Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  Blog
03Oct

Emerging Challenges and Data-driven Solutions for a Connected Future at FIFAfrica18

Author admin Posted on

By Netblocks’ Writer |

At the 2018 Forum for Internet Freedom in Africa in Accra, Ghana, NetBlocks is demonstrating new tools and methodologies to defend human rights, empowering local communities and creating a space for open and progressive policies for internet access and telecommunications.

In a joint panel on data-driven advocacy on Friday, NetBlocks along with partners Access NowCIPESA, the GNI and ISF, soft-launched the Cost of Shutdown Tool, an initiative supported by the Internet Society which enables participants to calculate the economic cost of internet shutdowns, network disruptions and platform blocking in sub-Saharan Africa. Economic arguments have proven to be an effective means to bolster the case for human rights online with a view to development and prosperity, a trend which is being recognised and made accessible to internet freedom campaigners by way of the new initiative.

The panel explored how communities have been adopting new tools and developing new workflows as part of the KeepItOn initiative to support internet freedom across the continent, documenting recent incidents of network disruptions during elections in Mali and in Chad, as well as collecting bodies of technical evidence around disruptions in Ethiopia and Cameroon at critical moments for democracy and society.

Thursday saw the launch of the latest edition of The Internet Measurement Handbook, which provides civil society organisations and human rights defenders with practical technical and policy advice on managing internet disruptions, with a copy provided to each FIFAfrica participant.

NetBlocks director Alp Toker and advocacy manager Hannah Machlin demonstrated new internet freedom measurement techniques which present a more accurate, live view of emerging network incidents. Demonstrations and workshops provided a hands-on introduction to real-time internet freedom monitoring, web probes and internet-scale visualisation, which are now being adopted across the continent and globally as part of the internet observatory project.

Working with other civil society groups, the team explored issues around internet governance, internet protocols and their impact on human rights, free expression and trade, producing a series of new alliances and partnerships to strengthen digital rights and protect the integrity of elections regionally and worldwide.

Connecting data and human rights

Sessions over the course of three days have helped build a bridge between technical work to track restrictions on free expression online, connecting the personal experiences of victims of human rights violations with policy makers, governments and ICT industry stakeholders.

About FIFAfrica

Organised by the Collaboration for International ICT Policy in East and Southern Africa (CIPESA) in partnership with the Media Foundation West Africa (MFWA) the 2018 edition of the Forum on Internet Freedom in Africa  takes place on 26-28 September 2018 in Accra, Ghana.

The Forum is a landmark event that convenes various stakeholders from the internet governance and online rights arenas in Africa and beyond to deliberate on gaps, concerns and opportunities for advancing privacy, access to information, free expression, non-discrimination and the free flow of information online on the continent.

With strategic linkages to other internet freedom forums and support for the development of substantive inputs to inform the conversations on human rights online happening at national level, at the African Union and the African Commission on Human and People’s Rights (ACHPR), the African Internet Governance Forum (IGF), subregional IGFs, the global IGF, Stockholm Internet Forum (SIF), the Internet Freedom Festival (IFF), the Internet Freedom Forum (Nigeria) and RightsCon, among others, FIFAfrica provides a pan-African space where discussion from these other events can be consolidated at continent-wide level, drawing a large multistakeholder audience of actors.

09Aug

Unmasking Digital Security Threats facing Human Rights Defenders in Uganda and Tanzania

Author admin Posted on

By Lillian Nalwoga |

Technology presents various challenges to the protection of human rights such as the lack of adequate avenues to verify authenticity of information shared, violation of the right to privacy, respect to copyright issues and the right to anonymity among others.  With a shrinking civic space in Uganda and Tanzania, Human Rights Defenders (HRDs) need to be more vigilant in securing their digital environments.

In both countries, government has increased clampdown on human rights organisation – including intimidation and arrests of HRDs, closure of their offices and harassment of social media users.  Despite moderate digital security threat perception rating, the occurrence of malicious attacks at both organisational and personal levels are still present among many HRDs in both countries from state and non-state actors. For Uganda, past reports have also indicated authorities in Uganda intensifying their efforts to obtain spyware and surveillance equipment.  While in Tanzania, government’s growing appetite for stifling citizens’ digital rights has been on the rise with the most recent issuance of regressive online content regulations being another blow to the already declining internet freedom in the country.

