Lex Informatica – “Where the Law and ICT meet” conference was held at the Burgers Park Hotel in Pretoria on the 29th and 30th June 2011. In total there were 18 different speakers discussing topics that ranged from Cyber Forensics to IT Governance Risk and Compliance.
This annual conference is hosted by Snail Attorneys of Pretoria and co-chaired by Sizwe Snail and Judge Mohamed Chawki and senior judge from Egypt.
The purpose of the conference was to discuss and evaluate the legal aspects of, Intellectual property, e-globalization, Procedural Law Aspects, Cyber Security, IT-Management and ITGovernance, Quality Management, Telecommunication Law, Domain Names, Cyber Crime, Econtracts, cyber forensics, Software contracts , Privacy Laws ,Cyber Security , Corporate Governance in IT, E-Consumerism and E-commerce transactions.
The chairpersons of the conference have allowed us to share the crunchy bullet points of each of the speakers. Should any of the topics interest you, please contact Mr Sizwe Snail at firstname.lastname@example.org for more information.
Judge Dr. Mohamed Chawki, “Fighting Child Pornography over the Internet : The French Response”
Senior judge, Egypt; Conference Co-Chairman, Chairman -International Association of Cybercrime Prevention (AILCC) and Co-Director (ACCP) – Kampala.
One of the alarming stats was that FaceBook removes 20 000 under age users from their subscriber list.
There are 4 types of Child Pornography
1. Cybering – Posting of pics, text etc over the internet
2. Grooming – meeting and convincing children to partake in internet pornography
3. Age Play – systems like Second Life where the offenders pose as children, often using avatars
4. Exposure to Obscenity – sexual or violent acts over the internet.
The market for child pornography is estimated at $57 Billion worldwide.
There are 3 categories of offenders:
2. At Risk
Just viewing child pornography is a crime!
Prof. Tana Pistorius, “Intellectual Property Protection on the Internet in Africa”
Professor, Faculty of Law, UNISA
Digital copyright should be the same as physical.
If codes and encryption can be used to deny access then the same code should be used to grant access to private and protected property.
Tumelo Tshaya, “COMPUTER SOFTWARE PATENT IN SOUTH AFRICA”
Adams and Adams
If software is developed and is patented one can apply for a 150% tax rebate as per Section 11D of the Income Tax Act No. 58 of 1962.
Computer software patents are not only the source code, but the actual system actions that the software can perform.
Current government policy states that Open Source software is to be preferred to that of propriety software like Microsoft Windows for example. However if sufficient reason is given, propriety software may be used.
Danny Myburgh, “Practical Implications of Anton Piller orders in intellectual property infringement suites”
FBI ranks South Africa as 7th in their top 10 cyber threat countries.
In 2010 the number of internet users surpassed 2 billion users with 226 million users coming from the developing countries.
Simple opening a document on a computer to check for evidence, just the mere fact of opening the document the system record will mention that the file was modified (even though you just viewed it) – convincing the court that nothing was tampered with will be very difficult. This is why it is critical to have the latest technology when searching data.
When compiling an application for a search and seizure, it is critical to detail exactly what you are looking for and where it is located.
John Giles, “IT Governance, Risk and Compliance – a legal lens”
By law every company needs to have an information officer who is responsible for the PAIA and POPI for the company.
Some quick and simple wins in risk management are:
1. Shred all paper leaving the company
2. Manage bulk email lists
3. Have property exit strategies for staff leaving the company.
Compliance with King III, ECT Act and now the Consumer Protection Act actually improve business, through transparency, honesty and by excellent service while at the same time minimising the risk of not only litigation but more importantly….not losing your customers!
Verine Etsebeth, “TWEET NOW, PAY LATER – THE LEGAL IMPLCATIONS OF SOCIAL NETWORKNG SITES FORPROSPECTIVE EMPLOYEES”
University of Johannesburg
When you delete your FaceBook profile, it is deleted as you see it when logging into Facebook, but all of your information is still intact and exactly as it was when you were active. All images, comments, posts and messages all still exist – plus if you read the Terms and Conditions, they belong to FaceBook now, in fact the second you post them, you hand it over to FaceBook.
With the employment process, a Facebook check has become the equivalent of a first interview.
Have a social media policy for the company to protect both the individual and the company.
Gregor Urbas, “Copyright, Crime and Computers, New Legislative frameworks for intellectual property rights enforcement”
Senior Lecturer, Australian National University
Copyright law in Australia is largely driven by the music and film industry, protecting their own property basically.
As some of the law officers are not skilled in detecting counterfeit products, customs and the rights owners or representatives often are involved in bringing in the perpetrators. The penalties for these crimes are extremely light, with fines or warnings, which allows the perpetrator to open up another shop in a couple of days.
New legislation pending in Australia to embrace the convergence of copyright law, internet usage and criminal justice.
Mark Heyink “South African challenges for the protection of personal data”
(Information Governance Consulting) – Heyink Inc.
Recommends the book Kingpin – How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen.
534 Million Personal records in the USA have been compromised from Jan 2005 and June 2011.
ICT governance in big business is being left to IT and the gap between business and IT seems to be growing.
Universities should teach cybercrime as a subject for all law related degrees.
Sylvia Papadopolous “E-consumer protection in terms of the ECT meets CPA”
Advocate of South African High Court and Senior Lecturer, University of Pretoria
The repeal of S45 is an improvement in curbing SPAM.
