You Are Here Home Political science project topics INFORMATION SECURITY RISKS, THREATS AND CRIME

INFORMATION SECURITY RISKS, THREATS AND CRIME

Project topics and materials 0

Get Complete Project Material File(s) Now! »

CHAPTER THREE THE SOUTH AFRICAN LEGAL FRAMEWORK REGARDING INFORMATION SECURITY

INTRODUCTION

As mentioned in preceding chapters, dealing with information security problems requires the application of relevant policies. These policies should be based on international and national frameworks. Whilst the previous chapter focused on information security issues, this chapter will deal with the legal framework in South Africa and how it relates to information security.
There are several laws in South Africa which deal directly or indirectly with information security issues. These laws relate to, amongst others, trademarks, malicious code, hacking, copyright, patents and privacy, to name but some of the issues. It is thus important that South African companies base their information security policies on these laws. These laws include, but are not limited to, the following: the Constitution of the Republic of South Africa (1996); the Promotion of Access to Information Act No. 2 of 2000; the Companies Act No. 71 of 2008; the Electronic Communications and Transactions (ECT) Act of 2002; the National Credit Act No. 34 of 2005; the Protection of Personal Information (PoPI) Bill of 2007; the Copyright Act of 1978; the Labour Relations Act No. 66 of 1995; the Regulation of Interception of Communications and Provisions Communication-related Information (RICA) Act No. 70 of 2002; Consumer Protection Act No. 68 of 2008; and the King III Report. This list is not exhaustive, but includes the most significant legislation that governs information security in South Africa.
It is useful to clarify, for the purposes of this research, the difference between a bill and an act. The Bill is a draft law submitted to Parliament by the relevant Minister (Member of the National Executive) for consideration. Once Parliament passes the Bill and the President signs it, it becomes an Act (law). The chapter also reviews the King III Report. This is not, however, a law, but a set of recommendations with which all companies listed on the Johannesburg Stock Exchange are legally compelled to comply. It was therefore deemed necessary to include it in this chapter.

THE PROVISIONS OF INFORMATION SECURITY ISSUES IN THE CONSTITUTION

The Constitution of the Republic of South Africa (1996) is the supreme law of the Republic and is the foundation of all laws passed by the South African Parliament. The Constitution has a direct impact on information security related issues, in particular, the Bill of Rights. Taken at face value, one may deduce that the constitutional provisions related to information security contradict each other. Such provisions include the following: privacy vis-à-vis access to information; and freedom of expression vis-à-vis human dignity. The legislators were aware of these rudimentary contradictions and thus Clause 36 of the Constitution prescribes limitations of rights. No right should be exercised at the expense of other rights. In other words, the right to freedom of expression cannot be exercised in a manner that undermines someone’s human dignity.
The following are some of the South African government laws that address IT-related risks, threats and cyber-crime:
• Protection of Personal Information (PoPI) Bill of 2009;
• Privacy and Data Protection Act of 2006;
• Electronic Communications and Transactions Act of 2002 (ECT Act, 2002);
• Regulation of Interception of Communications and Provision of Communication-related Information Act of 2002 (RICA Act 2002);
• Promotion of Access to Information Act No. 2 of 2000;
• Patents Act No. 57 of 1978;
• Copyright Act No. 98 of 1978;
• Intellectual Property Laws Amendment Act No. 38 of1997; and
• Trade Marks Act No. 194 of 1993.

 COPYRIGHT LAW IN THE INFORMATION SECURITY CONTEXT

The inception of ICT and the Internet in particular has led to the abundance of information available in many forms. Computers networked globally and the World Wide Web (WWW) provides a platform for access to ever increasing amounts of information (Schonwetter, Ncube & Chetty, 2010). Yet the same technological platforms that enable access to information create copyright and intellectual property rights challenges (Lu, 2013).

Internet and benefits of copying, using and distributing online materials

The Internet has provided many opportunities for sharing information, art, music and other works globally (Lee, 2012). Yet, whilst the Internet has opened up a wide range of benefits to its users, there are serious concerns amongst those who have copyright to sustain control over the copying, using and distribution of their material. This relates to the ethical issues emanating from copyright in the Internet arena (Lee, 2012; Wu & Sun, 2013). It should also be emphasised that copyright in the computing environment lends itself to information security problems, challenges and crimes. The information security concerns arise because the nature of the online environment makes it possible for literature and audio-visual items to be copied and/or distributed other than in the physical world without affecting the original.
These copyright challenges are aggravated by the simplicity of producing multiple copies of online materials quickly (Paterson, 2012). In addition, these online materials are internationally available while Internet users are able to hide their identity. Given the information security problems posed by the copying, using and distribution of online-based materials, it is anticipated that copyright owners will turn to other measures to assist them with the enforcement of their rights.