These deductions require an awareness of the digital security threats faced by HRDs, a clear understanding and implementation of internet freedom legalisation affecting their works and different digital security tools that they can use to protect their online privacy.

The Collaboration for International ICT Policy in East and Southern Africa (CIPESA) in partnership with Kampala based tech hub, Outbox and Sahara Ventures in Tanzania between November and December 2017, hosted a series of digital clinics, where HRDs and technologists shared insights on various forms of digital security threats and how to collaboratively develop effective digital security strategies in advancing digital rights protection in Uganda and Tanzania.

The digital security clinics provided an opportunity for techies and HRDs to explore and discuss digital security challenges as well as the need to promote Internet freedom in both countries. Additionally, the clinics exposed participants to digital safety tools and practices; legal and regulatory frameworks and knowledge on how to apply them in their day-to-day activities.

At the Uganda workshop, Immaculate Nabwire, a digital security trainer with Defend Defenders spoke inextricable link between digital security and human rights noting that the lack of digital security exposes valuable work and vulnerable communities to immense risk.

Participants explored some of the risks which lurk online including the various forms of digital attacks such as malware attacks, ransomware attackspassword attacks, phishing, Denial Of Service (DoS) alongside the extent of control one has over information that is shared online particularly – including in perceived closed spaces such as Facebook and Whatsapp groups.

To address these security gaps, some of the tactics and tools shared in both countries included the use of password managers through to basic methods such as the regular changing of passwords; use of –anonymity and circumvention tools such as Tor Browser; DuckDuckGo Search Engine and Opera Free VPN); Malware Protection tools; data encryption tools, among others.

In Tanzania, participants also analysed open source encryption tools – Mailvelope , Signal, and Martus for their strengths and weaknesses in use by HRDs. Elements tested included: –  User Experience and UX Design (ease of installation, internet speeds, literacy levels, language); Penetration Testing and Security Breach (level of confidentiality in securing user communication) and Localization (compatibility with other interfaces).  A similar exercise was conducted in Uganda, in 2015 were 5 digital security tools where tested. Whereas the 2015 exercise identified “lack of an attachment encryption function” for Mailvepe tool and “no option for retrieving a lost encryption key” for Martus, this was not the case for Tanzania developers.

Tool test findings in Tanzania

Tool Strength Limitation
Martus  ·         Easy to install even for people with low digital security skills –·         Provides a high confidence to use as no known security breaches have been documented·         Compatible for all operation systems (OS)
·         Can be used as a desktop application
 		 Only operates with an internet connection and is affected by slow internet speed
Signal  ·         Easy to install·         It can be used as a desktop or mobile application.·         Can be used as a message app (does not require internet connection) or as a messenger app (require internet connection)
 		 ·         The app comes with only two themes (dark and light) pre-installed, there’s no option to add additional themes.·         Signal App requires internet connection which isolates users with feature phones and data subscription capacity.·         Can only be used by Android and IOS users can, thus isolating a large percentage of phone users with other operating systems
 
Mailvelope ·         Easy to customization, can add as many email service vendors as possible.·         Easy installation.
·         Can be translated in more than 35 languages in transfix.		 The extension is not available in other browsers like Safari for Mac users 

The November 2017 engagements in Uganda highlighted the absence of a data privacy and protection law as major concern to the protection of their data at both national and global level. A draft Data Privacy and Protection bill (2015) currently remains before Parliament and awaits passing having been introduced in 2014. In Tanzania, participants called upon the government to use technology as a tool to promote development, not as a catalyst for social chaos.

Participants were further urged to make more informed decisions on the risks they expose themselves to online including – examining the amount of information they share directly, and that shared indirectly through members of their social networks. Indeed, as software increasingly mimics human behaviour and continues to mutate, the need for more agile digital security practices is needed to match these changes.

