By CIPESA Writer |
In many Sub-Saharan countries, state surveillance, which generally refers to state measures to monitor and supervise activities of the population, has become more pervasive and reliant on various digital technologies. The increasing communication surveillance, which entails the monitoring, interception, collection and retention of information through communication networks, undermines digital technology users’ rights, including to privacy, and often places intermediaries in a position where they fail to comply with the United Nations Guiding Principles on Business and Human Rights (UNGPs).
The right to privacy online is critical due to its intricate connection with, and its being a foundation for the protection and realisation of other rights, including the rights to freedoms of expression, information, assembly, and association. Anonymity while using digital technologies helps mitigate risks of surveillance and interception of private communication as well as retaliation by the state or other parties. The fear of retaliation often forces individuals to withdraw from active participation in political and community affairs.
Also concerning are the strenuous and sometimes unclear demands by states on intermediaries, including to facilitate interception of communication, hand over communication data of their subscribers to state security agencies, and to take down content or shut down the internet. Others have adopted repressive legislation to control the spread of information on social media and to wantonly regulate internet intermediaries by placing undue liability on them for the content posted on their platforms.
This policy brief examines how mandatory obligations on telecommunication intermediaries to facilitate state surveillance undermines their ability to comply with international standards including the UNGPs, and hamper users’ rights. It draws on experiences from around Sub-Saharan Africa to illustrate how service providers are compelled through retrogressive policies and practices, to comply with state surveillance instructions.
This brief provides recommendations for governments, social media platforms, Internet Service Providers (ISPs), and civil society aimed at entrenching progressive principles in the implementation of lawful interception, empowering civil society actors to engage with technology companies to improve their human rights policies and practices, and informing efforts by businesses in awareness raising and advocacy for progressive technology governance.
Why Compelled Service Provider Assistance is Problematic
Compelling service provider assistance is a key contributor to undermining users’ privacy in Africa. The assistance rendered by intermediaries is used to facilitate internet disruptions, access to users’ data with ease, content removals, decryption of users’ encrypted data, and state surveillance.
According to the brief, laws on surveillance and the interception of communications across the continent, including in Benin, Cameroon, Chad, Ivory Coast, Malawi, Mali, Niger, Nigeria, Rwanda, Senegal, Tanzania, Togo, Tunisia, Uganda, Zambia and Zimbabwe mirror each other and require communication service providers to put in place mechanisms, including the installation of software, to facilitate access and interception of communications by state agencies.
Those laws do not provide for sufficient judicial oversight or accountability mechanisms yet they place undue requirements on intermediaries, such as compelling them to facilitate communication interception by state authorities, including in instances where there are no court-issued warrants authorising surveillance.
The brief makes several recommendations, among them:
Develop, review, update and strengthen national laws, policies and practices on state surveillance in order to bring them into compliance with well-established international human rights standards including as elaborated in Principle 41 of the Declaration of Principles on Freedom of Expression and Access to Information in Africa, and the International Principles on the Application of Human Rights to Communications Surveillance (Necessary and Proportionate Principles).
Revise national laws governing state surveillance to ensure that they provide for clear and robust oversight over surveillance including by judicial and legislative bodies.
Implement the actionable steps and meet their obligations with respect to the protection of the right to privacy under the protect, respect and remedy framework in the UN Guiding Principles on Business and Human Rights, including moving towards mandatory human rights due diligence, which could be instrumental in regulation of technologies and the tech sector.
Conduct human rights due diligence to identify, prevent or mitigate risks of compelled service provider assistance and surveillance on the lifecycle of the products and services and their business operations.
Develop rights-respecting policies, responsible business practices and culture in line with international human rights standards such as the UNGPs and the Necessary and Proportionate principles, with a key aspect of such policies focusing on how the companies assess government requests for users’ data and for surveillance support.
Speak out on national laws, policies and directives that place undue obligations and liability on intermediaries and hinder them from fulfilling the UNGPs.
Adopt a multi-stakeholder approach to digital rights advocacy as a critical avenue to promote shared understanding of the human rights risks and impacts of technology and communication surveillance in Africa.
Collaborate with other stakeholders in various African countries to advocate against continued unchecked communication surveillance and to promote the adoption of international human rights standards on privacy and data protection.
Conduct strategic public interest litigation to challenge laws, policies, practices and directives that threaten the right to privacy, such as those on compelled service provider assistance, and obtain remedies for victims of illegal state surveillance.
Conduct research to promote greater understanding of the human rights risks of communication surveillance and the technology business models on the continent.
Review the surveillance, privacy and data protection laws, standards and guidelines and propose domestically-driven policy solutions on how to entrench and domesticate international human rights standards and principles on the right to privacy.