SUMMARY OF SUBMISSIONS

SUMMARY OF SUBMISSIONS

ORGANISATION	ISSUE/CHAPTER	COMMENTS RECEIVED	RECOMMENDATIONS
DTI	Generic terms	Due to cross cutting nature of these terms in various laws, the terms such as post/mail etc, requirements for "seal", certification, stamp duty, instrument and inspection, search and seizure.
	Section 15	Electronic evidence to be considered by Department of Justice.
	Section 17	Consideration should be given to whether Sec 17 will be interpreted by courts as giving blanket authorization to use electronic form.
	Section 19(2)	Consider expanding this section in Chapter III with guidelines, exceptions, qualifications and ability to issue notices in the gazette.
	Chapter IV	This chapter does not cover the full range of transaction and interactions, and a public body like registrar of companies is involved in this chapter and not wide enough.
US GOVT.	Definitions	Definitions of advanced electronic signature, data subject, consumer, automated transactions and electronic personal information should be amended so as to be consistent with international trends.
	Section 4 Sphere of Application	Addition of provision for B2B transactions to establish their own rules. Current language seen as restrictive. Improve definition of "retention" in Sec 16, as it is inadequate for law enforcement purposes especially including traffic data.
	Chapter 3 Facilitating electronic transactions	Belief that the draft Bill creates a regulatory regime that will discourage the use of technology for electronic signatures. Imposition of government accreditation scheme freezes use of digital signatures especially when focus is on UNCITRAL Model Law on electronic signatures.
	Chapter IV E-Govt.	Sec 28 provides government agencies with discretion to accept electronic filling. It is suggested that this should be an imposed general mandate to allow constituents to transact with government electronically.
	Cryptography Providers	Definition has limitations in that it can include access control, directory or password methodologies. Reconsider the definitions of what constitute cryptography product or service.
	Authentication Service Providers	Government endorsed accreditation – a government official is not technology neutral and can lead to reduction of trust in cross border e-commerce. It is suggested that UNCITRAL Model Law on e-commerce be adopted.
	Chapter VII Consumer protection	Strengthen competition policy. This Bill focuses only on electronic transactions. South Africa has followed OECD guidelines on consumer protection. It is suggested that "where applicable and appropriate" be included in some areas of this section. Also propose self-regulatory organization instead of government to prescribe. Overly detailed – page 8 of submission
	Fraud	Consider strong anti-fraud provisions in the bill if these do not already exist to ensure adequate tools to fight internet fraud. Fraud to be both civil and criminal offence. (page 10)
	Chapter VIII Personal information and privacy protection	Privacy provisions not equipped to provide legitimate protections that data subjects can enjoy and suggest self regulatory mechanisms including private sector developed codes of conduct, dispute resolutions, etc. Chapter VIII provisions are too vague. Section 52(1) is overbroad because it requires explicit for the collection of any personal information. (page 11) Adverse effect on domain name system as it will prevent use of WHO IS database in the TLDs and ccTLD.
	Chapter IX Protection of Critical Data	Section 57(2)(b) is overbroad in that it may include virtually every government agency and no legal standard or procedure created for such request.
	Chapter X DNS	Vague on criteria for awarding licences for registrars. Establishes State run legal entity. What about UDRP (page 14)
	Chapter XI Limitation of Liability	Consider limiting only to ISPs or ASPs and not information system services. Definitions of "mere conduit" to be reworked (page 15) "notice and takedown" (page 16)
	Chapter XII Cyber Inspectors	Clarity of whether inspectors can only exercise powers pursuant to court orders Sections 86 and 87(2)(c) purport to apply if information "is accessible". Concerns of South Africa overreaching its own territorial jurisdiction. Possibility of abuse of such orders as there is no judicial supervision.
	Chapter XIII Cyber Crime	Common hacking tools are used to test systems. Is this an offence? Focus on results of conduct rather than tool possession Section 90(1) very broad, put thresholds on loss amounts or specific results. Section 90(3) has several shortcomings, include trafficking in services under prohibitions. Section 93 South Africa signatory of Council of Europe Cyber crime – use same such provisions (page 20)
South African Post Office	Chapter III Sec 13 Requirements for Advanced Digital Signatures	All advanced digital signatures be supported by face-to-face identification signatory promotes trust. (proposed amendment see page 7)
	Chapter VI Preferred Authentication Service Providers	Post Office be named as a preferred Authentication Service Provider whilst allowing others to apply for such designation (page 10/11)
	Chapter III Sec 18 Certification of documents as true copies	Gap in the Bill – significantly reduces ability to convert paper based documents into electronic documents and provide certified copies of such in electronic format (page 14)
	Section 19 Sending by registered post	Amend clause 19 – for provision of electronic registration of a data message (page 2) by post office (page 15)
Media 24 and Kalahari.Net	Section 43(2)(c)	This section will create confusion if the words "or other goods intended for every day consumption" are used.	It should also apply to consumable information, medicine and the like. The use of the word "or" creates the impression that this section does not only refer to foodstuffs. This section should be better drafted to include all consumables
		The company does not wrap its packages and would have to incur considerable costs to shrink-wrap these goods before shipment.	That the word "seal" should be given a broader definition to include any indication that the consumer opened or used the goods in question.
Media 24	Section 43(h)	This should apply to electronic / digital newspapers, magazines and periodicals.
Kalahari.net	Section 43(h)	Why are books not included?
	Section 45 Cooling Off period	Off line and online traders are to be treated equally.
E-Bucks.com	Section 11(3)(b)	Does this mean that a customer has to be able to retrieve his original terms and conditions despite the fact that new versions have been created in the interim which is posted on the website?
	Section 14(1)(a)	The words "or otherwise" create confusion and uncertainty and should be deleted.
	Section 15	Will this Bill repeal the Computer Evidence Act? If not, evidentiary issues relating to computer evidence will not be simplified.
	Section 16	Does the criteria in this section apply to other sections of the Bill, which refer to "info stored/retained"?
	Section 18(1)	How will notaries compile their protocol if a hard copy document does not exist and if the notarial seal is attached electronically?
	Section 21(a)	Section 3 should be interpreted so as not to exclude the common law. In terms of the common law, intent is required to conclude an agreement. Is an electronic agent able to express intent on behalf of its principal?
	Section 21(d)	Must a party using an electronic agent go back to the natural person afterwards and say that the parties are now bound by the agreement? At which stage of the transaction is the natural person supposed to check the transaction? This section removes certainty a to when and how an agreement is concluded.
	Section 21(e)	* It appears as if there is a word omitted before the word "made". * A natural person will inform the bank of an error. However this section creates uncertainty as to the time limit a natural person using an electronic agent has to give notice. * Insufficient protection to the bank where the client has made an error to, for example, a payment to a third party. *Should the words "that person" with "the intended recipient"? as the third party benefits and not the bank.
	Section 44(3)	This section, which allows clients to cancel a transaction within 14days, is unfair to banks a "suppliers" of financial services. How will Section 44(4) be applicable to cancelled transactions in terms of subsection (3)
Steinhoff Africa Group Services (Pty) Ltd	Definitions	Clarification of electronic transactions, as there is no definition for it, especially the meaning of the phrase "other intangible form".
	Section 11(3)	This section speaks of information in the public domain. What information will be regarded as being within "the public domain"?
	Section 12	Suggest that injecting the word "retrievable" before "data messages" in Section 12(a) amend it. Furthermore, suggest that subsection (b) be deleted entirely.
	Section 13, 14 and 15	Should be amended to refer specifically to "electronically transactions".
	Section 21(e)	What is meant by "material error"? Should it not be defined in the definitions section?
	Section 22	Be more specific as to which part of the Bill is applicable when the parties have themselves specified it.
	Section 24(b) and Section 27(1)	Suggest an acknowledgement of receipt of a data message to give legal effect to an agreement.
	Chapter V Cryptography Providers	Why should government instead of the private sector be entrusted herewith? In terms of Section 32 government officials will be allowed to "guard" over very sensitive and valuable information.
	Section 36 and Section 31(1)	Read together, it provides that government has the right to provide authentication services. Why not the private sector?
	Section 43(2)(a)-(j)	This section, which excludes the "cooling off period" seems to be couched in too wide terms. The type of transactions that are excluded may well be the very ones that consumers need protection for.
	Section 51	This section seems to be too limited and should also extend to "data messages"
	Chapter IX Critical Databases	Matters of national security and /or state secrets should rather be dealt with by other legislation and not the current Bill
	Chapter X Protection of Domain Names	It would be practical to amend the Trade Marks Act to address this issue and let the courts and common law develop it. Also, why limit the regulation and use of domain names exclusively to the .za domain name?
	Section 60	How will the juristic person, who will oversee the regulation of the .za domain name, be financed?
	Chapter XII Cyber Inspectors	Highly qualified and specialized police unit instead of creating another "elite police force" and/or "monitoring authority" should undertake these duties.
	Section 85(1)(a)	Are these investigative powers here only to be exercised in relation to cryptography service providers, authentication service providers and critical database administrators or also in relation to other person and or institutions?
	Section 87	It appears as if a warrant is available simply upon request. It should rather be granted after an ex parte application to a competent court, with provision for a return date.
	Section 93	Cyber crime should be dealt with by amending the Criminal Procedure Act. Alternatively, the fines should be specified in the Bill.
	Section 97	The wording of the exclusion clause should be amended to provide for liability for mere negligence and not be limited to gross negligence.
National Archives of South Africa Department of Arts, Culture, Science and Technology	Retention Generation of Information (E-Government) Chapter IV	The Bill does not address the need to generate and retain records according to the records management principles informed by National Archives of South Africa Act 1996. Basically the proposed Bill must comply with the Acts format and medium that information should be kept
The Life Offices Association of South Africa	Chapter I Section 1: Definitions	* "Advanced electronic signature" refers to a "process", accredited "by the Authority as provided for in Section 38", but this Section deals with the accreditation of "authentication products and services". There is a gap between this ‘process " and the " authentication products and services" * "data controller" The word "receives" should be added to this definition as the word "collects" does not necessarily include the word "receive". Also, "requests" information does not necessarily mean "receive", therefore that word should be deleted.	* "data controller" means any person who electronically receives, collects, collates, processes or stores personal information. * "Data subject" here it limited to natural person, but in Section 14 of the Constitution it is not limited to natural persons only. "Data subject means any person from or in respect of whom personal or confidential information has been received, requested, collected, collated, processed or stored, after the commencement of this Act". "Personal information". "Data message" It is uncertain whether this definition includes audio and video. The definition of "e-mail" appears not to cover the various available devices and means which can be used to send and receive video and audio messages, having regard to the definition of "data messages". The use of "voice" in the definition is unclear. "data message" means data generated, sent, received or stored by electronic means and includes video and audio information recorded electronically. Also, references to the word "payment" should be removed from the Act, or alternatively, it should be included in the definition of a data message. * "Information system" includes "WAP communications". There are other technologies similar to WAP, therefore it should rather include "Mobile Internet Services" * "Person" The Act uses various words when it refers to a person. There should be a common definition, unless the word is intended to be restricted to natural persons in certain sections. The Act is vague as to what is meant by "person" who can only be explained by the common dictionary meaning or by referring to another Act. * "Person shall mean a natural person, a private body and a public body". It is unclear if whether voluntary association and trusts are included in the definition "private body". Therefore it should be extended to specifically make reference to them. * The word "accessible" is used in various sections in this Act. Therefore, there should be a definition for this word.