These events were part of CIPESA’s wider activities on building the digital rights knowledge as well as digital security, safety and capacity of human rights defenders, media, vulnerable women organisations in five African countries – Burundi, Ethiopia, South Sudan, Tanzania and Rwanda and supported by the Open Technology Fund (OTF).

11Jul

A New Interception Law and Blocked Websites: The Deteriorating State of Internet Freedom in Burundi

Author admin Posted on

By CIPESA Writer |

 The state of internet freedom in Burundi continues to decline as the government of President Pierre Nkurunziza tightens control over independent media and critical online publishers. Of recent, frivolous sanctions have been slapped against media houses, access to some online publishers’ websites restricted, and last May, an obnoxious law was enacted that makes it easier for security agencies to conduct surveillance on citizens’ communications with little judicial oversight.

The deteriorating situation follows a May 2015 coup attempt which saw the physical destruction of five private radio and televisions stations by loyalist forces and pro-government militia, and the arrest of several journalists. The events were preceded by a government order to Internet Service Providers (ISPs) to block access to social media platforms such as Facebook, WhatsApp, Twitter, and Viber, so as to curtail demonstrations against Nkurunziza’s bid to run for a new term in office.

On May 11, 2018 Burundi’s president assented to Law No 1/09 of May 11 2018, which amends the Code of Criminal Procedure of 2013. Under Article 47 of the new law, government agencies carrying out investigations can intercept electronic communications and seize computer data. Further, Articles 69, 70 and 71, permit the public prosecutor to issue a written order to start interception of electronic communication of a person under investigation.  Moreover, the public prosecutor has the right to instruct service providers and “any qualified agent” from a department or agency under the authority or supervision of the telecoms minister to install any device to facilitate interception.

On the issue of seizure of computer data, Article 72 grants the public prosecutor, without notifying a person under investigation, the right to order the use of technical tools to access data on the suspect’s device (wherever it is located), to save that data, and transmit it. The tool also has the aim of real time capture of data being received or transmitted by the suspect’s device or being typed on the device. The initial duration of this order is a maximum of six months but this period can be extended for another six months if needed. The seized data has to be destroyed after trial. Articles 73 to 79 provide details of conditions in which the technical tool is used.

The new law, which was introduced on April 28 and passed within two weeks, is deemed to be in contravention of the constitution. A human right activist has stated  that the law is “clearly a wish to legalise the illegal and arbitrary practices that the forces of law and order have already resorted to for the last three years.” On the contrary, the justice minister defended the law, arguing that the amendments were necessary to give the prosecutor and other government organs powers to address new forms of criminal activity that have emerged in the last few years.

The amendments to the Code of Criminal Procedure come into place when online news media is under attack. Since October 2017, the websites of independent local news publishers http://www.iwacu-burundi.org, http://www.isanganiro.org, and http://www.ikiriho.org cannot be accessed from Burundi except through use of circumvention methods such as proxies. Tests using the network measurement tool, Ooni probe  indicate that the websites are blocked from access within Burundi.

In interviews, Iwacu officials confirmed that access to their website was blocked but the Conseil National de la Communication (Burundi’s media regulator) denies any hand in it. Some experts believe the blockage was effected at the level of the Burundi Backbone System (BBS), the primary bandwidth carrier from which most Burundian ISPs purchase bandwidth. Representatives from BBS denied this allegation and advised the news sites to work with ISPs to resolve the matter. Meanwhile, an October 2017 letter to the CNC from the Ikiriho group, an independent online press group (www.ikiriho.org), requesting that its website be unblocked has never received a response.

Interestingly, Isanganiro’s radio station still operates from within Burundi, as is Iwacu’s weekly print newspaper. Online access to the electronic version of Iwacu’s weekly newspaper is charged at USD 27 for a three months subscription, or USD 95 yearly, which means the challenges in accessing its website is affecting the publisher’s revenues. Iwacu accordingly announced an alternative website where readers can access news and has been assisting readers, particularly paying customers, to access its main site using virtual private networks (VPN).

