Menu Close

Leaked emails: Ramaphosa’s hypocrisy on spying by the South African state

South African Deputy President Cyril Ramaphosa claims the country’s security agencies hacked his emails. GCIS

In the run up to the election of the next president of South Africa’s governing ANC in December, unknown entities are clearly working hard to discredit candidates who have spoken out against state capture.

The latest dirty tricks have targeted Deputy President Cyril Ramaphosa, who recently condemned the capture of the South African state, allegedly by business interests linked to President Jacob Zuma. Someone has leaked Ramaphosa’s emails from his private Gmail accounts, suggesting that he was having multiple affairs, despite being married.

Ramaphosa has claimed that the fingerprints of the state intelligence services are all over the leaks. He has also located the smear attempt within

…a broader campaign that has targeted several political leaders‚ trade unionists‚ journalists and civil society activists.

How much credibility do his claims have? Those responsible could be private actors with no links to the spy agencies. But, no one should be surprised if his allegations of state spying turn out to be correct.

After all, in 2005, state spy agencies were abused in the bruising succession battle between then President Thabo Mbeki and his rival for the ANC presidency, Jacob Zuma. That behaviour seems to have been sustained.

There are systemic weaknesses in how the state intelligence services are regulated that predispose them to abuse. As a senior member of government, Ramaphosa must take political responsibility for keeping silent about these problems until now.

Eavesdropping in South Africa

It’s quite possible that Ramaphosa’s Gmail accounts were hacked. An intrusive piece of hacking software like Finfisher could do the trick. Finfisher is a weapons grade intrusion tool sold exclusively to governments. It is particularly useful for monitoring security conscious and mobile targets who make extensive use of encryption.

The tool allows its operator to take control of a target’s computer as soon as it is connected to the internet. Once the operator does so, it can turn on web cameras and microphones for surveillance purposes, and exfiltrate -withdraw- data from the target’s computer, such as emails.

By 2014, South Africa was the third largest named user of Finfisher, after Slovakia and Estonia.

In 2015, the University of Toronto’s Citizenlab detected a Finfisher command-and-control server in South Africa. The discovery strongly suggested that the South African government continued to be a Finfisher user.

Leaked emails from Finfisher’s competitor, the Italian-based Hacking Team, also provided evidence that South African government departments were in the market for hacking tools. And South Africa has a reputation in international intelligence circles for targeting individuals (like journalists, activists and academics) through hacking, rather than engaging in mass surveillance of the kind practised by the US and the UK. Tools like Finfisher come in handy.

Safeguards against abuse

In spite of their invasiveness, hacking tools are under regulated in South Africa.

There are two communication interception centres in the State Security Agency that the general public knows about. The first is the Office for Interception Centres, which handles targeted interceptions approved by a special judge. It is inwardly focused, and provides services to national crime fighting agencies.


The second is the National Communications Centres, which monitors the electronic communication. This centre is externally focused. It collects foreign signals intelligence.

While the Office for Interception Centres is established in terms of the Regulation of Interception of Communications and Provision of Communication Related Information Act (Rica), the National Communications Centres has no explicit founding legislation, and no known rules that govern its activities. This is why the current court challenge is significant.

In 2008, the European Court of Human Rights identified six safeguards for strategic intelligence gathering, to limit the potential for abuses.

It says the law needs to:

  • Spell out the nature of the offences which may give rise to an interception order.
  • Provide a definition of the categories of people liable to have their telephones tapped.
  • Limit on the duration of tapping.
  • Set out the procedure to be followed for examining, using and storing the data obtained
  • List precautions to be taken when communicating the data to other parties.
  • Spell out the circumstances in which recordings may or must be erased or the tapes destroyed.

South Africa’s laws fail these tests dismally.

There are also no known rules governing the State Security Agency’s use of selectors - the search terms used to process raw communications data - for analysing mass communication. This could lead to abuse.

Spying on political dissent

The problem of under regulation does not end with the National Communications Centre. As the country’s civilian intelligence agency, the State Security Agency is meant to develop high level strategic intelligence to inform the Cabinet in deciding on the nation’s most urgent national intelligence priorities.

But, a State Security Agency organogram leaked to Al Jazeera points to the existence of an operational entity in the domestic intelligence section called the Special Operations Unit. Little is known about its exact mandate.

The Sunday newspaper, City Press has linked this unit to a number of dirty tricks. These include smearing top civil servants, and forming a rival trade union to the Association for Mineworkers and Construction Union in the platinum belt, as well as spying.

And, a recent investigation by Privacy International exposed a revolving door between the intelligence agencies, the mining industry, and private security companies in the communications surveillance sector. In other words, not only are the state spy agencies underregulated; private sector ones are too.

So the available evidence points to the State Security Agency’s political and economic intelligence focus being used to legitimise government spying on perceived political critics, and protect the exploitative business practices of mining companies.

Ramaphosa double standards

In 2013, Parliament narrowed the definition of what constitutes a national security threat to exclude legitimate political activities. Be that as it may, it has not done enough to address the weaknesses that created space for the 2005 spying abuses to occur.

Complaints from journalists and activists about illegitimate spying by the state have been piling up for several years. As the Deputy President, Ramaphosa would have been aware of these complaints. Yet, as a shareholder and non-executive director of Lonmin, Ramaphosa would have benefited from the spy agencies’ interference in labour struggles in the platinum belt.

He has not spoken out about the under regulation of the spy agencies until now. Ramaphosa must take political responsibility for the utter mess that grips the state spy agencies.

Undoubtedly, spying on political elites threatens democracy, but it is self-serving of Ramaphosa to complain only when he himself becomes the target. Political leaders who are vying for the highest office in the land really need to be more principled.

The author is completing a book manuscript entitled ‘Stopping the spies: constructing and resisting the surveillance state in South Africa’ (forthcoming with Wits University Press in 2018).

Want to write?

Write an article and join a growing community of more than 183,800 academics and researchers from 4,959 institutions.

Register now