JSE SUBMISSION TO PARLIAMENT ON THE ELECTRONIC COMMUNICATIONS AND TRANSACTIONS BILL ("the ECT Bill" or "the Bill")
INTRODUCTION
1.1 The purpose of this submission is to advise Parliament of those provisions of the ECT Bill which are of concern to the JSE Securities Exchange South Africa ("the JSE").
2.1 "electronic"
2.1.1 This definition leads to confusion and should be adapted in line with the UNCITRAL Model Law which states that:
"electronic" includes created, recorded, transmitted or stored in digital or other intangible form by electronic, magnetic, optical or any similar means".
2.2 "cryptography provider"
2.2.1 We are uncertain whether "…any person who provides or who proposes to provide…" refers only to the person who owns or exercises control over the "deciphering" code" or whether it includes any distributor of such technologies who does not have such ownership or control. This needs to be clarified.
2.2.2 What about Secure Socket Layer (SSL) technology that is freely available? If an institution uses such technology to communicate with its clients in an encrypted environment, does the institution "provide" cryptography products or services?
2.2.3 This definition relates to Chapter V. The JSE presumes that Chapter V is intended to assist authorities that endeavour to monitor and intercept communications in terms of monitoring and interception legislation. If so, the JSE suggests that the Chapter V issues should be dealt with expressly in such monitoring and interception laws and not in the ECT Bill.
2.3 "private body"
2.3.1 This term does not appear in the Bill.
2.4 "public body"
2.5 "World Wide Web"
2.5.1 The JSE believes that this definition is confusing and should be amended.
.
6. CHAPTER III: Facilitating electronic transactions - GENERAL COMMENTS
6.4.1 The expressions: "post", "mail", "registered mail", "pre-paid mail", "certified mail" etc appear in many laws. The ECT Bill must provide a mechanism to permit such actions to be satisfied by electronic delivery, where appropriate, and to create a mechanism that serves as equivalent proof of delivery as "registered mail".
6.5.1 Various statutes (e.g. the Companies Act) make reference to, or require use of, a seal. This is not adequately dealt with in the Bill, including Section 19 (2).
6.5.2 We recommend the specific insertion of language to refer to the application of a seal, by means of a functional equivalent, namely an electronic signature (advanced or otherwise). This would follow the precedent in Section 16 of the Irish Electronic Commerce Act of 2000 and the Australian Electronic Transactions Act of 1999.
6.6 Certification
6.6.1 Section 18 does not address the electronic certification of electronic documents and should be amended to include this.
6.7 Stamp duty
6.7.1 The Bill does not address the requirement for stamp duty and it is noted that the Stamp Duties Act has been recorded as an excluded law in the Schedules to the Bill.
6.8 "In" or "on" the prescribed form
6.8.1 Although Chapter III of the Bill aims to ensure technology neutrality, it is not clear whether a requirement under a law that a document must be "in or on the prescribed (by regulation) form" can be satisfied in electronic form. Due to the prevalence of these prescribed form requirements in various other laws and to avoid unnecessary doubt, it is suggested that the Bill should expressly provide for this recognition.
6.9 "instrument"
6.9.1 The term "instrument" is encountered in many other laws. It is unclear whether S19 (2) of the Bill can be applied to such term. The Bill should be amended to include the term "instrument" in S19 (2).
6.10.1 The inspection and/or search and/or seizure provisions in many other laws do not contemplate electronic communications, electronic records or other electronic evidence stored on computer hard drives or other storage devices. The Bill should provide clarity in this regard that should apply across all laws.
7. SECTION 13: Signature
7.1 Where a law (statute or regulation) requires a signature, regulators should, in the JSE’s opinion, be permitted to specify the type of authentication and expression of intent (the two attributes of a signature) that would satisfy their requirements. Regulators (such as the JSE) should not be constrained by a peremptory provision that only an "advanced" electronic signature would suffice.
7.2 There is no guarantee that any Authentication Service Provider would opt to have their technologies accredited in terms of Chapter VI. Thus, "advanced electronic signatures" may perhaps not be available for some time to come. Regulators should not in the meantime be powerless to administer their laws by permitting other types of electronic signatures.
7.3 Even if certain types of signatures are accredited to become "advanced", such signatures may be inappropriate in certain industries (e.g. the JSE trading environment or inter-bank transfers). There is no guarantee that Authentication Service Providers for these types of industries may come to the fore or, even if they do, seek to become accredited.
7.4 The only distinction in the Bill that the JSE can discern between "normal" and "advanced" electronic signatures is the fact that "advanced" electronic signatures appear to be issued by "Authentication Service Providers" in the ordinary course of their business. We understand that these are companies such as VeriSign and Thawte. It is submitted that, where a law requires a signature, a regulator should be permitted to prescribe to the regulated persons such standards and procedures as the regulator deems appropriate for the industry concerned.
7.5 By way of example, almost all on-line vendors, banks and other institutions use a "User ID and PIN" method of customer authentication (and signification of intent). It is unlikely that a User ID and PIN would qualify as an "advanced" electronic signature in terms of the Bill because this type of signature is generated by the user (usually clients of an organisation), whilst the process which recognises and verifies the ID or PIN vests with the organisation. The organisation may not wish to have these authentication technologies accredited and made subject to comprehensive quality control processes, audits and standards determined by the Department of Communications. The organisation may also be reluctant for its clients to have to pay for "electronic signatures" such as those issued by VeriSign because it may lose clients in the process.
7.6 We submit that section 13(1) should be amended to make it clear that regulators such as the JSE and the FSB are able to specify the requirements in respect of "signatures" for their specific industries.
8. SECTION 15: Admissibility and evidential weight of data messages
8.4 Therefore, computer evidence generated in the ordinary course of business should be prima facie admissible as a true reflection of the evidence it contains. The presumption could always be refuted on a balance of probabilities. Such presumption would avoid unsubstantiated challenges to the integrity of computer evidence while retaining the right of a person to challenge the same at any stage, on good cause shown.
9. SECTION 17: Production of document or information
10.3 The relevant sections appear reasonable when one contemplates the so-called "electronic agent" software used on the Internet where a consumer sends pre-programmed "bots" to find certain goods on other websites. However, the wording of the section is wide enough to apply to almost all forms of electronic transactions, including ATM transactions, JSE trades, on-line banking, securities settlements, etc. The relevant sections are even capable of being interpreted to apply to legal entities executing an electronic transaction through their employees or officers.
10.4 As the relevant sections cannot be contracted out of – Part 1 of Chapter III creates a statutory right – these provisions will cause tremendous risks to the stability and legitimacy of trades conducted on the JSE and transactions on the STRATE systems. This will lead to substantial legal liability risks both on the part of the JSE and on the part of JSE members.
10.5 The JSE accepts that the relevant sections are intended to provide protection for a "consumer", as defined (see reference to "an individual"). However, the JSE submits that Section 44(2) on consumer protection affords adequate protection to a consumer, whether such consumer is engaged in an "automated transaction" or not.
10.6 The JSE further submits that unless practice indicates that "automated transactions" frequently cause the harm contemplated in this section, the freedom and sanctity of contract between parties to a transaction should not be unduly interfered with through statutory intervention. In the JSE’s case, its trading rules provide a level of comfort that is arguably equivalent to that offered by the Bill and which are guided by international securities law principles. We believe the JSE’s ability to set these rules with approval from the FSB, with the obligation to ensure investor protection, should not unwittingly be affected by the Bill.
11. SECTION 26: Attribution of data message to originator
12. CHAPTER IV: E-Government
13.1 Section 11 of the Promotion of Access to Information Act deals with "Right of access to records of Public bodies" and section 30 of that Act deals with access to health or other records. It is submitted that the reference to section 30 of that Act should be amended to refer to section 50 of that Act because the latter deals with "Right of access to records of private bodies".
13.2 The same comment applies to section 57(2)(d).
14.1 Regulators are tasked with creating specific consumer protection provisions for the industries they regulate. This is because each industry has different challenges and stakeholders that require a sectoral approach to consumer protection. E-commerce and related communications are but one of the means of communication and transacting within a particular industry. A single law cannot and should not create a single standard across different industries.
14.2 In respect of the JSE securities trading environment, the brokers (members) usually act as the agent of the customers (the investors) and all rights and obligations can be attributed to such customers. In law, the JSE may therefore deal directly with a "consumer" in various instances.
16. SECTION 88(1): Protection of confidentiality
17. CONCLUSION
17.4 We therefore urge Government to consider the issues set out in this document, taking specific cognisance of the role the JSE fulfils in the South African economy and in facilitating the positioning of South Africa as the financial centre for Africa.
17.5 We have already requested an opportunity to make oral submissions at the Parliamentary hearing. We will utilise this opportunity to explain the particular role the JSE plays within the electronic world, and how the ECT Bill impacts on this, and also answer any question that members of the Portfolio Committee may wish to put to the JSE. We respectfully repeat this request, and look forward to your positive response.
Yours faithfully
NICKY NEWTON-KING
GENERAL COUNSEL