On April 10, 2018, in what seemed like an additional sanction against the online portal, the CNC issued its decision No 100/ CNC/005 ordering Iwacu to ban the comments section of its online news website. The ban followed comments made by the website readers referring to Burundi as a “Banana Republic” while another called the National Police a “presidential police” due to its partisan actions. According to the regulator, the comments violated Article 17 of the Burundi press law No 1/15 of May 9 2015, which requires media groups to rigorously cross-check sources of information before publishing. The three months ban on readers’ comments, is the second slapped on Iwacu by the CNC, the first having been issued in 2013 for similar reasons.

In sanctioning Iwacu, the CNC cited article 55 of the press Law, which gives the communications regulator “the right to suspend or prohibit the use of a press pass (journalist pass or press card), the distribution or the sale of a printed newspapers, a periodical, or any other information medium, the broadcast of a show, the operation of a radio or television station or a news agency, when they do not comply with the law.”

The Iwacu director expressed his sadness at what he deemed an “unfair decision” that would close a “democratic space” where all opinions, both critical and supportive of the Burundi were shared. Nonetheless the comments section was promptly shut down, and currently under each news item there is a message reading: “Due to the CNC’s decision, you cannot react nor add any comment to this article.

In another worrying development, on May 4, 2018, the CNC issued warnings to three radio stations – Radio Isanganiro, Radio CCIB FM+, and Radio France International (RFI, and suspended the licences for BBC and Voice of America (VOA) for six months on allegations of not verifying sources and  broadcasting unbalanced news. The BBC was faulted for interviewing Pierre Claver Mbonimpa, a Burundian human rights defender who fled Burundi after an assassination attempt in 2015. The regulator claims that, in the interview which aired on April 24, 2018, the activist who is now based in Europe made “defamatory statements against the head of state” and incited “hatred”.

The VOA was accused of publishing unverified news on three occasions during April 2018. In addition, the VOA was accused of broadcasting through the Online Radio Box application used by Radio Bonesha, a local station whose frequency license was withdrawn by the media regulator last September. Radio Bonesha is among the media houses whose premises were destroyed in 2015 following the coup attempt but it has continued broadcasting via Online Radio Box.

The various developments in the online sphere reflect a similarly worrying rights situation offline. Nkurunziza’s government has continued to face criticism at home and abroad, including accusations by a United Nations committee of inquiry of extrajudicial killings of civilians, including supporters of the opposition, in what could amount to crimes against humanity.

Some observers believe that all criminal code amendments and measures against online and traditional media aimed to silence dissonant voices at a time the country was about to hold a May 17, 2018 referendum on a new constitution. Majority of voters – 73% – voted in favour of the new constitution but opponents say the poll was full of irregularities.

The Burundi government needs to respect the constitutional rights to free speech, access to information and privacy of the citizens and desist from enacting laws and taking other actions that undermine digital rights. Moreover, it should desist from passing laws and regulations without giving citizens the opportunity to meaningfully provide their views.

 

30Apr

Privacy & Protection: Do Ugandans Care What Happens to Their Data?

Author admin Posted on

By Neema Iyer |

Let’s be honest.

When was the last time you read the “Terms and Conditions” before you signed up for a new service online?

We don’t blame you. It’s easy to get lost in the legal jargon.

But do you know what happens to your personal data every time you click on “I have agreed to terms and conditions”? Did you know at the mere click to accept, you could have given a way a portion of your vital information and put your data privacy in absolute jeopardy?

Today, it’s hard to raise the issue of data privacy without putting a thought on the recent Facebook-Cambridge Analytica scandal that made many people realize the power of data. Even with as much information spewed out explaining what the scandal was about, very few took a note to learn from.

A recent allegation from the Cambridge Analytica scandal pins the Uhuru Kenyatta presidential campaign to have employed social media surveillance results to target campaign messages to different profiles of voters. This was possible because Facebook monitors your social media activity and can predict your behavior from that, hence such information is used to target messages that speak to your interests and emotions to sway major decisions such as election outcomes. This isn’t just happening on our doorsteps, allegations claim similar outcomes in the United States and the UK.

