Zambia Ministry of Technology and Science Partners with CIPESA on FIFAfrica22

FIFAfrica 22 |

The Zambia Ministry of Technology and Science has partnered with the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) to co-host the 2022 edition of the Forum on Internet Freedom in Africa (FIFAfrica22). The partnership is premised on the Ministry’s mandate to collaborate with industry and the wider private sector actors towards accelerating digital transformation.

“We are delighted to welcome you to Lusaka for the ninth edition of the Forum on Internet Freedom in Africa (FIFAfrica22) from 26th to 29th September 2022. Zambia has embarked on an ambitious journey to transform its economy by leveraging on the benefits of technology, and innovation among others”, said Honourable Felix C. Mutati, MP, Minister of Technology and Science in a statement.

 Honourable Mutati added that the Ministry was working to create an enabling policy and legal environment for multi-stakeholder participation in the process which is buoyed by government’s commitment to:

  1. The implementation of the digital economic transformation agenda which aims to position the republic of Zambia as key for partnerships and investments;
  2. Enhancing the role of science, technology and innovation by, among other things, strengthening partnerships in research, innovation and technology development and adoption such as nuclear and space sciences; and
  3. Enhancing the development of skills for the actualisation of the above.

“You will be amazed at the vast potential that this country possesses. From the energy and enthusiasm of the young innovators to a government that is keen to support multi-stakeholder engagements. At FIFAfrica22, my team and I will be ready to meet with you, deliberate with you and guide you towards opportunities for collaboration and investment in the areas of innovation and internet freedom,” stated the Minister.

Indeed, the decision to host FIFAfrica22 in Zambia was in recognition of the country’s progress in digitalisation and democracy.

“We are honoured to be co-hosting FIFAfrica with the Ministry of Technology and Science. The partnership speaks to the Forum’s success in attracting the support of governments that are keen to understand and engage on their countries’ positions and actions on technology, the digital economy, rights and governance,” said CIPESA’s Executive Director, Dr. Wairagala Wakabi.

FIFAfrica22 will be the third edition of the annual Forum to be hosted in partnership with a government entity. In 2019, the Forum was hosted alongside the Ethiopian Ministry of Innovation and Technology while in 2021, CIPESA partnered with the Ministry of Foreign Affairs of Slovenia, Presidency of the Council of European Union 2021 towards promoting Europe-Africa cooperation on digital rights.

Previous editions of the Forum have been co-hosted in various countries and in partnership with global and pan-African digital rights organisations. In 2017 the Forum was co-hosted with the Association for Progressive Communications (APC) in South Africa, and in 2018 FIFAfrica was hosted alongside the Media Foundation for West Africa (MFWA) in Ghana. In 2020, a hybrid edition was hosted in partnership with Nigeria-based Paradigm Initiative.

FIFAfrica22: Biker To Ride From Uganda To Zambia Imparting Digital Security Skills At Stops in Six Countries

By FIFAfrica22 |

The distance between Kampala, Uganda and Lusaka, Zambia is approximately 3,300 kilometres by road. As part of a road trip to the Forum on Internet Freedom in Africa 2022 (FIFAfrica22), Ugandan digital security expert Andrew Gole will travel between the two countries over 28 days on his motorbike, making multiple stops to impart tips and advice on digital security.

Gole’s trip will take him through Uganda before crossing into Rwanda, Tanzania, Malawi, and finally to the FIFAfrica22 host country Zambia. The return trip will include stops in Tanzania, Zanzibar and Kenya. Gole will interact with human rights organisations and communities along the way in addition to human rights organisations on the value of securing devices and communications as a means of protecting their digital rights.

“Through my work with various communities, I have seen the positive impacts and benefits of digital security,” noted Gole who has done extensive work skilling users across the region, including through the Level-Up programme.  “Pair this [expertise] with a bike and the places I can go and people I can reach are unlimited,” says Gole. He has previously completed road trips across Uganda addressing the digital security concerns of rural-based civil society organisations.

 “Everyone is heading in the direction of the digital ecosystem. Everyone will be in it. If we do not address some of the challenges people are facing now, we will have a generation of people using systems without knowing the risks present online. We all need it. We need to future-proof the internet experience.” Noted Gole who revealed that some people are self-taught but still lack some important capacities when it comes to securing their personal or organisational online security concerns.

Gole’s Digital Security on Wheels initiative was founded in 2020 when much of the world was at a  near standstill due to the Covid-19 pandemic. In Uganda, private and public transportation was limited, yet digital security concerns went on the rise due to the increased reliance on digital communication. Recognising the digital security gap in areas outside the capital, Gole embarked on a journey to the Eastern and Northern regions of Uganda. What started off as a 14-day trip ended up being a 21 day trip due to the extensive digital security needs of the various organisations he went to engage.

