Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: Online Freedoms

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  Online Freedoms
30May

Sections of Kenya’s Computer Misuse and Cybercrimes Act, 2018 Temporarily Suspended

Author admin Posted on

By Juliet Nanfuka |
Barely two weeks after the presidential assent to the Computer Misuse and Cybercrimes Act, 2018, a High Court judge has issued a conservatory order suspending the entry into force of 26 sections of Kenya’s contentious Computer Misuse and Cybercrimes Act, 2018. The order by Judge Chacha Mwita, suspending the sections until July 18, follows a petition filed by the Bloggers Association of Kenya (BAKE), which challenged the law for contravening constitutional provisions on freedom of opinion, freedom of expression, freedom of the media, freedom and security of the person, right to privacy, right to property and the right to a fair hearing.
In the order issued on May 29, the judge certified BAKE’s petition as urgent, and stated that  respondents (who include the Attorney General, the Speaker of the National Assembly, the head of the National Police Service, and the Director of Public Prosecutions) be served immediately. The respondents would have seven days from receipt to file written submissions. Hearing of the petition is scheduled for July 18, 2018.
Although the conservatory order only stalls the enforcement and could be lifted or maintained thereafter, it nonetheless represents a win for digital rights advocates in Kenya, as they have in the interim satisfied the judge that there is an arguable case to be made against the constitutionality of the recently enacted law. The order also marks another landmark ruling in the litigation towards respect and realisation of digital rights across Africa.

According to the  order, the suspended sections are: 5, 16, 17, 22, 23, 24, 27, 28, 29, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 48, 49, 50, 51, 52 & 53.


Various organisations criticised the bill prior to its assent on May 16, 2018 calling it unconstitutional. Among the organisations were the Kenya ICT Action Network (KICTANET), Article 19 Eastern Africa, BAKE and the Centre to Protect Journalists (CPJ) who deemed numerous sections unconstitutional and detrimental to Kenyan citizens’ digital rights. They said it infringed on the privacy of individuals, freedom of expression, speech, opinion and access to information online.
Kenya already has a history of stifling online critics of the state and state actors, as echoed by James Wamathai, the Director of Partnerships at BAKE. In a statement, he said: “In the past several years, there have been attempts by the government to clamp down on the freedom of expression online. This Act is a testament of these efforts, especially after other sections were declared unconstitutional by the courts.
Among the prevailing concerns on the law is the use of vague language on issues such as “false” or “fictitious” content and false publications in Section 22 and 23, accompanied with heavy obligations on users to verify truthfulness or untruthfulness of information before disseminating. As per section 12, failure to comply would result in a fine of five million Kenyan shilling (USD 50,000), up to two years in prison, or both.
The  court order comes on the heels of the two judgments (Okiya Omtatah Okoiti v The Communication Authority of Kenya and 3 others Constitutional Petition No. 53 of 2017 and Kenya Human Rights Commission v Communications Authority of Kenya and 3 others no. 86 of 2017) by the Kenya High Court in which the petitioners successfully challenged the installation on mobile phone networks of a communication surveillance system dubbed Device Management System (DMS), by the Communications Authority (CA) Kenya (CA). The petitioners argued that, through this system, the authority would have undue access to the communications of citizens.
As more countries in Sub-Saharan Africa develop technology related laws, it is fundamental that the laws uphold human rights standards prescribed at global and regional levels, including in the International Covenant on Civil and Political Rights (ICCPR), the African Charter on Human and Peoples Rights (ACHPR), and African Union Convention on Cybersecurity and Personal Data Protection. However, recent developments such as has been witnessed in East Africa appear to prioritise the criminalisation and penalisation of internet use rather than encourage its adoption as a tool for greater access to information, and for expanding free expression and civic engagement.
Kenya’s neighbours Tanzania and Uganda have this year taken actions detrimental to digital rights. In Uganda, social media taxes that could be introduced in July 2018 threaten internet access and affordability while in in Tanzania, online content producers will have to pay over USD 900 to register with the state for permissions to maintain their platforms, according to new regulations.
 

