Hi All Thought Ant Brooks would say something about this but since he did not, here is a quick summary with comments. Please do not distribute outside this list as I have supplied basically the same thing to a paying customer for inclusion in their newsletter... Hopefully I didn't screw up factually. SA passes Electronic Communications and Transactions Bill On 7 June 2002, the SA Parliament passed the ECT bill [1], against fierce opposition, especially from within the Internet industry. While the bill does have some positive aspects, some of its other far-ranging provisions have aroused ire amongst industry old-timers and professionals. The bill provides legislation in the following areas: * Planning and implementation of a national e-strategy, including provision of internet access to disadvantaged communitites. * Electronic transactions and signatures, which are given legal standing. * E-Government services. * Cryptography providers. This section makes it illegal to supply cryptographic products without registering, and paying a fee. * Authentication service providers, and standards for being an accredited Authentication Service Provider. See "Cryptography". * Electronic transactions and e-commerce, including protections for consumers. * Spam seems to be given "opt-out" status, not "opt-in", although other provisions try to limit the use of "personal information". * So-called "Critical Databases". * The Domain Name Authority and administration, where between 8 and 16 [**] people will do the work now done by one man. The sub-text is that new subdomains will be created and auctioned off, although this is not explicitly mentioned. The cell-phone industry provides a clue. * Limitations on the liability of Internet Service Providers. The Service Provider is seen as a "mere conduit" as long as, amongst other provisions, he does not "modify the data contained in the transmission". The effect of this provision on ISPs who automatically remove viruses from client email is not specified. ISPs do not have a general obligation to monitor traffic on or through their systems. * The appointment of "Cyber Inspectors", who can enter ISP secure server rooms with a warrant and poke their noses wherever they like. * Cyber Crime, which outlaws amongst others, hacking, cracking and malicious code. The provisions which have attracted the most flak revolve around the new .za domain name authority. It is currently run by Mike Lawrie, who has been doing it since the commercial internet arrived in South Africa. He has ICANN approval. He is so upset by the provisions of the new bill that he has threatened to "pull the plug". [2] So far this has not happened. [1] http://www.gov.za/gazette/bills/2002/b8-02.pdf [2] http://www.iol.co.za/index.php?set_id=1&click_id=31&art_id=qw10230782404 92B261 [**] Since writing the above, the Gov has ammended Section 10, which deals with the .za namespace. They dropped the number of people from "8 -- 16" down to 9. Also other changes. http://co.za/ect/chapterX-2002-06-07.html Uniforum, a non-profit which runs the .co.za domains, have posted their suggested ammendments to the ammendments, and invited comment from current .co.za domain holders. http://co.za/ect/chapterX-comments-2002-06-07.html Naturally I had quite a bit to say on the topic.. :-) Furthermore, my mind had mulled over other aspects of the bill since I wrote the above last Tuesday, and other issues came up: 1. Only registered cryptography suppliers may supply cryptographic products to South Africans. I suppose this could mean that Apache will not be allowed, leaving the field to Microsoft... I can't see any open-source software movement registering with every tinpot government around the world. Nor can I see Bruce Schneier registering to supply Blowfish or Twofish... The law is written aimed at suppliers, with no comment about the legal position of users of unregistered crypto products. [Ultimate objective: All your secrets are belong to us?] 2. If spam is given legal opt-out status, this puts ISPs in a difficult position, and could lead to SA becoming a spammer's haven. Cheers, Ian p.s. I was going to use a controversial Subj: line, like "SA Government goes berserk" or somesuch but decided against it.. :-) -------------------------------------------------------------- ian@zti.co.za http://www.zti.co.za Zero to Infinity - The net.works Phone/Fax +27-21-948-3809 _______________________________________________ Irregulars mailing list Irregulars@tb.tf http://tb.tf/mailman/listinfo/irregulars --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'