3. Criminalizing Cyber-crime in the Electronic Communications and Transactions Act In Narlis v. South African Bank of Athens 1976 (2) SA 573 (A), the Court held that a computer printout was inadmissible in terms of the Civil Procedure and Evidence Act 25 of 1965. It was also held that a computer is not a person. It was clear that the law regarding value of electronic data in legal proceedings required urgent redress. This resulted in the premature birth of the Computer Evidence Act 57 of 1983. Section 142 of the said Act made provision for an authentication affidavit in order to authenticate a computer printout. The Computer Evidence Act seemed to make more provision for civil matters than criminal ones. It created substantial doubts and failed the mark for complimenting existing statutes and expansion of common principles (Kufa, 2008, pp.18-19)
After many years of legal uncertainty, Parliament enacted the Electronic Communications and Transactions Act2 (ECT) which comprehensively deals with Cyber-crimes in Chapter XIII and has now created legal certainty as to what may and not constitute Cyber-crime. One must however, note section 3 of the ECT (its interpretation clause) does not exclude any statutory or common law from being applied to, recognizing or accommodating electronic transactions. In other words, the common law or other statutes in place wherever applicable is still in force and binding which has the result that wherever the ECT has not made specific provisions for criminal sanction such law will be applicable.
Section 85 defines ‘cyber crime’ as the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorized to access that data and still continues to access that data (Geredal, 2006, p.282) . Section 86(1) provides that, subject to the Interception and Monitoring Prohibition Act, 1992 (Act 127 of 1992), a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence.
In the case of R v. Douvenga (District Court of the Northern Transvaal, Pretoria, case no 111/150/2003, 19 August 2003,unreported) the Court had to decide whether an accused employee GM Douvenga of Rentmeester Assurance Limited (Rentmeester) was guilty of a contravention of section 86(1) (read with sections 1, 51 and 85) of the ECT Act. It was alleged in this case that the accused, on or about 21 January 2003, in or near Pretoria and in the district of the Northern Transvaal, intentionally and without permission to do so, gained entry to data which she knew was contained in confidential databases and/or contravened the provision by sending this data per e-mail to her fiancée (as he then was) to ‘hou’ (keep). The accused was found guilty of contravening section 86(1) of the ECT Act and sentenced to a R1 000 fine or imprisonment for a period of three months (Geredal, 2006, p.282). It follows that the crime commonly known Hacking has now been entrenched in our law in section 86 (1) of the ECT which makes any unlawful access and interception of data a criminal offence.
This also applies to unauthorized interference with data as contained in section 86 (2) of the ECT (also see the provision of the RICPCRIA Act which prohibit unlawful data interference/monitoring of data). Section 86 (4) and 86(3) introduces a new form of crime known as the anti-cracking (or anti-thwarting) and hacking law. In terms of this law the provision and, or selling and/or designing and/or producing of anti-security circumventing (Ebersoehn, 2003, p.16) technology will be a punishable offence. In terms of section 86(4) a person is guilty of this offence if he uses and designs a programme to overcome copyright protection, with direct intent to overcome a specific data protection programme (Ebersoehn, 2003, p.17). E-mail bombing and spamming is now also a criminal offence as contained in sections 86 (5) and 45 of the ECT respectively.
Denial of service (DOS) attacks also popularly known as Disk Operating System attacks, are attacks that cause a computer system to be inaccessible to legitimate users. Denials of service attacks disrupt service to legitimate users for a period of time (Kufa, 2008, p.20). Section 86(5) states that, ‘any person who commits any act described in Section 86 with the intent to interfere with access to an information system so as to constitute a denial, including a partial denial of services to legitimate users is guilty of an offence’. The act or conduct is fashioned in such a manner that it is widely defined and consist of any of the action criminalized in Sections 86(1) and Section 86(4). The actions include unauthorized access, unauthorized modification or utilizing of a program or device to overcome security measures (Kufa, 2008, p.20).
Section 87 of the ECT also has introduced the Cyber crimes of Extortion, Fraud & Forgery. Section 87 of the ECT also has introduced the Cyber crimes of E-Extortion as per section 87(1), E-Fraud as section 87(2) and E-Forgery as section 87(2). Section 87(1) provides an alternative to the common law crime of extortion. Kufa states that pressure is therefore exerted by threatening to perform any of the acts criminalized in section 86. Kufa also criticizes this section as ‘wet behind the ears’ as its common law equivalent applies to both forms of advantage of propriety and non-propriety form. He suggests that this proviso is wanting and will require redress (Kufa, 2008, p.21).
Cyber-crimes are not limited to the acts as contained in the ECT but there are also other statues that are applicable in the prosecution of Cyber crimes. For instance, in terms of the Prevention of Organized Crime Act (POCA) Act 121 of 1998 and The Financial Intelligence Centre Act (FICA) Act 38 of 2001 the prevention of all the crimes (as applicable to the cyber environment) listed is highlighted (but in an organized fashion) as well as the prohibition of money laundering and other financial related crimes which are these days done online may also contravene the Exchange Control Regulations. Also noteworthy is the National Gambling Act and Lotteries Act. In terms of section 89 of the National Gambling Act any form of unlicensed gambling is unlawful and may be imprisoned for period of 2 years. Similarly sections 57 and 59 of the Lotteries Act also state that ‘any unlicensed lotteries or anyone participating in a foreign lottery is liable to a criminal offence’.
Notwithstanding Section 86(4) outlaws the cracking of anti-pirating and/or security software. It is also important to state that in the case of sale and/or making available of illegal copies of movies or music online (in formats such mpeg4, Divx, mov, mp3, wav, mwa etc) an individual may be in contravention of the Copyright Act as section 27 of the Copyright Act prohibits unlawful copying, decimation and/or distribution of copyrighted works. The provisions of the Counterfeit Goods Act may also be applied were the sale of such counterfeit goods (in this context reference to goods is the illegal copy of the movie or song) was concluded online.