18Apr

The Stampede for SIM Card Registration: A Major Question for Africa

Author admin Posted on

By Edrine Wanyama |
It is anticipated that by 2025, there will be at least 5.9 billion mobile subscribers accounting for 71% of the world’s population. As of 2017,  Sub-Saharan Africa (SSA) had  a mobile subscription rate of 44% which is projected to reach  52% by 2025. Further, SSA’s mobile internet penetration by 2017 stood at 21% and is anticipated to increase to 40% by 2025.  However, the region has registered the largest number of cases of mandatory SIM card registration yet it suffers some of biggest challenges in personal data protection and privacy.
The benefits of SIM card registration include facilitation of citizens’ access to e-Government services, easy identification of an individual’s mobile number and number portability when switching networks. In addition, it aids combating cybercrime including terrorism by limiting covert communication and promotes good relations between consumers and service providers by simplifying identification of consumers and their use of SIM services. Accordingly, many governments argue that mandatory SIM card registration is for purposes of safeguarding digital and physical security. However, critics argue that when SIM card registration is effected without due safeguards, it poses a threat to privacy and freedom of expression.
Indeed, in 2013 Mexico repealed its policies on SIM card registration “after a policy assessment showed that it had not helped with the prevention, investigation and/or prosecution of associated crimes.” Finland has not enforced compulsory SIM card registration and nonetheless, through voluntary mobile signatures, service providers has succeeded in facilitating user’s access to relevant retail, banking and e-Government services.
Globally, over 90 countries conduct compulsory SIM card registration yet some remain without clear policy on its implementation. Amidst criticisms that mandatory registration does not necessary combat cybercrime, as criminals take the necessary precautions to avoid being detected and circumvent mandatory SIM card registration, African countries continue to proactively enforce SIM card registration. Among the prevailing challenges on the continent is the difficulty in validating identity documents in an environment with a wide range of service providers who create room for potential circumvention.
Mandatory registration has negatively affected access and usage of mobile telecommunication services due to the tedious process which entails the production of documentation such as passports and national identity cards prior to registration, which sometimes results in failure to attain a SIM card, disconnection, or  deactivation of SIM cards.
Additionally, there have been repetitive calls for registration of SIM cards in countries such as Uganda and Nigeria with personal data being collected  more than once. In Uganda, despite government explanation that SIM card verification is aimed at ensuring secure and safer communications, citizens have unanswered questions on the exercise. Suspicion arises due to a fresh validation of SIM card registration using national identity cards subsequent to registration which was initially done using valid documents such as students’ identity cards, driving permits and passports.
Double collection of personal data may partly imply collection of data beyond what is necessary for the purpose contrary to the internationally established data protection principles such as those set out in the Organisation for Economic Co-Operation and Development (OECD) Data Protection Principles. Further, there is no guarantee of individual privacy as most of the African countries do not have data protection laws. Moreover, most of the existing data protection laws do not meet internationally recognised standards considered sufficient to guarantee personal data protection and are therefore regarded as offering moderate or limited protection.
Meanwhile, efforts to buttress data protection in Africa have not yielded much. Out of 54 countries on the continent, only 14 have data protection laws (Angola, Benin, Burkina FasoMali, Gabon, GhanaIvory Coast, Lesotho, Madagascar, MoroccoSenegalSouth AfricaTunisia and Zimbabwe). A few others such as Uganda, Kenya, Nigeria, Tanzania and Niger have Bills. Regional efforts have also not yielded much. The Convention on Cyber Security and Personal Data Protection which was adopted by the African Union in 2014 has registered only 10 signatories (Benin, Chad, Congo, Ghana, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, Zambia and Comoros) and one ratification by Senegal.
Ultimately, there is need to reconcile state interests with citizens’ personal data and privacy rights. Mandatory registration, especially in the absence of clear registration guidelines and the lack of data protection laws, puts personal data at risk. African governments need to learn from other jurisdictions such as Europe with regards to processing of personal data as part of SIM card registration. In enforcing SIM card registration, there should be a clear set registration timelines, clear and unambiguous registration requirements.

