What’s the Law for WISPs According to the Cybercrimes Act – and What’s Not

Fri, 18/06/2021 - 17:04

The Cybercrimes Act recently signed into law in South Africa does not put WISPs (wireless Internet service providers) and other ISPs under any obligation to monitor their subscribers or report them to the SAPS for online copyright infringement (commonly referred to as piracy).

The Act creates new criminal offences and new interactions between the electronic communication service provider (ECSP) community, from our point of view being the WISPs and ISPs, and the SAPS.

Out with the old and in with the new

For WISPS this means that – when the Act commences – the old process of SAPS getting a subpoena from a magistrate under section 205 of the Criminal Procedure Act in order to obtain subscriber information from a WISP will fall away. It will be replaced by a range of new directions which SAPS can give to WISPs in order to obtain information and to make sure that evidence of criminal activity is preserved.

WAPA will provide training to its members to ensure that they understand the new processes and are clear about the circumstances when they are required to hand over subscriber information to SAPS.

Copyright infringement and the Cybercrimes Act

Recent media reports in South Africa, however, suggested that service providers are obliged to report these offences to the SAPS. That’s not true.

ISPs are not network police

WISPs in South Africa have received copyright infringement notices – usually from rights holders based in the US – alleging that their subscribers are guilty of online copyright infringement. These are usually passed on to the subscriber but there is no framework in South Africa for enforcing these notices, which are sent under US legislation – the Digital Millennium Copyright Act or DMCA.

While reporting copyright offences is a difficult and contested area at the moment, service providers would be breaking the law if they policed subscriber activities on their networks. The Cybercrimes Act makes it clear that WISPs are under no obligation to monitor activity on their networks or to actively look for evidence of criminal conduct.

Any WISP which unlawfully monitors the activities of its customers runs the risk of itself committing a crime under the Regulation of Interception and Provision of Communication-related Information Act (RICA).

What to expect

When the new Act comes into force, ECSPs will be required to report certain crimes of which they have knowledge within 72 hours, where possible, to the SAPS. We don’t have the full list of crimes yet. About 10 are being proposed but the Minister of police must still decide which of them will trigger the requirement for an ECSP to report to the SAPS.

WAPA is participating in this process, which will culminate in these reportable crimes being gazetted at the appropriate time. However, it is important to note that, while many lobbied hard to have copyright infringement included in this list, it was not.