2002. It came about as a mechanism whereby the government could establish a formal structure to define and regulate e-commerce in South Africa. The Electronic Communications and Transactions Act has a direct impact on any illegal actions associated with electronic communications, data messages and transactions. It pertains to all forms of communication such as e-mail, the Internet or short message services (sms), cellular phone and digital cameras. The Act also functions as an informative and enabling resource in which concepts are legally identified and defined in order to resolve any ambiguity relating to e-commerce (Guide to the ECT Act, 2005).
74
Section 1 of Act 25 of 2002 contains the definitions of certain words and/or phrases that are relevant for the purposes of this discussion of cyber stalking:
Automated transaction means an electronic transaction conducted or performed, in whole or in part, by means of data messages in which the conduct or data messages of one or both parties are not reviewed by a natural person in the ordinary course of such natural person’s business or employment;
Data means electronic representations of information in any form [own emphasis];
Data message means data generated sent, received or stored by electronic means and includes:
o voice, where the voice is used in an automated transaction; and o a stored record;
E-mail means electronic mail, a data message used or intended to be used as a mail message between the originator and addressee in an electronic communication;
Electronic communication means a communication by means of data messages;
Information system means a system for generating, sending, receiving, storing, displaying or otherwise processing data messages and includes the Internet; Internet means the interconnected system of networks that connects computers
around the world using TCP/IP and includes future versions thereof; Web page means a data message on the World Wide Web (WWW); and
Web site means any location on the Internet containing a home page or web page.
Chapter XIII of the Act, and in particular Sections 85 to 89, seek to make the first statutory provisions for cyber crime in South African jurisprudence. The Act seeks to introduce statutory criminal offences relating to information systems and it includes:
75 unauthorised access to data;
interception of or interference with data; computer-related extortion;
fraud; and forgery.
Cyber crime is defined in terms of item 4 of the Guidelines for Recognition of Industry Representative Bodies of Information System Service Providers, which appears in Government Gazette No. 29474 dated 14 December 2006, as:
[A]ny conduct on the Internet or connected with the Internet or Internet usage which constitutes a crime in terms of the South African criminal law, including any conduct punishable in terms of Chapter XIII of Act 25 of 2002.
With regard to cyber crime, referred to in Chapter XIII, Sections 85 to 89 are reflected upon below.
In terms of Section 85 “access includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data.”
Section 86 (Government Gazette No. 29474, 14 December 2006) regulates unauthorised access to, interception of or interference with data as follows:
Unauthorised access to, interception of or interference with data
(1) Subject to the Interception and Monitoring Prohibition Act, 1992 (Act No. 127 of 1992), a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence.
(2) A person who intentionally and without authority to do so, interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffective, is guilty of an offence.
(3) A person who unlawfully produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the
76
intent to unlawfully utilise such item to contravene this section, is guilty of an offence.
(4) A person who utilises any device or computer program mentioned in subsection (3) in order to unlawfully overcome security measures designed to protect such data or access thereto, is guilty of an offence.
(5) A person who commits any act described in this section with the intent to interfere with access to an information system so as to constitute a denial, including a partial denial, of service to legitimate users is guilty of an offence. In Chapter XII and XIII of the ECT Act, (Guide to the ECT Act, 2005) provisions are made for cyber inspectors and cyber crime respectively. The Act instructs the Department of Communications to appoint cyber inspectors. These cyber inspectors are authorised to monitor Internet websites in the public domain to ensure that service providers comply with relevant provisions. The inspectors, subject to obtaining a warrant, are afforded powers of search and seizure. Inspectors are also expected to assist the police or any other investigation bodies on request. With regards to cyber crime the Act attempts to pioneer statutory criminal offences relating to the following key issues. It addresses unauthorised access to data such as ‘hacking’ and trading passwords to commit an offence. Interception (tapping into data flows) and interference with data (launching virus attacks) are now seen as illegal. It challenges computer- related extortion such as fraud and forgery in order to tackle the unlawful financial gain of offenders through the use of technology. In addition, the Act states that any person assisting another in the performance of any of the above crimes will be guilty as an accessory. The penalties involved in such transgressions range from a fine to imprisonment for a period not exceeding six months (Electronics Communication and Transactions Act 25 of 2002).