In the beginning of April, The Department of Communication and Digital Technologies published the Draft National Data and Cloud Policy. DCDT’s Minister Stella Ndabeni-Abrahams has called for the public to comment on the proposed policy. We take a deeper look at the proposal and some of the issues that surround it.
What’s the new policy all about?
The 40-page Draft National Policy on Data and Cloud aims to provide better, integrated, and competitive information communication technology (ICT) solutions. It has been made applicable to all levels of government and enterprises as well as the private sector and the general public. The rationale behind the policy is for the State to strengthen its capacity to “deliver services to its citizens, ensure informed policy development based on data analytics, as well as promote South Africa’s data sovereignty and the security thereof.”
How do they want to go about doing this?
Government shall attempt to accelerate the “implementation of digital infrastructure strategies and policies” to “ensure connectivity with deployment of access and core network infrastructure.” In other words, South Africa requires the digital infrastructure to make a state-owned enterprise (SOE) for cloud computing and other ICT services possible. This infrastructure shall be established with the consolidation of existing SOEs like SENTECH and Broadband Infraco to create the State Digital Infrastructure Company (SDIC). SDIC’s provision of network connectivity will be supported by having access to the excess capacity of government-funded ICT infrastructures like Eskom, SANRAL, Transnet, PRASA, and SANREN.
To fully realise “South Africa’s data sovereignty” a new data centre would be required and the answer to this is building a High-Performance Computing and Data Processing Centre (HPCDPC) for processing, data facilities, and cloud computing capacity. The HPCDPC will consolidate existing publicly funded data centres and leverage the existing computing capacity and technical capabilities of the CSIR and SITA. SITA will also drive the adoption of digital government services, application, and solutions.
Consider some of the back story.
Some of the ideas, suggestions, and intentions above are by no means novel. The consolidation of SENTECH and Broadband Infraco has been unsuccessfully championed for years. In 2011 it was already postulated that the eventual merger of the two would only be a matter of time despite the controversies looming over both companies. This seems to have now come to pass. In 2019 Minister Ndabeni-Abrahams announced the merger and also stated that “non-broadband state-owned enterprises that self-provide broadband, such as SANRAL, PRASA, Eskom, and Transnet, are prohibited from entering the commercial broadband market so as to avoid the state distorting a well-functioning liberalized market.” While these companies’ broadband capabilities will still not be provided directly to the consumer, their excess will be used by SDIC to service both government and the public with cloud computing capabilities.
The practice of amalgamating state-owned infrastructures to avoid duplication and have a coordinated approach is also not new. It is how SITA came to be after all when the IT resources of the Department of State Expenditure (National Treasury), the Department of Defence, and the SAPS were consolidated to form SITA with a mandate to serve all government’s IT needs and policies. SITA would have the IT knowledge and experience to achieve cost saving through scale, increased delivery capabilities, and enhanced interoperability. SITA became the IT watchdog of government to either provide IT services themselves or manage and supervise contractors while still being dependant on National Treasury to make resources available to SITA and all other departments. The back and forth between these entities continue with the IFMS (Integrated Financial Management System), which provides administrative and financial services to the government, already having secured the IFMS Cloud. This private cloud is hosted by SITA and provides secure data storage to the IFMS. Ageing technology that was not fully integrated and that lead to duplication of functionalities has effectively been streamlined into this replacement system of IFMS that is implemented in National and Provincial Departments. The rationale behind why this is needed is perfectly sound and can apply to most governmental data, yet while these advances are being put into effect many municipalities are left without electricity and have to do their reporting in the local SAPS stations.
Consider some of the reasoning and implications.
Many South African entities handle secret, confidential, and sensitive information and data. These include government information (such as military assets and plans), intellectual property, and consumer information (such as credit card, email, and banking details). Having this data kept within the country, on its own cloud and at in-country datacentres is important. Public, and often free, cloud services, like those provided by Google, Amazon, or Microsoft, cannot guarantee surety that they can provide services in the case of political disputes, embargos, and war should such event occur. Even without that occurring, multinational companies like Facebook and Yahoo have already had major data breaches where personal information of their users had been leaked both intentionally and unintentionally, for example, the Cambridge Analytica scandal. As South Africans, we would be left with very little recourse to hold these companies accountable. Using the clouds of multinational companies means storing the data at their centres, which are in other countries. If South Africa’s data is in a different country it would be subject to the laws of that country. If their laws state that you cannot have encrypted data, as is the case in one of our BRIC members, it would make that data accessible and potentially cause a massive confidentiality breach and security issue. If it is kept in SA, however, it falls under our laws and our data would be protected with policies like the POPI Act and the proposed policy also states that the “processing of metadata and personal information shall comply with privacy provisions as contained in the POPIA and other data protection legislation.”
In addition to safety considerations, this policy is an attempt to have South Africa enter what is known as the Fourth Industrial Revolution (4IR) and its related technologies which the policy says “presents an opportunity to address the social and economic challenges characterizing the South African economy.” New policy frameworks that make use of the economic and social potential of data and cloud computing should be citizen-centric and support already existing government initiatives of universal access and affordable services, i.e. allow for more accessible IT resources for the population at large. Additionally, data is increasingly becoming a commodity as it is transformed into usable knowledge. As government and the private sector generate and store massive amounts of data it partakes in that digital economy. Currently, that data and knowledge mostly lie in the hands of mega technological digital companies. The development of the infrastructure, applications, and services needed to deliver the same capabilities as the larger multinational companies will allow South Africa to become globally competitive within the 4IR. A caveat to that, however, is the fact that economic growth job creation due to an industrial revolution is part of the long play. The revolution brought on by the steam engine, and all other industrial revolutions, initially led to mass job losses as new technologies make the workers redundant. Only as the technology allows for more innovation and expansion does it actually help grow society and the economy at large which is a concern that does not seem to be addressed in the discussion of the 4IR in South Africa.
To be continued…
There are advantages to the implementation of the policy and the establishment of the SDIC. The viability and feasibility of the policy, however, is questionable. Read the follow-up to this blog article as we continue the discussion.