Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  Blog
12Jan

A Section of Uganda’s Computer Misuse Act Outlawed! But, the Greater Part of the Law Remains Thorny

Author CIPESA Posted on

By Juliet Nanfuka |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) welcomes the ruling by Uganda’s Constitutional Court that section 25 of the Computer Misuse Act of 2011, which penalises “offensive communication”, is null and void. This section has severally been used by state authorities to silence dissent, and CIPESA has for long supported efforts to expunge it from the eastern African country’s key internet law.

On January 10, 2023, Uganda’s constitutional court ruled that section 25 of the Computer Misuse Act is inconsistent with the country’s constitution and called for an immediate halt to its enforcement, including for all cases being prosecuted or investigated. The court’s decision could bring to an end the utilisation of this problematic provision that has for a decade been weaponised to silence critics, political opponents and dissidents. The government can appeal the constitutional court’s decision to the Supreme Court within 14 days.

This week’s ruling is the result of a 2016 petition in which the litigants argued that section 25 was vague, violated civil liberties, and contravened constitutional guarantees. 

The law on computer misuse defines offensive communication as the “willful and repeated use of electronic communication to disturb or attempt to disturb the peace, quiet or right of privacy of any person with no purpose of legitimate communication whether or not a conversation ensues.” The offence is punishable by a fine not exceeding USD 130 or imprisonment not exceeding one year, or both. 

However, opponents of the law have argued that this provision is vague, overly broad and ambiguous. Further, they contended that the provision does not give a fair warning regarding what conduct is deemed illegal under the right and freedom of speech and expression pursuant to article 29(1)(a) of Uganda’s constitution.

In this week’s ruling, Justice Kenneth Kakuru, who wrote the lead judgement, stated that he  had determined that the words used under section 25 were “vague, overly broad and ambiguous.” According to the judge, what constitutes an offence is “unpredictable” and this gives the law enforcer the discretion to choose what qualifies as offensive. Justice Kakuru added that the provision “gives law enforcement unfettered discretion to punish unpopular or critical protected expression.” 

Section 25 of the Computer Misuse Act has severally been invoked to issue threats, effect arrests, detention, and prosecution of individuals over their online communications. 

The Computer Misuse Act has been previously used to suppress digital rights including free expression and access to information. For instance, academic and social critic Dr. Stella Nyanzi was arrested for insulting the president in a social media post. In 2019, she was convicted of cyber harassment contrary to section 24 of the Act but acquitted of offensive communications, which is proscribed under section 25. Other individuals who have suffered the wrath of the same law include former presidential aspirant Henry Tumukunde who was arrested over alleged treasonable utterances in radio and television interviews, the Bizonto comedy group who were arrested over alleged offensive and sectarian posts, and author Kakwenza Rukirabashaija who was arrested, detained and prosecuted over offensive communication against the president and his son. (Source: CIPESA Submits Comments on the Computer Misuse (Amendment) Bill, 2022 to Parliament )

Despite this progressive decision by the Constitutional court, the Computer Misuse Act will remain a key impediment to free expression and the enjoyment of digital rights, notably because of amendments made to the law in late 2022. Those amendments ambiguously prohibit the “misuse of social media,” sending or sharing of unsolicited information through a computer, and sending, sharing or transmission of malicious information about or relating to any person. These prohibitions, whose introduction was condemned by wide sections of Ugandan civil society, human rights defenders and some government officials, present a key curtailment of freedom of expression and access to information. 

Promoters of the amendments argued that existing laws did not “specifically address the regulation of information sharing on social media” or were “not adequate to deter the vice”. However, critics argued that efforts should instead have focused on addressing the existing retrogressive provisions in the law, notably those on “cyber harassment” and “offensive communication”. 

Accordingly, CIPESA alongside 13 civil society organisations and individuals filed a petition challenging those amendments. This followed CIPESA’s submission of comments and presentation of concerns before the Parliamentary Committee on Information and Communication Technology ahead of the enactment of the amendments. In those submissions, CIPESA argued that since its enactment, the Computer Misuse Act had been used to suppress digital rights including free expression and access to information and the proposed amendment would present a further blow to online civil liberties.

In its ruling, the constitutional court noted that, “In a democratic and free society, prosecuting people for the content of their communication is a violation of what falls within guarantees of freedom of expression in a democratic society.” The ruling is a step in the right direction in combating wanton limitations to digital rights in Uganda, where a flurry of technology-related laws were enacted in the wake of the 2010 Arab Spring during which users leveraged digital platforms and social media to build movements and mobilise public protests against their autocratic governments.

Besides the Computer Misuse Act, other laws enacted in Uganda during this time include the Regulation of Interception of Communications Act, 2010, the Electronic Signatures Act, 2011, and the Electronic Transactions Act, 2011, all of which variously interfere with digital rights including data privacy, access to information, and freedom of expression.

02Jan

Move Fast and Fix Policy: African Digital Rights Advocacy in an Era of Rapid Policy Change

Author CIPESA Posted on

By CIPESA Staff Writer |

Across Africa, the fast-evolving technology landscape has created pressure to adopt appropriate legislation to keep up with the pace of technological development. However, these efforts are being shackled by numerous challenges, including silo approaches to policy development, limited citizens’ inclusion in policy formulation, failure to harmonise stakeholder positions, ad hoc advocacy efforts by Civil Society Organisations (CSOs), and the failure to leverage the influence of private sector actors.

At the Forum on Internet Freedom in Africa 2022 (FIFAfrica22), digital rights activists and policymakers examined how existing processes and mechanisms that provide input into digital policies can be improved. In a panel session organised by the Centre for International Private Enterprise (CIPE), participants explored experiences and practical tips for policy engagement that upholds democratic values.

A key concern was that, on the one hand, Africa’s digital rights landscape has for years remained unregulated, leading to resistance to efforts to regulate it, and yet the absence of laws creates room for violation of rights online and abuse by state and non-state actors. On the other hand, where laws have been enacted, implementation and enforcement have been weaponised to target critics and dissent, as reflected in the continued infringement of rights online. This creates the need for proactive multi-stakeholder efforts in pushing back against regressive developments.

“While we should be [engaged] at the beginning of the process, we are ignored and when we enact a law, CSOs come to challenge it, yet if they involve us early enough, we would all be in agreement,” said Neema Lugangira, Member of Parliament from Tanzania and Chair of the African Parliamentary Network on Internet Governance (APNIG).

She noted that with a negative attitude towards each other, many parliamentarians question the motives of CSOs in pushing certain agendas and called for a change in approach. “I want to champion issues in which I have been involved. How do we make your agenda my agenda? You can scream whatever you want but you cannot get legislative change without working with Parliament,” said Lugangira. 

Indeed, Boye Adegoke from Paradigm Initiative reiterated that one of the pitfalls of policy advocacy was to adopt the angel/devil relationship approach. He added that many CSOs lack  adequate knowledge and skills to engage in policy processes. In turn, he called for more proactive efforts in tracking parliamentary debates and business related to digital policy and undertaking research to inform policy advocacy. 

Building alliances, including with the local business and the tech community, was also cited as critical to strategic support for policy influence. “When they [business and tech community] speak, they tend to be listened to and governments tend to respect their views,” said Nashilongo Gervasius, a Namibian technology policy researcher and founder of NamTshuwe Media.

Equally emphasised was the need to leverage the power and influence of private sector players  at international level, where the quality of policy negotiations by some African governments remains wanting,  as noted by Ayaan Khalif, the Co-Founder of Digital Shelter, a digital rights group in Somalia. Citing the example of the 15% tax agreement between OECD countries and multinational companies, Ayaan stated that African countries and CSOs must bring the continent’s big market potential to the “negotiating table” in order to tap into the multinationals’ revenue.

Away from negotiations, the need to increase inclusive participation in public policy processes was also stressed. As Khalif stated, “Holistic stakeholder involvement should clearly define those being involved, ensure that they are actually given the opportunity to make meaningful input and outline the issues being addressed”.

Ultimately, context remains paramount given that most countries on the continent are at different levels of democracy and what is possible in one may not be tenable in another. What is important is to understand the policy making ecosystem and respond appropriately. “Policy advocacy is about incremental wins. If you are not invited to the table you can bring your own chair to the table, or you can set up your own table and bring people to it,” concluded Adegoke.

