Unmasking Digital Security Threats facing Human Rights Defenders in Uganda and Tanzania

By Lillian Nalwoga |

Technology presents various challenges to the protection of human rights such as the lack of adequate avenues to verify authenticity of information shared, violation of the right to privacy, respect to copyright issues and the right to anonymity among others.  With a shrinking civic space in Uganda and Tanzania, Human Rights Defenders (HRDs) need to be more vigilant in securing their digital environments.

In both countries, government has increased clampdown on human rights organisation – including intimidation and arrests of HRDs, closure of their offices and harassment of social media users.  Despite moderate digital security threat perception rating, the occurrence of malicious attacks at both organisational and personal levels are still present among many HRDs in both countries from state and non-state actors. For Uganda, past reports have also indicated authorities in Uganda intensifying their efforts to obtain spyware and surveillance equipment.  While in Tanzania, government’s growing appetite for stifling citizens’ digital rights has been on the rise with the most recent issuance of regressive online content regulations being another blow to the already declining internet freedom in the country.

These deductions require an awareness of the digital security threats faced by HRDs, a clear understanding and implementation of internet freedom legalisation affecting their works and different digital security tools that they can use to protect their online privacy.

The Collaboration for International ICT Policy in East and Southern Africa (CIPESA) in partnership with Kampala based tech hub, Outbox and Sahara Ventures in Tanzania between November and December 2017, hosted a series of digital clinics, where HRDs and technologists shared insights on various forms of digital security threats and how to collaboratively develop effective digital security strategies in advancing digital rights protection in Uganda and Tanzania.

The digital security clinics provided an opportunity for techies and HRDs to explore and discuss digital security challenges as well as the need to promote Internet freedom in both countries. Additionally, the clinics exposed participants to digital safety tools and practices; legal and regulatory frameworks and knowledge on how to apply them in their day-to-day activities.

At the Uganda workshop, Immaculate Nabwire, a digital security trainer with Defend Defenders spoke inextricable link between digital security and human rights noting that the lack of digital security exposes valuable work and vulnerable communities to immense risk.

Participants explored some of the risks which lurk online including the various forms of digital attacks such as malware attacks, ransomware attackspassword attacks, phishing, Denial Of Service (DoS) alongside the extent of control one has over information that is shared online particularly – including in perceived closed spaces such as Facebook and Whatsapp groups.

To address these security gaps, some of the tactics and tools shared in both countries included the use of password managers through to basic methods such as the regular changing of passwords; use of –anonymity and circumvention tools such as Tor Browser; DuckDuckGo Search Engine and Opera Free VPN); Malware Protection tools; data encryption tools, among others.

In Tanzania, participants also analysed open source encryption tools – Mailvelope , Signal, and Martus for their strengths and weaknesses in use by HRDs. Elements tested included: –  User Experience and UX Design (ease of installation, internet speeds, literacy levels, language); Penetration Testing and Security Breach (level of confidentiality in securing user communication) and Localization (compatibility with other interfaces).  A similar exercise was conducted in Uganda, in 2015 were 5 digital security tools where tested. Whereas the 2015 exercise identified “lack of an attachment encryption function” for Mailvepe tool and “no option for retrieving a lost encryption key” for Martus, this was not the case for Tanzania developers.

Tool test findings in Tanzania

Tool Strength Limitation
Martus  ·         Easy to install even for people with low digital security skills –·         Provides a high confidence to use as no known security breaches have been documented·         Compatible for all operation systems (OS)
·         Can be used as a desktop application
 
Only operates with an internet connection and is affected by slow internet speed
Signal  ·         Easy to install·         It can be used as a desktop or mobile application.·         Can be used as a message app (does not require internet connection) or as a messenger app (require internet connection)
 
·         The app comes with only two themes (dark and light) pre-installed, there’s no option to add additional themes.·         Signal App requires internet connection which isolates users with feature phones and data subscription capacity.·         Can only be used by Android and IOS users can, thus isolating a large percentage of phone users with other operating systems
 
Mailvelope ·         Easy to customization, can add as many email service vendors as possible.·         Easy installation.
·         Can be translated in more than 35 languages in transfix.
The extension is not available in other browsers like Safari for Mac users 

The November 2017 engagements in Uganda highlighted the absence of a data privacy and protection law as major concern to the protection of their data at both national and global level. A draft Data Privacy and Protection bill (2015) currently remains before Parliament and awaits passing having been introduced in 2014. In Tanzania, participants called upon the government to use technology as a tool to promote development, not as a catalyst for social chaos.

Participants were further urged to make more informed decisions on the risks they expose themselves to online including – examining the amount of information they share directly, and that shared indirectly through members of their social networks. Indeed, as software increasingly mimics human behaviour and continues to mutate, the need for more agile digital security practices is needed to match these changes.

These events were part of CIPESA’s wider activities on building the digital rights knowledge as well as digital security, safety and capacity of human rights defenders, media, vulnerable women organisations in five African countries – Burundi, Ethiopia, South Sudan, Tanzania and Rwanda and supported by the Open Technology Fund (OTF).

A New Interception Law and Blocked Websites: The Deteriorating State of Internet Freedom in Burundi

By CIPESA Writer |

 The state of internet freedom in Burundi continues to decline as the government of President Pierre Nkurunziza tightens control over independent media and critical online publishers. Of recent, frivolous sanctions have been slapped against media houses, access to some online publishers’ websites restricted, and last May, an obnoxious law was enacted that makes it easier for security agencies to conduct surveillance on citizens’ communications with little judicial oversight.

The deteriorating situation follows a May 2015 coup attempt which saw the physical destruction of five private radio and televisions stations by loyalist forces and pro-government militia, and the arrest of several journalists. The events were preceded by a government order to Internet Service Providers (ISPs) to block access to social media platforms such as Facebook, WhatsApp, Twitter, and Viber, so as to curtail demonstrations against Nkurunziza’s bid to run for a new term in office.

On May 11, 2018 Burundi’s president assented to Law No 1/09 of May 11 2018, which amends the Code of Criminal Procedure of 2013. Under Article 47 of the new law, government agencies carrying out investigations can intercept electronic communications and seize computer data. Further, Articles 69, 70 and 71, permit the public prosecutor to issue a written order to start interception of electronic communication of a person under investigation.  Moreover, the public prosecutor has the right to instruct service providers and “any qualified agent” from a department or agency under the authority or supervision of the telecoms minister to install any device to facilitate interception.

On the issue of seizure of computer data, Article 72 grants the public prosecutor, without notifying a person under investigation, the right to order the use of technical tools to access data on the suspect’s device (wherever it is located), to save that data, and transmit it. The tool also has the aim of real time capture of data being received or transmitted by the suspect’s device or being typed on the device. The initial duration of this order is a maximum of six months but this period can be extended for another six months if needed. The seized data has to be destroyed after trial. Articles 73 to 79 provide details of conditions in which the technical tool is used.

The new law, which was introduced on April 28 and passed within two weeks, is deemed to be in contravention of the constitution. A human right activist has stated  that the law is “clearly a wish to legalise the illegal and arbitrary practices that the forces of law and order have already resorted to for the last three years.” On the contrary, the justice minister defended the law, arguing that the amendments were necessary to give the prosecutor and other government organs powers to address new forms of criminal activity that have emerged in the last few years.

The amendments to the Code of Criminal Procedure come into place when online news media is under attack. Since October 2017, the websites of independent local news publishers http://www.iwacu-burundi.org, http://www.isanganiro.org, and http://www.ikiriho.org cannot be accessed from Burundi except through use of circumvention methods such as proxies. Tests using the network measurement tool, Ooni probe  indicate that the websites are blocked from access within Burundi.

In interviews, Iwacu officials confirmed that access to their website was blocked but the Conseil National de la Communication (Burundi’s media regulator) denies any hand in it. Some experts believe the blockage was effected at the level of the Burundi Backbone System (BBS), the primary bandwidth carrier from which most Burundian ISPs purchase bandwidth. Representatives from BBS denied this allegation and advised the news sites to work with ISPs to resolve the matter. Meanwhile, an October 2017 letter to the CNC from the Ikiriho group, an independent online press group (www.ikiriho.org), requesting that its website be unblocked has never received a response.

Interestingly, Isanganiro’s radio station still operates from within Burundi, as is Iwacu’s weekly print newspaper. Online access to the electronic version of Iwacu’s weekly newspaper is charged at USD 27 for a three months subscription, or USD 95 yearly, which means the challenges in accessing its website is affecting the publisher’s revenues. Iwacu accordingly announced an alternative website where readers can access news and has been assisting readers, particularly paying customers, to access its main site using virtual private networks (VPN).

On April 10, 2018, in what seemed like an additional sanction against the online portal, the CNC issued its decision No 100/ CNC/005 ordering Iwacu to ban the comments section of its online news website. The ban followed comments made by the website readers referring to Burundi as a “Banana Republic” while another called the National Police a “presidential police” due to its partisan actions. According to the regulator, the comments violated Article 17 of the Burundi press law No 1/15 of May 9 2015, which requires media groups to rigorously cross-check sources of information before publishing. The three months ban on readers’ comments, is the second slapped on Iwacu by the CNC, the first having been issued in 2013 for similar reasons.

In sanctioning Iwacu, the CNC cited article 55 of the press Law, which gives the communications regulator “the right to suspend or prohibit the use of a press pass (journalist pass or press card), the distribution or the sale of a printed newspapers, a periodical, or any other information medium, the broadcast of a show, the operation of a radio or television station or a news agency, when they do not comply with the law.”

The Iwacu director expressed his sadness at what he deemed an “unfair decision” that would close a “democratic space” where all opinions, both critical and supportive of the Burundi were shared. Nonetheless the comments section was promptly shut down, and currently under each news item there is a message reading: “Due to the CNC’s decision, you cannot react nor add any comment to this article.

In another worrying development, on May 4, 2018, the CNC issued warnings to three radio stations – Radio Isanganiro, Radio CCIB FM+, and Radio France International (RFI, and suspended the licences for BBC and Voice of America (VOA) for six months on allegations of not verifying sources and  broadcasting unbalanced news. The BBC was faulted for interviewing Pierre Claver Mbonimpa, a Burundian human rights defender who fled Burundi after an assassination attempt in 2015. The regulator claims that, in the interview which aired on April 24, 2018, the activist who is now based in Europe made “defamatory statements against the head of state” and incited “hatred”.

The VOA was accused of publishing unverified news on three occasions during April 2018. In addition, the VOA was accused of broadcasting through the Online Radio Box application used by Radio Bonesha, a local station whose frequency license was withdrawn by the media regulator last September. Radio Bonesha is among the media houses whose premises were destroyed in 2015 following the coup attempt but it has continued broadcasting via Online Radio Box.

The various developments in the online sphere reflect a similarly worrying rights situation offline. Nkurunziza’s government has continued to face criticism at home and abroad, including accusations by a United Nations committee of inquiry of extrajudicial killings of civilians, including supporters of the opposition, in what could amount to crimes against humanity.

Some observers believe that all criminal code amendments and measures against online and traditional media aimed to silence dissonant voices at a time the country was about to hold a May 17, 2018 referendum on a new constitution. Majority of voters – 73% – voted in favour of the new constitution but opponents say the poll was full of irregularities.

The Burundi government needs to respect the constitutional rights to free speech, access to information and privacy of the citizens and desist from enacting laws and taking other actions that undermine digital rights. Moreover, it should desist from passing laws and regulations without giving citizens the opportunity to meaningfully provide their views.

 

Privacy & Protection: Do Ugandans Care What Happens to Their Data?

By Neema Iyer |

Let’s be honest.

When was the last time you read the “Terms and Conditions” before you signed up for a new service online?

We don’t blame you. It’s easy to get lost in the legal jargon.

But do you know what happens to your personal data every time you click on “I have agreed to terms and conditions”? Did you know at the mere click to accept, you could have given a way a portion of your vital information and put your data privacy in absolute jeopardy?

Today, it’s hard to raise the issue of data privacy without putting a thought on the recent Facebook-Cambridge Analytica scandal that made many people realize the power of data. Even with as much information spewed out explaining what the scandal was about, very few took a note to learn from.

A recent allegation from the Cambridge Analytica scandal pins the Uhuru Kenyatta presidential campaign to have employed social media surveillance results to target campaign messages to different profiles of voters. This was possible because Facebook monitors your social media activity and can predict your behavior from that, hence such information is used to target messages that speak to your interests and emotions to sway major decisions such as election outcomes. This isn’t just happening on our doorsteps, allegations claim similar outcomes in the United States and the UK.