“Some problems simply couldn’t be solved in the short amount of time available. I had to extend my stay with eth organisations to address their problems, otherwise the effort would be meaningless.”

At FIFAfrica22, Gole will join the multi-lingual (English, French, Swahili, Arabic) Digital Security walk-in clinic/help desk,  which comprises Access Now, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), Digital Society of Africa, Encrypt Uganda, Internews, Greenhost, Jigsaw (a technology incubator created by Google), Defend Defenders and Zaina Foundation. The Hub will allow FIFAfrica22 participants to access new innovative Internet freedom technology, privacy and data protective tools, measures and platforms in order to respond to their emergent digital security concerns. It will also offer immediate support and demos of various digital security tools and advisory on improving organisational security and resilience against threats and dangers when working, engaging, socialising and organising online.

Elsewhere at FIFAfrica22 digital security experts will participate in skills-sharing workshops and panel discussions.  Sessions include: Utilizing Collaborative Digital Resilience Mechanisms for Efficient Rights Protection and Advocacy in growing IOT Society hosted by the entities running the walk-in clinic/help desk; South-to-South Peer Learnings on Digital Resilience for Social Justice hosted by the Global Network for Social Justice and Digital Resilience; , Privacy and Anonymity Online hosted by the Tor Project and Usability Design and Developing Scenario Personas for Digital Rights Tools hosted by La Poiema.

Meanwhile, FemTech-Africa, an Internews pilot programme will host a feminist digital security exhibition to showcase gendered approaches to digital security. The exhibition will provide similar services as the digital security clinic but with a focus on behavioural change and strategies for online safety specifically for women human rights defenders and journalists. Women human rights defenders (WHRDs) and journalists face peculiar internet freedom challenges, such as trolling, cyberbullying and other forms of online violence against women, which have far-reaching impacts on their safety and on rights protection, not least free expression and democratic participation.

The exhibition will disseminate safety guide comic series and online safety for women booklets localised in up to five languages. The exhibition will feed into the panel discussion on women’s rights online including on Resistance & Connection: An African Feminist Perspective for Decolonising the Internet.

In 2020 and 2021, the hybrid formats of FIFAfrica also featured digital security components. At FIFAfrica20, a digital security and risk assessments workshop was held for investigative journalists and human rights activists in Kinshasa, Democratic Republic of Congo. In addition, a multilingual (English, French and Arabic) digital security hub provided virtual digital security support through a chat widget, email or messaging during the three days of FIFAfrica20. The virtual digital security hub was also run during FIFAfrica21.

Be part of the online conversation using #FIFAfrica22 and share your vision for #InternetFreedomAfrica! | Follow @cipesaug on Facebook, Twitter, LinkedIn

Visit the event website

About FIFAfrica

The Forum on Internet Freedom in Africa (FIFAfrica) is an annual landmark event which convenes a spectrum of stakeholders from across the internet governance and digital rights arenas in Africa and beyond. Hosted by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), the Forum offers a platform for government representatives, civic actors, journalists, policymakers and technologies to engage in the latest developments and trends in technology policy and digital rights.

 

Uganda Passes Regressive Law on “Misuse of Social Media” and Hate Speech

By Edrine Wanyama |

Uganda’s parliament on September 8, 2022 passed a draconian law that criminalises various uses of computers and digital technologies and largely curtails digital rights.

Among the key regressive provisions is the prohibition of the “misuse of social media”, described in clause 6 as publishing, distributing or sharing information prohibited under Uganda’s laws. A highly punitive penalty has been prescribed for the offence: imprisonment of up to five years, a fine of up to UGX 10 million (USD 2,619), or both.

Other retrogressive provisions in the Computer Misuse (Amendment) Bill 2022 are prohibition of sending or sharing of unsolicited information through a computer, and prohibition of sending, sharing or transmitting of malicious information about or relating to any person.

Prior to the enactment of the law, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) presented its analysis of the Bill to parliament’s Committee on Information and Communications Technology (ICT), which indicated that the proposed amendments would be a blow to the enjoyment of online civil liberties. However, the committee has disregarded most of the feedback received from stakeholders listed in the Committee report, many of whom raised concerns on the digital rights gaps within the Bill..

In presentations to the parliamentary  committee, CIPESA argued that rather than introducing new, poorly defined offences, the amendments should have focussed on addressing existing retrogressive provisions in the law on computer misuse, such as section 24 on cyber harassment and section 25 on offensive communication, which have been used severally to criminalise freedom of expression, including through arrests and prosecution of journalists, activists and government opponents. Moreover, trolling, cyber harassment, unauthorised sharing of intimate images, and other forms of online violence against women and girls, are not addressed either.

