Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: News

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  News
12Jun

Le Forum sur la liberté d’Internet en Afrique (FIFAfrica) 2022 se tiendra à Lusaka, en Zambie

Author Evelyn Lirri Posted on

Annonce |

La Collaboration sur les Politiques Internationales des TIC pour l’Afrique orientale et australe (CIPESA) est heureuse d’annoncer le retour en présentiel de la neuvième édition du Forum annuel sur la liberté d’Internet en Afrique (FIFAfrica22). L’événement historique, qui réunit un éventail de parties prenantes de tous les domaines de la gouvernance de l’internet et des droits numériques en Afrique et au-delà, aura lieu à Lusaka, en Zambie, du 26 au 29 septembre 2022.

Ce sera la première fois depuis 2019 que FIFAfrica se tiendra physiquement. Sous l’ombre de la COVID-19, les éditions 2020 et 2021 de FIFAfrica ont adopté une approche hybride. Le retour en présentiel est une réponse au succès mondial dans le contrôle de la propagation du coronavirus et à la levée des restrictions qui en résulte par divers pays.

En outre, le retour en présentiel est une reconnaissance des défis techniques inhérents aux approches virtuelles et hybrides, et de leur incapacité commune à offrir un niveau équivalent de mise en réseau, d’engagement avec des acteurs clés tels que les décideurs politiques et une plate-forme d’engagement pour le renforcement des capacités et les interactions physiques. Les précédentes éditions physiques de FIFAfrica ont eu lieu à Kampala, en Ouganda ; Johannesbourg, Afrique du Sud ; Accra, Ghana ; et Addis-Abeba, Éthiopie.

L’accueil du premier FIFAfrica en personne à la suite de COVID-19 en Zambie est une reconnaissance du rôle central du pays dans la décolonisation et la démocratisation de l’Afrique, ainsi que de ses efforts pour faire avancer la transformation numérique pour le développement durable. La Zambie a longtemps été un bastion de stabilité caractérisé par des élections régulières et un transfert pacifique du pouvoir. De plus, le pays a toujours été un courtier de la paix sur le continent et un hôte de mouvements anticoloniaux. Le premier président de la Zambie, Kenneth Kaunda, était un membre fondateur du Mulungushi Club, une formation d’États africains nouvellement indépendants pour instiguer la libération totale du continent. Le club était une pierre angulaire de l’intégration régionale.

En 2021, la Zambie comptait environ 20 millions d’abonnés au téléphone mobile et 10 millions d’abonnés à Internet mobile, ce qui représente des taux de pénétration de 110% et 50% respectivement. Le gouvernement, par l’intermédiaire de l’Autorité zambienne des technologies de l’information et de la communication (ZICTA), entreprend diverses initiatives pour stimuler l’accès à Internet et son utilisation abordable dans divers secteurs. La Zambie a une loi sur la protection des données et la vie privée et, en mai 2022, fait partie des 13 pays à avoir ratifié la Convention de l’Union africaine sur la cybersécurité et la protection des données à caractère personnel.

Bien qu’elle ait connu une certaine régression ces dernières années, la Zambie occupe toujours un rang élevé en matière de liberté et de gouvernance par rapport à la plupart des pays de la région. Par exemple, sur l’indice de la démocratie, la Zambie est classée comme un régime hybride (seuls sept pays africains sont mieux classés comme démocraties complètes ou imparfaites, tandis que 23 pays sont classés comme autoritaires). Dans les indices « Liberté dans le Monde » (Freedom in the World) et « Liberté sur Internet » (Freedom on the Net), il est classé comme partiellement libre, alors qu’un grand nombre de pays africains sont classés comme non libres.

Le gouvernement précédent a restreint l’accès à certains médias en ligne, arrêté des journalistes et des dirigeants de l’opposition pour leurs publications sur les réseaux sociaux, principalement sur des allégations de diffamation contre l’ancien président Edgar Lungu, et aurait mené une surveillance de masse. Lors des élections de 2021 qui ont chassé le président Lungu du pouvoir, la Zambie a rejoint la ligue des pays qui ont initié des perturbations du réseau. Le nouveau gouvernement zambien qui a remporté les élections d’août 2021 a mis un terme à la tendance régressive du président Lungu, mais le nouveau président réformiste a lui-même rencontré quelques difficultés.

