Electronic Communications and Transactions

It is almost impossible to think of the world without on-line shopping, let alone the internet, or email. Yet, strange though it may seem, South Africa has experienced democracy for a longer period of time than it has these electronic communication media and the transactions they enable.

The World Wide Web was only established in 1991. And – believe it or not – Google was only established in 1998.1 Today, we cannot live without them. It is currently estimated that there are 4.6 billion internet users worldwide,2 of which 32.6 million are in South Africa alone.3

The Electronic Communications and Transactions Act 20024 (ECTA, as it is familiarly referred to) aims to address this world of e-commerce, and the changes in the way contracts and transactions occur, as well as the legal principles which govern them. It deals with a huge range of topics, ranging from the legal recognition of electronic signatures, to domain name disputes, to cybercrime. The Act is administered by the Minister of Communications.

A. Cryptography providers

Cryptography is the art of writing things in code. In modern terms, this is the use of certain technology to ensure that the data, i.e. the message, can be accessed only by relevant persons, that the authenticity and integrity of the data is secure, and that the source of the data can be correctly ascertained.

So a ‘cryptography service’ does just that – provided to a sender, or a recipient of a data message, or to anyone storing the data message. Internet Service Providers, for example, render a cryptography service.

  1. No person may provide cryptography products or services in the Republic until certain details, as required by the Act, are registered. It is an offence to do otherwise.5

  2. Any person who discloses information contained in that register, other than to those responsible for the register or as required by law, commits an offence.6

B. Authentication products

An ‘authentication product’ or ‘service’ is designed to identify the holder of an electronic signature to other persons. The Director General of the Department of Communications is the Accreditation Authority (insofar as the Act is concerned) and he may accredit authentication products, or services, in support of advanced electronic signatures. These are required for agreements and documents stipulated by the law to be in writing, and signed by the parties. The Act provides for a lengthy and intensive process before this accreditation will be granted.

  1. It is a criminal offence to represent that products or services are accredited if this is false.7

  2. Similar accreditation may be granted by a foreign authority, and in which event the Minister may recognise that accreditation. It is an offence falsely to represent that products or services have been so recognised by the Minister.8

C. Spam

Next to cybercrime, the unsolicited emails and adverts which daily pour into our in-boxes are surely the scourge of the electronic era.

  1. It is a criminal offence to send unsolicited commercial communications (i.e. spam) to a consumer without providing him with:
    • the option to cancel his subscription to the mailing list; and
    • if requested by the consumer, details identifying the source from which the consumer’s personal information was obtained.9
  2. If the sender has been advised by a particular consumer that it is not wanted, he commits a criminal offence if he continues to send spam.10

D. Cyber inspectors

The Director General can appoint any employee in the Department of Communications as a ‘cyber inspector’. His functions, once appointed, will be to monitor and inspect websites, or activities on information systems in the public domain, and report unlawful conduct to the relevant authority. He will also investigate cryptography services providers and authentication service providers. They have extensive powers of inspection, search and seizure.

  1. Any person who hinders, or obstructs a cyber inspector in the performance of his duties commits an offence.11

  2. Any person who refuses to cooperate in a lawful search conducted under ECTA is guilty of an offence.12

  3. It is also an offence falsely to pretend to be a cyber inspector.13

  4. Where an inspector, pursuant to his powers or duties in terms of ECTA, has obtained access to information he may not disclose it (except as required by law) and commits an offence if he does.14

E. Cybercrime15

  1. If you intentionally access or intercept any data16 without permission to do so, you commit a criminal offence.17

  2. If you interfere with data in a way which causes it to be modified, or destroyed, or otherwise rendered ineffective, it is an offence.18

  3. It is an offence to produce, sell, design, distribute or even possess any device, computer program or component whose purpose is to overcome security measures (including a password or access code) for the protection of data.19

  4. It is an offence to use any device or computer program to overcome security measures for the protection of data.20 21

  5. Any person who does any of the aforegoing in relation to an information system in order to prevent service to legitimate users commits an offence.22

  6. Any person who threatens to do any of the aforegoing, in order to derive some benefit by then agreeing not to do so, commits a criminal offence.23

  7. Any person who does any of the aforegoing, in order to derive some benefit by offering to repair any damage caused by his actions, also commits a criminal offence.24

  8. If you do any of the aforegoing, and then cause fake data to be produced so that you can derive some benefit by that fake data being taken as authentic, you commit an offence.25 26




  4. An amendment is intended to be effected by POPI - the Protection of Personal Information Act 4 of 2013, but that Act has not been implemented yet. 

  5. Section 32(2) read with section 30(1). 

  6. Section 32(2) read with section 31(1). 

  7. Section 37(3). 

  8. Section 40(2). 

  9. Section 45(3). 

  10. Section 45(4). 

  11. Section 80(5)(a). 

  12. Section 89(1). 

  13. Section 80(5)(b). 

  14. Section 84(1) and (2). 

  15. This is dealt with in Chapter XIII of the Act. Unfortunately, several of the provisions are as clear as mud. 

  16. Which means electronic representations of information in any form. 

  17. Section 86(1). 

  18. Section 86(2). 

  19. Section 86(3). 

  20. Obviously this does not apply to good faith scenarios – for example, if my hard-drive crashes and I take it to a data recovery specialist. 

  21. Section 86(4). 

  22. Section 86(5). 

  23. Section 87(1). 

  24. Section 87(1). 

  25. It is not possible to make better sense of section 87(2) of the Act. 

  26. Section 87(2).