	Section 2: Objects of the Act	An Act cannot "enable and facilitate", it is therefore submitted that the objects of the Act ought to be stated as to "regulate electronic transactions in order to …." Section 2(1)(a) is vague and should be deleted. Section 2(1)(d): As large private bodies are the main users of electronic transactions, this section should be amended to provide protection of their confidential information. Section 2(1) refers to "electronic transactions" yet it is not defined. We therefore recommend the sentence to be amended to read: "..to enable and facilitate transactions in electronic form…" Section 2(1)(l) is unclear
	Section 3 : Interpretation	This section is tautologous because there is a presumption in law that the Legislature does not want to change existing law.
	Section 4: Sphere of Application	Section 4(1): As there are no contrary provisions in this section, the words "Subject to any contrary provisions in this section," should be deleted. Section 4(2): The present definition "person" applies only to public and natural persons. This cannot have been the intention of the Act to limit to these two classes only.
	Chapter II: National e-Strategy Section 5	Due to the time lapse for implementation of this strategy, it would be better that the e-Strategy be contained in a living document that keeps pace with the ever-changing electronic commerce environment.
	Sections 7 to 9	An Act regulates the relationship between the State and its subjects. These sections contain provisions addressed to the Minister and not to the subjects of the Act. It should be amended to provide that the Minister might make regulations aimed at achieving the goals reflected in these sections.
	Section 9(b)	The term "website portal" is used here, yet it is not defined in the definitions.
	Section 10: Electronic Transactions Policy	Regard being had to the provision of section 10(4), the purpose of the policy guidelines is not clear.
	Chapter III: Facilitating Electronic Transactions General	Sections 12, 13, 14, 16, 18 and 19 must be qualified with reference to Section 4(4). There are other statutes not specified in Schedule 2, which require documents to be in writing. Therefore, Section 4(4) should be amended to: "This Act must not be construed as giving validity to any transactions which a Statute requires to be recorded in writing"
	Section 11: Legal recognition of data messages	Section 11(3) refers to "public domain" which is not defined. It should be defined to include data that is generally available. Recomm: "Where the terms of an agreement are not recorded in a data message, such terms will be regarded…if such terms are – " Section 11(3)(b) the word "accessible" should be defined in Section 1
	Section 12: Writing	Section 12(b) states that a requirement under law that a document or information being writing is met if the document or information is "accessible". Therefore, define the word " accessible" to avoid disputes. It is also not clear whether the information must be accessible to all parties or only one of the parties involved in the electronic communication or transaction.
	Section 13: Signature	Section 13(3): the words "that requirement is met…" must be replaced with "that requirement is deemed to have been met…" Section 13(4): create a presumption that where an advanced electronic signature is attached to an electronic document, there should be a prima facie presumption that the electronic document has not been altered and that the contents are valid and reliable.	"Where an advanced electronic signature has been used, such signature is deemed to be a valid electronic signature and the contents of the data message to which it is linked is deemed correct and complete, unless the contrary is proved.’ Section 13(5) should be deleted since Section 13(4) contains the words "unless the contrary is proved".
	Section 14: Original	It may be necessary to lead expert evidence relating to integrity and reliability. Therefore, it should be presumed to be prima facie reliable, unless evidence to the contrary is shown. If not, it unfairly retains the onus of proof on the party relying on the data message, and will mean that there will be no legal or commercial certainty.
	Section 15: Admissibility	Section 15(3) contains factors, which can only be addressed if expert opinion evidence is given in court. Its complexity and expense, is the reason why the Computer Evidence Act was not often utilized. Therefore, a stronger prima facie presumption should be created. Section 15(1)(b): the best evidence rule does not apply here as the data message is in its original form.
	Section 16: Retention	A suggestion has already been made that "accessibility" needs to be defined, as the word on its own is very vague.
	Section 18: Notarization	Please refer to the commentary under section 13 above.
	Section 22: Variation by agreement	"that part" at the end of the sentence should read "this part"
	Section 24: Time and place of communication	The issue of "voice" being included in "data message" is unclear. Section 24(c) is far-reaching, as agreements are often not entered into at "the usual place of business". Also, natural persons are not generally referred to as having a "usual place of business"
	Section 25: Attribution of data messages	It is necessary to build in a presumption to provide that the ostensible originator of a data message will be deemed to be the originator of the data message under specified circumstances, unless the contrary is proved.
	Chapter IV E-Government Section29: Requirements may be specified	"…Where a public body decides to perform…" The wording is incorrect. A public body does not have a choice to perform the function: the function takes place pursuant to law.	"…Where a public body performs…"
	Chapter VI Authentication Service Providers Sections 34 to 37	Identification and authentication of identity is not appropriate to the general objectives of the present Act. Instead, introduce a new national identity system technologically connected with electronic signatures in al holistic and integrated solution to the problem.
	Section 38: Accreditation of authentication products and services	This section deals with the accreditation of "products and services" while the definition of an "advanced electronic signature" deals with the authentication of a "process".
	Section 40: Revocation or termination of accreditation	Section 40(3): The public should be notified of any periods of suspension if there is a likelihood of harm to them.
	Chapter VII Consumer Protection Section 43: Scope of Application	Long-term insurers should also be included in the list of exclusions found in Section 45, as they are already subject Policy Holder Protection Rules. Also the pending Financial Advisory and Intermediary Services Bill have provisions regarding disclosures to be made before and after conclusion of any transaction.
	Section 44: Information to be provided	Section 44(1)(f) refers to a "legal person" whereas it should be a "juristic person".
	Section 46: Unsolicited goods, services or communications	Section 46(2) incorrectly refers to "communication" it should rather read "electronic communication". Additional provisions obliging senders of spam email to provide their full contact details. Non-compliance with Section 46 should constitute an offence.
	Section 48: Applicability of Foreign Law	The heading is not reconcilable with the contents thereof. The Act cannot have extra-territorial effect on suppliers situated on suppliers situated outside the borders of the RSA, nor can it impose SA law on international contracts unless the parties have agreed or there are specific treaties in place.
	Chapter VIII Protection of Personal Information Sections 51 and 52: Scope and principles of protection	As the Law Commission is charged with drafting Data Privacy Legislation, it is premature to introduce this subject at this stage
	Chapter IX Protection of critical databases Sections 53 to 58	The words " the economic and social well-being of its citizens" are extremely wide. It may infringe on the right to freedom of economic activity and Section 58 may be a contravention of the right to privacy.	That the application of this chapter be limited to national security and that minimum criteria are set out.
	Chapter X Domain Name Authority and Administration Section 60	Thus far, the domain naming system has worked perfectly adequate in the South African private sector, and it is doubtful that regulating would bring any benefits.
	Chapter XI Limitation of Liability of Service Providers Sections 74 to 77	Service providers can interfere with the transmission of data messages; therefore they cannot be absolved from liability in cases where they have acted intentionally or negligently.	" Nothing in this Act shall prevent service providers from liability for their intentional or negligent actions or omissions or the intentional or negligent action or omission of their agent or representative."
	Section 81	The requirement that a complainant furnish indemnity in Section 81(i) will discourage people from notifying service providers of unlawful activities.
	Chapter XII Cyber Inspectors Section 84: Appointment of Cyber Inspectors	Section 84(1) provides that "any employee of the Department…" can be appointed as a cyber inspector. Given the powers that are granted to such person in terms of Sections 85 and 86, there should be minimum qualifications for this position.
	Section 85	The phrase "public domain" should be defined. Section 85(1)(b) refers to "cryptography service providers", yet the definition in Section 1 refers to a "cryptography provider"
	Chapter XIII Cyber Crime Section 90: Unauthorized access to , interception of or interference with data	This section does not specifically address the everyday occurrence of a person purchasing goods while using another persons credit card particulars or one person submits another person’s details.	Section 90(2) to read " A person who intentionally and without authority to do so. (a) Submits or uses personal information or copies or discloses data, whether electronically or otherwise, for purposes of obtaining an unlawful advantage, whether patrimonial or otherwise or of causing prejudice; or interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffective, is guilty of an offence. Section 90(3) : It should be noted that organizations use experts who use devices to test the robustness of their data security. Therefore the Act should provide for a permit or registration system for purpose of the lawful use of such devices.
	Section 91: Computer-related extortion, fraud and forgery	Section 91(1): "proprietary advantage" is not defined and this section is difficult to understand. Section 91(2): "fake data" is not defined. Is "fake" the appropriate word? Extortion, fraud and forgery are well-established common law crimes. Any statutory definition may curtail the ambit of these offences. Alternatively Section 91(1) and (2) should be replaced with a provision that provides that the mere fact that an act is committed by electronic means does not prevent such an act from constituting extortion, fraud or forgery.
	Section 96: Limitation of Liability	This section is vague, capable of more than one interpretation. One interpretation is that the State contracts out of both gross negligence and bad faith.
Telkom	General Observations	The usage of the word "communication" be deleted from the Bill as it will create confusion with the Telecommunications Act. The usage of "is not without legal force and effect" in Section 11 and other sections is a double negative.	"Shall be considered with force and effect" Where the word "Authority" has been used, it should be amended to say "relevant authority" because the Bill creates two authorities.
	Preamble	With regard to the objective stated in Section 2(p) SMME’s, regard should be had to Telkom’s existing obligations in terms of the Telecommunications Act.
	Definitions	"Cryptography" there is no definition specifically for this word. "Cryptography service" This definition can be confusing if the word "any service" continues to be used. "data" This definition is too wide and could lead to conflict in its interpretation. "Electronic" This definition is flawed and misleading "electronic agent" Clarity on the phrase "used independently" in this definition. "Electronic signature" The term "signature" should be defined and added in this Bill, to avoid conflict or confusion. "Internet" This word itself must be written with a capital "I". "Person" This definition should be widened to include both public and private bodies. "Registrar" As there are two Authorities mentioned in this Bill, the full term for each one should be used to avoid confusion. "Registry" and "repository" If intention is to refer to "Domain Name Authority", the full term must be used to avoid confusion. "second level domain" "web site" and "World Wide Web" These definitions are very wide and could include private content on computers unrelated to web services.	"Refers to process of ensuring that the meaning of the electronic content is not capable of being revealed to parties to whom it is not intended to be revealed and that such electronic content is revealed only to parties for whom it is intended. "Means a service which is provided to a sender or a recipient of a data message or to anyone storing a data message and is designed to facilitate the use of cryptographic techniques for this purpose". "The subject matter or content of an electronic transaction." "electronic commerce" means transactions that take place predominantly by means of electronic systems, computers and/or telecommunications systems, usually in digital form. "means a computer program or an electronic or other automated means used to initiate an action either pro-actively or re-actively." "a sub-domain immediately under the ZA ccTLD." "web site" means a set of web pages sharing a common identifier prefix "world wide web" means the set of hyper-linked documents that are linked to websites.
	Section 2: Objects of the Act	Telkom supports and welcomes the Objects of this Act
	Section 3: Interpretation	This section is also welcomed as it reduces uncertainty and inconsistency.
	Section 5: National e-strategy	This section is also welcomed, but a substantive strategy is required to maximize its benefits to many people as possible.
	Section 6: Universal Access	Universal service is defined in the Bill, however, the Bill does not establish it implementation. All service providers should bear equal obligations in this regard.
	Section 10: Electronic transactions policy	A timeline in which the Minister will formulate the policy must be included in the Bill.
	Section 11: Legal recognition of data messages	The use of a double negative creates confusion. Recomm: "shall be considered with legal force and effect"
	Section 12: Writing	The equation of data to paper is very important in removing uncertainty.
	Section 13: Signature	The Act does not recognise that the Internet is borderless. It must take care so as not to stifle International Trade through electronic means.
	Section 15: Admissibility and evidential weight of data messages	Section 15(1)(a) is supported as it does not preclude electronic data as being produced as evidence.