The EU revised as much on data privacy and protection in Europe and promised to give users more power over their data. While Europe seems to take quick action, down in Uganda and Africa at large, we continue to grapple with weak data privacy and protection laws, a citizenry that is not well-informed on data privacy, a delay in passing necessary bills and weak implementation processes. Unfortunately, a majority of African countries lack the necessary mechanisms for the inclusive participation of citizens and other stakeholders in the processes of formulating the very laws on internet and digital rights that directly affect them.

Do we care about Data Privacy and Protection?

In December 2017, Unwanted Witness, an activists group petitioned the Uganda Human Rights Commission (UHRC) to compel Parliament to speed up the enactment of privacy and data protection law.

They argued that without a governing law, citizens’ personal data is exposed to abuse without collection and protection safeguards. They further asked UHRC to prioritize privacy and recognize it as a fundamental right under attack in the country. However, to date, we are yet to see significant action taken to build an informed citizenry on their digital rights and to provide appropriate protections.

When talk about data arises, many are not really willing to delve further into the ethics surrounding the topic. This can and will still be attributed to the high illiteracy levels in the country and because many don’t know what data is or how valuable it might be on the long run, they will give it away easily. Funny as it may sound, a majority internet users think ‘data’ is the a term tied to the internet bundles that the ISPs provide and it’s that school of thought that has stuck with them. Whether their data gets in the hands of the wrong or the right people, it’s the least of their concerns.

Data Protection basically means to ensure the right to privacy, respect to confidentiality principles in various relations such as doctor patient, employer-employee and service providers with their clients generally.

Did you know that privacy is your human right?

The right to privacy refers to the concept that one’s personal information is protected from public scrutiny. It is essentially, your right to be left alone. Privacy is a core aspect of human dignity and values such as freedom of association and freedom of speech.

One would wonder, even with the data privacy breaches, are there really laws in place to curb and punish those that are misusing people’s data and evading on their privacy or we are simply looking while our data gets tampered with and is easily handed to the wrong hands.

Are there Laws in Place?

Yes! There is a Ugandan Data Protection and Privacy Bill that was tabled before parliament in 2015 and although the Bill needs to be revised and aligned better with human rights provisions, comments have been raised on the need to balance civil liberties, national security and data protection and privacy.

According to a paper published a couple of years ago by Dr Ronald Kakungulu Mayambala a Senior Lecturer of Human Rights and Peace Centre at Makerere University, Article 27 of the Constitution guarantees the right to privacy of person, home and other property. In particular, article 27(2) of the Constitution provides that a person shall not be subjected to interference with the privacy of that person’s home, correspondence, communication or other property.

Unfortunately there is no comprehensive law giving effect to article 27, yet a lot of data concerning individuals are collected, stored or processed regularly by various institutions in the private and public sector, including banks, hospitals, insurance companies, the Uganda Citizenship and Immigration Control Board, the Uganda Revenue Authority, Uganda Registration Services Bureau, the Electoral Commission, utility service providers and telecommunications companies under the SIM card registration exercise

The Bill seeks to protect the privacy of the individual and personal data by regulating the collection and processing of personal information. It provides for the rights of persons whose data is collected and the obligations of data collectors and data processors; and regulates the use or disclosure of personal information.

However even with these laws and bills in place, further questions continue to be raised on whether they even hold any solid ground in implementation, especially, if there has not been enough sensitization of the bills and data literacy.

 

What do some people think about data privacy in Uganda?

A chat with a few random Ugandans around town shows you just how long of a way we have to go with the data privacy and protection talk.

“I honestly have nothing to hide with my data and anyone who wants to access it can go ahead and access it. Your data can only be private if you choose to keep it private but if you choose to put it out there and later claim for privacy, then you are playing yourself” — Lisa

“Whatever you put out there is public. I don’t really care who gets my data because once Ipost anything on social media, it’s no longer in any way private. I get a need for data privacy if it comes to my business data like emails. That is when i need some real privacy” — Hans

“Data privacy is not even a topic of debating here in Uganda because people don’t really care what happens with their data. Because we have a huge Internet penetration gap, very many people don’t even know what data is in most parts of africa.” — Emmanuel


 

