The South African Police Service (SAPS) published the final standard operating procedures for the investigation, search, access, or seizure of electronic evidence in terms of the Cybercrimes Act. This is an exciting development because it may trigger the commencement of remaining sections of the Cybercrime Act. In this post we’ll cover a few of the most NB updates.

What do the final Standard Operating Procedures cover?

The final standard operating procedures (SOPs) are 74 pages, which shows a lot of changes have been made from the 47-page draft version. The final version is far more comprehensive and contains new sections. It still has a glossary of terms and an annexure of relevant definitions under the Criminal Procedure Act and the Cybercrimes Act. The SOPs commence with an extensive list of relevant sections and chapters of the Cybercrimes Act.

Who does it apply to?

In the final version, paragraph 2 declares that the South African Police Service or any other authorised person or agency under the provisions of any other law will observe these standard operating procedures.

Scope and application

Paragraph 2 also sets out the scope, and has expanded this list in the final version:

  • The SOPs apply to investigating offences under Chapters 2 and 4 of the Cybercrimes Act, including cyber-related offences.
  • Section 25 of the Cybercrimes Act allows for investigators to aid police in searches or seizures, subject to SOP compliance.
  • The SOPs ensure lawful acquisition of evidence from cyber sources, respecting privacy and fair trial rights.
  • They also promote obtaining consent from victims and witnesses.
  • Additionally, they facilitate electronic evidence exchange locally and internationally.
  • Processing personal information under Chapter 4 of the Cybercrimes Act must adhere to POPIA principles.
  • Third-party assistance in cyber article searches makes them operators under the SOPs.

Principles for the search, access or seizure of a cyber article for purposes of conducting an investigation

The previous version of the SOPs contained five principles. The final version contains seven principles that align with international best practices:

1. Conducting activities with due regard to an individual’s fundamental rights, including the right to a fair trial

All activities related to the search, access, or seizure of a cyber article must uphold individuals’ fundamental rights, including the right to a fair trial. Any infringement of these rights should only be justified within the bounds of South African legislation. The investigation and prosecution team bears the responsibility of gathering, preserving, and presenting evidence to the court while prioritising the right to a fair trial.

2. Maintaining the integrity, reliability and authenticity of a cyber article

In all cyber article-related activities, the primary objective is to preserve the integrity, reliability, and authenticity of the evidence for admissibility in court. Actions, processes, and procedures must align with South African legislation and case law. Adequate security measures should be in place to safeguard personal information processed during these activities, adhering to Chapter 4 of the CCA.

3. Proportionate and necessary for purpose of conducting an investigation

Any investigation, search, access, or seizure of a cyber article should be proportionate to the scope of the criminal investigation, aiming to gather relevant evidence. Authorities may employ various methods, including search warrants or arrests. Obtaining consent is generally preferred when dealing with cooperative witnesses or innocent third parties.

4. Legality

The police official leading an investigation must ensure adherence to the law, evidential safeguards, and forensic and procedural principles. Legality is crucial for the admissibility of evidence in judicial proceedings. Evidence obtained in violation of the Bill of Rights is excluded if its admission would render the trial unfair or be detrimental to the administration of justice.

5. Adequate, relevant and not excessive for the purpose for which it was searched, accessed or seized

Police officials and investigators must conduct searches, accesses, or seizures of cyber articles within the specified limits of search warrants, consents, or relevant provisions of the CCA. When obtaining evidence, consideration should be given to less intrusive methods that maintain the integrity, reliability, and authenticity of the cyber article.

6. Audit trail

A comprehensive record of all actions taken during the handling of a cyber article should be created and preserved for future auditing. An independent third party should have the capability to repeat these actions and achieve the same results, ensuring transparency and accountability.

7. Secure appropriate advice and support

When anticipating the discovery of a cyber article during an operation, police officials conducting the search should seek assistance from the Designated Point of Contact or enlist the support of an investigator as defined in the CCA. This ensures a more informed and effective approach to handling cyber-related evidence.

Guidelines for the Investigation, Search, Access or Seizure of a Cyber Article

The ‘general guidelines’ section in the draft SOPs is now ‘Guidelines for the Investigation, Search, Access or Seizure of a Cyber Article’ in paragraph 7.

The final SOPs have dropped the word ‘general’ to divide the content into different sections. What was previously paragraph 3 is now divided into guidelines (paragraph 7), execution of search, access or seizure of a cyber articles (chapter 8) and seizure phase (paragraph 9).

Offences

Now in paragraph 21, the final SOPs expand the list of offences in the Cybercrimes Act that relate to the investigation, search, access or seizure of a cyber article:

  • Failure to assist during a search is a criminal offence.
  • Obstructing or hindering police officials during duty is punishable.
  • Police must audibly demand entry before searching premises.
  • Acting contrary to search warrants or consent is an offence.
  • Unauthorised access or seizure of data/computer systems is illegal.
  • Failure to destroy necessary information is an offence.
  • Giving false information under oath is punishable.
  • Unauthorised disclosure of obtained information is an offence.
  • Failure to comply with data preservation orders is illegal.
  • Failure to provide data to designated authorities is a criminal offence.
  • Making false statements in affidavits is punishable.

The SAPS Designated Point of Contact

The final SOPs discuss this in paragraph 22. Chapter 6 of the Cybercrimes Act now reads ‘once in operation, the Cybercrimes will provide for the creation of a Designated Point of Contact (DPoC) within SAPS structures.’

Previously, the draft wording was confusing because the Department of Justice has not yet proclaimed the commencement date for Chapter 6.

Actions you can take

If you are interested in finding out more about the standard operating procedures, you can: