Security vetting in South Africa is broken. The controversy over the State Security Agency’s (SSA) attempts to subject the SABC’s group executive of news and current affairs, Moshoeshoe Monare, to a polygraph test –  reportedly part of a protracted vetting exercise for top-secret security clearance – has put the spotlight on the potential abuse of the system to clamp down on media freedoms. 

This is an unjust attempt to subject a journalist to an invasive test that could be used to deny him security clearance should he fail to show loyalty to the state: one of the requirements for the clearance and one that is likely to collide with his professional obligations as a journalist. But this is only the tip of the iceberg of problems with the broken system that is security vetting. 

The purpose of security vetting is to assess whether people can be trusted with classified information and intelligence if they are appointed to positions that give them access. People who are given access to areas designated as critical infrastructure – or institutions that are so vital to the country that their incapacitation or destruction would threaten public safety – are also required to subject themselves to security vetting. 

The SSA is tasked with conducting this vetting as part of its counterintelligence mandate. Vetting investigations are conducted in terms of the National Strategic Intelligence Act, which states that the security competence of a person may be determined by the SSA if that person is employed by or is an applicant to an organ of state, or if the person is rendering a service that gives them access to classified information or to national key points (now referred to as critical infrastructure).

Once it has conducted a vetting investigation, the SSA is meant to provide a security clearance certificate. The degree of security clearance it provides is in line with the classifications in the Minimum Information Security Standards (MISS). These range from restricted to confidential, secret and top secret. In its investigations the SSA structures may use a polygraph test. 

Vetting problems specific to the SABC

There are problems around vetting that are specific to the SABC, which need to be dealt with. The broadcaster has claimed that group executives are subjected to vetting as a condition of employment and the group executive of news and current affairs is a member of the group executive. But the editorial policy states that this person is also the editor-in-chief. 

The SABC has brought this confusion on itself as civil society has long argued that the group executive of news and current affairs should be designated an editorial post, not a management post. Alternatively, the post should be separated into a more high-level strategic management position for news and current affairs with no editorial role, and an editorial position that should serve as the editor-in-chief. This position would not be part of the executive and therefore not subjected to vetting. 

The SSA has claimed that its “client” requires the vetting to be completed, and this requirement has been triggered by the fact that the SABC has been designated as critical infrastructure. Furthermore, a 2014 Cabinet directive requires senior executives, executives and SEMs to be vetted at all state-owned enterprises, including the SABC. 

The problem is that this is a one-size-fits-all requirement that fails to recognise the special nature of the SABC as a public broadcaster with a need for editorial independence as a condition for media freedom. To the extent that this is so, the SABC and the Presidency are overusing vetting, and involving the SSA too quickly in the broadcaster’s affairs. The danger is that vetting can be used to dismiss journalists who are critical of the government. 

The controversy around Monare shows the dangers of the SSA being placed in the Presidency. It is difficult not to conclude that vetting is being used to probe those journalists the ANC is concerned may report negatively ahead of the national elections, and apparently threaten the re-election of the Ramaphosa presidency. 

SABC, government overusing vetting

Anyone with fears about how vetting can be used for censorship need look no further for confirmation of these fears than the attempts to remove the then inspector-general for intelligence, Setlhomamaru Dintwe, from office, through the revocation of his security clearance. 

It is necessary on media freedom grounds for journalists to be exempt from vetting, since it could be misused to try to reveal their confidential sources of information and intimidate them. 

Polygraph tests are extremely invasive and should be reserved only for protecting the country against the most severe national security threats, where the release of top-secret information or the compromise of critical infrastructure may result in the collapse of the country’s economy or even war. They should not be part of routine employment processes. 

The High Level Review Panel on the State Security Agency had this to say about vetting of SABC employees:

“The SSA appears to have gone ‘over the top’ in terms of the entities whose members it believes should be vetted. One example of this is the South African Broadcasting Corporation (SABC). The Panel struggled to understand why members of a national broadcaster should be security cleared outside of the standard integrity checking steps of normal recruitment processes.” 

Top-level security clearance is the highest level of clearance, reserved for state personnel who must access top-secret information. According to the Minimum Information Security Standards, which sets out the classifications:

“Intelligence/information must be classified TOP SECRET when the compromise thereof:

• Can disrupt the effective execution of information or operational planning and/or plans;
• Can seriously damage operational relations between institutions;
• Can lead to the discontinuation of diplomatic relations between states; and
• Can result in the declaration of war.”

In the case of Monare, it is unclear why he would require such a level of clearance. The SSA and its “client” have not provided reasons. It is also unclear why he is being vetted yet again, so soon after he was vetted in 2022 (particularly given the vetting backlog, and the fact that there are, quite possibly, persons in more sensitive government positions who haven’t been vetted at all). 