	Section 21: Automated transactions	It provides that a natural person is not bound to the contract in the event of a material being made and notifying the other party as soon as possible. Section 45’s cooling off period is defeated here as the transaction can be cancelled if the error is made during the process of creating the data message. Section 21(e)(ii) may create uncertainty and confusion as a party can cancel the contract long after it was concluded. Therefore, it should be deleted to avoid inconsistency with Section 45 and common law contract principles.
	Section 22: Variation by agreement between parties	Telkom supports this section as it promotes and encourages the use of electronic commerce.
	Section 23: Formation and validity of agreements	It is unclear what constitutes an offer here. The Bill should clearly specify whether or not the invitation to trade is an offer. We submit that it should not be regarded as the offer.
	Section 24: Time and place of communications, dispatch and receipt	Section 24(c): the phrase "usual place of business" should be "domicillium citandi et executandi"
	Section 26: Attribution of data messages to originator	This section imposes a non-rebuttable presumption as to who the originator of a data message is.	Insert " deemed to be" after the phrase "A data message". This will create a rebuttable presumption
	Section 45: Cooling-off period	As Section 44(1) provides for elaborate detail to be provide, Section 45 is superfluous. It will inhibit trade on the Internet and the electronic medium. To avoid risk, suppliers will have to wait 7 days to deliver goods or supply services, which hampers efficiency.	Therefore, Section 45 should be deleted.
	Section 48: Applicability of foreign law	It provides that the protection provided to consumers here, be applicable to foreign agreements. This may be impossible to enforce, due to the global nature of the Internet.
	Section 54: Identification of critical data and critical databases	There may be interpretative conflict with this Section and Section 36(1) of the Promotion of Access to Information Act No 2 of 2000.	"Where information is commercial in nature and divulgence of this information could be commercially detrimental to the entity providing the information, the Minister must not declare public or make this information which has been placed under the category of "critical data" available to any other party.
	Chapter XII: Cyber Inspectors	Due cognizance should be take of the Law Commission paper on Computer Related Crime for a fuller and more extensive exposition of the subject.	Noted
International Intellectual Property Alliance	Chapter XIII Cyber Crime	In section 90 (3) (so that it reads " any device, including a computer program, or a component" The component should be inclusive. Whether a device has only a limited commercially significant purpose other than to circumvent, or whether the device is marketed in such a way as to reveal its circumvention purpose.	The word component should be inclusive device could be anything. The penalties should comply with WIPO requirements. Unless it is at leased extended to those instances in which the perpetrator reasonably should have known that the act taken would facilitate circumvention.
	Chapter XIII Cyber Crime	In section 89 the actual knowledge requirement is misplaced in this draft.
	Chapter XI Limitation of Liability of Service Providers	Section 79& 80 lacks more clarity on the requirements that the service providers prevent unlawful activities in terms of any other law.	IIPA would like to register two chiefs concerns with the Bill ‘s provisions on services provider liability, and to offer some suggested adjustment that would ensure that South Africa meets its international obligations, and ensuring that the legitimate right holders are not unduly prejudiced. To delete the phase and amending the language so that service provider is not liable for damages, except as provided in subsection (3), transmitting, routing or providing connections for material through a server or network.
	Chapter XI Limitation of Liability of Service Providers	Section 77(1) must be reworked so that it does not unintentionally cover hosting, and also be reworked to anticipate cases in which a court may order a service provider to terminate unlawful activities in terms of any other law.	The provision seems to do unduly shifts the burden of responsibility from service providers; therefore the provision should be deleted. South Africa should follow the approach of the U.S. Digital Millennium.
	GENERAL	The proposed requirement by the government that any unlawful activities undertaken the service provider should be sent by the complainant, including the indemnify the service provider from any liability incurred as a result of remedial action taken by it in complying with the notification.	The registrants must supply correct contact information so that copyright owners can investigate illegal activities. The second issue of importance is the available of an international dispute resolution process. We therefore encourage the government to move for the passage of needed amendments to the Copyright Act, South Africa should take a leadership role through out Africa
	Chapter X Domain Name Authority and Administration Chapter XIII Cyber Crime	The draft Bill however is unclear with regards to the criteria for awarding licenses for registrants and requirements to be contained in the agreement between the registrants and domain name registrants. South African government is silent with regards to comprehensive legal framework for the electronic commerce. The South African Copyright Act (No.98of 1978) remains TRIPS- deficient in several respects. Criminal penalties imposed in copyright infringement cases have been inadequate to deter piracy.	A bill realized in 2000 proposed a number of important improvements, particularly criminal sanctions for the end user piracy, statutory damages. However the Copyright Amendment Bill presented to parliament in April 2001 does not include any of these amendments. South Africa has signed the Council of Europe ‘s Convention on Cyber crime, which requires signatories to criminalize online copyright infringement. We urge South Africa to include this crime in the ECT Bill or in copyright legislation to be passed swiftly in order to fulfill this obligation. South Africa additionally should include protection against unauthorized parallel imports. South Africa additionally should include protection against unauthorized parallel imports.
Cliffe Dekker	Chapter II National e-Strategy	Time frames 12 months instead of 24 months.	It is essential that government becomes a model user. The body should be formed which will be tasked with e- government and should engage private sector wherever appropriate. The people who will be trading e-commerce should form part of the body mentioned above.
	Chapter II Electronic transactions policy	Section 10 (4) should be deleted it does not serve any legal purpose.	The section should be deleted.
	Chapter III Facilitating Electronic Transactions	The wording of section 13(10) is flawed. Limitations that will preclude anyone from using the authentication products of an international recognized and trusted authentication provider whose products or services are not accredited at least in respect of data messages that require to be signed by law. Submissions with regards to time delay in connection with electronic signatures, establishment of an accreditation authority and the necessary regulations to be drafted. The Bill should not seek to have standard embodied in the legislation which is difficult and cumbersome to amend	Advanced electronic signatures should not be defined on a basis that prescribed accreditation as a requirement, they should be determined by references to the objective criteria provided for in section 39 (1) (a)- (d) for advanced electronic signatures which section should be moved to the definition section in the Bill. In order to achieve the protection of consumer use of electronic signatures, provision should be made for the establishment of industry related bodies having codes of practice acceptable to the certain specific industry and in respect of which government shall be consulted. The law should be repealed; failure to do so will undermine the intended effect of this section (15) of the Bill.
	Chapter III Facilitating Electronic Transactions	Section 18 (2) of the current wording creates confusion. Electronic agent is a technology term. The use of the words ‘usual place of business ‘ requires further consideration.	A centralized agency within government is mandated to assists in the setting of the standards and procedures that may be require by any government department.
	Chapter V Cryptography Providers	The cryptography is inappropriate in the Bill. More clarity is needed with regards to who requires registration as who registration to be certification authority, do all key providers require registration or only root key providers	Registration of cryptographic providers should not act as deterrent to entering the South African markets. Allow access to propriety information. This should be contained in the regulations as a guide.
	Chapter VI Accreditation	Criteria stipulated in section 39 should be defined as an objective definition. Provision in section 39 should not be in the bill. Accredited signatures may create problems for South Africa, since most of the countries do not have similar accreditation requirements.	Minister should consult with private sector when drafting regulations for accreditation. Business should be responsible for awareness of consumer protections together with government. Consumer protection seal placed on websites. The opt-in should be included in the bill, as it will afford greater consumer protection. Subsection 46(b) should be amended.
	Chapter VII Consumer Protection	Wording in subsection 44(5) and (6) is open to interpretation.	Government should seek enforcement accords to ensure that provisions such as those contained in section 48 become meaningful. Subsection 52(8) should excluded alternatively be integrated to subsection 52(5).
Free Market Foundation of Southern Africa	Chapter IX & X	Processing of personal data by minors is not addressed. Section 53 should be removed from the bill. Section 60- Government might not have the capacity to run this and it might prove costly and not efficient if run by government. Very little power is being given to the authority.	Section 73 –Authority to set standards and the ability to adopt the WIPO dispute resolution mechanism. Some indication should be given by the Department of Communications as to what steps have been taken in this regard.
	Chapter XIII Cyber Crime	Section 89 – Crime and provisions of the European Council’s Convention on Cyber crime need to be taken into full consideration in dealing with the issues surrounding crime. Penalties for cyber crimes are inadequate.	Other crimes need to be addressed in future legislation e.g. cooperate and child protection
	Chapter II Maximizing benefits and policy framework	Chapter 2 is a policy statement and is not a law. Each government department should directly address its e-commerce area of responsibility, since department of Communications does not have the necessary expertise.	Provision should be included that will be followed to force the Minister to carry out his/her obligations, if not it is possible that the necessary procedures should be established by the court.
	Chapter II National e-Strategy	Who can bring and what legal actions can be taken against the Minister if she does not develop the national e- strategy?	The e -strategy should be managed at cabinet level through a formal inter-departmental structure.
	Chapter X Domain Name Authority and Administration		Suggestion that the Department of Communications drop the section on domain name as there are cost implications involved. Instead the Department should pursue the route proposed by the industry itself, namely that of a self- regulated body with representation from all major players which include government.
	Chapter V Cryptography Providers	Infringement of constitutional right to privacy if cryptography providers are compelled to register their details. Most countries in the world today do not have control on the use of cryptography.
	Chapter XIII Cyber Crime	No need for the establishment of cyber inspectors. This is viewed as responsibility of police services. Not clear why the Dept of Communications is legislating on cyber crime	Section dealing with cyber inspectors should be removed. Cyber crime should remain domain for Safety and Security and should be embodied in a Crime Amendment Bill.
	Chapter IX Protection of Critical Database	Protection of database is unlikely to withstand constitutional scrutiny due to loose definitions of national security, economic and social well being of its citizens.
MIH	Chapter VIII Protection of personal information	Protection of personal data of which that is covered by the act. Trust chapter 7 of the bill covers marks. The bill focuses more on consumers whereas this MIH doc is providing guidelines to the merchants, as what they should when dealing with consumers and that is where the difference lies.	Government should an active role in promoting & disseminating consumer protection programmes. For consumer protection programmes
THE BANKING COUNCIL SOUTH AFRICA	Definitions	Person should include a juristic person, legal entity and trust	The recommendation is that "person" be amended to say a juristic person.
	National E-strategy. 5(2) 5(3)b 5(3)g	Implementation of national E-strategy should be declared a national priority. The proposal that the minister may make regulations May liaise, consult and co-operate with public bodies….	The Minister "Must" The Minister "Must"
	Section 10 (4).		This should be amended to read that this should impose obligations on any person.
	11(2) Issue of Electronic fine print		Supported
	S 21 Automated Transactions	When the message enters the system it has to be regarded as having been received.	There must be a counter offer to conclude a contract
	S 24 time and place of communications dispatch and receipt.	International law should also be applicable. We cannot legislate presumptions into law
	S 48		It should also extend to the applicability of law by Uncitral.
	S 93 Penalties	The cancellation of a contract without a reason.	The Banking Council says that it should 1 million Rands or 5 year imprisonment (prevention of organized crime Act or the Financial Intelligence Act)
	S 45 Cooling off		The section should include that where the goods have been used the consumer should be liable. There should be penalties to the extent of what the consumer has benefited.
	S 84-88 Cyber Inspectors	There is uncertainty as to what qualifications need be there for the appointment of Cyber Inspectors. Also there is a concern as to who can be such Inspectors.	Minimum requirements must be met for a person to be a Cyber Inspector. The recommendation is that anyone from outside can be employed for such a post as long as the dept can offer training to that person.