Gorreth Namugga, the shadow minister for ICT and a member of parliament’s ICT Committee, said in a minority report that the issue of misuse of social media was not discussed in the committee and was not among the clauses the Computer Misuse (Amendment) Bill sought to amend. She added that the ICT Committee did not make a deep analysis of the issue, and none of the organisations and individuals consulted by the committee offered any input on the matter.

In introducing the offence of misuse of social media, the committee reasoned that, while considering the Bill, it observed that “the information technology evolution had created a new medium of communication called social media that is not fully regulated in the existing laws, yet it is “the commonest platform of Computer Misuse.” The committee therefore deemed it fit to define social media and to regulate it.

Accordingly, the Bill defines social media as a set of technologies, sites, and practices which are used to share opinions, experiences and perspectives. It cites as examples YouTube, WhatsApp, Facebook, Instagram, Twitter, WeChat, TikTok, Sina Weibo, QQ, Telegram, Snapchat, Kuaishou, Qzone, Reddit, Quora, Skype, Microsoft Team and Linkedin.

The new law will provide that “a person who uses social media to publish, distribute or share information, prohibited under the laws of Uganda or using disguised or false identity, commits an offence.” It adds that where “prohibited” information is published, shared or distributed on a social media account of an organisation, the person who manages the organisation’s social media account shall be held personally liable for the commission of the offence.

There remain questions as to how the committee introduced provisions on misuse of social media that were not in the Bill, not subjected to stakeholder consultation and, according to the minority report, not discussed by committee members. Moreover, the term, “under the laws of Uganda” with reference to prohibited information is very broad and ambiguous. This could be used by the government and its agencies to target critics and would largely curtail freedom of expression and access to information.

Uganda is not new to regressive control of digital technologies. In 2018, the east African country introduced a tax through the Excise Duty (Amendment) Act that required users to pay a daily tax in order to access social media services. The tax, which dismally failed to raise the anticipated revenues, was  replaced  with a 12% levy tax on internet data. The country’s digital taxation regime has become a key impediment to inclusive access and affordability, with millions of citizens still left out of the digital society. Uganda also routinely blocks access to the internet and social media. Since January 2021, Facebook has been blocked in Uganda on orders of the government.

While the new law attempts to define “unsolicited information” as meaning “information transmitted to a person using the internet without the person’s consent, but does not include an unsolicited commercial communication.” The guidance offered by the provision only extends to interpretation of the earlier blanket provision that had been proposed in the Bill. It does not provide any guarantees for the protection and enjoyment of freedom of expression and access to information.

In submissions to parliament, CIPESA stated that, besides undermining civil liberties, many provisions of the Bill duplicated existing laws such as the Regulation of Interception of Communications Act, 2010 and the Data Protection and Privacy Act, 2019, and would be difficult to implement

According to the minority report, all the clauses in the Bill are already catered for in existing legislation and in some instances offend Uganda’s constitution. The report states: “The fundamental rights to access information electronically and to express oneself over computer networks are utterly risked by this Bill. If passed into law it will stifle the acquisition of information. The penalties proposed in the Bill are overly harsh and disproportionate when compared to similar offences in other legislations. This Bill, if passed, will be a bad law and liable to constitutional petitions upon assent.”

Despite the largely regressive law, there are some positives, such as defining and proscribing hate speech and i the law provides and if rightly employed they could potentially improve on certain aspects regarding the digital civic space. Thus;

  • The addition of the element of intent in clause 3 in the definition of the offence of unauthorised access is quite progressive. It potentially helps to exonerate innocent individuals from wanton prosecution of what would constitute criminal access over innocent and unintended access. The Bill did not have the element of intent which is core to determination of criminal liability to qualify the offence.
  • Clause 3 was initially overly broad to the extent of discouraging the public from sharing information to the best interests of the child such as their protection from danger and harmful practices. The amendment in clause 3 in as far as it provides for circumstances under which information about children may be shared will serve to ensure that while privacy of the child is paramount, their best interest should not be disregarded.
  • Clause 4 of the Bill defines hate speech which was not previously provided for. It goes milestones in addressing hate speech which has for decades posed challenges to public order, security and persons. Furthermore, section 41 of the Penal Code Act on sectarianism presented uncertainties having limited the definition of sectarianism to groups of religion, tribe, ethnic or regional origin.
  • The law recognizes other laws on disciplinary action against errant leaders. Thus, the deletion of clause 7 is commended. It is a progressive move against a potentially excessive and discriminatory provision as was initially presented in the Bill.

The newly passed Bill is a threat to digital rights and digital civic space and falls short of the key international minimum standards. As such, it is imperative for the law to be challenged in court and for the president to deny its assent and return it to parliament for reconsideration.