Au moment où le continent connaît une inquiétante régression de la démocratie, la Zambie se place ainsi en posture avantageuse pour faire le point sur l’état des droits et de la démocratie numériques et construire une solidarité et des partenariats entre les principales parties prenantes afin de faire progresser les droits de l’homme en ligne, en particulier les droits à l’accès à l’information, à la vie privée et à la liberté d’expression sur le continent.

Pendant quatre jours, l’agenda de FIFAfrica22 proposera des panels, des ateliers, des expositions et des présentations. Toutes les interactions maintiendront et respecteront les procédures opérationnelles standard (POS) COVID-19 nationales.

L’inscription et l’appel à propositions de session ouvriront plus tard ce mois-ci. Pour les dernières nouvelles sur le Forum, suivez @cipesaug. Les hashtags de l’événement sont #FIFAfrica22 et #InternetFreedomAfrica.

01Jun

Forum on Internet Freedom in Africa (FIFAfrica) 2022 set to take place in Lusaka, Zambia

Author Evelyn Lirri Posted on

Announcement |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is pleased to announce the return to a physical event of the ninth edition of the annual Forum on Internet Freedom in Africa (FIFAfrica22). The landmark event, which convenes a spectrum of stakeholders from across the internet governance and digital rights arenas in Africa and beyond, will take place in Lusaka, Zambia, from September 26-29, 2022.

This will be the first time since 2019  that FIFAfrica is held physically. In the shadow of COVID-19, the 2020 and 2021 editions of FIFAfrica took on a hybrid approach. The return to a physical event is a response to the global success in controlling the spread of the coronavirus and the resultant lifting of restrictions by various countries.

Furthermore, returning to the physical mode is in recognition of the technical challenges inherent in virtual and hybrid approaches, and their common failure to offer an equivalent level of networking, engagement with key actors such as policymakers, and a platform for engaged capacity building, to physical interactions. Previous physical editions of FIFAfrica were hosted in Kampala, Uganda; Johannesburg, South Africa; Accra, Ghana; and Addis Ababa, Ethiopia.

Hosting the first in-person FIFAfrica in the aftermath of COVID-19 in Zambia is in recognition of the country’s pivotal role in Africa’s decolonisation and democratisation, as well as its efforts to advance digital transformation for sustainable development. Zambia has for long been a bastion of stability characterised by regular elections and peaceful transfer of power. Further, the country has traditionally been a peace broker on the continent and host of anti-colonial movements. Zambia’s first president, Kenneth Kaunda, was a founding member of the Mulungushi Club, a formation of newly-independent African states to push for the total liberation of the continent. The club was a strong building block for regional integration.

As of 2021, there were an estimated 20 million mobile subscriptions and 10 million mobile internet subscriptions in Zambia, representing penetration rates of 110% and 50% respectively. The government through the Zambia Information and Communication Technology Authority (ZICTA), is undertaking various initiatives to boost internet access and affordable usage in various sectors. Zambia has a data protection and privacy law and as of May 2022, is among the 13 countries to have ratified the African Union Convention on Cyber Security and Personal Data Protection.

Though recent years have seen some regression, Zambia still ranks highly on freedom and governance relative to most regional countries. For instance, on the Democracy Index, Zambia is ranked as a hybrid regime (only seven African countries are ranked better as full or flawed democracies, while 23 countries are categorised as authoritarian). On Freedom in the World and Freedom on the Net indices, it is categorised as partly free, whereas a large number of African countries are categorised as not free.

The previous government restricted access to some online media, arrested some journalists and opposition leaders over their posts on social media, mostly on allegations of defaming former President Edgar Lungu, and reportedly conducted mass surveillance. During the 2021 elections that ejected President Lungu from power, Zambia joined the league of countries that initiated network disruptions. Zambia’s new government, which won elections in August 2021, put a break to the regressive streak under President Lungu, yet the new reformist president has himself hit a few hitches.