	Chapter VIII		There should be regulations to be made until the submissions of the S.A. Law commission have been enacted.
COMMITTEE FOR PRIVATE DATABASE USERS	Chapter IX	The overall objective of the bill is to enable and facilitate electronic transactions by creating legal certainty. Protection of Critical Databases	The protection of personal information and privacy forms the integral part of the overall objective of the Bill; therefore it can at no stage be separated.
VERSVELD NKOSI INCORPORATED		Regulation of the internet	There is no such, because before this bill there has been no law that has been regulating the internet.
	Chapter XII Cyber Inspectors	Who should be the Inspectors	They are of the view that SAPS should police the cyber crime.
	Chapter VII Consumer Protection	Legislative consumer regulation is premature and might discourage e-commerce. Unrealistic protection afforded the consumer may discourage the supplier and international participants to participate in e-commerce.
	Chapter VIII Protection of personal information	The right to privacy as guarded in S.A’s constitution should not be further eroded and abused. For the act to function effectively though, loss of privacy is inevitable.
	Chapter IX Protection of critical database	The legislation provides the Minister with excessive powers to infringe on people’s rights of privacy. The chapter is also very vague
	Chapter X DNA	Certain Domain names could be unduly taxes in order to fund "universal access" to such names Continued smooth management of this function could be jeopardized. Onerous licensing provisions may also impact negatively on e-commerce and e-transactions
	Chapter XIII Cyber Crime	Penalties for cyber crime are relatively light and may be inadequate. Penalties are light
CELL C	Chapter II Maximizing benefits and policy framework	Promotion of Universal access should be removed. The removal of this provision will deny the notion universal access, which has always been the intention of the legislature.	Remove
		Legal Certainty. Overlooking of rules towards jurisdiction	There is no certainty as to which court is having Jurisdiction therefore there is a need to do that.
	Chapter III Facilitating electronic transactions	Data Message. Evidence.	The information must be proved to be unaltered and complete. The fact that it is received, sent or opened must be related with the fact that the message must be proved to be complete.
	Section 45(3)		This provision should be amended to make a provision for a consumer to receive a refund of payment, also such payment to exclude the direct costs incurred by the service provider.
	Limitation of liability of service providers	The international law must stand when it comes to concluding a contract with a foreign service provider.
SANLAM	General	Involvement by the State: State wishes to obtain excessive control and powers over most electronic activities. Regulation and too much control will have a negative effect; will be too expensive and loose power.
	Chapter X Domain Name Authority and Administration	Important issues like privacy protection, consumer protection, accreditation and DNA are dealt with superficially	Separate legislative instruments needed
		Cost: To Government Huge investments will be required to create DNS Authority, Cyber Inspectorate, Critical Database Administration and Cryptography Product and Service Accreditation Capability. To Business: Cost of implementing advanced electronic signatures. - Cost of auditing and looking after critical databases and additional info	The cost will be passed on to the users (Public and Private) who will then pass it on to consumers
	Chapter VI Accreditation	The AA will delay the implementation of the Bill with no value added. Existing auditing techniques and competition are adequate for establishing trust in Authentication Service Providers. Governance structure for the AA of ASPs not defined. Private sector and other stakeholders must be adequately represented on the govt structure.
	CHAPTER 1: Interpretation, Objects and Application:	Definition of "Data Message" is it inclusive of SMS text messages by cell phone users? When the public sector issues authentication information to individuals, will this be regarded as personal information?
		"Third Party" – It appears like the definition of a client. Is this not too restrictive for the purposes of this Bill?
	CHAPTER II	Wording. Content of the two Parts are not divided well.	Sections 7, 8 and 9 of Part 1 belong to Part 2. Section 10 is unnecessary and should be deleted.
	CHAPTER III: Section 13(3)(b):	The criteria for determining whether the method was adequately reliable are not clear.
	Section 14, 15 and 16:	What information will be required to prove these sections?
	Section 18(2)	How would the average Commissioner of Oaths be able to certify that the document presented to him/her is a true reproduction that exists in electronic form?
	CHAPTER V: Section 35	This section does not provide for the borderless nature of cryptography services
	Section 32:	Why keep the register secrete? Should it not be accessible to the public?
	CHAPTER VI: Accreditation (Sections 34 to 42)	The issue as to the insolvency of and loss of accreditation by an authentication service provider should be dealt with in line with those parties who are using the services of such a provider. No provision is made for the handling of disputes between the Authority and service providers.	Accreditation process and regulations seem unclear and open-ended. This should be revisited with the private sector involvement.
	CHAPTER VII: Consumer Protection:	Irrespective of the legal system applicable to the agreement the consumer protection provisions still apply
	CHAPTER VIII: Protection of Personal Information: Section 53(3)		The word ‘must’ be replaced by ‘may’ as subscription to these principles is voluntary.
	Section 52(1)		The word ‘express’ should be deleted and replaced with ‘prior’.
	Section 52(1)	Can the written permission be obtained electronically and if so does it require an advanced electronic signature?
	Section 52(8)	Who will decide whether the data has become obsolete? What will the criteria be?
	CHAPTER IX: Protection of critical data base: Section 54 (a)	What are the criteria for determining when data will be critical and when it will not?
	CHAPTER X: Domain Name Administration Sections 60 to 73	Registrars of domain names are not obliged to verify that a domain name is protected by a trademark.	The system is open to abuse by cyber squatters. There is a clear need for stricter regulation of the domain name space.
	CHAPTER XII: Cyber Inspectors: Cyber Force (Sections 84 to 88)	The Department is given powers normally reserved for the police. Cyber inspectors are granted extensive powers in terms of inspecting, searching, and seizing of property. These provisions may constitute a potential violation of constitutional rights to privacy, to not be dispossessed of property and to bodily integrity.
MR. R VAN DER WALT	Section 1: Definitions	Consumer is limited to consumers making electronic transactions. This definition does not provide enough scope to include users of ‘authenticating products or services’ or cryptography products	Add: "or users of products or services used in order to make an electronic transaction.
	Section 11: Legal recognition of data messages	What is a reasonable person?	Change to: ‘in which A [reasonable] person reasonably would…’
	Section 30: Register of cryptography providers:	The best legislation is no Legislation. As this is unrealistic for combating crime, this chapter must explicitly recognize the importance of cryptography products and services in protecting consumers basic right to privacy.
	Chapter V: Key-escrow and backdoors	The Act seem to avoid the issue of legal pitfall of key-escrow management
Uniforum SA	Domain Names-The ZA authority	The provisions in the bill, which makes the provisions for the establishment of the new juristic person, is unnecessary. There appears to be an unintentional error in section 51(2), where it is refers to….’outlined in section 51…."This should surely read "…outlined in section 52	The board of directors should appoint by the internet community at large
	Chapter VIII	It is necessary to clarify whether the application of this chapter is indeed voluntary and therefore they recommend chapter viii be removed in its entirety.
	Chapter IX Protection of Critical Databases	The minister may prescribe certain minimum standard after consultation with the Database Administrator	The Ministers wide discretionary powers are inappropriate and should be curtailed through set polices and procedures
Cape Telecommunication Users FORUM	Chapter I Definitions	The definition of critical database. DOC is not appropriate to deal with issues national security	WAP to be deleted from the definitions
	Chapter II	Inclusion of SMMEs in the objects of the act is not necessary. National interests is out the scope of the bill
	Chapter X	The management of the .Za domain name must be between the governments working in partnership with the private sector.
	Chapter II National e-Strategy	Doc should not work alone on the strategy but involve other government departments
	Chapter V	It will over regulate the industry and criminals will not comply the legislation and it will cause more administrative burdens and additional costs. The chapter does not make any distinction between cryptography service provider who is located in the country and outside the country.	To be deleted
	Chapter VI	The industry should regulate itself .The private sector to be self-regulated.	To be deleted
	Chapter VII	Amendment of section 46(1) No person may unsolicited commercial communication to any consumer unless all the following conditions are meet: That the consumer has previously indicated his/her willingness to receive unsolicited messages from that person.
	Chapter VIII	Amendments of sec52 (8) The section creates a situation where a data controller has to make an effort to identify possible absolute information on regular basis.	The data controller must upon receiving notification that the personal information has become absolute, delete or destroy that information.
	Chapter IX	Existing laws already address the issue of protection of data base	To be deleted
	Chapter X	Section 61(2) provides that the state will only be member and share holder of the domain name authority	Redraft
	Chapter XII	Alternatively specify what skills or qualifications are required for someone to be appointed as cyber inspector and elaborate further on this issue	To be deleted
Bridges.org	Chapter IX Critical data	Definition of critical data is broad	Definition should be tightened
	Data	Does data stored on stand-alone computers, which are not connected to any network form part of the data message?
	Section 21(e)	Grammatical error	Need for rephrase on that section so as to be clear and understandable.
	Chapter V Cryptography	The section creates a regulatory regime for cryptography services that may well be unenforceable	If there is any form of regulation Government must encourage the industry to regulate itself and must include a legislation to allow Government to impose moderate level of regulation if none is forthcoming from the industry.
	Cryptography	No definition of cryptography in the Bill	Cryptography is defined.
	Cryptography	S31 (3)(c) includes the use of encryption by a business visitor to S.A who has an encryption software in his laptop	Visitors should not be required to register cryptography products and the provision should be clarified.
	Chapter VII Consumer protection	Unsolicited communication	Government to increase powers set out in s46 in attempt to outlaw the transmission unsolicited communications. Bandwidth should be treated as scarce resource and those who use it to transmit unsolicited communications should be penalized.
	Chapter IX Protection of personal information		Subscription to the principle should be mandatory and not voluntary
	Chapter VIII Data controllers		S52 be amended to state that data controllers must not only disclose the purpose for which any personal information is being requested but must also provide the information itself to the data subject if requested to do so in writing.
	Chapter IX Protection of critical databases	The definition of critical database is wide	It should be less broad and for the protection of "social well being" to be removed. The protection of national security and the economic well being of the Republic are outside the remit of the Department of Communications.
	Chapter X Domain Name Authority	Much work has been undertaken to achieve the current position in relation to ". za". Transferring of this power would require an additional, and expensive layer of bureaucracy is created.	Inappropriate to transfer the responsibility to the Department of Communications. It should be administered in a way, which allows all of those who use to have voice.
	Chapter XI Limitation of liability of service providers	Unlawful activity as set out in s81.	Clear definition of unlawful activity should be included
	Take down	Take down procedure is one sided and could infringe freedom of speech and/ or of other civil rights	Consideration is given to this section , and fairer procedure be established that would protect the needs of society and rights of the individual.
	Chapter XII Cyber Inspectors	No need for cyber inspectors. If a person is breaking the law it is the matter of the police.	Consideration to provide training and resources to existing law enforcement agencies.
Vodacom	Chapter I Definitions	Definition includes a person acting as an agent on behalf of another person. Definitions of addressee and originator as read with the definition of intermediary it excludes an agent from acting on behalf of an addressee or originator	Definition of intermediary be amended so as to specifically exclude an agent who had authority to act on behalf of the addressee and /or originator.
	Chapter III Facilitating electronic transactions	Transaction concluded between an agent, acting on behalf of the addressee and/ or originator would be excluded from s24 but s26 (b) appears to rectify the situation in respect of originators but not in respect of the addressees
	Chapter IX Critical Data	Words "economic and social well being’ is too wide and could include any database that impacts on the economic and social well being of S.A citizens	The phrases "economic and social well being of its citizens" should be deleted.
	Data	Words "in any form" are too wide.	They should be deleted.
	Electronic	"or other intangible" is too wide.	It should be restricted by the words, "other functionally equivalent intangible form".