CIPESA Joins over 125 Organisations and Academics In Submitting Letter to the UN Ad Hoc Committee on Cybercrime

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has joined over 125 organisations and academics who work to protect and advance human rights, online and offline in submitting a letter to the United Nations Ad Hoc Committee on Cybercrime. The letter stresses that the process through which the Ad Hoc Committee does its work includes robust civil society
participation throughout all stages of the development and drafting of a convention, and that
any proposed convention include human rights safeguards applicable to both its substantive and
procedural provisions. The first session of the Ad Hoc Committee, which was scheduled to begin on January 17, 2022, has been rescheduled to begin on February 28, 2022, due to the ongoing situation concerning the coronavirus disease. See the full letter below.

————————————————————————————————————————————-

December 22, 2021

H.E. Ms. Faouzia Boumaiza Mebarki

Chairperson

Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes

Your Excellency,

We, the undersigned organizations and academics, work to protect and advance human rights, online and offline. Efforts to address cybercrime are of concern to us, both because cybercrime poses a threat to human rights and livelihoods, and because cybercrime laws, policies, and initiatives are currently being used to undermine people’s rights. We therefore ask that the process through which the Ad Hoc Committee does its work includes robust civil society participation throughout all stages of the development and drafting of a convention, and that any proposed convention include human rights safeguards applicable to both its substantive and procedural provisions.

Background

The proposal to elaborate a comprehensive “international convention on countering the use of information and communications technologies for criminal purposes” is being put forward at the same time that UN human rights mechanisms are raising alarms about the abuse of cybercrime laws around the world. In his 2019 report, the UN special rapporteur on the rights to freedom of peaceful assembly and of association, Clément Nyaletsossi Voule, observed, “A surge in legislation and policies aimed at combating cybercrime has also opened the door to punishing and surveilling activists and protesters in many countries around the world.” In 2019 and once again this year, the UN General Assembly expressed grave concerns that cybercrime legislation is being misused to target human rights defenders or hinder their work and endanger their safety in a manner contrary to international law. This follows years of reporting from non-governmental organizations on the human rights abuses stemming from overbroad cybercrime laws.

When the convention was first proposed, over 40 leading digital rights and human rights organizations and experts, including many signatories of this letter, urged delegations to vote against the resolution, warning that the proposed convention poses a threat to human rights.

In advance of the first session of the Ad Hoc Committee, we reiterate these concerns. If a UN convention on cybercrime is to proceed, the goal should be to combat the use of information and communications technologies for criminal purposes without endangering the fundamental rights of those it seeks to protect, so people can freely enjoy and exercise their rights, online and offline. Any proposed convention should incorporate clear and robust human rights safeguards. A convention without such safeguards or that dilutes States’ human rights obligations would place individuals at risk and make our digital presence even more insecure, each threatening fundamental human rights.

As the Ad Hoc Committee commences its work drafting the convention in the coming months, it is vitally important to apply a human rights-based approach to ensure that the proposed text is not used as a tool to stifle freedom of expression, infringe on privacy and data protection, or endanger individuals and communities at risk.

The important work of combating cybercrime should be consistent with States’ human rights obligations set forth in the Universal Declaration of Human Rights (UDHR), the International Covenant on Civil and Political Rights (ICCPR), and other international human rights instruments and standards. In other words, efforts to combat cybercrime should also protect, not undermine, human rights. We remind States that the same rights that individuals have offline should also be protected online.

Scope of Substantive Criminal Provisions

There is no consensus on how to tackle cybercrime at the global level or a common understanding or definition of what constitutes cybercrime. From a human rights perspective, it is essential to keep the scope of any convention on cybercrime narrow. Just because a crime might involve technology does not mean it needs to be included in the proposed convention. For example, expansive cybercrime laws often simply add penalties due to the use of a computer or device in the commission of an existing offense. The laws are especially problematic when they include content-related crimes. Vaguely worded cybercrime laws purporting to combat misinformation and online support for or glorification of terrorism and extremism, can be misused to imprison bloggers or block entire platforms in a given country. As such, they fail to comply with international freedom of expression standards. Such laws put journalists, activists, researchers, LGBTQ communities, and dissenters in danger, and can have a chilling effect on society more broadly.

Even laws that focus more narrowly on cyber-enabled crimes are used to undermine rights. Laws criminalizing unauthorized access to computer networks or systems have been used to target digital security researchers, whistleblowers, activists, and journalists. Too often, security researchers, who help keep everyone safe, are caught up in vague cybercrime laws and face criminal charges for identifying flaws in security systems. Some States have also interpreted unauthorized access laws so broadly as to effectively criminalize any and all whistleblowing; under these interpretations, any disclosure of information in violation of a corporate or government policy could be treated as “cybercrime.” Any potential convention should explicitly include a malicious intent standard, should not transform corporate or government computer use policies into criminal liability, should provide a clearly articulated and expansive public interest defense, and include clear provisions that allow security researchers to do their work without fear of prosecution.

