[IRR] SA passes Electronic Communications and Transactions Bill

Mon Jun 17 02:47:22 PDT 2002

Hi All

Thought Ant Brooks would say something about this but since he did not,
here is a quick summary with comments.

Please do not distribute outside this list as I have supplied basically
the same thing to a paying customer for inclusion in their
newsletter...
Hopefully I didn't screw up factually.

SA passes Electronic Communications and Transactions Bill

On 7 June 2002, the SA Parliament passed the ECT bill [1], against
fierce opposition, especially from within the Internet industry.

While the bill does have some positive aspects, some of its other
far-ranging provisions have aroused ire amongst industry old-timers
and professionals.

The bill provides legislation in the following areas:

* Planning and implementation of a national e-strategy, including
provision of internet access to disadvantaged communitites.

* Electronic transactions and signatures, which are given legal
standing.

* E-Government services.

* Cryptography providers. This section makes it illegal to supply
cryptographic products without registering, and paying a fee.

* Authentication service providers, and standards for being an
accredited Authentication Service Provider.  See "Cryptography".

* Electronic transactions and e-commerce, including protections
for consumers.

* Spam seems to be given "opt-out" status, not "opt-in", although
other provisions try to limit the use of "personal information".

* So-called "Critical Databases".

* The Domain Name Authority and administration, where between 8
and 16 [**] people will do the work now done by one man. The sub-text
is that new subdomains will be created and auctioned off, although
this is not explicitly mentioned. The cell-phone industry provides
a clue.

* Limitations on the liability of Internet Service Providers. The
Service Provider is seen as a "mere conduit" as long as, amongst
other provisions, he does not "modify the data contained in the
transmission". The effect of this provision on ISPs who automatically
remove viruses from client email is not specified. ISPs do not
have a general obligation to monitor traffic on or through their
systems.

* The appointment of "Cyber Inspectors", who can enter ISP secure
server rooms with a warrant and poke their noses wherever they like.

* Cyber Crime, which outlaws amongst others, hacking, cracking and
malicious code.

The provisions which have attracted the most flak revolve around
the new .za domain name authority. It is currently run by Mike
Lawrie, who has been doing it since the commercial internet arrived
in South Africa. He has ICANN approval. He is so upset by the
provisions of the new bill that he has threatened to "pull the
plug". [2]
So far this has not happened.

[1] http://www.gov.za/gazette/bills/2002/b8-02.pdf

[2]
http://www.iol.co.za/index.php?set_id=1&click_id=31&art_id=qw10230782404
92B261

[**] Since writing the above, the Gov has ammended Section 10, which
deals with the .za namespace. They dropped the number of people from "8
-- 16" down to 9. Also other changes.

http://co.za/ect/chapterX-2002-06-07.html

Uniforum, a non-profit which runs the .co.za domains, have posted their
suggested ammendments to the ammendments, and invited comment from
current .co.za domain holders.

http://co.za/ect/chapterX-comments-2002-06-07.html

Naturally I had quite a bit to say on the topic.. :-)

Furthermore, my mind had mulled over other aspects of the bill since I
wrote the above last Tuesday, and other issues came up:

1. Only registered cryptography suppliers may supply cryptographic
products to South Africans. I suppose this could mean that Apache will
not be allowed, leaving the field to Microsoft... I can't see any
open-source software movement registering with every tinpot government
around the world. Nor can I see Bruce Schneier registering to supply
Blowfish or Twofish... The law is written aimed at suppliers, with no
comment about the legal position of users of unregistered crypto
products. [Ultimate objective: All your secrets are belong to us?]

2. If spam is given legal opt-out status, this puts ISPs in a difficult
position, and could lead to SA becoming a spammer's haven.

Cheers, Ian

p.s. I was going to use a controversial Subj: line, like "SA Government
goes berserk" or somesuch but decided against it.. :-)

--------------------------------------------------------------
ian at zti.co.za    http://www.zti.co.za
Zero to Infinity - The net.works
Phone/Fax +27-21-948-3809

_______________________________________________
Irregulars mailing list
Irregulars at tb.tf
http://tb.tf/mailman/listinfo/irregulars

--- end forwarded text

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'