	World Wide Web	Too wide	Change the definition in the following manner: delete the phrase, "and includes all data messages residing on all computers linked to the internet" and add the phrase : based on protocols developed by the World Wide Web Consortium
	Chapter I Section 2(1) (r)	Refers to functions that already dealt with in the existing legislation.	Should be deleted
	Chapter II National E- strategy		Consultation and coordination of the process with all stakeholders.
	Chapter II Universal Access		Objects of universal access should be done against the background of existing economic and social commitments. Phrase " within commercially reasonable limits" be added after the words universal access in s6 (b).
	Section 11(3)	Words "incorporated into an agreement and" restrict the applicability to agreements only	The words should be deleted
	Sections 12, 14, 16, 17	When read together, do not compliment each other	If importance of factors required to bring a written document into line with data message, then at a very least the requirements set out in s12 should be met. Higher standards should be required where "retention and production" of documents are concerned, and higher standards should be required with regard to ‘original" documents.
	Chapter III	There are more stringent requirements for retention of documents provided in s16 than in respect of requirements for a document to be original as provided in s14
		Section 14 do not require that the data message be "accessible as to be usable for subsequent reference" that is imposed in s12. Lack of uniformity Between sections 16 and 17.
	Section 14(1)(a)	"Final form" in relation to information is vague and will create confusion	Proposed that the phrase "from time when it was first generated in its final form as a data message or otherwise" be deleted from s14(1)(a)
	Section 14(2)(a) and s17 (2)(a)		Endorsements and changes be restricted by insertion of the word "immaterial" immediately prior to the reference to any endorsement of change.
	Statement under oath	How a statement under oath in electronic format will be done?
	Section 21© and s21 (d)	They contradict each other?
	Section 21(e) (i)(ii)(iii)(iv)	Not clear whether the sections are required to exist contemporaneously, or whether simply one of the provisions will be adequate before the provisions of s21 (e) become applicable
	Section 21(e)(ii)	No time limitation is set in regard to the notification of an error.	Should take regard of the cooling period provided for in s45, and the notification of an error should be specified to take place within 7 days.
	Section 24		Provisions of the entire section to be applicable to data messages, then the words "used in the conclusion or performance of an agreement" should be removed from s24(a) and inserted to the main part of s24, immediately after the words, "data message".
	Section 24(a)		No need to differentiate between data message sent and one received, for one message is both sent and received.
	Section 24(a)	It is irrelevant when a data message that is used in the conclusion of an agreement is sent, because in terms of our common law principles of contract, what is relevant is when the message is received by the addressee.	It is superfluous and should be deleted.
	Section 24(b)	Contradict with the principles of common law, which provides that the offer or acceptance must have been communicated to the addressee.
	Section 24(b)		"Enters an information system designated or used for that purpose by", should be deleted and substituted with the words" come to the attention of".
	Section 24©	Word "usual" is vague.	Should be substituted with the word "principle".
	Section 26(b) and (c)	Word "is" imposes a strict type of liability on the originator of a message who authorizes someone to act on his/her behalf or programs an information system to operate automatically, and thus leaves no space for the originator to prove otherwise.	These provisions should rather be phrased as deeming provisions.
	Authentication service providers	S37 (1)(a) provides the authority with powers that are too extensive.	S37 (1)© are sufficient to ensure compliance and s37 (1)(a) should therefore be deleted.
	Section 37(1)(b)	No provision as to under what circumstances the authority may temporarily suspend or revoke the accreditation.	This is the repetition of s40 (1) and should therefore be deleted.
	Section 38(1) and		To avoid uncertainty that may follow by giving the state an absolute discretion as who may be accredited as an authentication service provider, the word "may" in s38 (1) should be substituted with the word "shall".
	Section 39(1)		Should be amended to read as follows: "the Authority shall accredit authentication products or services if it is satisfied that an electronic signature to which authentication products or service relate.
	Section 39(4)(e)	It does not seem appropriate that the authority may stipulate the liability of the certification service provider.	This section should be deleted.
	Section 40(1)		It should commence with the words, "subject to the provisions of subsection 2
	Section 43(1)© Consumer protection	Words home, residence or work place are superfluous.	They should be deleted.
	Section 43(1)(i)	"Leisure" is too vague.	Should be deleted. "Undertakes" should be substituted with the words "is obliged".
	Section 44(5)	The provisions of this section are too vague.	Should be deleted.
	Section 45(2)		Clause should read as follows: "cost of returning the goods shall be for the consumer’s account.
	Section 46	Provisions of this section make spamming lawful which are undesirable.	Should be amended".
	Section 47(1)(2)	"execute" is vague	It should be replaced with the word "dispatched".
	Section 48	The provisions of this section will discourage international suppliers from offering their services.	Should be deleted.
	Section 49		Should commence with the words "except as provided for in s47 (1)".
	Section 52(7)	Requirement that data electronically collected must be stored for a period of one year will create unnecessary administrative burden and entail significant costs to a supplier if the data is no longer used.	Period for which data should be stored must not be excessive and focus on the purpose at hand and should be changed to "and for a period of at least six months thereafter".
	Section 52(8)		Amendment should be as follows: " the data controller must, upon receiving notification that personal information has become obsolete, delete or destroy that information as notified".
	Protection of critical database	Without some checks and balances, this will give rise to serious violations of privacy.	The whole chapter be deleted as there is legislation that exists that deals with the issues of national security.
	Section 56(1)(a)(b)	Too onerous and make inroads into the right of self -autonomy by corporations.	Should be deleted.
	Section 57(2)(e)		Should be made applicable only to those civil proceedings that already have commenced.
	Section 77(3),78(2), 79(3)	How would a service provider prevent a customer from an unlawful activity whilst she/ he accessing the World Wide Web by using WAP over CSD or GPRS?	Words "or prevent" be deleted.
	Sections 79, 80,81	No details have been provided in terms who can issue a take down notification, who will decide whether it is justified, or not and what the procedure of appeal would be for owners of websites or that services that are taken down in terms of s81.
	Cyber Inspectors	No mentioned is made of skills, training and qualifications that are required for someone to become a cyber inspector.
	Section 85		The word "service’ used in the "cryptography service provider" should be deleted so as to correspond with the phrase "cryptography provider".
	Section 90(2)		Should be rephrased.
	Section 94 and 95	The attempt to extend the jurisdiction of South African courts to offences by foreign citizens that was committed overseas might be difficult to enforce.
Obsidian Systems	Definition of the Authority	There is confusion between the Director General and the za Domain name, in relation to chapter vi and x
	Definition of Cache
	Definition of Cryptography products	They say Cryptography products is very wide.
	Cryptography provider	The definition is too flawed
	Internet	Definition is very poor
	IP	Its definition needs to be redefined
	Definition of a person	It needs must include a private body
	E- strategy	24 months is to much to be reduced to 12 months and the involvement of the private sector in the strategy
	Chapter 3	An addition to public domain
	Original	The originality of the document or data message
	Production of document or information
	Acknowledgment and certification
	Electronic agency	Electronic intermediary
	Attribution of data message to originator
	Chapter 5	Confused with number of issues and the continuation of substantive laws
	Chapter 6	Director General as the authority and the private sector be involved in the strategy and advanced signature be voluntary
	Chapter 7	The cooling off period should be considered and the chapter didn’t cover the SMMEs	Existing consumer protection laws and legislation
	Chapter 8	Concern is given to personal information on electronic format and the protection of critical database is too wide and seems to unconstitutional
ECASA	.za domain name	No define categories of the national interests Powers granted to the agencies with regard to the bill –they undermines constitutional rights of the individuals
	National e- strategy	Time frame for strategy two years is not enough. They recommend five years
	Cryptography	Cryptography providers should regulate themselves
	Authentication Service providers	Doc is not recommended the service providers should the ones to determine the products and services rather than government doing that.
	Protection of critical database	Powers granted to the minister with regard to the issue critical database
	Protection of personal information	The issue is neglected. The individual rights to privacy are ignored
	Domain name authority and administration	Control of the domain by the government, which has existed –therefore no need for government to control it.
	Chapter 12	Not enough argument for DoC to create inspectorate.
Wits	World Wide Web	Definition is wide and it can impact on the ability of an organization to develop its own internal system	"that can be accessed from outside the organization" after the words "residing on all computers linked to the internet".
	Section 6		E- strategy must outline strategies and programmes to previously disadvantaged persons and communities.
	Sections 5 to 8	Not sure why they appear in legislation aimed at managing electronic communications and business	They should be deleted.
	Section 21	Relationship between contracting parties and possible review by natural person in terms of S21 (d) is not defined.	It should be rectified and suggested that it should read, "a party using an electronic agent to form an agreement is not bound by the terms of that agreement unless those terms were capable of being reviewed by a natural person prior to the agreement formation to the satisfaction of the contracting parties.
	Section 29	Public bodies wishing to perform some of its functions electronically should specify in the gazette.	The word "may" in, "such body specify by notice in the gazette" be replaced by "must".
	Section 48	Is this provision enforceable when the perpetrators of violations of consumer protection sections do not maintain presence in South Africa? This section has not received enough consideration in the context of the international nature of electronic business.
	Section 51	Why not all information held electronically?	Section should be changed and read as "this chapter applies to all personal information that is stored in electronic form".
	Section 51(2)	Why voluntary subscription? What happens if the data controller doesn’t subscribe to section 52? Are the individual rights to protection of their personal data ignored?	It should be replaced with one reading: "no data controller may elect to ignore or avoid the principles contained in s52.
	Section 53		The whole chapter ix be deleted.
	Section 54	There is no definition as to what is meant by "of importance to the protection of the national security of the Republic or the economic and social well being of its citizens.	Minister of Communications should not have the responsibility and power to identify critical database. This section should reflect this by being replaced by one starting "54’ the relevant Minister may by notice establish procedures to be followed in the identification of critical database for the purposes of this chapter Additional paragraph be as follows: such procedures must make provision to enable the database owner to object to the declaration and for any disputes that might arise to be arbitrated by a duly appointed and suitably qualified arbitrator who is acceptable to both parties.
	Section 55(1)	No provision has been made for deregistration of database no longer believed to be critical.
	Section 56	It is onerous and potentially expensive for the owner of the critical database.
	Section 59(2)	This section makes an individual responsible for the actions of his employer in that should the employer fail to make adequate resources available to enable critical database administrator to meet the requirements of section 56, the individual will be subject to sanction.	Critical database administrator be replaced by critical database owner.
	Section 60	To nationalize such existing arrangement seems contrary to current government thinking which appears to favour de-nationalization and commercialization wherever possible.	Should be deleted and replaced with: ; the Minister shall create a body to ensure that the responsibility for managing the .za namespace is properly carried out according to policies and procedures as laid down by ICANN from time to time and to make recommendations to the person who has the management responsibility that pertain to S.A situation. Section 61through 73 be amended or deleted to reflect the change.
	Section 84	Why should a separate inspectorate be created outside the SAPS? No mention of skills and technical expertise	NQF rating should be applied. Section 84(1) be amended
	Section 85	It appears to give cyber inspectors the right to investigate activities based on their individual whim. This may give rise to accusations of spying and vindictiveness.	It should be amended to read as follows: " a cyber inspector may , if given reasonable cause,
	Section 90	The wording of this section could impact on legitimate academic and research work done at universities, technikons or research institutions into data security.	Should be amended to ensure that there will be not negative impact on the institutions.