Theoretically, the SSA could argue that, due to Monare’s position at the SABC, it must ensure that he is not leaking information about the SABC (such as the architectural details) to a terrorist organisation wishing to sabotage the broadcaster as part of an invasion or coup. Presumably, this would mean that it reasonably suspected Monare of being involved with such a crime. But if that were the case, it would have to hand that over to the South African Police Service (SAPS). It becomes a police matter. Vetting cannot be used to investigate a suspected criminal offence. It cannot be repurposed as a criminal investigation, which is the purview of the SAPS. 

If Monare is being vetted because he is suspected of illegal activity, then such vetting would echo the sentiments of the first version of the current General Intelligence Laws Amendment Bill (now in the final stages of consideration by Parliament). 

The bill called for the vetting of nonprofit organisations and churches; this was ostensibly to adhere to the recommendations of the International Monetary Fund’s Financial Action Task Force, which are aimed at curbing terrorism financing across the globe. The SSA essentially wanted to legalise the use of vetting to investigate potential terrorist-related activities. 

After a backlash from civil society, the provision in the bill relating to nonprofit organisation and church vetting was removed. However, if the bill passes in its current form, persons working at premises considered to be critical infrastructure could still be legally vetted. That would include SABC journalists and its management. 

This is somewhat at odds with the Critical Infrastructure Protection Act, which governs the designation of institutions as critical infrastructure, where vetting is confined mainly to security personnel, since the purpose is to prevent strategic assets from loss, damage or disruption. Logically, the personnel most responsible for doing that are security personnel. 

While the SABC may have been designated as critical infrastructure, if the broadcaster has made vetting a condition of employment, it does not flow from there that employees have to be vetted as a matter of course. It has the discretion to decide which staff will be subjected to vetting and which would be exempt, because the act allows it to do so. 

This is because, according to the amended National Strategic Intelligence Act, vetting is voluntary, not mandatory, as are polygraph tests, which is evident from the use of word “may”. This is likely to be changed by Parliament as it finalises the General Intelligence Laws Amendment Bill, as the latest version of the bill makes vetting for certain employees mandatory. 

The National Strategic Intelligence Act is far too broad and conflates vetting with standard probity tests which are more appropriate for state employees who don’t handle classified information or critical infrastructure. This overbreadth is under discussion in Parliament now and may be addressed somewhat in the bill. 

Bizarrely, though, while employees accessing classified information or critical infrastructure are required to be subjected to vetting, their political principals are not, although the President can decide otherwise. But if a president has corrupt intent, they are unlikely to do so. This gap in vetting requirements creates a double standard, where employees are not held to the same standard as the politicians who oversee their work. 

Problems with security vetting extend beyond the SABC

Problems with the overuse and misuse of security vetting extend far beyond the SABC. The High Level Review Panel found:

“The scope and praxis of the SSA’s vetting mandate is overly broad and that no effective measures have been taken for over 15 years to address the legacy challenges of the backlog of vetting applications.”  

Overvetting seems to be part and parcel of how the SSA operates, leading inevitably to backlogs. The ad-hoc committee on the General Intelligence Laws Amendment Bill heard from the SSA that all successful applicants for positions in the public service could, potentially, be vetted. The vetting process has lost focus. Far from contributing to the fight against crime, this loss of focus is hampering it. 

A related problem is that the national intelligence structures, including the SSA, have a very long history of overclassifying information. For instance, the criteria for information to be considered “top secret” in the MISS are broad. The same is true for all other levels of information classification, which is hardly surprising as the MISS is an apartheid-era cabinet document designed to shield the then regime from criticism. 

The Protection of State Information Bill was meant to replace it, but has languished on two successive presidents’ desks, as civil society campaigned against it for threatening to repeat the sins of MISS of overclassifying information. The new administration must revise the bill and get it passed. 

Then there is the long history of overdesignating state infrastructure as critical infrastructure, shared by the apartheid regime and the democratic government alike. This practice dates from apartheid when the regime designated many state institutions as strategic installations (public critical infrastructure) or national key points (private critical infrastructure) to allow them to operate in secret and to prevent journalists from reporting on them. 

As the Right2Know campaign showed, the number of these institutions grew massively between 2007 and 2017. During the presidency of Jacob Zuma they were used to try to prevent reporting on abuses of state resources, including alleged abuses perpetrated by Zuma himself. 

The architecture of the relatively new Critical Infrastructure Protection Act is still being established, including a council to review designations of critical infrastructure (which promises to bring more transparency to the designation process). It will need to address the legacy problem of overdesignating critical infrastructure and in the process placing many institutions above scrutiny. 

Such overdesignation also creates an anomalous situation where those who don’t need to be vetted are vetted, while those who need to be vetted, aren’t. Fixing the broken system that is security vetting requires the government to address all the above issues. The spotlight on Monare should be used as an opportunity to set out the steps for doing just that. DM  

Jane Duncan is Professor of Digital Society at the University of Glasgow and was a member of the High Level Review Panel on the State Security Agency. She is also a director of Intelwatch, a nonprofit organisation based in South Africa and dedicated to strengthening public oversight of state and private intelligence actors in Africa and around the world. Heidi Swart is the research and journalism coordinator for Intelwatch.