Building Digital Literacy and Security Capacity of Women Refugees in Uganda

By Ashnah Kalemera |
Statistics on the prevalence of cyber harassment of women in Africa remain scanty. Where some reports of cyber harassment of women in the region are available, the extent to which it affects women in marginalised communities is also not well known. Indeed, the growing proliferation of technology is reported to be facilitating online harassment of women by enabling the anonymity of the perpetrators who could be located anywhere and without physical contact with the victim. In many instances, cases of cyber harassment go unreported and victims have limited legal recourse or resources to  seek justice.
Figures show that in Europe, one in 10 women have been victims of cyber harassment, including having received unwanted, offensive sexually explicit emails or SMS messages, or unwarranted inappropriate advances on social networking sites. While contexts differ, it is possible that women in Africa who use digital communications technologies face similar or greater levels of harassment, given the low levels of digital literacy and poor mechanisms to fight online violence against women.
Interviews conducted in August 2019 with 35 women refugees from the Democratic Republic of Congo, Eritrea, South Sudan and Sudan, who are living in Uganda, showed that three in four of the respondents had experienced some form of cyber harassment including abuse, stalking, unwarranted sexual advances and hacking of social media accounts. The perpetrators included anonymous individuals, security agents in their home countries, known friends and ex-partners. 
The interviews were carried out as part of the digital literacy and security training for refugee rights defenders. Hosted in Kampala, Uganda by Access for All, the two days training engaged 80 participants and also covered aspects of digital activism and women’s participation in the information society. 
“Due to the rampant online harassment of women in Uganda, we believe that such a project would considerably benefit our members, for whom digital literacy and creative approaches to digital activism are vital in their everyday work and long-term development,” said Asan Juma, the Executive Director of Access for All. 
These online affronts against women refugees in Uganda run in parallel to gender-based violence in refugee camps, at border crossings and resettlement communities. According to the United Nations University (UNU), women refugees are often under threat of physical and sexual violence not only at the hands of fellow refugees and human traffickers but also national immigration administration, security forces and humanitarian staff. In these situations, UNU reports that access to justice and reparation for women refugees is limited.
Indeed, only a quarter of the refugee women interviewed who had experienced cyber harassment went on to report the cases to authorities. Among the reasons put forward for not reporting  was “unawareness of the existing laws that prohibit online harassment” and “distrust of the police.” The mistrust of law enforcement authorities stemmed from self consciousness over their nationality or refugee status, previous bad experiences with authorities in home countries and the perception that “police case handling is often in favour of nationals rather than refugees”. 
Those who did not report the cases of cyber harassment to law enforcement officials coped through support from friends or counselling. A few others stated that they “ignored” the incidents. In one instance where the harassment was perpetrated by a friend, the respondent indicated that rather than reporting the incident to the police, they “talked to the person and settled the matter.”
Other measures taken included blocking the perpetrators on social media platforms or reporting them to platform administrators for violation of user policies. One respondent confirmed that the account of the perpetrator was taken down by platform administrators following an abuse report. 
Beyond online harassment, other digital threats that the participants reported to have experienced included fraud, identity theft online, loss of devices, viruses and malware on their devices. Whereas the engagement provided digital safety skills and knowledge, physical security threats also remain a challenge. Beneficiaries called for more coordinated digital rights advocacy efforts focused on the needs and challenges of refugee communities, targeting both the refugees as beneficiaries but also key stakeholders in the realisation of these rights.  
Access For All was founded in South Sudan in 2016 with an aim to promote the rights of sexual minorities. In the same year, the organisation was shut down by the government. The founders fled South Sudan and sought asylum in Uganda, where they worked on health rights and dignity of urban refugee sexual minorities. 
As part of its work in Uganda, Access for All recognised that urban refugees faced heightened gender-based violence risks due to unmet multiple and complex social, economic and medical needs as well as intersecting oppressions based on race, ethnicity, nationality, language, sexual orientation and gender identity. Moreover, humanitarian programmes were found to focus less on serving refugees in urban areas and even less so on sexual minority refugees.
With a grant from the Africa Digital Rights Fund (ADRF) that is managed by CIPESA, Access for All was among the inaugural grantees in 2019 and carried out the bi-lingual (English and Arabic) interviews and training workshop, which  explored prevailing digital security/protection concerns among urban refugees in Uganda and mechanisms to address them.

Africa in the Crosshairs of New Disinformation and Surveillance Schemes That Undermine Democracy

By Daniel Mwesigwa |

A range of spyware vendors including Italian Hacking Team, the Anglo-German Gamma Group, and Israeli’s NSO Group, have found a ready market in authoritarian and repressive governments in Africa and elsewhere. Similarly, systematic propaganda campaigns designed by meddlesome actors – including government agents and ambitious data analytics companies such as Cambridge Analytica working on behalf of state and non-state actors – are becoming conspicuous in Africa, especially during electoral periods. 

