Read more in Daily Maverick: “Tracked, Part One: With its hamstrung surveillance capabilities, SAPS is no match for criminals”

South Africa has earned a spot as a top destination for organised criminals. In the world of trafficking guns, drugs, minerals, poached wildlife and human beings, SA ranked 19th out of 193 United Nations member states. That’s according to a recently published two-year study from the Global Initiative Against Transnational Organized Crime.

Part of the reason for criminals’ free rein, intelligence insiders who spoke to Daily Maverick and were granted anonymity to discuss sensitive matters, is that the South African Police Service (SAPS) and its Crime Intelligence Division (CI) are largely deprived of a crucial tool when tackling complex, well-organised syndicates: electronic communications surveillance. WhatsApp calls and texts, emails, Skype, and even just tracking suspects’ movements in the field are out of law enforcement’s reach.

What’s up, WhatsApp?

A long-standing headache for SAPS and CI is their inability to decrypt and read data messaging, particularly end-to-end encrypted messaging services like WhatsApp, Signal and Telegram.

Encryption, simply put, is a way to protect the content of a message. Roughly speaking, software is applied to scramble the message before it is transmitted, and again decipher it after it arrives at the receiver’s smartphone or computer. It’s crucial to privacy and cybersecurity, but it hamstrings an ill-equipped SAPS.

In a 2021 report to Parliament, the judge appointed to watch over South Africa’s interception laws warned of the desperate spy technology shortcomings SAPS faces. The judge (also known as the Rica judge) is responsible for granting SA’s intelligence services warrants to allow interception of mobile phone communications and internet traffic. She does this in terms of Rica — the Regulation of Interception of Communications and Provision of Communication-Related Information Act.

Several issues were brought to the Rica judge’s attention by SAPS Crime Intelligence, most related to what’s known as the Office of Interception Centres (OIC) — the national interception hub that falls under the auspices of the State Security Agency (SSA), SA’s main spy organisation. There are various satellite interception offices throughout the country and all are connected to the OIC.

Once the Rica judge grants an interception order to intelligence services, they serve that order on service providers (a mobile operator or an internet provider, for example). The provider then transmits a digital copy — and this can be in real time — of those communications to the OIC. Here, intelligence services can listen in, or read emails or messages. Theoretically.

In reality, SAPS CI told the Rica judge in March 2021 that the OIC system was “outdated” and regularly collapsed, “resulting in the loss of interception communications products.” To boot, the OIC can only intercept voice and SMS data. That was fine in the early 2000s when there was nothing else around, but things changed with the onset of 3G mobile technology and the resultant dominance of smartphones and platforms like WhatsApp, Zoom, emails and social media platforms like Facebook, Twitter and Instagram.

These newer forms of data communications can be intercepted, but intelligence services cannot decrypt them. It’s not getting better.

An old problem

Says one source with ties to SAPS crime intelligence: “Encryption is a problem for everybody. Mobile providers can send data packets to the police, who attempt to decrypt it.”

But, explains the source, after this step, service providers have no further obligation to assist. By law, once they receive a court order, service providers are compelled to send a copy of a surveillance target’s communications to intelligence services. But that is where their responsibility ends.

SAPS are the ones legally responsible for decrypting that data — something they have been experiencing issues with for a number of years. Already back in 2015, a source within a major mobile service provider (with extensive knowledge of the providers’ working relations with intelligence services) told Daily Maverick that SAPS simply couldn’t decrypt data communications.

Said the source: “…if subscriber A calls subscriber B, (and) they have encryption software on their phones, we will give it to them (SAPS) the way we read it. They must decrypt it. They are very unhappy with that. For example, BlackBerry Messenger and WhatsApp — those are all encrypted. BBM was not allowed in Iran or China…. they cannot read it. They cannot decrypt it.”

A mobile network technician explained that not much has changed since seven years ago: “The guys in the company just activate the interception process. They’ve got very little information about the actual data being sent to the OIC. The problem is they (the OIC) cannot decrypt it. I’ve looked for WhatsApp decryption software. I haven’t found it. It’s end-to-end encrypted and I have to admit, it’s really well done. They (law enforcement) usually go and speak to the people behind WhatsApp — Facebook. They can decrypt it and give it to you.”

To get Meta (formerly Facebook) to hand over the goods, SAPS must make use of a Mutual Legal Assistance Treaty — a formal agreement between South Africa and the United States to assist each other in criminal investigations. However, there is a lengthy bureaucratic process attached to this, especially with a giant like Meta.

Explains the mobile network technician: “If you look at the Oscar (Pistorius) case: it took long… the process of convincing them (Meta) that we need to get these messages.” The source says that a treaty between governments isn’t much help when it comes to corporates: “WhatsApp and Facebook…their terms and conditions are written so well, you actually have to kiss their asses.”