At a time when the continent is experiencing a worrying regression in democracy, Zambia thus presents a vantage point to take stock of the state of digital rights and digital democracy and to build solidarity and partnerships among key stakeholders so as to advance human rights online, especially the rights to access to information, privacy and freedom of expression on the continent.

Over the course of four days, the FIFAfrica22 agenda will feature panels, workshops, exhibitions, and presentations. All interactions will maintain and observe national COVID-19 Standard Operating Procedures (SOPs).

Registration and call for session proposals will open later this month. For the latest on the Forum, follow @cipesaug. The event hashtags are #FIFAfrica22 and #InternetFreedomAfrica.

22Apr

Advancing Internet Freedom in Africa Through the Universal Periodic Review: Lessons and Gaps

Author CIPESA Posted on

By CIPESA Staff Writer |

Since its establishment in 2006, the Universal Periodic Review (UPR) has provided a unique process for reviewing the human rights records of all United Nations (UN) Member States. Over the years, however, there has been limited participation by African civil society in the review process. In particular, there is limited work by African actors to promote internet freedom through this process.

Accordingly, since 2018, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), Small Media Foundation and a coalition of regional partners have been working to support civil society organisations across Africa to engage with the UPR process through capacity development in research and advocacy. The project has made up to 16 UPR submissions on digital rights in Africa with a focus on the Democratic Republic of Congo, Ethiopia, the Gambia, Kenya, Liberia, Malawi, Mozambique, Namibia, Nigeria, Rwanda, Senegal, Sierra Leone, South Sudan, Tanzania, Uganda and Zimbabwe

To further concretise CIPESA and Small Media’s efforts, a survey was commissioned to gauge the awareness, engagement and existing capacities of stakeholders in relation to the UPR process and their development needs with regard to UPR advocacy, campaigning, and research. Conducted between July 2019 and December 2021, the survey recorded a total of 134 respondents from all 16 countries on which CIPESA, Small Media and partners made UPR submissions focused on digital rights. The respondents included activists, academics, diplomats, lawyers, journalists, government officials, development actors, and civil society organisations. 

The survey found that there is limited participation by African civil society in the UPR process despite the review process providing a framework within which activists and human rights defenders can lobby and hold governments to account to promote internet freedom. The number of internet freedom-related submissions on Africa is still small though growing, which is a reflection of the low number of actors conducting internet freedom work and participating in UPR reviews. 

While there is a relatively high level of awareness of the existence of the UPR process, partly the result of training efforts by various organisations in recent years, the level of knowledge about the process is limited. Similarly, the level of participation in the review is moderate, with only 27% having taken part in national consultations and one in four having participated in submission of stakeholder reports. It is also noteworthy that even for those processes that many respondents had participated in, such as stakeholder submissions, those efforts were often led by entities based outside the continent. Only one third of respondents had ever received UPR-related capacity development.

The survey findings indicate the need for skills and knowledge development in UPR engagement including advocacy and follow-up on recommendations; making stakeholder submissions; and participating in national consultations and review sessions. Further, it is crucial to capacite legacy human rights organisations to embrace digital rights work. Other skills development needs identified included data collection; analysis and report writing to feed into submissions; stakeholder engagement; and diplomacy and international negotiations. 

Specifically on digital rights, skills building in understanding the legal and regulatory environment for the digital sector at national, regional and global levels, as well as coalition building strategies, and communications for advocacy, were identified. Other skills needed included digital security for human rights  defenders; knowledge of the full range of the UN Human Rights Mechanisms; and crafting human rights policy recommendations.

In line with the capacity gaps identified by the survey, CIPESA and Small Media convened CSOs, activists and human rights defenders from the 16 countries for a three days workshop on UPR advocacy and coalition building for digital rights. The workshop, which was held in Kampala, Uganda on March 20-22, 2022, featured sessions on local engagement and mobilisation, international and regional legal frameworks, researching digital rights and identifying policy issues, campaign and advocacy planning and impact communications, among others.  

Speaking at the opening of the workshop, CIPESA’s Programme Manager Ashnah Kalemera stated that the training sought to capacitate organisations to more effectively leverage the UPR for advancing digital rights. “Increasing African-based organisations’ participation in the UPR, national level uptake and follow up on recommendations by governments requires growing skills and engendering collaboration among stakeholders,” said Kalemera.