18Apr

The Stampede for SIM Card Registration: A Major Question for Africa

Author admin Posted on

By Edrine Wanyama |
It is anticipated that by 2025, there will be at least 5.9 billion mobile subscribers accounting for 71% of the world’s population. As of 2017,  Sub-Saharan Africa (SSA) had  a mobile subscription rate of 44% which is projected to reach  52% by 2025. Further, SSA’s mobile internet penetration by 2017 stood at 21% and is anticipated to increase to 40% by 2025.  However, the region has registered the largest number of cases of mandatory SIM card registration yet it suffers some of biggest challenges in personal data protection and privacy.
The benefits of SIM card registration include facilitation of citizens’ access to e-Government services, easy identification of an individual’s mobile number and number portability when switching networks. In addition, it aids combating cybercrime including terrorism by limiting covert communication and promotes good relations between consumers and service providers by simplifying identification of consumers and their use of SIM services. Accordingly, many governments argue that mandatory SIM card registration is for purposes of safeguarding digital and physical security. However, critics argue that when SIM card registration is effected without due safeguards, it poses a threat to privacy and freedom of expression.
Indeed, in 2013 Mexico repealed its policies on SIM card registration “after a policy assessment showed that it had not helped with the prevention, investigation and/or prosecution of associated crimes.” Finland has not enforced compulsory SIM card registration and nonetheless, through voluntary mobile signatures, service providers has succeeded in facilitating user’s access to relevant retail, banking and e-Government services.
Globally, over 90 countries conduct compulsory SIM card registration yet some remain without clear policy on its implementation. Amidst criticisms that mandatory registration does not necessary combat cybercrime, as criminals take the necessary precautions to avoid being detected and circumvent mandatory SIM card registration, African countries continue to proactively enforce SIM card registration. Among the prevailing challenges on the continent is the difficulty in validating identity documents in an environment with a wide range of service providers who create room for potential circumvention.
Mandatory registration has negatively affected access and usage of mobile telecommunication services due to the tedious process which entails the production of documentation such as passports and national identity cards prior to registration, which sometimes results in failure to attain a SIM card, disconnection, or  deactivation of SIM cards.
Additionally, there have been repetitive calls for registration of SIM cards in countries such as Uganda and Nigeria with personal data being collected  more than once. In Uganda, despite government explanation that SIM card verification is aimed at ensuring secure and safer communications, citizens have unanswered questions on the exercise. Suspicion arises due to a fresh validation of SIM card registration using national identity cards subsequent to registration which was initially done using valid documents such as students’ identity cards, driving permits and passports.
Double collection of personal data may partly imply collection of data beyond what is necessary for the purpose contrary to the internationally established data protection principles such as those set out in the Organisation for Economic Co-Operation and Development (OECD) Data Protection Principles. Further, there is no guarantee of individual privacy as most of the African countries do not have data protection laws. Moreover, most of the existing data protection laws do not meet internationally recognised standards considered sufficient to guarantee personal data protection and are therefore regarded as offering moderate or limited protection.
Meanwhile, efforts to buttress data protection in Africa have not yielded much. Out of 54 countries on the continent, only 14 have data protection laws (Angola, Benin, Burkina FasoMali, Gabon, GhanaIvory Coast, Lesotho, Madagascar, MoroccoSenegalSouth AfricaTunisia and Zimbabwe). A few others such as Uganda, Kenya, Nigeria, Tanzania and Niger have Bills. Regional efforts have also not yielded much. The Convention on Cyber Security and Personal Data Protection which was adopted by the African Union in 2014 has registered only 10 signatories (Benin, Chad, Congo, Ghana, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, Zambia and Comoros) and one ratification by Senegal.
Ultimately, there is need to reconcile state interests with citizens’ personal data and privacy rights. Mandatory registration, especially in the absence of clear registration guidelines and the lack of data protection laws, puts personal data at risk. African governments need to learn from other jurisdictions such as Europe with regards to processing of personal data as part of SIM card registration. In enforcing SIM card registration, there should be a clear set registration timelines, clear and unambiguous registration requirements.

1 47 48 49 50 51 68