WESTERN CAPE PROVINCIAL GOVERNMENT	"Automated transaction"	it is unclear and requires amendment
	"Critical data"	"Economic and social well-being" is too broad and may grant the government damaging levels of control over information. If it is to be included, the Minister is to furnish reasons for his/her declarations and provide appeal mechanisms
	"electronic transactions"	There is no definition in the Bill for this, however there should be as it is a key element of the Bill.	Suggested definitions are: " Electronic commerce is a broad concept that covers any commercial transaction that is effected by electronic means and would include such means as facsimile, telex, EDI, Internet and telephone. For the purpose of this report the term is limited to those trade and commercial transactions involving computer to computer communications whether utilizing an open or closed network." "Electronic commerce could be said to comprise commercial transactions whether private individuals or commercial entities which take place in or over electronic networks. The matters dealt with in the transaction could intangibles, data products or tangible goods. The only important factor is that the communication transactions take place over an electronic medium.’
	"universal access"	The definition is imprecise because it fails to address the question of what constitutes "access".
	"World Wide Web"	This definition is too broad and should rather read: "an internet hyperlinked distributed information retrieval system based on the protocols developed by the World Wide Web Consortium."
	". za domain name space"	za is not assigned to the Republic but reserved for a certain geographic region, being the Republic.
	Ad Clause 2	Paragraph (l) should be removed as it is a repetition of (k)
		Paragraph (m): it is empty and, if those technical standard are to be adhered to, it may stifle adoption and development of new standards
		Paragraph (n) and (o) are to be commended
		Paragraph (p) regarding SMME’s is empty as none of the provisions of the Bill address this Object
		Paragraph (q) should not be a function of government only	I
	Ad Clause 3	It is unclear which piece of legislation will superceded in the event of a conflict between this Bill and another Act.
	Ad Clause 5	Department of Communications should not be the only body responsible for developing an e-Strategy
		Ongoing policy development should not be legislated for, but be dealt with in White Papers	.
		There is a risk of duplicating work done by SAITIS
		The CTUF says that the Department of Communications gives the impression is attempting to do everything in relation to electronic transactions	Suggest that there be inter-departmental and inter Ministerial committees and makes amendment recommendations to be included in S5 (1).
		S5 clearly states the whole of Cabinet to be involved see S5 (4)	There should be a clause that stipulates that the Minister is to report back.
	Ad Clause 6	This section, which provides for the provision of Internet access to disadvantaged communities and encourage the private sector to participate. It suggested this could be better achieved by policy decisions than by way of legislation
	.	S5 (4)(vi) provides the role of the private sector. The national e-strategy is going to be a governed policy
	Ad. clause 7,8 and 9	These clauses are supported.
	Ad clause 10	Section 10(4) does not impose any obligation on persons it means that the policy cannot really be enforced.	We suggest that this section be amended or deleted.
	Ad Chapter III		They agree with chapter (iii)
	Ad clause 13	They say there should be a differentiation between an advance and a normal electronic signature. They quote a definition from the EC Directive for an advance electronic signature. They note that this definition is similar to S39 that ask the question of whether electronic signature merely relates to the functional equivalent of a signature, which can be produced cryptographically.
	Ad clause 14	The section is based on article 8 of the UNCITRAL Model law on Electronic Commerce, yet article 8 refers to integrity and reliability whereas section 14 only provides for the assessment of integrity. They require clarification as to why reliability is not included in the section.	It is implied that if it retains its integrity it is reliable. There is no change in the meaning, in article8 is expressed as Section 14 is implied.
	Ad clause 20	With the regards to the operation of any law the question whether a litigant will have to comply with this bill in addition to the Computer Evidence Act in the respect of admissibility of evidence.	Section 3 does not exclude any law (i) in case of gaps legislation will complement each other (ii) there was no intention to rebut other law, Section 15 says "in any legal procedure"
	Ad clause 23	The question arose that in the event of a consumer responding to a website advertisement, is the customer or the company offeror?	The general rule is that in advertising it is an invitation to trade not an offer. However it will depend on the wording of the advertisement. If it is unclear the general rule well apply.
	Ad Chapter V	A cryptography provider includes any person that is providing a credit card payment form with appropriate levels of standard online security. That means that all bona fide online merchants are included. This has large-scale implications for large and small-scale e-business opportunities. There is no distinction between local and foreign cryptography providers They say this creates barrier for SMME’s and investment and restricts potential benefits that may otherwise be reaped.	They recommend that Chapter V be removed
	Ad Chapter VI	Accreditation is voluntary but to the benefit of those who seek to enhance their business. They are concerned that the requirements are too stringent
		S39 (1) is in line with international standards and not too stringent S2 (h) also requires that international standards be met. This and (m) and (n) make it impossible not to include it. To do otherwise will be to defeat the Object of the Act
	Ad Clause 43 to 50	Mention the importance of electronic transactions and that consumers should be protected against spamming. Recommend that S46 be amended to include an "opt-in" system and a penalty clause for failure to comply.	We recommend that their suggestion be adopted
	Ad Clause 52	Section 14 right to Privacy should be upheld in this Bill However, the data controller has discretion to decide which data becomes obsolete. The costs involved in deciding this may be major.
	Ad Chapter IX	They support protection of critical databases
	Ad Chapter X	The .za domain infrastructure has been efficient and effective in their operations. ICANN has procedures in place for the redelegation of country’s top-level domain names like .za org. com. Their concern is that Chapter X is not compatible with ICANN procedures. They are doubting as to the provision of Chapter X will be enforceable. During the establishment of the namespace."za" it was recognized that South African government should be directly involved. As such WCPG has recommended that the word Minister is replaced with namespace .za the Chapter X will be more appropriate.	The top domains must remain in force until the new ICANN procedures are enforced
	Ad Chapter XI	They are agreeing with S75 (2), S76 and S77 (1) (a)-(d) The wording of S79, 80 and 81 is going to constitute severe implications for freedom of speech. For example, there is no law which guards against the infringement of public interests. There should be guidelines as to when issues or information affecting public interest should be deleted. S64 (2), S65 and S66 will constitute uncertainty. There should be guidelines to avoid uncertainty.
	Ad Chapter XII	They agree that there must be adequate inspection or policing in this area of cryptography and authentication. They are of the view that the Department does not have the necessary capacity to perform cyber inspection effectively. They are also of the view that many of the powers given to cyber inspectors are not capable of being enforced against many of the international service providers.
DZINET	Section 5(4)	They say we should insert future and existing government initiative in national e-Strategy.
	Section 6	They say government should address the issue of affordability of Internet
	Section 9(b)	They say the involvement with regard to SMME’s will disadvantage or will threaten the private sector industries.
	Section 16	They say the maximum duration of storing data messages needs to specified
	Section 17		They recommend that there be an ability to trace a message through the Service Provider’s information infrastructure
	Section 21		They recommend that the two types of agents, that is automated and autonomous agents be included and be clearly differentiated from one another.
	Section 26	They say that this section be amended as to include autonomous
	Section 61	They say Section 72(a) be revisited to address cyber squatting
	CHAPTER XII	They recommend that the role, legality and power of the human cyber inspector be clearly be stipulated.
	CHAPTER XIII	They recommend that there is a need to classify cyber crimes
COMPAREX	S 4(3) Additions to Column A in Schedule 1		Include an obligation on Minister to review laws that are to be tabled Any addition to an Act will go the normal route i.e. via Publication in the Government Gazette
	S 11(3)(b) legal recognition of data messages		This Section to form part of Consumer Protection Chapter VII as it is not a requirement of substantive law; and should not relate to the Business-to-Business Environment The intention of Chapter III is, amongst others to legalize the electronic environment The establishment and recognition of data messages is unrelated to Consumer Protection
	S 12, 13, 14, 14, 16, 17, 18		These sections should have relevance to contractual agreements also It is noted and agreed that the words "and/or by agreement" should be added to these sections
	S13 Signatures		It seems as if electronic signatures is required in all circumstances Therefore S25 should be incorporated as a subsection of S13 Also that government should be obliged to become an ASP if none registered by a certain date or to fund establishment of ASP To say that it applies in "all circumstance" is incorrect S13 (3)(a) states "a method is used…" S25 (b) similarly says "by other means" In other words, both imply that, even if it is not an electronic signature, other methods can be used. Comment regarding ASP noted
	S14 (2); S16 (b); S17 (2)		Assessment of Integrity There should be the same test in all three the above sections in determining integrity Each test complements each other, even though the wording differs. Also, each section deals with a specific issue and the specific test applies to that specific issue
	S15 Evidential weight to data Messages		The Bill, and even the Computer Evidence Act, does not provide for a procedure for admitting such evidence. Therefore such procedure to be defined in the Computer Evidence Act, the ECT Bill, the Rules of Court and the Civil Procedure Act. It is not required that the procedure for admitting such evidence be added, as S15 sufficiently provides that data messages be admissible in a court of law.
	S16(c) Retention		This section should be qualified to state that the date and time that the data message was sent and received is only relevant when such information forms an integral part as to the evidential value of the data message. To restrict the date and time might create more problems, especially given the nature of the transaction. Also the intention is not deviate from the normal court environment
	S17Production of Document of information		Suggested that this section be amended to include the following: be of application only if no format specified shall be applicable to government and the private sector to add this to S17 would be to prescribe to the private sector the format in which they should transact on line. S17 and S29 are two unrelated sections
	S19 Other Requirements S21 Automated transactions		The Act should create guidelines This section should be removed because there is adequate consumer protection and the government should not be regulating the Business-to-Business environment. To do so would be defeating the objects of the Bill as set out in S2 (j).
	S24(c) Usual place of Business		This section to be deleted as a person may not have a usual place of business This section tries to clarify that the message sent from anywhere is valid as long both sender and recipient can be identified. The physical address is not important. It accommodates for the fact that not everyone has access to the Internet at their usual place of business.
	S26(c) Attribution of data message to originator		The words "unless otherwise proved" to be inserted here, so as to prevent Fraud Noted and recommended that it should be added to the whole of S26 not only S26(c).
	Chapter IV E-Government		A time period be specified for e-filing Currently government is using different filing systems with different coding Therefore such a situation may not be possible due to constraints faced by government Also, S5, which deals with National e-Strategy, provides for this implementation strategy
	Chapter IX Critical Data Bases		The Minister should work together with regulators in various industries, for example JSE and SARS. Also clarification on "administrator" in S55. Does it refer to manager or owner See S55 (1)(a) which provides that "other bodies" also be consulted See S55 (2)(a)
	Chapter X		S69 (7) to be deleted It would be unreasonable to delete this section, as it is a fair provision.
ISOC .ZA	DEFINIITIONS	•advanced electronic signature" is a misnomer, we propose "accredited electronic signature" •"browser" is defined as a "computer program which allows a person to read hyperlinked data messages". This should specify "web browser" as one can have programs to browse other things, and there are programs that read web pages that are not browsers.
	CRYPTOGRAPHY	•"cryptography product" and "cryptography service" need to be extensively revised •Three distinct issues here –Data integrity –Authentication –Encryption
	DATA INTERGRITY	•Data Integrity simply ensures that the data transmitted or stored has not been corrupted in some way. •It has nothing to do with encryption, however, cryptographic techniques are often used to achieve assurance of integrity •Integrity can be checked using checksum algorithms or similar programs
	AUTHENTICITY	•Authentication verifies the authenticity of the authorship of a document •Authentication can be done in various ways including using digital certificates, passwords, etc
	ENCRYPTION	•Encryption scrambles a message so that it is unintelligible to anyone who does not have the key to decrypting it. •The organization that provides software for a third party to encrypt data does not have any extra advantage when trying to decrypt a message using their technology •Encryption on its own does not guarantee authenticity or data integrity
	COMBINING THESE FUNCTIONS	•There are a number of products who can do any two or all three combinations. •E.g. Microsoft Outlook, which comes standard with Microsoft Office, does all three. •You cannot include authentication and data integrity in the definition of cryptography just because some programs offer them together.
