Cyberethics and the South African Electronic Communications and Transactions Act

DP van der Merwe, L Pretorius and A Barnard


In this paper we explore the relationship between personal ethics, public morality and external regulation by means of, among others, legislation. This conceptual continuum is also prevalent in the domain of information technology and cyberspace and is in accordance with Lessig’s paradigm as discussed by Spinello (2002) which distinguishes the four modalities of regulation of cyberspace, namely law, norms, the market and architecture (or code). We focus on three of these modalities, viz. law, norms and architecture.

Gleason and Friedman (2003) argue that “the development of particular cyberspatial norms” will benefit all the actors involved in online collaboration. They furthermore state that “efforts should be made to articulate a conceptual model of cyberspace that respects its unique attributes – one that is accessible to both the actors that will take lead organizing and regulating cyberspace, and, more importantly, the citizens of the world who will hold those actors accountable”. In the context of this accountability we consider the possibility that human decision-making (and the ethical values which this implies) might be superseded by structuring machine architecture (code) in such a way that human decision-making may be appreciably reduced. Furthermore, attempts to regulate cyberspace by means of legislation is at present awarded prominence on a global level by governments in part due to the pervasive nature of Internet technology. It is within this context that we evaluate the new South African Electronic Communications and Transactions (ECT) act (Act No. 25, 2002) and its implications for the other modalities under consideration.

The “ECT Act” (as it has come to be known) is of great strategic importance for the entire African continent as it struggles to move from a mainly agrarian economy into the brave new world of the Internet, in particular e-commerce. Since South Africa has been one of the first African countries to adopt this type of legislation, it is plausible to speculate that the ECT Act might serve as a model for the entire continent. This seems even more likely, given the initiative of NEPAD (New Partnership to Promote Africa’s Development) to empower Africa economically. This gives credence to the investigation and analysis of this act independently of legislation adopted in Europe, the US and elsewhere.

We consider a number of the issues dealt with in the new South African ECT act. Among others we identify which topics are currently covered by this act; viz. e-mail, the Internet, cybercrime and evidence, jurisdiction, domain names, consumer protection and defamation. Issues absent from the act in its current format comprise most of the area of intellectual property (save for domain names), taxation and a compulsory regime on privacy. One of the most controversial clauses in the ECT Act, which has also raised a number of ethical issues, has been the matter of domain names. The South African government intended to form a non- profit domain name authority, of which it would be the only member and shareholder under an exemption from the South African Companies Act. Government reasoned that it had the duty to administer the .za domain as a national asset.

The idea of a Government controlled domain name authority elicited ferocious response from the private sector, particularly from the company Namespace. The latter had constituted itself into a non-profit company on the 21st of August 2001 in order to administer the .za domain. This move was widely regarded as a pre- emptive move by the Internet community to prevent Government from taking exclusive control of the registration process. Government’s reaction however was swift. An ECT Bill tabled to Parliament in November 2001 made provision for a government controlled domain name authority. About ninety percent of official commentary on the ECT Act, which deals with about twenty additional topics, was centred on the domain name issue.

We subsequently explore the notion that regulation in itself in not sufficient to guarantee acceptable normative behaviour in cyberspace. Actors in cyberspace also need to demonstrate ethical and moral principles and behaviour. For example, the South African ECT act affords a data collector the option to respect and implement online privacy protection of collected data (Act No. 25, 2002 sections 50-51), and does not enforce such behaviour but rather relies on the integrity exhibited by said data collector. The SA Law Commission is of the opinion that this alone is not sufficient to guarantee citizens’ constitutional right to privacy (section 14 of Act No. 108 of 1996) and is consequently preparing concept legislation in this regard. Nonetheless, the SA Constitution also gives citizens the right of access to public and private information (section 32 of Act No.108 of 1996) and it is not yet clear how conflicts between these two constitutional entitlements (of concealing and revealing) will be resolved.

Tension also exists between decision-making freedom and autonomy on the one hand and regulation or constraint by means of law or IT architecture on the other. In the spirit of Goldberg, Wagner and Brewer (1997) which asserts that regulation in term of the “laws of mathematics” (i.e. information technology) should be pursued in conjunction with the “laws of men” (i.e. legislation), one should consider certain restrictions imposed by information technology architecture on the decision-making freedom, autonomy and privacy of the individual. Lawrence Lessig (1999) warns that in cyberspace the the designers of software and hardware may increasingly resort to the modality of IT architecture because they do not at present consider the modalities of law, norms (and the market) to be effective. This warning seems to have gained added weight from the announcement by Microsoft of its Next-Generation Secure Computing Base (NGSCB), code-named “Longhorn”, a new hardware and software design that enables new kinds of secure computing capabilities for providing “enhanced data protection, privacy and system integrity” (Microsoft Next-Generation Secure Computing Base – Technical FAQ, 2003).

By increasing ethical awareness and ethical behaviour in cyberspace and by introducing and evaluating the relevance and appropriateness of legislation, we contend that such extreme measures as envisaged by Lessig and applied by Microsoft, may not be necessary.


Act No. 25 (2002). The South African Electronic Communications and Transactions Act.

Act No.108 (1996). The South African Constitution.

Gleason, D.H. and Friedman, L. (2003). The social construction of cyberspace, Proceedings of the fifth international conference on Computer Ethics – Philosophical Enquiry, Boston College, Chestnut Hill, MA, pp.41-51.

Goldberg, I., Wagner, D. and Brewer, E. (1997). Privacy-enhancing technologies for the Internet, IEEE COMPCON, (97), 1997, February, accessed on 15/11/2002.

Lessig, L. (1999). Code: and other laws of cyberspace. Basic Books, New York.

Microsoft Next-Generation Secure Computing Base – Technical FAQ (2003). accessed on 20/11/2003.

Spinello, R. A. (2002). Case Studies in Information Technology Ethics. 2nd Edition. Prentice Hall.