Outdated

Apart from the OIC, there’s another tool police could use to intercept communications. Known as a “grabber”, this portable device looks like an oversized laptop with a small antenna stuffed into a pelican case. It acts as a false cellphone tower, and the surveillance target’s phone connects to it without their knowledge. The grabber then extracts information from the cellphone that allows police to identify the target. Grabbers are also useful when tracking a suspect on the move, and advanced grabbers can intercept voice calls and data traffic.

But, although SAPS recently acquired new grabbers, they’ve never been in use. In June last year, News24 reported on an internal memo from SAPS Crime Intelligence that revealed the dire state of grabber technology in the police. SAPS reportedly paid R102-million for 13 grabbers (costing R5.5-million each). However, upon receiving the devices in March 2020, SAPS locked them away in at their Technology Support Unit in Silverton in Pretoria. The reason? A glitch with the procurement process.

Importing grabbers is not straightforward. It’s an opaque process that lends itself to corruption while at the same time creating a lot of red tape. “It’s not just, I want this thing and I’m buying it,” explains a source with detailed knowledge of SAPS CI procurement processes. Within Rica, grabbers fall under a special category of interception gear known as “listed equipment”. One can only purchase listed equipment if you have a certificate of exemption issued by the Justice Minister. But when the grabbers arrived in Silverton in March 2020, SAPS still didn’t have such a certificate.

Three independent sources with ties to SAPS Crime Intelligence confirmed to Daily Maverick that SAPS still doesn’t have access to the new grabbers. According to the sources with detailed knowledge of SAPS CI procurement processes, the newer units stored at Silverton are already outdated: “The equipment can’t handle 5G.”

And SAPS could use some updated devices. Back in 2020 the internal Crime Intelligence memo reportedly stated that SAPS had three “outdated” grabbers that could only intercept 3G communications, meaning the increasingly dominant 4G and 5G communications couldn’t be intercepted. The memo said that six units were “beyond repair.”

To date, things haven’t improved. When asked about the state of grabbers SAPS can use now, a second source laughed: “They have five units. One works. Four are broken.”

In plain sight

It’s not only encrypted communications that are out of SAPS’s reach. Even monitoring information in plain sight is beyond their capabilities. Police don’t have the software to monitor social media for potential leads in crimes. That’s because the tender SAPS put out to procure this type of software, although awarded, has now been stalled for months. The tender first went out in March 2020.

Social media monitoring software is used by government and private intelligence agencies worldwide. There are several software products that can be employed to aggregate and analyse publicly available information from social media platforms, blogs and news reports. Such an analysis renders a profile of a suspect and their connections. It can also be used to physically track persons of interest, or monitor public sentiment and conversations about potential criminal conduct, or even violent uprisings such as the July 2021 riots that rocked SA. The software can also assist police in tracking down people who originally made posts that comprise hate speech or served to instigate violence.

Despite these tools being available without any special legal requirement for their purchase, SAPS Crime Intelligence doesn’t use them. The private sector can also perform the service, but, said one provider in the security field: “They’re not interested. They don’t understand this stuff.”

It may be publicly available information, but turning social media posts into useful intelligence is another ballgame, and paying a private provider to do it because you lack the equipment and know-how isn’t free. Says a second private provider with detailed knowledge of social media monitoring: “It (social media monitoring) is ongoing. You have to monitor, then analyse, then report. You search with keywords and look for certain groups and persons. You analyse the links between them, how they fit together. Where are people posting from, what’s the sentiment? SAPS would have the money for it if they didn’t spend it on shit like travel and entertainment…The old bucket with a hole story.”

The result: police minister Bheki Cele admitted that, during the 2021 riots, police couldn’t locate suspects who instigated violence online: “…you had people who were calling for the heads of the President and ministers and you can’t trace those things,” said Cele.

No political will

Despite the country’s high crime rates and major national security issues, its surveillance capabilities continue to decline. There are a number of reasons for this, but a major contributing factor, sources say, is political infighting stretching all the way from the ANC factions down to operational staff of police crime intelligence and the State Security Agency. Politicians fear that they will be spied upon with functioning equipment.

A source in the private security sector with ties to state intelligence services says political infighting is directly related to weakening state surveillance capabilities. “You’re sitting with all these political players, fighting against each other. One’s in State Security, one’s in Crime Intelligence… they’re screwing each other over, left right and centre. The ANC ministers know that this equipment will be used to spy on them.”

A source with close links to SAPS concurs: “That’s exactly what happens. They’ll use it to spy on each other for political reasons. They don’t use it to stop crime.” DM

• SAPS did not answer Daily Maverick’s questions. Spokesperson Colonel Athlenda Mathe said that the police “don’t comment on Crime Intelligence related matters in the public domain.” 
• Neither the ANC nor the State Security Agency responded to requests for comment.

Heidi Swart is a journalist who reports on surveillance and data privacy. This report was commissioned by the Media Policy and Democracy Project, an initiative of the University of Johannesburg’s Department of Journalism, Film and TV and Unisa’s Department of Communication Science.