The CPA now deals with bulk email, but this is just one aspect of SPAM. The PPI will handle the processing of personal information, which will assist in the fight against SPAM. The question is how these various acts will work together in addressing this type of crime.
The registry that will track and control SPAM is in the process of being formed, at present government is advertising to allow private service providers to offer their solutions.
There seems to be an issue with the definitions of the term “electronic communications” in the various acts.
A quick fix may be for the registry to insist that all SPAM type email is preceded with the text “ADVERT” to ensure transparency.
Nicolas Hall, “Consumer Protection: Implementation strategies for online business”
Bad behaviour from suppliers must be reported to the NCC (National Consumer Commission) – they will advise the merchant and give them time to rectify the wrong doing. Should this not be done, the merchant can be fined or taken to court.
The CPA is really a reactive control, where 99% of the cases will come from consumers who have burnt their fingers and now turn to the NCC to rectify the issue.
Remove the prohibited terms from the company Terms and Conditions of service and have a great returns policy that will curb the effect of the CPA.
Dana Van der Merwe, “A comparative view on cybercrime legislation in AFRICA”
Professor of Law, UNISA
In years gone by, first property determined wealth, then capital in the industrial revolution and today if you own information you are now considered a wealthy or powerful person.
The Protection of Information bill as it stands now is allowing government to police itself with regards to the information it shares. Never a good thing to make the person their own watchdog.
The penalties for transgression of these electronic communications laws ranges from 2 to 5 years – not sufficient to allow for proper prosecution
There should be a cybercrime treaty for the whole of Africa, which should then join the existing UE treaty. Maybe this should be a United Nations Cybercrime treaty!
Jaco De Jager,”Gathering of electronic information – what is our success rate in deterring fraud and corruption”
ACFE SA – Association of Certified Fraud Examiners South African Chapter
In South African alone, identity theft is costing in excess of R10 Billion per year. The life insurance sector has mentioned that they have lose R264 million a year due to fraud.
Increased financial pressure is always the biggest reason for people committing fraud – basically living beyond their income.
To find out more about Association of Certified Fraud Examiners visit the website http://www.acfesa.co.za.
Joey Jansen van Vuuren, “Cyber Warfare with International Cyber defence collaboration for RSA”
Council for Scientific and Industrial Research
15 Countries including South Africa are busy looking at establishing a cyber-security treaty.
USA and UK are developing systems to Counter Attack cyber-attacks from other countries.
The SADF do not see cyber-attacks as one of the threats to the country, like they do with land, sea and air attacks.
Annette Hübschle, “Cybercrime – The next level in sophistication of organised crime?”
Institute for Security Studies (ISS)
MXit is the biggest social network in Africa with 27 million users. Also MXit is used by gangs in Cape Town, both in society and inside of prisons.
2,8 Million emails per second are sent out every day, an estimated 70% of which are spam.
A report released by the Southern African Banking Risk Information Center (SABRIC) in 2010 ranks South Africa as the 3rd most victimized country, after the US and UK, with regards to online banking manipulation or phishing.
Corrupt border officials use SMSs to advise illegal “border crossers” of the best times to get across the border undetected.
Syndicates use social networking as their communication systems with false IDs and avatars – often the fellow members do not know the real person – outside of the social network. This makes it extremely difficult for the police to find the kingpins behind the syndicates.
For more information on the ISS visit http://www.issafrica.org.
Jason Jordaan “Bridging the gap between cyber forensics and legal practitioners”
Special Investigating Unit – SIU
Improper collection of evidence often renders the evidence inadmissible.
In South Africa there are less than 100 digital forensic experts – 39 of which are inside the SAPS. (29000 police officers to 39 digital forensic experts!)
In a survey recently completed the SIU discovered huge issues with quality assurance in local digital forensics.
Claudio De Lucenta Neto, “E-Justice In brazil – moving forward”
Universidad de Pariba, Brazil
Currently there are 85.6 million open cases in Brazil, that means for every 2 people in the country there is one open lawsuit.
The personal information stored for these 85.6 million cases excluding those that have been closed is at risk as the security is rather relaxed.
Akalemwa Ngenda, “Over Criminalisation”
Brunel University – London
The lack of a universal culture around the world, really means that we should not adopt universal laws to govern cybercrime.
One cannot assume universal law, as universal morals can really be counted on one hand.
In summary, don’t assume what is correct to a country like USA must also be mimicked in a country like South Africa.
Sizwe Snail, “Cyberlaw v Labour Law @ the workplace: Employee vs Employer”
Although the courts and law generally promote the privacy of the individual from both others and the government, Section 6 of RICA actually states the instances where a company may monitor the communications of an individual.
As an employer you should have an electronic communications policy as an addendum to their employment contract.
Surveillance camera footage, as long as it is a permanent monitoring camera may be used as evidence in court, however a camera placed merely to entrap the suspect is not allowed – unless permission is granted before installation.
Entrapment must always be seen as the last resort in finding evidence.
When performing polygraph testing, make sure that specific questions relating to the crime are asked, and that these same questions are asked of other employees as well – obviously when relating to labour issues. It is also stated that other evidence should be collected that supports the polygraph testing – but the short of it, is that evidence is evidence, gather whatever you can.
The conference was sponsored by:
African Center for Cyberlaw and Cybercrime Prevention (ACCP)
Van Schaik Publishers