	DOMAIN NAME	•The use of "…assigned in respect of an electronic address on the Internet" is inaccurate •"Address" in Internet terminology can refer to email addresses or IP addresses, and neither of these is relevant to domains •Suggest: "a hierarchical alphanumerical designation that is registered or assigned in respect of a resource record on the Internet"
	ELECTRONIC	•What about analogue electronics? •"Intangible" is a very bad choice as there are plenty of intangible forms of data that are not electronic, e.g., air vibrations forming musical notes •We suggest: "in a form that can be stored or processed on a computer" or other electrical system.
	IP ADDRESS	•Internet Protocol Address •Is a number e.g. 196.22.64.195 •Is assigned to computers or network equipment connected to the Internet •"data message" should be deleted from the definition as IP addresses are attached to or give info about data messages.
	WORLD WIDE WEB	•Suggest delete "…includes all data messages residing on all computers linked to the Internet" as this would include files that have nothing to do with the Internet, such as Word documents and password files.
	MAXIMISING BENEFITS	•This Bill lacks any specific provisions to benefit the disabled. We suggest that reference is made to the US example of Section 508 of the Rehabilitation Act: Electronic and Information Technology Accessibility Standards. See http://www.access-board.gov/508.htm
	CHAPTER 3	•This Chapter is the heart of the Bill, and is very welcome indeed. • •It provides much needed certainty in the "virtual world".
	CRYPTOGRAPHY PROVIDERS	•This Chapter does not seem to lead to any discernable benefit to the consumer, or to law enforcement Agencies. •Knowing the "provider" of cryptography software is little use in decoding an encoded message.
	AUTHENTICATION PROVIDER	•Similarly, this Chapter is a dangerous step down the slippery slope of "crypto regulation" •All current web browsers and most operating systems include both authentication & cryptography •Are we expecting every PC vendor to register as a provider?
	THE US EXAMPLE	•The US Government attempted to regulate cryptography, classifying it as a "munition" •This severely damaged US credibility and US business interests •This was a direct contributing factor to Thawte being paid R3bn by Verisign, and Mark Shuttleworth going to space last week.
	CONSUMER PROTECTION	•An important chapter, and one that meets with ISOC-ZA’s support. •Only protects individuals and not organisations – especially SMMEs •No obligation on the consumer to return the goods during the cooling off period.
	DOMAIN NAME AUTHORITY	•Appointment of ALL board members by the Minister is a gross violation of democracy. •Provisions of parts 1, 2 & 3 of this Chapter are in direct contradiction of Objectives (d),(i),(k),(m),(o),(p) and (q) of Section 2 – Objects of the Act.
	LIABILITY OF ISPs	•An excellent addition to the Act • •We don’t understand why an ISP should have to belong to any particular Association in order to be protected – surely objective standards and adherence to a Code of Conduct would be better
	CYBER INSPECTORS	•The contents of this Chapter are surely a matter for the Department of Justice, not of Communications •The SAPS does have a Computer Crime Unit. Let’s rather give them adequate resources to do their job properly, rather than creating another police force or "Inspectorate".
	SUMMARY	•ISOC-ZA welcomes the introduction of this Bill. •Chapter 3 especially gives much needed legal ‘weight" to electronic evidence. •Consumer protection is to be welcomed •Cyber crime provisions much needed •Some sections – even whole chapters – are ill conceived.
TRANSNET	CHAPTER II	The Bill requires the Minister to develop the national e-Strategy within 24 months and this is too long. The e-Strategy should not be the responsibility of one Ministerial department.		=
	CHAPTER III	Will electronic payments be covered in other Bills?
		Does the Bill suggest that a message-conveying acceptance of an offer is not required to come to the attention of the offerer?
		What about electronic storage of information?
		Storage of final messages distributed electronically – How do you ensure consistency in terms of changes after distribution?
		Recognition of documents in electronic format is unspecified.
		Sec 21 is open for abuse because the party using the electronic agent may not disclose the terms and later renege on the agreement.
	CHAPTER IV	What are the standards for electronic filing or processing as referred to in this chapter?
		Costs of transforming from paper based filing to electronic filing should be considered, specifically taking into consideration people without computer access.
		E-government touches various departments e.g. Communications, Public enterprise and public works and therefore it should be addressed by all these departments.
	CHAPTER V	Many "off the shelf" products have cryptography services/products embedded in them. How can these large international companies be required to pay for and register with DoC?	Concepts around public key cryptography and the regulation of an authentication infrastructure are very complex and the impact needs to be assessed.
		Why cant cryptography providers not be dealt with and licensed under existing organizations for example VAN operators or ICASA?
	CHAPTER VI	mention to the three-tier structure incorporating the user, an accreditation authority and government – the involvement of government is questionable. What about industry self-regulation?
	CHAPTER VII	The relevant jurisdiction in case of a foreign customer complaining about a service provider established in South Africa seems not to be addressed.
	CHAPTER VIII	Data protection needs separate legislation and there is lack of reference to other legislation, either existing or still to be drafted. The Bill provides that data controller may not disclose personal information, but there is no sanction or penalty in the event that the data controller does not comply with this obligation
	CHAPTER IX	Protection of critical information should be included in the Promotion of Access to Information Act.
	CHAPTER X	Government should decrease its involvement in the regulation of domain names, and also the business community may argue that a fairly developed private sector system of regulation already exists	"Public Domain" needs to be defined to ensure that agreements are legally bound if such agreements contain information that is in the "public domain".
	CHAPTER XI	What specific do this chapter address?
	CHAPTER XII	Cyber Inspectors – Will businesses be protected in terms of disclosure of confidential information and trade secretes?
		Are we creating a separate police force, Should this not be part of SAPS?
		What is open information and what can be classified as confidential information?
	CHAPTER XIII	With regard to Cyber Crime, reference is made to hackers intent and consequence of results – is this a reference to a hackers intelligence and lack in foresight?
	GENERAL		"Public Domain" needs to be defined to ensure that agreements are legally bound if such agreements contain information that is in the "public domain".
	GENERAL		Concepts around public key cryptography and the regulation of an authentication infrastructure are very complex and the impact needs to be assessed.
CONSUMER AFFAIRS COMMITTEE		The definition of a consumer in the Bill is restrictive it refers to the natural consumer and the end user of goods and services. It is therefore suggested that this definition should be similar to the definition in the Consumer Affairs (Unfair Business Practices) Act, 1988 (Act no. 71 of 1988).	"Consumer" means any natural person who enters or intends entering into an electronic transaction with supplier as the end user of the goods or services offered by that supplier or a consumer as contemplated in the (Unfair Business Practices) Act, 1988 (Act no. 71 of 1988).
UNIVERSITY OF THE WITWATERSRAND	CHAPTER V	Cryptography providers – It is the stated aim of the chapter to provide the SAPS and other law-enforcement agencies with help to decipher text.	This Bill does not deal with deciphering or interception of any text in any form, this is dealt with under the Interception and Monitoring Bill.
		The scope of reference of Sec 31(3) is very wide and technically it covers all users of computers given that most computers have cryptography program installed in them.
SOUTH AFRICAN POLICE SERVICE	CHAPTER XIII	The provisions of Sec 90 and 91 are too limited and the penalty provisions are in adequate.
			Cyber terrorism should be addressed in the Bill.
			It is recommended that the chapter on cyber crime be removed from the Bill since this will be covered in the comprehensive legislation which will be established after the research conducted by the South African Law Commission on behalf of SAPS
SOUTH AFRICAN LAW COMMISSION	CHAPTER VIII	This chapter should be deleted from the Bill in order to form part of the separate Bill on privacy and data.	Until such time that the Bill on privacy and data protection is in place this chapter should be retained to protect the consumers because this important area cannot be left as a vacuum which may expose consumers to exploitations.
CREDIT BUREAU ASSOCIATION	CHAPTER VII	This chapter should be deleted or Sec 51 and 52 should be amended because the South African Law Commission is developing legislation on privacy and data protection.
		The provisions in Sec 52 are unconstitutional in that they purport to make the right to privacy an absolute right.	If Sec 52 is not removed from the in its entirety, then it should be redrafted to in a way that recognizes the limitations of the right to privacy.
		Sec 51 - "Electronic Transactions" should be defined in Sec 1 of the Bill.
	CHAPTER IX	This chapter should be deleted because it gives the Minister powers, which violate the constitutional right of access to information.	If there is a need to protect critical data then it should be dealt with in the Promotion of Access to Information Act.
LINUX	CHAPTER V	Cryptography - This chapter makes the use cryptography embedded in a free software illegal and large portions of these software’s have no single owner or distributor and this implies that this software will be impossible to register.
	CHAPTER VII	Consumer protection – Sec 43(2)(g) means that if a consumer unseals a software package and finds the terms and conditions not satisfactory, the consumer would still be obliged to accept the sale as binding.
JOHANNESBURG STOCK EXCHANGE	CHAPTER I	Does the definition of cryptography include a person who owns or exercises control over the "deciphering" code or does it include any distributor of such technologies without such access?
		If an institution uses SSL technology to communicate with its clients in an encrypted environment, does that institution "provide" cryptography products and services The JSE seeks to be excluded from the definition of "public body" for the reason that the National e-Strategy as an internal governmental policy should not be binding on the private sector and therefore it (JSE) should be recognized as such.
	Chapter V	This chapter intends to assist the authorities that endeavor to monitor and intercept communications.
		Sec 3 must be amended to expressly provide for an order of priority in the event of conflict.	The payment of stamp duties in electronic should be considered.
		The generic concepts for cross cutting laws should not be left to individual Ministries to address in legislation and regulation on an ad hoc basis.
		The ECT Bill should specifically provide clarity that should apply across all laws in respect of inspection, search and/or seizure contemplated in the electronic environment.
		Section 18 fails to address the certification of electronic documents and should be amended to include this.
	Other Recommendation		* The Act should be amended to include the term "instrument" in Sec 19(2). * The Act should expressly state that no amendment would be effected without the invitation of public participation. * It is recommended that specific insertion of language referring to the application of a seal, by means of a functional equivalence, namely an electronic signature or advanced electronic signature be included in the Act. * Sec18 fails to address the certification of electronic documents and should be amended to include this. * Sec 19(2) should be made subject to its own new section in Chapter III with guidelines, exceptions, qualifications and the ability to issue notices in the Gazette. * It is proposed that Sec 13(1) be amended to be subject and subordinate to any Regulator’s specified requirements in respect of "signatures". * The Computer Evidence Act, 1983 should be revoked because it is widely acknowledged that it has become redundant and out of step with modern realities.
Uniforum SA (co.za Administrators)	Chapter X	They would want to have a private sector run organization responsible for the administration of the ZA domain with government responsible for policy making. The current formulation of chapter X is seen as authoritarian and according to them has not been developed in consultation with the "Internet community".
		Domain naming authority seen as creation of further bureaucracy and that ideal number of board members would be 5-8. The powers of the minister are too far-reaching.
MCELL		* Believes Bill as a whole reflects the stated objectives of enabling and facilitating e-commerce in the public interest. But feels the definitions and provisions are too restrictive.	Existing regulatory bodies be used for regulation of e-commerce.
			Registration of cryptography has to be voluntary not obligatory.
			Private sector databases should be excluded from critical database list.
			Provisions for cyber inspectors should be removed as duties can be performed by existing law enforcement agencies.
The South African Insurance Association (SAIA)		Supports the intentions of the Bill.
