What happens when the cyber cop comes knocking?
Under the diversionary tactic of helping make online transactions more
secure, your rights online are in the process of being 'legally' removed [in
S. Africa...]
Ian Fraser
----------------------------------------------------------------------------
----
In Chapter 5 of the Electronic Communications and Transactions Bill,
there
appears the following statement. "The Internet presents security challenges
which, without an effective regulatory framework, would pose a threat to the
security of consumers and the State."
I think, based on some of the examples listed below, you can safely remove
the word "consumers" - because this Bill appears to be all about the
security of the State, while paying mere lip service to 'regulating
electronic commerce' and 'protecting consumers'.
(Something like passing a Law to help Supermarkets, which requires that
everyone in the area as well as those people using the Supermarket, can be
watched and snooped on - just in case. And if you complain about the idea of
being watched, well - as long as you're not a criminal you've got nothing to
worry about, therefore only criminals are likely to complain). Twisted logic
in action.
Did you know that once the new Bill is in law, so-called 'Cyber-Inspectors'
can enter your home, search it, search your PC, and even search you, if they
feel justified? Of course, this is only during daylight hours - although the
Bill says a court can waive this nicety, if it's deemed necessary. (87 (d)
subsection 5).
They can also make copies of any documents or books they find on your
premises which may "have a bearing on the investigation".
The Bill also makes sure to say that you have to 'render technical and other
assistance' if necessary, to the Cyber Inspector (86 (h) - presumably to
help them find information proving that you're a criminal - and failure to
help is illegal.
But wait there's more!
According to my layman's view, in section 90 of the Bill - if you happen to
be using an encryption program which in the Governments view hinders, or
prevents them getting the information they want, you can be jailed for up to
5 years.
Of course they've tucked this away in a section dealing with unauthorized
interception or interference with data. And naturally, this only refers to
criminals.
Who are the criminals? Well, that's up to the South African Police Service
and the Cyber Inspector to determine. And I'm sure we law abiding citizens
therefore have absolutely nothing to worry about. Mistakes just don't get
made, especially not by the police - who can request the Cyber-Inspector to
help them with any investigation.
In Section 86 (1) - there's the innocent seeming phrase that - subject to
getting a warrant - "the Cyber-Inspector may enter any premises or access an
information system that has a bearing on an investigation". Lets look at
this phrase more closely.
Given my recent discovery of local Intelligence agents emails online
(http://cryptome.org/dirt-safrica.htm) where local spies (with the full
approval of our government) were hunting for a good trojan program to sneak
into local users computers to intercept and access their data from a
distance - the wording in that subsection covers a multitude of surveillance
opportunities.
Now look again at the phrase "enter any premise or access an information
system". Personally, I'd be very wary about downloading any programs from
local sites from here on, given that they may be hiding the Governments new
and improved snooping device(s), which they can turn on or off at their
desire.
Then in Section 90 (3) - anyone who has any kind of software or device that
is "designed primarily to overcome security measures for the protection of
data" is guilty of an offence. So if you have any little program for those
times when you've forgotten your zip or Word or PC password - you're about
to be made a criminal.
There's also the fairly far reaching ramifications of 85 (1) - which states
that a Cyber Inspector may "monitor and inspect any website or activity on
an information system in the public domain and report any unlawful activity
to the appropriate authority".
What this means - in my view - is that all the thousands of local users
chatting away on MIRC, and/or sharing files on this and many other
'networking' applications, can now be monitored full time, if it's desired.
After all, its "activity on an information system in the public domain".
Then there's the frankly Orwellian doublespeak of what the Bill calls
"Protection of Critical Data" in Chapter 10.
I quote - "Critical data is information which, if compromised, may pose a
risk to the national security of the Republic or to the economic or social
well being of its citizens". 'Social well-being'? What does this mean?
So what happens when webpages critical of the government are being run or
hosted? Does this constitute 'misuse of critical data'?
I'm also curious about the role of local internet service providers in all
this. What happens when the police or the Cyber-Inspector comes knocking?
Are the ISP's going to be allowed to notify users that they're being
monitored and/or investigated? Are they going to be storing users emails for
the police? Or having to quietly install software similar to the FBI's
'Carnivore' program, to browse data traffic of suspected criminals?
It's no good using the traditional statement by budding dictatorships that
"If you're doing nothing wrong then there's nothing to worry about" - that's
so insultingly simplistic and self-serving, that it can't be accepted as a
valid argument by any intelligent citizen in this modern age.
Who trusts governments and intelligence agencies to do the right thing, or
believes the state is responsible enough for citizens to abdicate their
personal freedom and rights so easily? I don't. After all, that's my RIGHT.
Democracy doesn't end where your keyboard begins. If you wouldn't allow a
camera in your home to watch you when "a court decides its legal" - then why
allow it online?
While this Bill is allegedly to help increase confidence in online
transactions, and in fact does address some useful aspects of regulating
online transactions - even a cursory reading of the entire legislation shows
a whole range of little paragraphs and subsections that frankly stink, and
which seem to indicate the beginning of a slippery slope towards a removal
of your online right to privacy, freedom of association and freedom of
speech.
A more paranoid person might suggest that it's time local users started
looking at encryption technologies, anonymous proxy servers and more, to
protect their privacy and themselves from this government.
But luckily this is South Africa - a democracy - and none of us know
anything about living in paranoia under authoritarian, anti-democratic,
crypto-fascist regimes.
-----------------------------
� Daily Mail & Guardian 2002
"civil disobedience. . . is not our problem. Our problem is civil obedience.
Our problem is that numbers of people all over the world have obeyed the
dictates of the leaders of their government and have gone to war, and
millions have been killed because of this obedience. . . Our problem is that
people are obedient all over the world in the face of poverty and starvation
and stupidity, and war, and cruelty. Our problem is that people are obedient
while the jails are full of petty thieves, and all the while the grand
thieves are running the country. That's our problem." [Howard Zinn, Failure
to Quit, p. 45]
"And those who were seen dancing were thought to be insane by those who
could not hear the music."-Friedrich Nietzsche-
-------------------------------------------------
a m b i t : networking media arts in scotland
post: [EMAIL PROTECTED]
info: send email to [EMAIL PROTECTED]
and write "info ambit" in the message body
-------------------------------------------------