Human Rights and Procedural Safeguards

Our private and personal information, once locked in a desk drawer, now resides on our digital devices and in the cloud. Police around the world are using an increasingly intrusive set of investigative tools to access digital evidence. Frequently, their investigations cross borders without proper safeguards and bypass the protections in mutual legal assistance treaties. In many contexts, no judicial oversight is involved, and the role of independent data protection regulators is undermined. National laws, including cybercrime legislation, are often inadequate to protect against disproportionate or unnecessary surveillance.

Any potential convention should detail robust procedural and human rights safeguards that govern criminal investigations pursued under such a convention. It should ensure that any interference with the right to privacy complies with the principles of legality, necessity, and proportionality, including by requiring independent judicial authorization of surveillance measures. It should also not forbid States from adopting additional safeguards that limit law enforcement uses of personal data, as such a prohibition would undermine privacy and data protection. Any potential convention should also reaffirm the need for States to adopt and enforce “strong, robust and comprehensive privacy legislation, including on data privacy, that complies with international human rights law in terms of safeguards, oversight and remedies to effectively protect the right to privacy.”

There is a real risk that, in an attempt to entice all States to sign a proposed UN cybercrime convention, bad human rights practices will be accommodated, resulting in a race to the bottom. Therefore, it is essential that any potential convention explicitly reinforces procedural safeguards to protect human rights and resists shortcuts around mutual assistance agreements.

Meaningful Participation

Going forward, we ask the Ad Hoc Committee to actively include civil society organizations in consultations—including those dealing with digital security and groups assisting vulnerable communities and individuals—which did not happen when this process began in 2019 or in the time since.

Accordingly, we request that the Committee:

●  Accredit interested technological and academic experts and nongovernmental groups, including those with relevant expertise in human rights but that do not have consultative status with the Economic and Social Council of the UN, in a timely and transparent manner, and allow participating groups to register multiple representatives to accommodate the remote participation across different time zones.

●  Ensure that modalities for participation recognize the diversity of non-governmental stakeholders, giving each stakeholder group adequate speaking time, since civil society, the private sector, and academia can have divergent views and interests.

●  Ensure effective participation by accredited participants, including the opportunity to receive timely access to documents, provide interpretation services, speak at the Committee’s sessions (in-person and remotely), and submit written opinions and recommendations.

●  Maintain an up-to-date, dedicated webpage with relevant information, such as practical information (details on accreditation, time/location, and remote participation), organizational documents (i.e., agendas, discussions documents, etc.), statements and other interventions by States and other stakeholders, background documents, working documents and draft outputs, and meeting reports.

Countering cybercrime should not come at the expense of the fundamental rights and dignity of those whose lives this proposed Convention will touch. States should ensure that any proposed cybercrime convention is in line with their human rights obligations, and they should oppose any proposed convention that is inconsistent with those obligations.

We would be highly appreciative if you could kindly circulate the present letter to the Ad Hoc Committee Members and publish it on the website of the Ad Hoc Committee.

Signatories,*

  1. Access Now – International
  2. Alternative ASEAN Network on Burma (ALTSEAN) – Burma
  3. Alternatives – Canada
  4. Alternative Informatics Association – Turkey
  5. AqualtuneLab – Brazil
  6. ArmSec Foundation – Armenia
  7. ARTICLE 19 – International
  8. Asociación por los Derechos Civiles (ADC) – Argentina
  9. Asociación Trinidad / Radio Viva – Trinidad
  10. Asociatia Pentru Tehnologie si Internet (ApTI) – Romania
  11. Association for Progressive Communications (APC) – International
  12. Associação Mundial de Rádios Comunitárias (Amarc Brasil) – Brazil
  13. ASEAN Parliamentarians for Human Rights (APHR)  – Southeast Asia
  14. Bangladesh NGOs Network for Radio and Communication (BNNRC) – Bangladesh
  15. BlueLink Information Network  – Bulgaria
  16. Brazilian Institute of Public Law – Brazil
  17. Cambodian Center for Human Rights (CCHR)  – Cambodia
  18. Cambodian Institute for Democracy  –  Cambodia
  19. Cambodia Journalists Alliance Association  –  Cambodia
  20. Casa de Cultura Digital de Porto Alegre – Brazil
  21. Centre for Democracy and Rule of Law – Ukraine
  22. Centre for Free Expression – Canada
  23. Centre for Multilateral Affairs – Uganda
  24. Center for Democracy & Technology – United States
  25. Center for Justice and International Law (CEJIL) – International
  26. Centro de Estudios en Libertad de Expresión y Acceso (CELE) – Argentina
  27. Civil Society Europe
  28. Coalition Direitos na Rede – Brazil
  29. Código Sur – Costa Rica
  30. Collaboration on International ICT Policy for East and Southern Africa (CIPESA) – Africa
  31. CyberHUB-AM – Armenia
  32. Data Privacy Brazil Research Association – Brazil
  33. Dataskydd – Sweden
  34. Derechos Digitales – Latin America
  35. Defending Rights & Dissent – United States
  36. Digital Citizens – Romania
  37. DigitalReach – Southeast Asia
  38. Digital Rights Watch – Australia
  39. Digital Security Lab – Ukraine
  40. Državljan D / Citizen D – Slovenia
  41. Electronic Frontier Foundation (EFF) – International
  42. Electronic Privacy Information Center (EPIC) – United States
  43. Elektronisk Forpost Norge – Norway
  44. Epicenter.works for digital rights – Austria
  45. European Center For Not-For-Profit Law (ECNL) Stichting – Europe
  46. European Civic Forum – Europe
  47. European Digital Rights (EDRi) – Europe
  48. ​​eQuality Project – Canada
  49. Fantsuam Foundation – Nigeria
  50. Free Speech Coalition  – United States
  51. Foundation for Media Alternatives (FMA) – Philippines
  52. Fundación Acceso – Central America
  53. Fundación Ciudadanía y Desarrollo de Ecuador
  54. Fundación CONSTRUIR – Bolivia
  55. Fundacion Datos Protegidos  – Chile
  56. Fundación EsLaRed de Venezuela
  57. Fundación Karisma – Colombia
  58. Fundación OpenlabEC – Ecuador
  59. Fundamedios – Ecuador
  60. Garoa Hacker Clube  –  Brazil
  61. Global Partners Digital – United Kingdom
  62. GreenNet – United Kingdom
  63. GreatFire – China
  64. Hiperderecho – Peru
  65. Homo Digitalis – Greece
  66. Human Rights in China – China
  67. Human Rights Defenders Network – Sierra Leone
  68. Human Rights Watch – International
  69. Igarapé Institute — Brazil
  70. IFEX – International
  71. Institute for Policy Research and Advocacy (ELSAM) – Indonesia
  72. The Influencer Platform – Ukraine
  73. INSM Network for Digital Rights – Iraq
  74. Internews Ukraine
  75. InternetNZ – New Zealand
  76. Instituto Beta: Internet & Democracia (IBIDEM) – Brazil
  77. Instituto Brasileiro de Defesa do Consumidor (IDEC) – Brazil
  78. Instituto Educadigital – Brazil
  79. Instituto Nupef – Brazil
  80. Instituto de Pesquisa em Direito e Tecnologia do Recife (IP.rec) – Brazil
  81. Instituto de Referência em Internet e Sociedade (IRIS) – Brazil
  82. Instituto Panameño de Derecho y Nuevas Tecnologías (IPANDETEC) – Panama
  83. Instituto para la Sociedad de la Información y la Cuarta Revolución Industrial – Peru
  84. International Commission of Jurists – International
  85. The International Federation for Human Rights (FIDH)
  86. IT-Pol – Denmark
  87. JCA-NET – Japan
  88. KICTANet – Kenya
  89. Korean Progressive Network Jinbonet – South Korea
  90. Laboratorio de Datos y Sociedad (Datysoc) – Uruguay
  91. Laboratório de Políticas Públicas e Internet (LAPIN) – Brazil
  92. Latin American Network of Surveillance, Technology and Society Studies (LAVITS)
  93. Lawyers Hub Africa
  94. Legal Initiatives for Vietnam
  95. Ligue des droits de l’Homme (LDH) – France
  96. Masaar – Technology and Law Community – Egypt
  97. Manushya Foundation – Thailand
  98. MINBYUN Lawyers for a Democratic Society – Korea
  99. Open Culture Foundation – Taiwan
  100. Open Media  – Canada
  101. Open Net Association – Korea
  102. OpenNet Africa – Uganda
  103. Panoptykon Foundation – Poland
  104. Paradigm Initiative – Nigeria
  105. Privacy International – International
  106. Radio Viva – Paraguay
  107. Red en Defensa de los Derechos Digitales (R3D) – Mexico
  108. Regional Center for Rights and Liberties  – Egypt
  109. Research ICT Africa
  110. Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC) – Canada
  111. Share Foundation – Serbia
  112. Social Media Exchange (SMEX) – Lebanon, Arab Region
  113. SocialTIC – Mexico
  114. Southeast Asia Freedom of Expression Network (SAFEnet) – Southeast Asia
  115. Supporters for the Health and Rights of Workers in the Semiconductor Industry (SHARPS) – South Korea
  116. Surveillance Technology Oversight Project (STOP)  – United States
  117. Tecnología, Investigación y Comunidad (TEDIC) – Paraguay
  118. Thai Netizen Network  – Thailand
  119. Unwanted Witness – Uganda
  120. Vrijschrift – Netherlands
  121. West African Human Rights Defenders Network – Togo
  122. World Movement for Democracy – International
  123. 7amleh – The Arab Center for the Advancement of Social Media  – Arab Region