The tools and tactics of these operators, who are mostly non-African, are increasingly undermining democracy and respect for human rights in Africa, as they enable mass surveillance and disinformation that manipulates and undermines political discourse. 

For example, Chinese tech giant Huawei and its technicians were implicated in an August 15, 2019 exposé by The Wall Street Journal that detailed how the company’s staff had helped the Uganda Police to hack into the encrypted communications of an opposition figure. As a result, the security officers were able to thwart the opposition leader’s mobilisation plans. The article also stated that technicians from Huawei had helped Zambian authorities to access the phones and social media pages of a group of opposition bloggers who were tracked and arrested. 

Through security vulnerabilities, spyware tools and products give governments, notably intelligence and law enforcement authorities, super powers to surveil using covert intrusion systems across major mobile platforms and operating systems. In 2016, the Citizen Lab, an interdisciplinary lab working at the intersection of global affairs and technology at the University of Toronto, uncovered Pegasus – a sophisticated malware developed by the NSO Group that is injected into a target’s phone via text or WhatsApp, a popular messaging tool in Africa. The Citizen Lab has since identified Pegasus operations in over 45 countries including Algeria, Egypt, Ivory Coast, Kenya, Morocco, Rwanda, South Africa, Togo, Uganda, and Zambia. But NSO has reportedly bragged time and again how it can penetrate various operating systems and applications irrespective of the security patches.

According to the 2019 State of Internet Freedom in Africa Report, the “surveillance state” in Africa gained notoriety at the turn of the decade, after the infamous Arab Spring that swept across North Africa in 2011, allegedly amplified by dissident voices on social media. The report documents how repressive states such as Tanzania, Uganda, Ethiopia, Botswana, and Rwanda have since boosted their surveillance capabilities through procurement of advanced spyware. In 2015, it was revealed that Uganda and Tanzania had procured Hacking Team’s premium Remote Control System (RCS) for intrusion into systems across major mobile platforms and operating systems. 

More recently, the Financial Times reported that Rwanda paid up to USD 10 million to the NSO Group to spy on government critics and dissidents through WhatsApp – an allegation Rwanda president Paul Kagame denied in a presidential press briefing held on November 8, 2019, only acknowledging that they spy on “our enemies” using “human intelligence”. He added, “I wouldn’t spend my money over a nobody [Rwandan exiles] yet we have sectors like education to spend such money”. 

But Kagame’s denial is to be taken with a pinch of salt. In 2016, a Rwandan court sentenced a popular singer, Kizito Mihigo, to 10 years in prison on allegations of conspiracy to overthrow the government, based on hacked private WhatsApp and Skype messages exchanged with alleged dissidents in exile. 

The alleged Rwanda cases appear to be linked to others of NSO infiltrating the WhatsApp accounts of journalists, human rights activists, political dissidents, prominent female leaders, and other members of civil society in up to 20 countries, which prompted Facebook (the owners of WhatsApp) to sue NSO in October 2019. The lawsuit brought by Facebook in the U.S Federal Court accuses the spyware maker of hacking into the WhatsApp accounts of 1,400 users worldwide. While there are scanty details on the exact identities of the affected, it is reported that 174 are lawyers, journalists, human rights defenders and religious leaders.

According to the Financial Times, those targeted in Rwanda, six of whom it interviewed and they confirmed being alerted by WhatsApp about the possible NSO-enabled surveillance of their communications. These included a journalist living in exile in Uganda, who had petitioned the Uganda government “to help protect Rwandans in the country from assassination”; South Africa and UK-based senior members of the Rwanda National Congress (RNC), an opposition group in exile; an army officer who fled Rwanda  in 2008 and testified against members of the Rwandan government in a French court in 2017; and a Belgium-based member of the FDU-Inkingi opposition party.

Meanwhile, some foreign powers are purportedly testing, as New York Times recently reported, “New Disinformation Tactics in Africa to Expand Influence”. The report detailed how the Wagner Group founded by businessman Yevgeny Prigozhin, who allegedly has close ties to the Russian government, has over the last couple of years been running aggressive disinformation campaigns on Facebook. 

It is reported that Prigozhin’s campaign used locally-opened Facebook accounts to disguise behaviour and also used sham news networks that regularly reposted articles from Russia’s state-owned Sputnik news organisation to promote Russian policies while undermining US and French policies in Africa. On October 31, 2019, Facebook reportedly removed these accounts that were influencing operations “in the domestic politics” of eight African countries – Cameroon, the Central African Republic, Congo Brazzaville, Ivory Coast, Madagascar, Mozambique, and Sudan.