The workshop builds on CIPESA’s multi-country efforts in building skills and knowledge in collaborative internet policy research, research methods, communicating research, and data-driven advocacy, among others, towards a free, open and secure internet in Africa.

See the Internet Freedom and UPR in Africa Survey report here.

21Apr

Togo: Fumbling With a Digital ID While Actively Surveilling Citizens

Author CIPESA Posted on

By Afi Edoh |

For four years Togo has been inching towards issuing a digital identity (ID) card. While there are indications that 2022 may be the year in which the west African country finally delivers the long-awaited digital ID, the road ahead remains uncertain. Challenges lie both in bureaucratic delays and citizens’ caginess about handing their data to a government with a penchant for surveilling citizens and shutting down digital communications.

The Togolese government announced the e-ID Togo project in 2018, but it was not until mid 2021 that the Ministry of the Digital Economy and Digital Transformation initiated efforts to recruit a communications consultant to devise an awareness campaign to precede the registration stage and a technology solutions service provider. The International Institute of Information Technology Bangalore was awarded the system contract in December 2021.

According to the government, the e-ID project will simplify the process of updating the electoral register, facilitate access to public services and to credit, reduce fraud in the financial sector, and facilitate the targeting of social protection beneficiaries. Only 25% of the country’s population of eight million has a form of identification, with women less likely to have an identification document, which hinders their ability to open bank accounts, enrol children in school, benefit from health insurance, or get a mobile phone number. In recognition of the gaps in civil registration among citizens, the government set out to enrol citizens for e-ID even without proof of birth registration.

Togo passed Law No. 2019-014 relating to the protection of personal data in October 2019. In 2020, parliament passed Law No. 2020-009 relating to the biometric identification of natural persons, whose objective is to establish a system for identification and authentication of natural persons. The law aims to establish a “secure and reliable methodology” for obtaining, maintaining, storing and updating data on the identity of registered individuals. The law requires all citizens and residents in Togo to obtain a Unique Identification Number (NIU) by submitting their demographic and biometric data (Article 4). The biometric data specified for purposes of obtaining a NIU are photograph and / or facial recognition, fingerprints, and iris scan. The National Identification Agency (ANID) is mandated to collect biometric data for the NIU.

SIM Card Registration
In July 2021, a SIM card registration and limitation of subscriptions per individual and network campaign was launched by the telecommunications regulatory authority ARCEP, supported by leading telecom operators Moov Africa Togo and TogoCom. The SIM registration requirements include a national identity card or passport and collection of biometric and demographic data. 

But this extensive collection of individuals’ personal data raises concerns for the safety of such data. These concerns are not unfounded and they partly arise from the state’s record on respect for digital rights, which have seen it order network disruptions and use malware to target opponents and dissidents.

State Surveillance
In 2020, lingering suspicions that the Togolese government was undertaking interceptions of communications gained credence when the Citizen Lab revealed that Israeli-made spyware Pegasus, supplied by the NSO Group, was used between April and May 2019 to target Togolese civil society, including a Catholic bishop and a priest, as well as two members of Togo’s political opposition. The surveillance reportedly coincided with nationwide pro-reform protests that were forcibly dispersed. The Togolese government did not respond to the allegations, which nonetheless sparked debate within Togolese media and civil society.

Further, in October 2021, Amnesty International research found that Togolese activists had been targeted with spyware by the Donot Team hacker group based in India – the  first time that Donot Team spyware was found in use outside of South Asia. According to the report, the activists’ devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 presidential election.

Network Disruptions

During the February 2020 elections, authorities disrupted access to messaging services (WhatsApp, Facebook Messenger, and Telegram). Later that year, the Economic Community of West African States (ECOWAS) Court of Justice ruled that the 2017 internet shutdown in Togo was illegal and an affront on the right of freedom to expression. 

According to Access Now, the court ordered the government of Togo to pay two million francs (USD 3,459) to the plaintiffs as compensation, and to take all the necessary measures to guarantee the implementation of safeguards with respect to the right to freedom of expression of the Togolese people.