30Dec

Towards Effective Biometrics and Digital Identity Systems in Africa

Author CIPESA Writer Posted on

By Victor Kapiyo |

In many countries across Africa, identity systems have largely been paper-based. It is estimated by the World Bank that at least 500 million people in Sub-Saharan Africa lack proof of legal identification. In order to bridge this gap, several countries have adopted some form of digital identity (ID) system for civil registration, including birth, national IDs, voting purposes, incorporating biometrics such as fingerprint, facial or iris recognition as a form of authentication. Indeed, the systems have gained popularity given their benefits as part of digital transformation journeys to promote accessibility, efficiency, and transparency in service delivery – in health, migration, education, social security, and elections. 

Within the last decade, Lesotho, Mozambique,  Tanzania, Uganda,  Zambia and Zimbabwe have introduced national biometric digital identity cards.  

Lesotho’s national ID has so far covered 85% of the eligible population. Mozambique has a digital ID card with a Unique Citizen Identification Number (NUIC), assigned during birth registration. This national identification number is used on NID cards, health cards, driver’s licenses, and passports. The country also has the National Immigration Service (SENAMI), for its immigration system for travel documents and residence permits; as well as the Electronic System for Civil Registration and Vital Statistics (e-SIRCEV) for civil registration.  Birth certificates are a prerequisite for obtaining NIDs. The NID is valid for five years for individuals below 40 years of age and valid for 10 years for individuals between the ages of 40 and 50 years.

Tanzania introduced its biometric national ID programme in 2013 and started issuing cards in 2016..  As of 2020, at least 22.1 million individuals or 80% of the adult population had been registered for the National Identification Number (NIN). Also, mandatory SIM card registration requires the collection of fingerprint data in addition to official documentation such as national identity cards, birth certificates, driver’s licenses or passports.

Zambia introduced its National Registration Card (NRC), in 2013. The USD 54.8 million Integrated National Registration Information System (INRIS) replaced the paper-based system introduced in 1965 and would issue biometric-based documents such as national registration cards, birth and death certificates, and facilitate voter registration. 

In the early 2000s, the  Zimbabwean government introduced biometric IDs by the then Registrar General, Tobaiwa Mudede, as a formalised transition to reportedly enhance issues of e-governance. Unfortunately, there was very limited publicity and awareness on this transition, as well as transparency about the tendering and procurement processes. In 2018, the government also adopted a biometric system for the registration of voters, and for the registration of civil servants in 2019. 

It is worth noting that these systems, despite their benefits, present risks which were previously not common in paper-based identity systems. Some common risks to digitalised personal data include data breaches, surveillance, misuse of personal information, unwarranted intrusion, and financial harm. These risks may be amplified in the absence of comprehensive policy, legal and institutional frameworks for privacy and data protection. Notably, even where laws exist, if they are weak, fragmented, outdated, poorly enforced, lack strong and independent oversight mechanisms, or fail to provide effective remedies, the risk of harm to the data collected is heightened. 

Also, the use of centralised databases, weak information-sharing safeguards, and the lack of transparency and accountability in the management of identity databases have been documented as loopholes that could inevitably create opportunities for abuse by state and non-state actors with access to the information. 

Furthermore, the incomprehensive implementation of biometric digital ID programmes could entrench digital exclusion and discrimination of vulnerable groups, such as the elderly and refugees, from accessing government services due to lack of a national ID as the case was in Uganda. In Zimbabwe, the country’s Human Rights Commission’s (ZHRC) inquiry into access to documentation revealed that there is often neglect and marginalisation of people living with disabilities and members of minority groups. In Mozambique for example, studies showed that citizens who live in remote areas are more at risk of exclusion than others, as they have to travel further, and possibly a number of times, to complete the registration, and thus, bear higher costs.

Currently, 30 African countries have enacted data protection laws and policies. One of the early adopters of data protection laws is Lesotho, which adopted its Data Protection Act, in 2011. Uganda adopted its Data Protection and Privacy Act in 2019. Zambia and Zimbabwe adopted their Data Protection Acts in 2021, while Tanzania adopted its Personal Data Protection Bill in 2022. However, not all these countries have adopted the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention). So far, only Mozambique and Zambia have signed the Convention and deposited the instruments of ratification. Lesotho, Tanzania, Uganda and Zimbabwe are yet to sign or ratify the convention.

Whereas having data protection laws is critical, African countries should also have in place appropriate policy, regulatory and institutional frameworks for the implementation of their digital identity programmes. Such frameworks are essential for fostering public trust and confidence in the use of digital identity systems, especially in the digital economy. 

