New SA law means you may be jailed if you forward these kinds of WhatsApp messages.
Forwarding intimate images without consent and messages which incite violence or damage to property could result in a jail term of up to 15 years.
The latest Cybercrimes Bill, which is due to be signed into law by the president, holds creators and distributors of unlawful content equally accountable.
Businesses and electronic communications service providers, like WhatsApp, are obligated to report suspected cybercrimes to police within 72 hours.
Police will have the power to investigate, search, access and seize private digital information.
Sharing messages which promote violence or damage to property could land South Africans behind bars when the new Cybercrimes Bill is signed into law by President Cyril Ramaphosa. After being approved by parliament on 2 December 2020, this far-reaching piece of legislation is one step closer to redefining digital safety and security in South Africa.
An extension of the old Cybercrimes and Cybersecurity Bill, which was first drafted in 2017 and received staunch criticism concerning government’s overreach in the cybersecurity section, the new bill deals exclusively with cybercrimes.
The Cybercrimes Bill defines and criminalises several digital offences across multiple platforms, including electronic communication via WhatsApp, Facebook, Twitter, and other messaging services.
The bill deals extensively with the unlawful access, interception, and interference with data, commonly referred to as hacking. The Cybercrimes Bill also takes direct aim at digital scams, with cyber fraud, forgery, and uttering – defined as the creation or use of false data with the intention to defraud – being subject to broader terms of imprisonment.
And while these new laws focus on protecting South Africans against hackers and email scammers, the Cybercrimes Bill also addresses the issue of malicious communications.
Defined as the creation or distribution of data messages which incite violence, damage to property and personal threats, malicious communications extend to the sharing or forwarding of such content. This includes cyber-bullying, defined as harassing or encouraging a person to harm themselves, and false communication intent on causing mental harm.
This applies to both private and public conversations, which has especially far-reaching consequences for WhatsApp groups and chainmail-type messages which are shared among contacts. The bill does not distinguish between a creator and sharer. Instead, the Cybercrimes Bill holds any person who makes available, broadcasts, or distributes malicious communications equally accountable in the eyes of the law.
Associated with the malicious communications clause, the bill makes specific mention of ‘revenge porn’, defined as the distribution of intimate images without consent of the person depicted. Within the context of the bill, an “intimate image” includes the depiction of an identifiable person who is nude or in which their genital regions are exposed.
If the person depicted is a female, transgender or intersex, an intimate image includes the display of breasts. Videos and digitally altered intimate images are included in the bill’s description. Even if the person’s face is not visible, those convicted of sharing intimate images will be liable for a fine or term of imprisonment ranging from one to fifteen years or both.
The Cybercrimes Bill further empowers the South African Police Service (SAPS) to investigate, search, access and seize information contained within a private database or network.
Additionally, businesses, electronic communications service providers (ECSP), and financial institutions are obligated to report suspected cybercrimes to the relevant authorities, within 72 hours, and assist with any subsequent investigations.
“Businesses who may fall victim to a cybercrime or who, for example, have an employee who commits a cybercrime, are required to offer cooperation and assist law enforcement officials in any investigations they may conduct,” explains Preeta Bhagattjee of law firm Cliffe Dekker Hofmeyr. “Any ECSPs or financial institutions that fail to comply with such obligations could be found guilty of an offence and be liable on conviction to a fine not exceeding R50,000.”
Evidence admissible in court includes screenshots, image files, messaging records and oral accounts. Businesses, ECSPS, and financial institutions are ordered to preserve any evidence relating to a suspected cybercrime.