Individual Experts and Academics

  1. Jacqueline Abreu, University of São Paulo
  2. Chan-Mo Chung, Professor, Inha University School of Law
  3. Danilo Doneda, Brazilian Institute of Public Law
  4. David Kaye, Clinical Professor of Law, UC Irvine School of Law, former UN Special Rapporteur on Freedom of Opinion and Expression (2014-2020)
  5. Wolfgang Kleinwächter, Professor Emeritus, University of Aarhus; Member, Global Commission on the Stability of Cyberspace
  6. Douwe KorffEmeritus Professor of International LawLondon Metropolitan University
  7. Fabiano Menke, Federal University of Rio Grande do Sul
  8. Kyung-Sin Park, Professor, Korea University School of Law
  9. Christopher Parsons, Senior Research Associate, Citizen Lab, Munk School of Global Affairs & Public Policy at the University of Toronto
  10. Marietje Schaake, Stanford Cyber Policy Center
  11. Valerie Steeves, J.D., Ph.D., Full Professor, Department of Criminology University of Ottawa

How the MTN Group Can Improve its Digital Human Rights Policy and Reporting

CIPESA Writer |

These proposals are made to the MTN Group in respect of its Digital Human Rights Policy. The proposals commend the positive elements of the Policy including the proclamation to respect the rights of users including in privacy, communication, access and sharing information in a free and responsible manner. The submission points to areas where the telecoms group can further improve its role in the protection of human rights.

The United Nations Guiding Principles on Business and Human Rights (UNGPs) enjoin corporate entities to act with due diligence to avoid infringements on human rights. They also provide ways through which adverse impacts on human rights can be addressed. It is therefore commendable that MTN developed a Digital Human Rights Policy and is open to commentary and suggestions for  strengthening its implementation. It is imperative that MTN takes proactive and consistent measures to comply with international human rights instruments such as the UNGPs, the leading global framework focused on business responsibility and accountability for human rights, which were unanimously endorsed by States at the United Nations in 2011.

Some of the Principles that MTN needs to pay close attention to include the following:

 Principle 11: Business enterprises should respect human rights. This means that they should avoid infringing on the human rights of others and should address adverse human rights impacts with which they are involved.

Principle 13: The responsibility to respect human rights requires that business enterprises (a) Avoid causing or contributing to adverse human rights impacts through their own activities, and address such impacts when they occur; (b) Seek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services by their business relationships, even if they have not contributed to those impacts.

Principle 15. In order to meet their responsibility to respect human rights, business enterprises should have in place policies and processes appropriate to their size and circumstances, including:

(a) A policy commitment to meet their responsibility to respect human rights;

(b) A human rights due diligence process to identify, prevent, mitigate and account for how they address their impacts on human rights;

(c) Processes to enable the remediation of any adverse human rights impacts they cause or to which they contribute.

Principle 23:  In all contexts, business enterprises should:

  1. Comply with all applicable laws and respect internationally recognised human rights, wherever they operate;
  2. Seek ways to honour the principles of internationally recognised human rights when faced with conflicting requirements;
  3. Treat the risk of causing or contributing to gross human rights abuses as a legal compliance issue wherever they operate.

Respect for digital rights is also stipulated in the Declaration of Principles on Freedom of Expression and Access to Information in Africa of 2019 which MTN needs to be cognisant of as part of efforts to ensure that it upholds respect for human rights.

CIPESA Proposals to the MTN Group
The MTN Group is a market leader in various service areas in several countries where it has operations. It is also a key employer and tax payer, and by facilitating the operations of other sectors,  MTN is a key contributor to the Gross Domestic Product (GDP) and to the health of the respective countries’ economies. It is crucial that the company develops and effects a robust Digital Human Rights Policy. Notably, MTN has trailed other operators, such as Orange, Millicom and Vodafone in rolling out a digital rights policy, and in transparency reporting.