However, enactment of the relevant laws and policies (including reviewing the existing ones) is just the first step in harnessing the dividends of biometrics and digital ID systems. States need to ensure that the implementation of digital ID systems meets certain thresholds.

  • Biometrics and digital identity systems should be user-centric, rights-respecting, privacy-respecting by default and by design, and secure throughout their lifecycle. 
  • Developers of such systems should anticipate and recognise potential privacy risks such as data breaches and fraud, and address them within the existing systems and frameworks. In addition, the developers should adopt a distributed and federated approach rather than a centralised approach. 
  • Further, there should be a clear governance framework, with independent oversight, well-defined roles and responsibilities, rules and standards. In addition, the systems should entrench accountability, including compliance with data protection laws and the conduct of data protection impact assessments (DPIAs). 
  • Countries should establish independent and robust oversight data protection bodies to regulate data and privacy protection including biometric data. The bodies should be given a commendable level of autonomy and facilitated sufficiently with the required resources to ensure that they function effectively, independently and with minimal external influence over their mandate.
  • In countries where digital identity systems were implemented prior to the enactment of data protection laws, the existing processes should be reviewed to ensure compliance with data protection laws. Key aspects to be considered include the conduct of DPIAs, review of data-sharing arrangements, compliance with data protection principles on consent, accuracy, purpose limitation, automated data processing, children, lawfulness, fairness and transparency, data minimisation, storage limitation, and security. 
  • In addition, countries should review the emerging best practices in the implementation of digital identity systems, learn from other countries and adopt those suitable for their context. 
  • Countries should build the capacity of government officials responsible for biometric digital ID systems, including data protection bodies, law enforcement, prosecution, regulators, and the Judiciary in effective data protection, with skills and knowledge in key principles of data protection and the rights of data subjects.
  • Programme implementation should proactively plan and ease the accessibility of services by the most vulnerable and marginalised groups – elderly, persons with disabilities, women, those in remote areas. This would include phased implementation of digital ID systems, wide distribution of enrollment centers in disability and poor-friendly environments, as well as cost waivers.  
  • Finally, stakeholder engagement and proactive disclosure of information relating to such programmes should always be integrated into the design and deployment of the programmes. 
13Dec

Comprehensive Approach Needed to Tackle Online Disinformation in Africa and Europe, say Experts

Author CIPESA Posted on

News Update |

“There is no silver bullet to tackle online disinformation” was the conclusion of the Town Hall debate Jointly tackling disinformation while protecting human rights, organised by the African Union — European Union (AU-EU) Digital for Development (D4D) Hub at the Internet Governance Forum 2022.

The session, which took place on 2 December 2022 in a hybrid format, brought together over 60 organisations for an open exchange of ideas, experiences, and lessons on how to address disinformation through a multi-stakeholder and human-centric approach. In particular, the debate focused on how Africa-Europe partnerships can help tackle the issue, in light of the AU-EU D4D Hub’s mandate to foster digital cooperation between both continents.

The panellists explained how fact-checking has grown dramatically in recent years, becoming one of the most common measures to tackle disinformation. Nevertheless, more than effective fact-checking is needed, they warned. Africa-Europe cooperation should adopt a comprehensive approach integrating multiple complementary measures, such as building digital literacy for all (including the most vulnerable), holding those who profit from disinformation accountable, and the involvement of all stakeholders in devising solutions.

Bringing all actors to the table

Simone Toussi, Project Officer for Francophone Africa at the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) highlighted how “disinformation is a multi-faceted phenomenon that directly threatens democracy and human rights and affects all stakeholders in society”.

“Disinformation manifests in many ways, and can be perpetrated by a diversity of actors,” she added.

As such, she argued that countering fake narratives needs both online and offline efforts undertaken in a coordinated manner by governments, intergovernmental organisations, civil society, media, academia, and private sector. “Multi-stakeholder collaboration is crucial to bring together different views and understanding of the roles that each actor plays,” she said.

Toussi presented research findings proving that measures to tackle disinformation can be ineffective or inadequate when they only consider the point of view of a single stakeholder. For example, fact-checking is sometimes challenged by lack of access to information. Media and civil society participation can help ensure that governments treat information as a public good.

Engaging with the private sector… how?

The debate also touched on the essential role that technology companies play in keeping disinformation from spreading. Ongoing efforts by private sector include partnering with civil society and fact-checkers — including through multi-stakeholder collaborations as proposed by Toussi.