The EU revised as much on data privacy and protection in Europe and promised to give users more power over their data. While Europe seems to take quick action, down in Uganda and Africa at large, we continue to grapple with weak data privacy and protection laws, a citizenry that is not well-informed on data privacy, a delay in passing necessary bills and weak implementation processes. Unfortunately, a majority of African countries lack the necessary mechanisms for the inclusive participation of citizens and other stakeholders in the processes of formulating the very laws on internet and digital rights that directly affect them.

Do we care about Data Privacy and Protection?

In December 2017, Unwanted Witness, an activists group petitioned the Uganda Human Rights Commission (UHRC) to compel Parliament to speed up the enactment of privacy and data protection law.

They argued that without a governing law, citizens’ personal data is exposed to abuse without collection and protection safeguards. They further asked UHRC to prioritize privacy and recognize it as a fundamental right under attack in the country. However, to date, we are yet to see significant action taken to build an informed citizenry on their digital rights and to provide appropriate protections.

When talk about data arises, many are not really willing to delve further into the ethics surrounding the topic. This can and will still be attributed to the high illiteracy levels in the country and because many don’t know what data is or how valuable it might be on the long run, they will give it away easily. Funny as it may sound, a majority internet users think ‘data’ is the a term tied to the internet bundles that the ISPs provide and it’s that school of thought that has stuck with them. Whether their data gets in the hands of the wrong or the right people, it’s the least of their concerns.

Data Protection basically means to ensure the right to privacy, respect to confidentiality principles in various relations such as doctor patient, employer-employee and service providers with their clients generally.

Did you know that privacy is your human right?

The right to privacy refers to the concept that one’s personal information is protected from public scrutiny. It is essentially, your right to be left alone. Privacy is a core aspect of human dignity and values such as freedom of association and freedom of speech.

One would wonder, even with the data privacy breaches, are there really laws in place to curb and punish those that are misusing people’s data and evading on their privacy or we are simply looking while our data gets tampered with and is easily handed to the wrong hands.

Are there Laws in Place?

Yes! There is a Ugandan Data Protection and Privacy Bill that was tabled before parliament in 2015 and although the Bill needs to be revised and aligned better with human rights provisions, comments have been raised on the need to balance civil liberties, national security and data protection and privacy.

According to a paper published a couple of years ago by Dr Ronald Kakungulu Mayambala a Senior Lecturer of Human Rights and Peace Centre at Makerere University, Article 27 of the Constitution guarantees the right to privacy of person, home and other property. In particular, article 27(2) of the Constitution provides that a person shall not be subjected to interference with the privacy of that person’s home, correspondence, communication or other property.

Unfortunately there is no comprehensive law giving effect to article 27, yet a lot of data concerning individuals are collected, stored or processed regularly by various institutions in the private and public sector, including banks, hospitals, insurance companies, the Uganda Citizenship and Immigration Control Board, the Uganda Revenue Authority, Uganda Registration Services Bureau, the Electoral Commission, utility service providers and telecommunications companies under the SIM card registration exercise

The Bill seeks to protect the privacy of the individual and personal data by regulating the collection and processing of personal information. It provides for the rights of persons whose data is collected and the obligations of data collectors and data processors; and regulates the use or disclosure of personal information.

However even with these laws and bills in place, further questions continue to be raised on whether they even hold any solid ground in implementation, especially, if there has not been enough sensitization of the bills and data literacy.

 

What do some people think about data privacy in Uganda?

A chat with a few random Ugandans around town shows you just how long of a way we have to go with the data privacy and protection talk.

“I honestly have nothing to hide with my data and anyone who wants to access it can go ahead and access it. Your data can only be private if you choose to keep it private but if you choose to put it out there and later claim for privacy, then you are playing yourself” — Lisa

“Whatever you put out there is public. I don’t really care who gets my data because once Ipost anything on social media, it’s no longer in any way private. I get a need for data privacy if it comes to my business data like emails. That is when i need some real privacy” — Hans

“Data privacy is not even a topic of debating here in Uganda because people don’t really care what happens with their data. Because we have a huge Internet penetration gap, very many people don’t even know what data is in most parts of africa.” — Emmanuel


 