Earlier in 2019, Facebook reportedly shut down a separate “fake news” operation targeting elections in African countries such as Nigeria, Senegal, Togo, Niger, Angola, and Tunisia, propagated by “inauthentic” accounts on Facebook and Instagram run by Israeli commercial firm, Archimedes Group.  Between 2013 to 2017, governments such as Kenya and Nigeria reportedly hired Cambridge Analytica to manipulate their electorate in a bid to win presidential elections for the incumbents.

Besides the disinformation campaigns linked to Russian actors, and the Israel-made spyware, there are also facial recognition surveillance programmes such as the Huawei’s “Smart Cities”, which has been deployed in 12 African countries. This phenomenon is referred to by some as an export of digital authoritarianism. 

It is now evident that governments and non-state actors face an uphill task of combatting the governance challenges caused by this phenomenon. Accordingly, governments, with the help of tech platforms, need to understand what legislation and policies, including oversight and enforcement mechanisms, are necessary to strengthen the protection of democracy and human rights in the rapidly changing digital world.

Kenya, Tanzania and Uganda Must Do More to Improve Access to ICT for Persons with Disabilities

By Paul Kimumwe |

On the occasion of the International Day of Persons with Disabilities (IDPD) 2019, the Collaboration of International ICT Policy for East and Southern Africa (CIPESA) is calling upon governments and communication services providers in East Africa to take decisive steps to enable meaningful usage of Information and Communication Technologies (ICT) for persons with disabilities.

In a new policy brief, CIPESA highlights Kenya, Tanzania, and Uganda’s obligations on enabling digital accessibility for persons with disabilities and challenges the three countries to live up to their commitments, as contained in national laws and policies, as well as international instruments they are party to.

Although recent advances have made an ever-greater number of people use ICT for a growing range of tasks, persons with disabilities in East Africa still find it hard to access and use digital technologies and thus continue to miss out on the benefits that the technologies bring.

While Kenya, Tanzania, and Uganda have enacted various laws and policies to advance the rights of persons with disabilities, including those on access to and use of ICT, these have largely remained on paper with key provisions not being implemented. As a result, a large section of persons with disabilities continue to face digital exclusion.

The situation is exacerbated by the high cost of assistive technologies, low literacy levels among persons with disabilities, and lack of investments in supportive infrastructure by public and private entities.

According to national census data, the percentage of persons with disabilities in Tanzania is 8% of the total population, 3.5% in Kenya, and 14% in Uganda. However, the lack of comprehensive disaggregated data, including the specific challenges that persons with different types of disabilities face in accessing information and using ICT, also undermines the design and implementation of interventions that would improve their access.

The provision of accessible information to persons with disabilities is essential to enable them to exercise their fundamental freedoms and human rights. In this regard, one of the pillars of the 2030 Agenda for Sustainable Development and Sustainable Development Goals (SDGs), is the pledge to leave no one behind, including in the use of ICT.

Besides endorsing the SDGs, Kenya, Tanzania, and Uganda have ratified the United Nations Convention on the Rights of Persons with Disabilities (CRPD), the first international human rights treaty requiring that ICT tools and systems should be accessible as a necessary condition for persons with disabilities to fully enjoy their fundamental rights without discrimination.

Yet, while these governments are increasingly offering e-services, and in some instances have developed guidelines for managing government websites that set out requirements for accessibility for audio, visual and speech-impaired users, as well as compatibility with assistive technologies and devices, these guidelines remain unimplemented and unenforced. Moreover, in the three countries, majority of people that need assistive technologies lack them, because of prohibitive cost and low awareness of such technologies and their functionalities.

The CIPESA brief notes that the countries have sufficient laws and policies, but the weakest link is the lack of their implementation and enforcement. For example, Tanzania’s National ICT Policy 2003 calls for provision of special attention to providing new learning and ICT access opportunities for disadvantaged groups, including persons with disabilities, in order to address social inequities. Kenya’s National ICT Policy of 2016 outlines, under article 13, strategies for “an accessible ICT environment in the country in order to enable persons with disabilities to take full advantage of ICTs.”

In Uganda, Section 21 of the Persons with Disability Act mandates the government to develop and use sign language, tactile, and sign language interpreters in all public institutions and at public functions; and to braille public information such as government documents and government newspapers. It also obligates television stations to provide sign language inset or subtitles.

Many of the challenges faced by persons with disabilities in accessing information can be mitigated through equitable access to ICT, meaningful implementation of the laws, and innovative investments in technologies that support inclusion of persons with disabilities.