Privacy and Data Protection

Togo’s laws provide safeguards against unlawful surveillance and unauthorised access to data whilst also granting authorities sweeping powers to violate privacy. Law No. 2012-018 on electronic communications provides for privacy of communications but article 92 empowers the Prime Minister, and the Ministers responsible for the economy and finance, defence, justice, and security and civil protection, to trigger the interception of communications and electronic content.

The biometrics identification law requires the National Identification Agency to encode and encrypt data on its registry and only allows access to authorised agents (article 10, 21 & 22). Violation of the obligation of non-disclosure of personal data, identity theft and unauthorised processing of personal data are punishable with fines ranging from one million to 10 million Central African Francs (USD 1,747 to 17,472), imprisonment between one and five years, or both.   

Article 94 of Togo’s 2012 electronic communication law obliges encryption service providers to comply with lawful interception orders, with refusal to provide secret decryption codes to government agencies punishable with a fine of between USD 3,544 and USD 14,178. Cryptology services providers are required to retain for one year, content and data allowing the identification of anyone who has used their services, and to provide the technical means that enable the identification of those users. The service providers are required to avail this data, on request, to the investigating judge, Prime Minister, Minister for the Economy and Finance, the Minister of Defence, the Minister  of Justice, and the Minister of Security. The multiple officials who access data – similar to the various officials that can trigger the interception of communications – offers wide latitude for abuse of citizens’ data privacy rights.

Digital Exclusion
In the wake of Covid-19, Togo initiated a relief programme for vulnerable citizens whose livelihoods were affected by the state of emergency. As at March 2021, the programme, known as NOVISSI, had disbursed a total of 13.3 billion francs (USD 22 million) to 819,972 citizens via mobile money.

However, the programme was criticised for requiring applicants to possess a voter’s ID card. During the last electoral census, opposition parties called on the population to boycott the exercise, which meant that some citizens had not renewed their voter ID cards. There were also cases of unscrupulous individuals utilising the voter’s ID details of other citizens to fraudulently benefit from the programme. As a result, the government temporarily halted the program to allow for physical verification of beneficiaries at dedicated centres.

Way forward

Whereas the various sanctions within the existing legal framework might be a deterrent against unauthorised access to and misuse of personal data, there is wide latitude for state agencies and officials to access the data, which could be abused. This calls for a review of the provisions to ensure they uphold citizens’ right to privacy and data protection, with adequate oversight and redress mechanisms. Further, the e-ID should be rolled out in a manner that ensures agency and dignity, without enhancing exclusion and surveillance. 

15Apr

CIPESA Makes Submission to the OHCHR on Human Rights in the Tech Sector

Author CIPESA Posted on

Submission |

The Collaboration on International ICT Policy for East & Southern Africa (CIPESA) has made submissions to the Office of the United Nations High Commissioner for Human Rights (OHCHR) on how businesses in the technology sector can improve the observance of human rights. 

The submissions, made in February 2022 in response to a call for inputs on the application of the United Nations Guiding Principles on Business and Human Rights (UNGPs) to the activities of technology companies, will feed into a report the OHCHR will submit to the Human Rights Council in June 2022. 

Below is a summary of CIPESA’s submission.

Emerging Trends

The digital age presents new challenges and ways of working that necessitate a review of how the UNGPs can be applied in the technology sector. Increasingly, states have become purchasers of digital technologies from technology companies to facilitate the implementation of various national programmes which present previously unforeseen risks to privacy as they facilitate mass surveillance. Commonly implemented national programmes posing threats to individual privacy include national digital identification systems, voter registration using digital biometric systems, mandatory SIM card registration, smart cities programmes, and installation of national video surveillance (CCTV) programmes integrating facial recognition systems.

Furthermore, digital technologies have fallen prey to retrogressive legal measures undertaken by states. Across Africa, countries have enacted legislation which compel telecommunications service providers to embed capability within their systems to facilitate the interception of communications by state security agencies, and the state acquisition of software and hardware equipment to facilitate surveillance and interception. 

In addition, some states have taken advantage of digital tools to carry out cyber attacks, censor online content, disseminate propaganda and disinformation. Moreover, many African governments have adopted laws limiting anonymity and the use of encryption.