Internet challenges the status quo of intellectual property protection

According to Tsolis et al. (2002:53), “the evolution of technology is challenging the status quo of intellectual property protection” and the management thereof in various ways. The situation is exacerbated by the fact that users of the copyright information in whichever form, whether print, digital, material, music or films, have some expectations about their own right to “use and copy that information and to communicate it to others”. This is problematic because, although users rightly have expectations, they do not necessarily have a legal right to undertake such activities without the permission of the copyright owner (Washah, 2013), although in fact users have for many years acted on their expectations without consequences (Paterson, 2012).

Infringements of copyright and legal remedies in South Africa

Herman (2012) suggests that there are several measures to deal with copyright crime, including physical security and logical and administrative security measures. Herman (2012) further emphasises user education and the use of policies as effective measures to deal with infringements of copyright. It is critical to bear in mind that policies should be informed by the relevant legislation.
South Africa is informed by the Copyright Act No. 98 of 1978. Although this Act is not recent, it is still effective in South Africa and it has been augmented by regulations published in 1985. According to Clause 23 of the Copyright Act, the infringement of copyright is constituted by, among other things:
(i) The encroachment of copyrights by any other person, other than the owner, who uses the rights without permission from the owner. Examples of such encroachment would include:-
a) Bringing items into the country to be used differently from the intended owner’s use. The abuse here could be in terms of selling, letting or hiring the item in the country
b) Unlawful acquisition of software in the country
(ii) The encroachment of copyrights could also be committed when a person who gives permission to another to use places of public entertainment where the individuals use items like music without proper permission from the copyright owner.
The next section deals with penalties for infringement.

Action by owner of copyright, and penalties for infringement

Regarding the action which copyright owners can take when their rights have been infringed,
Clause 24 of the Copyright Act No. 98 of 1978 stipulates that:
(i) Use the same margins as above for (i) and (ii) or change the above to be the same as this Any item produced due to infringement of copyright should be made available to the plaintiff. In case of damages, the plaintiff will be paid the amount which the licensee would have paid for the activity concerned. However, according to the clause, the copyright owner may in writing, before establishing the course of action, inform the licensee about the proceedings. The licensee may intervene and pay for the damages incurred.
(ii) In the case where the offender did not know about violating any copyrights, damages may not be paid for the infringement. However, in the case where the infringement is admitted or liability is otherwise proven then the offender will be required to pay for all damages relating to the violation as assessed by the court.
Regarding the penalties incurred as a result of infringement, Clause 27 of the Copyright Act No. 98 of 1978 stipulates that:
(i) If the individual is convicted for the first time, then he or she will get a fine of not more than five thousand Rand or imprisonment for not more than three years. However, the offender may be subjected to both paying the fine and the imprisonment for the individual articles related to the infringement.
(ii) If not the first offence, then the offender could get a fine of not more than ten thousand Rand or imprisonment for not more than five years. The offender may also be subjected to both paying such a fine and imprisonment for the individual items related to the infringement.

Reproduction regulations and permitted reproduction

The Copyright Act No. 98 of 1978 with Regulations of 1985, regarding reproduction of a piece of work, stipulates that reproduction of a work is permitted provided only one copy of the piece of work is reproduced. Again, reproduction may be permitted if the repeated copies are within the acceptable exploitation of the production and author’s rights. With these regulations in mind, libraries or archives may reproduce a work with its employees acting solely within the scope of their job. According to the Copyright Act No. 98 of 1978 Regulations of 1985, the employees may distribute the reproduction on the condition that:
(i) there is no intention of establishing by deduction direct or indirect commercial advantage;
(ii) the recreated work shall be open to the public or available to researchers affiliated to the library or archive depot;
(iii)the recreated work incorporates a copyright warning;
(iv) reproduction rights and distribution conform to a copy of an unpublished work duplicated in facsimile form completely for purposes of preservation and security;
(v) the library or archive depot shall display prominently, at the place where orders are accepted, and include on its order form, a copyright warning.
The section below provides an example of copyright case law.