Nevertheless, for Odanga Madung, journalist and Mozilla Foundation fellow, such measures are not enough. He argued that one of the major contributing factors to disinformation is that fake or misleading information is algorithmically amplified by big companies.

“Big companies and social media platforms profit from the spread of disinformation. It is part of their business model, which is a very serious problem,” he said.

For Madung, tackling disinformation requires strong regulations to protect users and their rights, addressing big technology companies’ dominance, encouraging competition, fostering new ideas on different business models, and decentralising the Internet.

Planting the seeds of change

Charlotte Carnehl, Operations Director at Lie Detectors, proposed further investments in training teachers and fostering exchanges between journalists and school-age kids: “Countering the corrosive effect of disinformation and polarisation on democracy requires empowering school kids and their teachers to tell facts from fake online.”

She argued that enabling journalists to visit schools to explain how professional journalism works is a win-win situation. It can help journalists to learn about how the younger generation accesses and consumes information, while teachers and children can gain practical skills in identifying fake or misleading information online.

“Everybody needs the skills to assess and critically think about information,” Carnehl said. “Kids are actually a high-risk group for disinformation because they are targeted on channels that can’t be monitored, and they are largely navigating them by themselves without their teachers or even their parents present.”

When questioned on the short-term impact of such measures by a member of the audience, Carnehl acknowledged that it’s a long-term investment, “like planting the seeds of a tree”. However, she argued that there are also some immediate positive effects for children.

Finally, Carnehl called for special attention to be paid to marginalised groups, such as rural populations. Civil society organisations could help ensure that everyone can access reliable information, she said.

This article was first published by the Digital for Development Hub on Dec 13, 2022

28Nov

CIPESA At the 2022 Internet Governance Forum

Author CIPESA Writer Posted on

By CIPESA Writer |

The global internet governance community is set to convene in Addis Ababa, Ethiopia, for the 17th Internet Governance Forum (IGF) from November 28-December 2, 2022. Ethiopia is hosting the IGF 2022 against a backdrop of internet freedom reforms, a recently liberalised telecommunications sector and an ongoing conflict that has seen the Tigray region without internet access for two years. 

The IGF 2022 theme of Resilient Internet for a Shared Sustainable and Common Future, and the five sub-themes which are drawn from the Global Digital Compact (GDC) in the UN Secretary-General’s Our Common Agenda report, resonate with the work of the Collaboration on International ICT Policy for East and Southern Africa (CIPESA).

  • Connecting All People and Safeguarding Human Rights
  • Avoiding Internet Fragmentation
  • Governing Data and Protecting Privacy
  • Enabling Safety, Security and Accountability
  • Addressing Advanced Technologies, including Artificial Intelligence  (AI)

CIPESA will co-convene and participate in various sessions at the IGF 2022 to showcase its work that supports the ambitions of the GDC.

A joint effort by DefendDefenders, Greenhost, Digital Society of Africa, Dig/Sec Initiative, Digital Security Alliance, AccessNow, CChub, Center for Digital Resilience, and CIPESA will run an onsite digital security hub to build the digital resilience of at-risk groups and organisations.

At a session titled “Jointly tackling disinformation and promoting human rights” facilitated by the AU-EU Digital for Development (D4D) Hub, CIPESA will contribute in an open exchange of ideas, experiences and lessons learned on how to address disinformation through a multi-stakeholder and human-centric approach.

Furthermore, CIPESA is among the organisers of the Dynamic Coalition roundtable on Strengthening digital ecosystems through shared principles and the Day 0 event on Shaping global digital governance and measuring meaningful connectivity for all: the ROAM approach, both of which are in support of ongoing efforts by CIPESA and UNESCO to raise awareness about and application of the Internet Universality Indicators across more countries in Africa.

The CIPESA team will also feature on a panel discussion on technology and human rights as part of the Peer Learning Event for National Human Rights Institutions (NHRIs) hosted by Danish Institute for Human Rights.

Further, CIPESA will participate at the Africa member convening of the Association for Progressive Communications (APC) and at a Digital ID Civil Society Summit hosted by the Open Society Foundations, under the auspices of an external digital ID fund and initiative (DIDIF), housed at Rockefeller Philanthropic Advisors.

Follow @cipesaug and #InternetFreedomAfrica

1 17 18 19 20 21 70