Accordingly, CIPESA is calling upon governments to take decisive steps in this direction, for instance:

  • Promote access to affordable assistive devices and technologies beyond tax exemptions and relying on donations.
  • Ensure that all e-government, e-services and emergency services comply with international web accessibility standards and are accessible for persons with disabilities.
  • Ensure that communication service providers have accessible handsets and other mobile devices embedded with accessibility features for persons with different kinds of disabilities within their sales outlets.
  • Ensure that licensed television service providers deliver accessible services such as audio description, audio subtitles, closed captions and signage language interpretation in their programmes to ensure access for persons with disabilities.

Find the brief on Removing Barriers to ICT Accessibility for Persons with Disabilities in Kenya, Tanzania and Uganda here.

New Law Holds Promise for Improved Data Governance in Kenya

By CIPESA Writer |

Following a seven-year, windy journey, on November 8, 2019, Kenya got a data protection law. The Data Protection Act, 2019 has various positive elements and can go a long way in addressing the live issues in protecting the privacy of data in Kenya.

The law came at a time of widespread concern about privacy in the country, including the fragmented oversight over privacy and data protection; increased mass data collection programmes by the government; enhanced state surveillance capacity; rampant privacy breaches including by business entities; limited dispute resolution mechanisms and the deficiency of remedies in case of breach of privacy.

The new law provides a comprehensive framework to regulate the processing of personal data and the protection of individuals’ privacy. It consolidates the law on privacy in the country and articulates several principles of personal data protection, as the minimum standard which all data controllers or processors must abide by.

Further, the Act provides for autonomy of the data subject over their data. It defines what constitutes consent, and makes the requirement of consent mandatory. This potentially addresses situations where personal data is collected arbitrarily and without the explicit consent of users. The law also prohibits the use of personal data for commercial purposes without the consent of the data subject. It places the burden of proof for establishing a data subject’s consent on the data controller or processor, while allowing the subject to withdraw consent at any time.

Also key is that the Data Protection Act, 2019 amends other legislation that have an impact on privacy, meaning that institutions responsible for handling the registration of individuals at birth and death, issuance of national identity cards and passports, Huduma Namba registration, registration of students at all levels, and the registration of telecommunication services consumers, will need to review their current policies, practices and procedures to ensure compliance with the principles in the Act.

The law establishes an independent office of the Data Protection Commissioner. Hitherto, the lack of an oversight body and the fragmented oversight over privacy in the country meant that every institution collecting personal data “owned” and used such data as they wished.

However, whereas the Act hold much promise for improved personal data governance in Kenya, state agencies, including the communications regulator, as well private actors and civil society all have a role to play in its implementation.

This brief recounts Kenya’s journey and efforts to develop a data protection law. It also provides an overview of the implication of the new law to the protection of privacy and data rights in the East African country.

Call for Applications: Round Two of the Africa Digital Rights Fund (ADRF)

Call for Applications |
The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is pleased to invite applications for round two of the Africa Digital Rights Fund (ADRF).
Launched in April 2019, the ADRF responds to rising digital rights violations such as arrests and intimidation of internet users, network shutdowns, and a proliferation of laws and regulations that hamper internet access and affordability. It offers flexible and rapid response grants to select initiatives in Africa to implement activities that advance digital rights and the potential of technology to uphold human rights, advance democratic governance or drive innovation.
In the inaugural round of ADRF, initiatives with activities spanning 16 African countries received a total of USD 65,000.
In round two, the ADRF seeks to support initiatives in various thematic areas, including but not limited to the following:

  • Access and affordability
  • Access to Information
  • Cybercrime
  • Data protection and privacy
  • Digital economy
  • Digital Identity (ID)
  • Digital security
  • Diversity and inclusion
  • eGovernance
  • Freedom of expression
  • Hate speech
  • Innovation for democratic participation, transparency and accountability (civic and social tech)
  • Misinformation/Disinformation
  • Network disruptions
  • Strategic litigation
  • Surveillance

Grant amounts range between USD 1,000 and USD 20,000, depending on the need and scope of the proposed intervention. The ADRF strongly encourages cost-sharing. The grant period will not exceed 10 months. It is anticipated that around 15 grants will be awarded in this round.
Together with the inaugural winners, round two grantees will be eligible for technical and institutional capacity building, including on data literacy and advocacy skills through the Data4Change initiative. As such, applicants are encouraged to identify existing data sets or indicate willingness to collect and collate data as may be relevant to the proposed initiatives.
The deadline for submissions is Friday December 6, 2019. Read more about the Fund and round two guidelines here.  The application form can be accessed here.