Judgement regarding infringement of copyright in South Africa: Sure Travel v Exel Travel

A High Court judgment made on the 19th November 2004 regarding the infringement of copyright between Sure Travel and Exel Travel has had an effect on the interpretation of copyright law in South Africa (Buys, 2006). This judgement assessed the extent of software protection and how to prove the infringement thereof.
About the case and its judgement
Sure Travel, the company which has a travel agent’s franchise, makes use of a new software application known as Matchmaker. The respondents in the case, as a franchised agent of Sure Travel, signed a contract that included their right to use the Matchmaker system. Later the respondents abandoned Sure Travel group to establish their own group of travel agents. However, they continued using the software application. Consequently, Sure Travel alleged that the continued use of the software application violated the rights attached to the Matchmaker system. Since the respondents broke the contract with Sure Travel, they were hence unlicensed to continue using the software application.
According to Buys (2006), Sure Travel’s application for an interdict was dismissed by the court on the basis that Sure Travel, the complainant, failed to prove that the Matchmaker system contained any confidential or proprietary information. Again, based on this argument, the court also ruled that no unlawful competition took place. The section below deals with e-commerce.

READ  The legal implications of South Africa’s entrenched socio-economic rights framework

E-COMMERCE PATENTS LAW IN THE INFORMATION SECURITY CONTEXT

Overview of patent law

Patents are the basic protection provided for inventions. According to Bagby (2003:233), patents are a strong form of Intellectual Property and thus “patent law protects inventions”. The invention process includes the production or machination of a product not known before. This may be as a consequence of creativity or research. According to Bagby (2003:233), a patent is a limited monopoly licensed by the government to the initial producer of “useful, novel, and non-obvious inventions.” Patents for inventions are not easily distinguishable from trade secrets. The fact is that the patent system grants the inventor of new and innovative technology limited right to prevent others from practising the technology, as an encouragement and in exchange for releasing the technology to the public. The patent laws have contributed immensely to the success of US technology during the past two centuries (Wu & Sun, 2013).
It was imperative for patent law to be applicable to e-commerce in particular. In effect, the patent system has proved to be valuable for ICT and thus Berman, Reister and Kregel (2003:6.1) reported: “As with many new technologies, there has been a “land grab” rush to obtain Internet technology and Internet business method patents, and some relatively broad patents have been issued.” This assertion is supported by, inter alia, Xu and Sun (2013).

Types of e-commerce patents

An e-commerce patent is defined as a patent that can be granted to an organisation/individual conducting business through the Internet (Yaokumah, 2013). Liu (2013) went further to observe that patents can cover technology that (1) provides a better or different experience for a Website’s users (user experience patents); or (2) makes the e-commerce more efficient or more profitable (business enhancement patents). In addition, several broad aspects involve technology that is basic to the Internet operation (common use patents) (Yoshikane, 2013).
Berman et al. (2003:6.02) provides examples of types or groups of patents to demonstrate several aspects of patent law pertaining to e-commerce:
• Amazon’s one-click patent, which covers methods for enabling consumers to buy items on the Internet with a single click (a user experience patent);
• Priceline’s reverse-action patents, which cover methods for enabling consumers to name their own prices for goods or services (user experience patents);
• Patents held by numerous different companies on targeted advertising, which cover ways of directing particular advertisements to users based on information about those users (business enhancement patents); and
• e-Data Corporations Freeny patent, which its owner originally asserted covered all Internet sales involving downloads of digitised material, such as music (a common use patent).
The views of Berman et al. (2003) are supported by several authors, including Collan, Fedrizzi and Luukka (2013) and Issacs (2013). In most countries, patent rights are enforced through civil litigation in a court designated for this purpose in a particular country.