National Treasury:
Unknown (No title or name of the owner of the document)	Chapter 1: Section 4.	Questions the absence of taxation and companies act from Bill.
		Questions the seemingly arbitrary nature of exclusions.
	Section 15	Requests clarity on the impact of this section on the Computer Evidence Act, specifically if it will be repealed our alternatively amended to be in line with the provision of this section.
	Chapter 6: part 1.	Proposes that the Authentication Service Providers be an independent third party, other than government. Calls for some limits on the powers of the Director-General and the Minister in the Act.
	Chapter 7	Requests exemption for the Banking industry from the provision of consumer protection based on the present regulatory environment, which exists in the banking industry.
National Research Foundation (NRF)		Supports the overall objectives and vision of the Bill.
	Chapter 4: E-Government	The NRF is concerned that the forms for electronic filing and submission will have to be gazetted.
	Chapter 8: Protection of personal information	The NRF is concerned that the provisions will not allow the NRF to forward research information to its intended recipients in terms of this section of the Bill and the broad interpretation of personal data.
	Correction Chapter VIII s51(3)	Should read "…to all the principles in section 52 and not merely parts thereof."
	Chapter IX: Critical Databases: s54	The NRF requests that their be some consultation between the Ministry and the parties concerned prior to declaring a database as a critical database.
	s59(2)	No provision is made for right of appeal to criminal prosecution.
KPMG	Objects of the Act: Chapter I	Places an enormous burden on the Dept of Communications iro regulation of e-Commerce
		Consideration should be given to the establishment of an e-Commerce Directorate outside of any existing Ministry and directly responsible to the State President
	Maximizing Benefits and Policy: Framework Chapter II	On acceptance government must declare strategy a national priority
		No emphasis on private sector involvement is evident in the Bill. Little evidence of "Government as a model user"
	Facilitating Electronic Transactions Chapter III	"s 11(1) information is not without legal force and effect merely on the grounds that it is wholly or partly in the form of a data message"	It is critical that we ensure that the infrastructure relating to the use of data messages provides the environment that engenders trust
		Ensuring that the law relating to signatures in the e-world, is certain and engenders the trust required, is one of the most critical duties of the Parliamentary portfolio committee
	Electronic vs Advanced Electronic Signatures	An "electronic signature’ may incorporate all the attributes of an "advanced electronic signature’
	Accreditation	Accreditation creates an artificial distinction which has little to do with the quality of the signature
		Interpretation of "required by law" will include any legislative or regulatory provision requiring "signature", "certification" or "verification". Delay in the establishment of an accreditation authority will affect every instance where signature is required by law.	"The legal recognition of electronic signatures should be based upon objective criteria and not linked to authorisation of the certification of the service provider involved:"
	Signature s13	Subsections (2) and (3) follow the wording of the Uncitral Model Law and electronic signatures are recognised -Sect 13 (1) introduces an "advanced electronic signature" By definition an "advanced electronic signature" results from a process accredited by an accreditation authority established by the DG of DoC. -Where a signature is required by law an advanced electronic signature must be used
	PROBLEMS WITH S13	Accreditation creates an artificial distinction which has little to do with the quality of the signature Interpretation of "required by law" will include any legislative or regulatory provision requiring "signature", "certification" or "verification" Delay in the establishment of an accreditation authority will affect every instance where signature is required by law The benefit conferred in subsection (4) will only accrue to "accredited signatures" regardless of the quality of the signature Potential for a proliferation of standards see s 29 Does this sect include regulatory bodies in the private and public sectors?	Base on the EU Directive 1999/93: *The distinction between "advanced electronic signature" and "electronic signature" is made -Voluntary accreditation is also recognised -"The legal recognition of electronic signatures should be based upon objective criteria and not linked to authorisation of the certification of the service provider involved:"
	Integrity of Information or Data Messages s 14 Original	-Must pass the integrity test and be capable of being displayed or produced to the person to whom it is presented n the integrity must be assessed— -by considering whether the information has remained complete and unaltered, except for the addition of any endorsement and any change which arises in the normal course of communication, storage and display; -in the light of the purpose for which the information was generated; and -having regard to all other relevant circumstances	"Original", "Retention" and "Production of documents" are underpinned by the concept of integrity -This integrity will typically be maintained by a digital signature (fulfilling criteria of sect39 (1)) -If signature, verification, certification of a data message is required by law it can only be signed by use an advanced electronic signature. -What will result be if any of the above is signed by an electronic signature?
	Section 16: Retention	-accessible so as to be useable for subsequent reference -is in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received -origin and destination of that data message and the date and time it was sent or received can be determined
	Section 17: Production of document or information	-where a law requires a person to produce a document or information -the method of generating the electronic form of that document provided a reliable means of assuring the maintenance of the integrity of the information contained in that document -the integrity of the information contained in a document is maintained if the information has remained complete and unaltered
	Authentication Service Providers Sections 34 & 36 Accreditation	-ss 34 & 36 Accreditation of authentication products and services voluntary -"Authentication products and services" products designed to identify the holder of an electronic signature to others -"authentication service provider" means a person whose authentication products or services have been accredited by the Authority under section 38 or recognised under section 41 (recognition of foreign accreditation)	-The linking of "advanced electronic signature" to accreditation must be done away with -The criteria for "advanced electronic signatures" must be objective -Accreditation must revert to the truly voluntary concept set out in the Green Paper and not the de facto mandatory provisions manifest in the Bill
	Evidence: Admission and Weight	-s15 In any legal proceedings, the rules of evidence must not be applied so as to deny the admissibility of a data message, in evidence— -on the mere grounds that it is constituted by a data message; or -if it is the best evidence that the person adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form	-The Computer Evidence Act contradicts this and is not repealed -To ensure consistency in our law the Computer Evidence Act must be repealed
	Notarisation, Acknowledgement and Certification s18	-Where law requires a signature , statement or document to be acknowledged, verified or made under oath this can be done by way of an "advanced electronic signature" attached to data message -Certification of a printout where a document is in electronic form is provided for but no requirement is included iro time and date
	Automated Transactions s21	-Electronic "agency" provided for -In essence the terms of the agreement must be accessible and a natural person must be in a position to rectify an error in contracting and take reasonable steps to rectify the error
	Communication of Data Messages	-s22 Can be varied by agreement -s23(1) Not without legal force merely because agreement is concluded by means of a data message -s23(2) Time and place of agreement is where acceptance received by the offeror -s24 Communication regarded as having been sent when it enters an information system outside the control of the originator or if recipient on the same information system when capable of being retrieved by the addressee
	Attribution of data messages s26	Data message that of originator if sent by: -the originator personally; -a person who had authority to act on behalf of the originator in respect of that data message; or -an information system programmed by or on behalf of the originator to operate automatically.
	E-Government ss28 & 29	-Disappointing to see so little relating to e-government considering government is the most obvious stimulus to e-business on a broad scale -Public body may accept electronic filing, issue permits ect by way of data message and receive payment by electronic means -May also stipulate in the gazette its requirements in this regard
	Cryptography Providers s30	-In the wrong piece of legislation -This really relates to national security -The drafting is far too loose and will need considerable tightening up -Needs to be a greater emphasis on engagement of the private sector by government instead of the prescriptive approach adopted	-Comment: Strongly suggest that this is excised from the Bill
	Criteria for Accreditation s39(1)	-electronic signature is : - -uniquely linked to the user; -is capable of identifying that user; -is created using means that can be maintained under the sole control of that user; and -will be linked to the data or data message to which it relates in such a manner that any subsequent change of the data or data message is detectible
	Protection of Critical Databases ss53-59	These provisions are out of place in this Bill -They relate to national security -The prescriptive nature of the provisions is out of line with comparative legislation in other jurisdictions which provides for collaboration between private and public sector	Comment: This does not belong and should be excised from the Bill
	Domain Name Authority and Administration Chap X	Government see the .za domain as a national asset -The provisions establish an authority (sect 21 company) to control domain naming function	Comment: Doubt whether this is necessary even if Private sector share in governance
	Cyber Inspectors ss84-88	-DG of DoC may appoint cyber inspectors -Powers -Investigate the activities of a cryptography provider, authentication service provider or audit a critical database -A statutory body including the SAPS with powers of search and seizure may apply for assistance of a cyber inspector in prescribed manner.	Comment: This is a law enforcement function and should not be developed within DoC
	Protections	-Welcomed as interim Legislation cannot be regarded as fully adequate Consumer Protection sections brings SA in line with International development Protection of Personal Information -Voluntary - not yet "adequate law’ - Law Commission has been appointed Cyber Crime limited to anti hacking – the European Council Convention on Cyber crime signed by SA but must be implemented
	Consumer Protection ss43-50	-South African law is not rich relating to distance or remote contracting- -The provisions of this section bring us into line with similar law in other jurisdictions -S 44 sets out the information requirement -S 45 sets out the provision for a cooling off period which is subject to certain exclusions -Performance must be executed in 30days -SA Law will apply -Cannot agree to exclude these provisions
	Protection of Personal Information ss51-52	-Applies only to information obtained through electronic means -A voluntary dispensation -Sets out the principles of collection of personal information on the basis of informed consent -Is not "adequate law" but issue of privacy is being referred to a working group of the law commission recently established -Business should use the guide to get its "house in order"
	Limitation of liability of SPs	-Service provider" means a person operation an information system for generating, sending, receiving, storing, or displaying or processing data messages including Internet and WAP communications -Representative body and code of conduct -Recognises position as "mere conduit" -Provides generally for the good conduct and "take down notices"
	Cyber Crime ss89- 94	-Anti-Cracking crimes not easily accommodated in our current law are addressed: -Unauthorized access to, interception of, or interference with data -Computer related extortion, fraud and forgery -Attempting, aiding and abetting also offences -Penalty a fine or imprisonment not exceeding five years -SA is a signatory to the European Council’s Convention on Cyber crime which is extensive and these provisions need to be implemented in harmony with its provisions
NATIONAL TREASURY Financial System Logis		Supports Bill and its ability to further develop e-government.
	Private International Law	This Bill does not cover International considerations. Web transactions span across country borders, how will the regulations be linked back to local laws and what are the implications as far as foreign law is concerned?
	Tax implications	How will tax calculations be done? Tax across international borders is also not mentioned. Similarly for export taxes and customs and excise duties.
	Chapter X Domain Name Administration	How is the .za domain name authority going to co-exist or replace the work currently being done by the already established private companies, such as Namespace?
	Cryptography Providers	We already have the South African Certification Agency [SACA] which deals with encryption matters
SABINET	CHAPTER IX	The protection of critical data should be dealt with in another Act that deals specifically with National Security, as it is inappropriate in the context of this Bill.
	Section 54(a)	The broad requisites in this section grant the Minister too wide a discretion.	The words "is of importance to" should be replaced by "necessary for".
	Objective Designation Criteria	Actions that could endanger the economic and social well being of the citizens of the Republic should be dealt with in Chapter IX. More strenuous requirements are to be established.
	Chapter IX	Does not sufficiently require a consultative approach	A procedure similar to that of S56 (2) should be established for private bodies
		There is insufficient distinction between government and commercial database
	Section 56	There is no provision for judicial review of the Minister’s undertakings. This could be unconstitutional
		The regulations, if not promulgated in consultation with commerce or any affected parties, could lead to increased operating costs. Also, the pace of technology versus the legislative procedure, could lead to the commercial industry not being able to use the latest technology to archive and store data.
		Despite the possible losses that could be suffered due to any Ministerial promulgation, no mention is made of compensation.
		Despite the possible justification for critical databases, the powers of the Minister are too wide.	Delete or amend as stated above