The Stampede for SIM Card Registration: A Major Question for Africa

By Edrine Wanyama |
It is anticipated that by 2025, there will be at least 5.9 billion mobile subscribers accounting for 71% of the world’s population. As of 2017,  Sub-Saharan Africa (SSA) had  a mobile subscription rate of 44% which is projected to reach  52% by 2025. Further, SSA’s mobile internet penetration by 2017 stood at 21% and is anticipated to increase to 40% by 2025.  However, the region has registered the largest number of cases of mandatory SIM card registration yet it suffers some of biggest challenges in personal data protection and privacy.
The benefits of SIM card registration include facilitation of citizens’ access to e-Government services, easy identification of an individual’s mobile number and number portability when switching networks. In addition, it aids combating cybercrime including terrorism by limiting covert communication and promotes good relations between consumers and service providers by simplifying identification of consumers and their use of SIM services. Accordingly, many governments argue that mandatory SIM card registration is for purposes of safeguarding digital and physical security. However, critics argue that when SIM card registration is effected without due safeguards, it poses a threat to privacy and freedom of expression.
Indeed, in 2013 Mexico repealed its policies on SIM card registration “after a policy assessment showed that it had not helped with the prevention, investigation and/or prosecution of associated crimes.” Finland has not enforced compulsory SIM card registration and nonetheless, through voluntary mobile signatures, service providers has succeeded in facilitating user’s access to relevant retail, banking and e-Government services.
Globally, over 90 countries conduct compulsory SIM card registration yet some remain without clear policy on its implementation. Amidst criticisms that mandatory registration does not necessary combat cybercrime, as criminals take the necessary precautions to avoid being detected and circumvent mandatory SIM card registration, African countries continue to proactively enforce SIM card registration. Among the prevailing challenges on the continent is the difficulty in validating identity documents in an environment with a wide range of service providers who create room for potential circumvention.
Mandatory registration has negatively affected access and usage of mobile telecommunication services due to the tedious process which entails the production of documentation such as passports and national identity cards prior to registration, which sometimes results in failure to attain a SIM card, disconnection, or  deactivation of SIM cards.
Additionally, there have been repetitive calls for registration of SIM cards in countries such as Uganda and Nigeria with personal data being collected  more than once. In Uganda, despite government explanation that SIM card verification is aimed at ensuring secure and safer communications, citizens have unanswered questions on the exercise. Suspicion arises due to a fresh validation of SIM card registration using national identity cards subsequent to registration which was initially done using valid documents such as students’ identity cards, driving permits and passports.
Double collection of personal data may partly imply collection of data beyond what is necessary for the purpose contrary to the internationally established data protection principles such as those set out in the Organisation for Economic Co-Operation and Development (OECD) Data Protection Principles. Further, there is no guarantee of individual privacy as most of the African countries do not have data protection laws. Moreover, most of the existing data protection laws do not meet internationally recognised standards considered sufficient to guarantee personal data protection and are therefore regarded as offering moderate or limited protection.
Meanwhile, efforts to buttress data protection in Africa have not yielded much. Out of 54 countries on the continent, only 14 have data protection laws (Angola, Benin, Burkina FasoMali, Gabon, GhanaIvory Coast, Lesotho, Madagascar, MoroccoSenegalSouth AfricaTunisia and Zimbabwe). A few others such as Uganda, Kenya, Nigeria, Tanzania and Niger have Bills. Regional efforts have also not yielded much. The Convention on Cyber Security and Personal Data Protection which was adopted by the African Union in 2014 has registered only 10 signatories (Benin, Chad, Congo, Ghana, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, Zambia and Comoros) and one ratification by Senegal.
Ultimately, there is need to reconcile state interests with citizens’ personal data and privacy rights. Mandatory registration, especially in the absence of clear registration guidelines and the lack of data protection laws, puts personal data at risk. African governments need to learn from other jurisdictions such as Europe with regards to processing of personal data as part of SIM card registration. In enforcing SIM card registration, there should be a clear set registration timelines, clear and unambiguous registration requirements.