Provisions of the South African Patents Act

The legislation that specifically focuses on patents in relation to Information in South Africa includes the Intellectual Property Laws Amendment Act No. 38 of 1997, and the Patents Act No. 57 of 1978. The Intellectual Property Laws Amendment Act No. 38 of 1997 is constituted by sections of various Acts in South Africa:
• Sections 1-18: Amendment of Merchandise Marks Act No. 17 of 1941;
• Sections 19-25: Amendment of Performers’ Protection Act No. 11 of 1967;
• Sections 26-49: Amendment of Patents Act No. 57 of 1978;
• Sections 50-58: Amendment of Copyright Act No. 98 of 1978;
• Sections 59-68: Amendment of Trade Marks Act No. 194 of 1993;
• Sections 69-79: Amendment of Designs Act No. 195 of 1993; and
• Section 80: Short title and commencement.
For the purposes of this study, the main focus will be on the Patents Act No. 57 of 1978, hereafter referred to as the Patents Act. The provisions reflected in the paragraphs below are those that have an impact on information security.
Patentable inventions
In accordance with clause 25 of the Patents Act, patents are granted for new inventions with the capacity to benefit industries. However, a patent is not granted for any invention that may encourage immoral or offensive behaviour. The patent is also not available for a new invention for production of living things that are not subjected to micro-biological processes.
Debate about the legality of software patents in South Africa
According to the article written by ICT journalist, Brian Bakker (2007:26), software patents are supposedly not legal in South Africa. They should not be deemed legal until such time as they are proven to be by the legislator of the Court of Law. Section 25 (reflected above) of the Patents Act indicates that software (a programme for a computer) cannot be registered as a patent in South Africa. According to Bakker’s (2007) article, “this prohibition takes the form of an explicit exclusion, one of seven”. He quotes the Innovation Fund’s Biago: “The Act basically says that computer programmes ‘as such’ shall not be an invention. Everybody asks how the ‘as such’ is supposed to be interpreted but, unfortunately, we don’t yet have any case law in South Africa regarding the patentability of computer programmes”. The CSIR’s Bob Joliffe who is also mentioned in the aforesaid article argued that there is a huge amount of case law in Europe which may inform the South African judgements if and when they happen. Joliffe claimed that the South African patent law “was essentially copied from the UK statute which, in turn, was derived from the European Patent Convention. As a result, the language is almost identical.” This situation remains unchanged to date (Behr, 2013; Collan et al., 2013), and will be dealt with in detail in the findings of this study.
Disputes as to the rights in or to patents
As stated in Section 28 of the Patents Act, rights disputes between individuals should be settled by the commissioner following an application by any of the parties. If, however, an individual is not willing or is not able to participate in an application for a patent, the individual may be asked to execute an assignment by the commissioner. If the execution is just and equitable according to the commissioner, the compensation may be due to the non-participating individual.
In a situation where an individual declares a right to exclude any other individual from applying for a patent, directions from the commissioner may require such other individual to perform any deed of assignment that may be requested and that the deed of assignment be extended to other countries.
Infringement of the patents
In conformity with Section 65 of the Patents Act, which provides the proceedings for infringement, the patentee may file such proceedings regarding a patent. The complainant may be compensated through an interdict, or by bringing to him/her the infringed products, or the damages. However, the accused may react for annulment of the copyright based on any base on which such a copyright may be revoked. Nevertheless, before filing such proceedings, the complainant should provide a notice to the registered licensee of the copyright in question, who may have the right to intervene as a co-complainant. In the case of damages, the complainant may opt for an amount which the defendant could have paid in respect of the copyright in question, as compensation. The section below deals with trademarks legislation.

TRADEMARKS LEGISLATION IN THE INFORMATION SECURITY CONTEXT

 Overview of the Trademark concept

This section provides an overview of the trademark law in the context of e-commerce and information security in particular. Before one focuses on the trademark law, it is important to understand the meaning of the word trademark. A trademark, according to authors such as Leverich, Gallagher-Duff, Lavelleye and Rosette (2003:7.01), “is a distinctive work, name, phrase, symbol and/or design that identifies and distinguishes one’s goods (or services) from the goods and services of others.” Bagby (2003) opines that trademarks are the most significant form of recent commercial symbols. Trademarks are the compartment of business-related symbols that obtain legal protection. This view is supported by authors such as Proff and Dettmann (2013) and Simon (2013).
Trademarks law grants the owner of the trademark the right to prevent other individuals or/and entities from employing the trademark or mark to market their products or services (Proff & Dettmann, 2013). According to Bagby (2003:278), trademark law is a complicated and challenging field, “because the standards of analysis and much of the case law are based on artistic and cognitive judgements about human perception and commercial behaviour.” This assertion is supported by authors such as Behr (2013), Assaf (2012). This section will mainly focus on the South African Trademarks Act No. 194 of 1993 and how it pertains to information security.