While MTN last year issued its inaugural transparency report as part of its annual reporting, there are areas of concern for which we make the following recommendations:

  1. Provide more granular and disaggregated data about the number and nature of requests MTN receives from government agencies. At present, it is not clear how many of those requests relate to the release of users’ identifying data, how many were on metadata, and how many were on rendering support to communication monitoring and interception. Besides providing such a breakdown, MTN should also explain how many requests, if any, were not adhered to and why. Further, the report should indicate which particular government departments made the requests and whether all their requests were backed by a court order.
  2. Provide more nuanced information in reporting on the Digital Human Rights Policy to enable the contextualisation of country-specific explanations of government requests. In the last report, for instance, it is difficult to comprehend the information on government requests from Uganda. Given that Uganda is one of the countries where MTN has the largest number of subscribers, and given that country’s human rights record, the numbers are inexplicably few (12 in total) compared to Congo Brazzaville (1,600), eSwatini (3,661), Ghana (1,642), Guinea Conakry (6,480), Ivory Coast (4,215), Nigeria (4,751), Rwanda (602), South Africa (15,903), South Sudan (1,748), Sudan (5,105), and Zambia (8,294).
  3. In its transparency reporting on implementation of its Digital Human Rights Policy, MTN should reflect on the role of local laws and regulations in enabling or hampering the realisation of digital human rights. What elements are supportive and which ones are retrogressive? Which grey areas need clarification or call for repeal of laws?
  4. Include in the MTN transparency report a detailed and analytical section on network disruptions, as these are highly controversial and have wide-ranging economic, public service and human rights impacts yet they are becoming endemic in many of the countries where MTN operates. Further, MTN should include information on whether it received (or demanded – as we propose it should) written justifications from regulators (or government officials and bodies who issue shutdown orders) for the shutdown orders, including citation of the specific laws and provisions under which they are issued and the situation that warranted invoking the disruption. Additionally, the MTN Group should commit to scrutinise each demand, order or request and challenge them if they are not clear, specific, written, valid or do comply with national laws. It should also keep a written record of such demands, orders or requests.
  5. The MTN Policy and reporting should have a section and actions dedicated to inclusion of marginalised groups, a key area being enabling access and accessibility for persons with disabilities. Research conducted by CIPESA showed that, in countries where it operated, MTN had not taken any deliberate efforts to make its services more accessible to persons with disabilities. Beyond the additional section, MTN should appoint / designate Inclusion and Human Rights Ambassadors, and build the capacity of internal teams to facilitate engagement and compliance with digital accessibility obligations.
  6. MTN should take a proactive stance in making its Digital Human Rights Policy, including country-specific transparency information, well publicised among users, civil society and government officials in the respective countries. This will aid the growth of knowledge about MTN policies, inspire other companies to respect human rights, and draw feedback on how MTN can further improve its human rights policies and practices.
  7. MTN should develop relationships with, and have proactive and sustained engagements with civil society, consumer groups and governments on the implementation of its Digital Human Rights Policy. Such engagements should not only be post-mortem after-the-fact reviews of reports after their publication but should be continuous and feed into the annual reporting. This engagement should also include external experts and stakeholders in the conduct of regular human rights due diligence as envisaged by Principle 15 of the UNGPs. Such engagements could also relate to raising concern on the national laws, policies and measures which pose a risk to digital rights.
  8. As part of due diligence, MTN should periodically assess and examine the impact of its enforcement of its terms and service, policies and practices to ensure they do not pose risks to individual human rights, and the extent to which they comply with the UNGPs and are consistent with its Digital Human Rights Policy. Such assessments are essential to determining the right course of action when faced with government requests and other potential human rights harms.
  9. MTN should add to its Policy and make public its position on network disruptions and outline a clear policy and the procedures detailing how it handles information requests, interception assistance requests, and disruption orders from governments.
  10. Support initiatives that work to grow access, affordability, and secure use of digital technologies, and speak out about any licensing obligations and government practices that undermine digital rights.
  11. Join key platforms that collaboratively advance a free and open internet and respect for human rights in the telecommunications sector, such as the Global Network Initiative (GNI), endorse the GSMA Principles for Driving Digital Inclusion for Persons with Disabilities, and align with local actors on corporate accountability (such as the Uganda Consortium on Corporate Accountability).
  12. MTN should at a minimum, provide simple and clear terms of service, promptly notify users of decisions made affecting them, and provide accessible redress mechanisms and effective remedies.
  13. MTN should institutionalise its commitment to digital rights by putting in place a governance structure at the country level with oversight at a senior level, train its employees on the policy, and create awareness among its customers to ensure the realisation of the policy.

CIPESA stands ready to continue to engage with MTN on ways to improve and effect its Digital Human Rights Policy. We can be contacted at [email protected].