Uganda’s Social Media Tax Threatens Internet Access, Affordability

By Juliet Nanfuka |
Uganda’s president Yoweri Museveni has directed the finance ministry to introduce taxes on the use of social media platforms. According to him, the tax would curb gossip on networks such as WhatsApp, Skype, Viber and Twitter and potentially raise up to Uganda Shillings (UGX) 400 billion (USD 108 million) annually for the national treasury. The ministry has already proposed amendments to the Uganda Excise Duty Act, 2014 to introduce taxation of “over-the-top” (OTT) services, and raise taxes on other telecommunications services.
Section 4 of the Excise Duty (Amendment) Bill 2018, a copy of which was obtained by CIPESA, states: “A telecommunication service operator providing data used for accessing over the top services is liable to account and pay excise duty on the access to over the top services.” The amendment defines such services as the “transmission or receipt of voice or message over the internet protocol network and includes access to virtual network; but does not include educational or research sites which shall be gazetted by the Minister.”
According to the proposals, which could take effect on July 1, 2018, OTT services that commonly include messaging and voice calls via Whatsapp, Facebook, Skype and Viber will attract a tax duty of UGX 200 (USD 0.05) per user per day of access. In his letter, Museveni said the government needed resources “to cope with the consequences” of social media users’ “opinions, prejudices [and] insults”. He proposed a levy of UGX 100 (USD 0.025) per day per OTT user. Prime Minister Ruhakana Rugunda supported the suggestion as did the ICT minister, who stated that the taxes were meant to increase local content production and app innovation in Uganda.
If implemented, the proposed tax will be the latest in a series of government actions that threaten citizens’ access to the internet. Last month, the communications regulator issued a directive calling for registration of online content providers and also released tough restrictions on registration of SIM cards. At the USD 0.05 per day suggested by the finance ministry, a Ugandan user would need to fork out USD 1.5 per in monthly fees to access the OTT services. That would be hugely prohibitive since the average revenue per user (ARPU) of telecom services in Uganda stands at a lowly USD 2.5 per month.
According to the Uganda Communications Commission (UCC), in the 2016-2017 financial year, Uganda’s telecommunications sector contributed UGX 523 billion (USD 141.2 million) to national tax revenue, an increase of 14.3% from the previous year’s UGX 458 billion (USD 123.6 million).
As of September 2017, Uganda had an internet penetration rate of 48% while the mobile subscription stood at 65 lines per 100 persons. Research shows that at least one in nine internet users in the country is signed up for a social networking site, with Facebook and WhatsApp the most popular.
Indeed, social media and by extension OTT services, are key avenues for public discourse, service delivery and political engagement. As per the recently released results of the national IT survey 2017/18, 92% of MDAs have a social media presence with most using Facebook, Twitter and WhatsApp as their primary platforms for information dissemination and engagement with citizens. Meanwhile, telecommunications companies have tapped into the popularity of OTTs by offering competitive social media data packages, resulting in what was popularly referred to as “data price wars.”
The amendment bill also proposes a 12% tax for airtime on cellular, landline and public payphones. The latter two previously attracted a 5% tax. The tax on mobile money transfers has been increased from 10% to 15%, while a 1% tax has been introduced to the value of mobile money transactions of receiving and withdrawals.
The proposed taxes do little to support internet affordability in Uganda, which already scores poorly on the Affordability Drivers Index (ADI) that annually assesses communications infrastructure, access and affordability indicators. Currently, 1GB of mobile prepaid data in Uganda costs more than 15% of the average Ugandan’s monthly income. This is much higher than the recommended no more than 2% in order to enable all income groups to afford a basic broadband connection.
The proposed taxes have also raised considerable debate among members of civil society and the business sector, who are concerned that consumers will inevitably be economically affected, while the legal fraternity has called the move unconstitutional. In a country where two social media shutdowns were ordered in a space of three months during 2016, and where some social media users have been prosecuted or arrested over opinions expressed on Facebook and Twitter critical of public officials, these developments are particularly worrying. Already, the perceived high level of surveillance has forced many Ugandans including the media, into self-censorship, turning them away from discussing “sensitive” matters of community or national importance.
The increasing popularity of social media enabled OTT services, brings new regulatory challenges for governments, as many of these services have not required a licence or been required to pay any licensing fee according to the Electronic Frontier Foundation (EFF). However, the regulation of OTT platforms and services may in some cases adversely affect user rights.
On the financial inclusion front, the proposed taxes are also likely to affect mobile money subscriptions and the cost of doing business. In Uganda and across Africa, mobile money has become the primary means of financial transactions, offering new opportunities for productivity and efficiency gains to governments, businesses and individuals.
Feature photo by GotCredit