SA digital forensics, open-source intelligence skills lacking in fight against corruption

By Miché Roberts 8 March 2021

Significant specialised skills and resource deficits in South Africa’s law enforcement bodies could make it difficult for using social media and open-source intelligence as investigative tools. (Photo: Dado Ruvić/Reuters/the guardian/Wikipedia) Over the period, since March 2020, content published on Twitter, WhatsApp and Facebook have been submitted as complaints the most. (Photo: Dado Ruvić/Reuters/the guardian/Wikipedia)

Open-source investigation techniques could give a much-needed boost to South Africa’s poor record of prosecuting high-profile cases. 

Miché Roberts

First published by ISS Today

In 2020 South Africans called for a year of ‘orange overalls’ in the hope that those accused of grand corruption such as state capture and Steinhoff accounting fraud would be wearing prison attire after being prosecuted. Disappointingly, this has not happened. 

State capture is alleged to have resulted in around R500-billion of public money being stolen during Jacob Zuma’s nine years as president, ending in 2018. The Steinhoff saga reportedly involved over R100-billion in fraudulent and irregular transactions between 2009 and 2016. 

For law enforcement in South Africa, it may be worth giving more attention to social media and open-source intelligence. This refers to publicly available information typically on the internet used to investigate commercial and financial crimes. 

The United Nations’ Berkeley Protocol on Digital Open Source Investigations sets an international standard for the use of public information in criminal investigations. According to the protocol, “open-source information can provide leads, support intelligence outputs and serve as direct evidence in courts of law.”

The use of such methods by South Africa’s police and prosecutors could be a game-changing instrument in investigating and prosecuting high-profile corruption cases. Grand corruption usually consists of a complex set of crimes that take place over several years and involve multiple participants and jurisdictions. Typically, much in the way of stolen funds are moved illicitly across national borders, sometimes to countries seen as tax havens. 

To effectively adjudicate complex transnational cases, criminal justice officials need a wide range of skills and tactics. They’re required to navigate the challenges of international cooperation instruments, track financial flows that have been hidden to launder stolen funds across a range of jurisdictions and map the networks of people and institutions involved. These challenges can be mitigated by using social media and open-source intelligence, since this information transcends sovereign borders. 

But significant specialised skills and resource deficits in South Africa’s law enforcement bodies could make it difficult for these techniques to be absorbed as an investigative tool. For instance, in 2019/20 the National Prosecuting Authority’s (NPA) Asset Forfeiture Unit received forfeiture and confiscation orders valued at R455-million – only 18% of its annual R2.5-billion target. The unit’s head Advocate Ouma Rabaji-Rasethaba attributes the poor asset recovery rate to a lack of specialised investigating staff and resources. 

The Directorate of Priority Crime Investigation (the Hawks) has been using open-source and social media for commercial crimes cases since 2009. Open-source investigation as a discipline came from the need to examine increasing banking and unauthorised financial transaction crimes. 

Nevertheless, like the Asset Forfeiture Unit, digital forensics skills – especially open-source intelligence – is severely lacking in the Hawks. There is currently only one specialist who uses this approach to investigate commercial crimes referred to the digital forensics section. 

Various skill sets are needed to trace illicit money flows and link them to particular individuals who are responsible for corruption, according to Gareth Newham, Head of the Justice and Violence Prevention programme at the Institute for Security Studies (ISS). The open-source intelligence discipline requires skills in networks, ethical hacking and coding. Specialists must be able to extract evidence and track and trace information from open sources. 

If these techniques are adopted as a practice in South Africa, extensive training will be needed for the NPA and Hawks. The threat of budget cuts facing both organisations, however, will impede their ability to provide existing staff with these tools. 

The successful investigation and prosecution of complex crimes and the recovery of its proceeds also require strong cooperation between law enforcement agencies. “Police detectives will typically need to work closely with forensic accountants, cyber and information technology experts to gather evidence … These different areas of expertise reside in different agencies and organisations,” says Newham.

Several multidisciplinary units exist to uncover and prosecute grand corruption and financial crimes in South Africa. Among these is the Investigative Directorate – a temporary unit set up in the NPA in 2019. In 2019/20 it reported having 70 case dockets, 18 prosecutors and 58 financial and criminal investigators. 

Despite the fairly positive docket-to-prosecutor ratio, the country hasn’t seen a successful conviction of high-profile corruption since the directorate’s establishment. There is no indication that it uses tools to extract evidence from open sources, which makes considering the adoption of social media and open-source intelligence methods a worthwhile option. 

South Africa should look to global good practices in this regard. For instance, in 2011 the United Kingdom (UK) considered for the first time how evidence gathered using social media investigation could be used successfully in fraud cases. 

In the case of Locke v Stuart and AXA Corporate Solutions, the UK High Court reviewed evidence gathered from social media illustrating how an insurance company was defrauded of £40,000 due to fake insurance claims made by 28 account holders. The plaintiffs produced three large files of Facebook evidence that linked suspects to sham road traffic claims between 2006 and 2007. 

South Africans are growing increasingly impatient at the lack of high-profile corruption convictions. Capacity and funding to hire specialised staff are limited and unlikely to improve in the medium term. South Africa must consider new, internationally recognised methods to investigate financial crimes in order to turn the tide on grand corruption. DM

Miché Roberts, Research Officer, Justice and Violence Prevention, ISS


Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or sign in if you are already an Insider.

Everybody has an opinion but not everyone has the knowledge and the experience to contribute meaningfully to a discussion. That’s what we want from our members. Help us learn with your expertise and insights on articles that we publish. We encourage different, respectful viewpoints to further our understanding of the world. View our comments policy here.

No Comments, yet


Beating the counter-revolutionaries: South Africa’s people are the ultimate defenders of democracy

By Joel Netshitenzhe