Pressure on tech companies

Some governments continue to apply undue pressure on technology companies including social media platforms to provide personal information, take down content, and shut down the internet. Others have adopted repressive legislation to control the spread of information on social media, or to regulate internet intermediaries by placing undue liability on them for content on their platforms. During the Covid-19 pandemic, states developed various contact tracing systems and applications without adequate legal frameworks, or an assessment of the human rights impact of the applications. Also, state responses to hold companies accountable remain ad hoc, fragmented and not aligned with international standards.

Questionable company practices
Across the continent, social media, online search, fintech and advertising companies have adopted business models that are based on surveillance capitalism and thus continue to threaten the privacy of users, in some cases without users’ explicit knowledge or consent. Further, social media platforms have also contributed to the spread of harmful content online, which companies have failed to take effective measures to address. Also, social media content policies do not always adopt definitions of content that are rights-respecting, and their practices around content moderation are problematic. Content is often moderated using automated systems which lack local context, are discriminatory and embed bias.

Moreover, some platforms’ practices around content takedowns remain inaccessible, their content policies are not uniformly applied, and redress mechanisms do not always apply the rules of natural justice. In addition, some companies have continued to develop and sell surveillance technology to autocratic governments on the continent, which is subsequently used against human rights activists, government critics, and opposition leaders, which further exacerbates risks to human rights.

Trade of privacy for business continuity

The total sum of the government measures coupled with the pressure imposed on tech sector players is continent-wide trade of privacy for business continuity by technology companies. This is commonly seen in state surveillance through electronic technologies, including interception of communications, hacking of information of target persons especially political dissidents, activists and human rights defenders. The tech sector has, however, not done enough to ensure that individual privacy is guaranteed for their customers. 

In a continent where strong privacy laws remain scanty, the increased usage of online platforms and social media in the absence of adequate safeguards and oversight over companies remains a critical risk for privacy rights. The enjoyment of human rights and freedoms, especially freedom of expression and  access to information, association, assembly and movement have sharply declined.

Recommendations

Addressing human rights risks in business models:

  • The commitment to respect human rights as envisaged by the UNGPs  should be integrated at all levels in the company hierarchy and embedded across all its functions and processes.
  • Companies should take steps to mitigate risks within their existing business models, and continuously innovate new business models that are rights-respecting.
  • There is a need for continued research to promote greater understanding of the human rights risks in technology business models on the continent. 
  • Multistakeholder engagement should be promoted as it is a critical avenue to promote shared understanding of the human rights risks and impacts of technology in Africa.

Human Rights Due Diligence and end-use

Companies should do the following:

  • Conduct due diligence to identify, prevent or mitigate risks of harmful impact on their business. The due diligence should be conducted from project design and development phase of new products, services and solutions, and thereafter periodically through the lifecycle including promotion, deployment, sale and use.
  • Assess and monitor the effectiveness of their responses to human rights risks, with results of

such assessments guiding decision-making.

  • Review their state clients’ human rights records and ensure they do not develop, sell or offer

them technology products, services or solutions that contribute to or result in adverse human

rights impacts.

Accountability and remedy 

  • Companies should be transparent and accountable in how they address their human rights impact. Such transparency and accountability can be enhanced through periodic reporting to external stakeholders including through public reports.
  • Create platforms and avenues for engagement, information sharing and feedback between technology companies and various stakeholders.  
  • Implement credible and effective complaints reporting and handling mechanisms.
  • Companies should put in place measures to monitor and promote rights-respecting and responsible business practices and culture, and to remedy and mitigate adverse impacts caused by their actions.

The State’s duty to protect

  • Put in place administrative, policy, legislative, institutions to hold technology companies accountable for human rights violations, provide effective remedies for victims of rights violations related to technology, require companies to conduct due diligence and to have proper safeguards to protect the public from harm.
  • Develop laws, policies, regulations, standards, and guidance, including at the regional level to embed and ensure responsible business practices by technology companies and greater respect for human rights in the digital context.
  • Take measures to promote the use and adoption of digital technologies and address the growing digital divide, including by removing barriers to internet access and digital technologies.

See the full submission here.

1 34 35 36 37 38 117
en en