TABLE OF CONTENTS
ACKNOWLEDGEMENTS
DECLARATION
TABLE OF CONTENTS
LIST OF APPENDICES
LIST OF FIGURES
LIST OF TABLES
CHAPTER ONE: NATURE AND SCOPE OF THE STUDY
1.1 INTRODUCTION
1.3 THE PROBLEM STATEMENT
1.4 RESEARCH QUESTION AND OBJECTIVES OF THE STUDY
1.5 BRIEF OVERVIEW OF THE RESEARCH DESIGN AND METHODOLOGY
1.6 SIGNIFICANCE OF THE STUDY
1.7 STRUCTURE OF THE THESIS
CHAPTER TWO: INFORMATION SECURITY RISKS, THREATS AND CRIME
1.2 INTRODUCTION
2.2 A BRIEF HISTORY OF ECOMMERCE AND INFORMATION SECURITY CONCERNS
2.3 OVERVIEW OF INFORMATION SECURITY RISK, THREAT AND CRIME
2.4 ETHICAL ISSUES PERTAINING TO INFORMATION SECURITY
2.5 INFORMATION SECURITY POLICIES
2.6 SUMMARY
CHAPTER THREE: THE SOUTH AFRICAN LEGAL FRAMEWORK REGARDING INFORMATION SECURITY
3.1 INTRODUCTION
3.2 THE PROVISIONS OF INFORMATION SECURITY ISSUES IN THE CONSTITUTION
3.3 COPYRIGHT LAW IN THE INFORMATION SECURITY CONTEXT
3.4 E-COMMERCE PATENTS LAW IN THE INFORMATION SECURITY CONTEXT
3.5 TRADEMARKS LEGISLATION IN THE INFORMATION SECURITY CONTEXT
3.6 PRIVACY LAWS IN THE INFORMATION SECURITY CONTEXT
3.7 LEGISLATION PERTAINING TO THE RECOGNITION OF DATA MESSAGES
3.8 LEGISLATION PERTAINING TO CYBER-CRIME
3.9 LEGISLATION RELATED TO MALICIOUS CODE
3.10 ICT RISK REGULATORY ASPECTS IN SOUTH AFRICA
3.11 SUMMARY OF CHAPTER 3
CHAPTER FOUR: RESEARCH METHODOLOGY AND DESIGN GENRE
4.1. INTRODUCTION
4.2 SAMPLING AND PROFILE OF THE ORGANISATIONS
4.3 THE RESEARCH DESIGN
4.4 DATA COLLECTION METHODS USED IN THE STUDY
4.5 THE USE OF QUALITATIVE DATA ANALYSIS IN THIS STUDY
4.6 THE TRUSTWORTHINESS OF THE RESEARCH
4.7 ETHICS
4.8 SUMMARY OF CHAPTER 4
CHAPTER FIVE: FINDINGS OF THE STUDY: FINDINGS OBTAINED FROM INTERVIEWS
5.1 INTRODUCTION
5.2 FINDINGS OBTAINED FROM INTERVIEWS
5.3 SUMMARY
CHAPTER SIX: FINDINGS OF THE STUDY: FINDINGS FROM DOCUMENT COLLECTION AND ANALYSIS
6.1 INTRODUCTION
6.2 FINDINGS OBTAINED THROUGH DOCUMENT COLLECTION AND ANALYSIS,
6.3 FINDINGS OBTAINED THROUGH WEBSITE FUNCTIONALITY AND CONTENT ANALYSIS IN THE STUDY
6.4 SUMMARY
CHAPTER SEVEN: CONCEPT MODEL OF LEGAL COMPLIANCE FOR INFORMATION SECURITY IN THE CORPORATE ENVIRONMENT
7.1 INTRODUCTION
7.2 AIFHELI GROUP OF COMPANIES
7.3 THE PROPOSED MODEL OF LEGAL COMPLIANCE
7.4 SUMMARY
CHAPTER EIGHT: OVERVIEW, CONCLUSION, LIMITATIONS AND RECOMMENDATIONS
8.1 OVERVIEW OF THE STUDY
8.2. SUMMARY OF CONTRIBUTIONS
8.3 IDEAS AND IMPLICATIONS FOR FUTURE RESEARCH
8.4 LIMITATIONS OF THE STUDY
8.5 CONCLUSION OF THE STUDY
REFERENCES
GET THE COMPLETE PROJECT

Related Posts

Distinguishing between strategic and operational/tactical LSCM issues

Multi-candidate Political Competition and the Industrial Organization of Politics 

Differences between French and Italian livestock practices page 

Political influence on homicide reports under civil conflict 

GENERAL DISCUSSION AND CONCLUSIONS: IMPLICATIONS TO THE REGIONAL SEISMIC HAZARD

Policy Search when Significant Events are Rare: Choosing the Right Partner to Cooperate with