12Apr

Tanzania Issues Regressive Online Content Regulations

Author admin Posted on

By Ashnah Kalemera |
Tanzania has issued online content regulations that oblige bloggers, owners of discussion forums, as well as radio and television streaming services to register with the communications regulator and to pay hefty licensing and annual fees.
There are three types of licences. A license for provision of online content services comes at an initial cost of TZShs 1.1 million  (USD 484) comprised of an application fee of USD44 and an initial licencing fee of USD 440. In addition, there is an annual licence fee of USD440, and a similar amount has to paid for licence renewal after three years.
A licence to stream radio or television content on the internet costs TZShs 250,000 (USD110), with annual licence fees set at USD 88. This licence also has to be renewed after three years at a cost of USD 88.
The Electronic and Postal Communications (EPOCA) (Online Content) Regulations, 2018, which were issued on March 13, 2018, join a catalogue of legislation related to online content in Tanzania that threatens citizens’ constitutionally guaranteed rights to privacy and freedom of expression. The regulations are also likely to negatively impact on an already fragile intermediary liability landscape in a country fraught with increasing media repression and persecution of government critics.
When the Tanzania Communications Regulatory Authority (TCRA) initially published the draft regulations last September, they did not have the requirement to apply for online content service licences as set out in Regulation 14 of the enacted regulations. It states: “Any person who wishes to provide online content services shall fill in an application form as prescribed in the First Schedule and pay fees as set out in the Second Schedule to these Regulations.”
Applicants are required to provide their company details including physical address, shareholding, citizenship of shareholders/directors and tax registration. The communications regulator, TCRA, has the right to cancel licences over non-compliance.
The regulations that have been issued are more regressive than the draft which the regulator issued in September 2017 for public comment.

See CIPESA’s full analysis of the draft EPOCA Content Regulations, 2017 – available in English and Swahili.

Under obligations of internet cafes, the final regulations introduced two clauses that threaten user privacy. Under regulation 9, café owners are required “to ensure that all computers used for public internet access are assigned public static IP addresses”. This could inhibit the use of circumvention tools such as Virtual Private Networks (VPN) that rely on dynamic IP address protocols, and which citizens resorted to using in neighbouring Uganda during state-initiated interruptions to communications.
Further, the regulations extend café owners’ obligations to install camera equipment to include registration of users “upon showing a recognised identity card”.  Pursuant to regulation 9(2), recorded surveillance and the user register “shall be kept for a period of twelve months.”
Several regressive provisions from the draft version were also passed. Regulation 6(1) requires licenced service providers who provide online content or facilitate online content production to terminate or suspend subscriber accounts and remove content if found in contravention of the regulations, within 12 hours from the time of notification by TCRA or by an affected person. This requirement places a heavy technical and human resource burden on content hosts and providers to have in place competencies to handle complaints within 12 hours.
Swift content restriction or removal is also required of online content hosts under regulation 8(b) and content providers and users under regulation 5(1)(g). As we argued in an earlier brief, while content such as revenge pornography and that which promotes violent extremism may be justifiably removed promptly, there is a danger that the regulations may be applied unjustifiably to content such as that relating to exposure of corruption or human rights violations.
Whereas regulation 16 provides for a complaints handling procedure, the regulations do not provide for the process nor mechanisms for legal recourse over contested content.
Regulation 5(1)(e) requires content providers to “have in place mechanisms to identify source of content”. This obligation poses a threat to the right to anonymity and whistleblowing and may lead to self-censorship.
Moreover, Regulation 12 on content prohibited from publication lists restrictions with broad definitions and which have potential to limit freedom of expression. In terms of scope, it includes unspecified content that “causes annoyance”; “uses disparaging or abusive words which is calculated to offend an individual or a group of persons”; and is “crude”, “obscene” or “profane” including in local languages.
Regulation 12 also prohibits publication of “false content which is likely to mislead or deceive the public except where it is clearly pre-stated that the content is i) satire and parody ii) fiction; and iii) where it is preceded by a statement that the content is not factual.”
Nonetheless, the regulations have some positive elements, among them regulation 10(b) which requires users to use device passwords to ensure that unscrupulous and unauthorized persons do not access their social media accounts.
The requirement for provision of easily accessible user terms and conditions by licensed service providers, adoption of a code of conduct for content hosting, and publication of a safe internet use policy for internet cafes, are also commendable in promoting user awareness of platform policies. The regulations also provide important safeguards for child protection online, such as regulation 13 which prohibits children’s to access to prohibited content online.
In a boost to privacy and data protection, regulation 11 prohibits unauthorised disclosure of “any information received or obtained” under the provisions of the regulations, except where the information is required for law enforcement purposes. Furthermore, regulation 11 restricts use of information only to the “extent” that is “necessary for the proper performance of official duties.” Nonetheless, in the absence of data protection and privacy legislation in Tanzania, these safeguards could be rendered of little value and hence prone to abuse.
It remains to be seen how the new regulations will be enforced and how they will impact on citizens’ rights online. However, given Tanzania’s history of predatory action against internet users following the enactment of the Cybercrime Act, 2015, the new regulations are likely to be utilised to further undermine the internet freedom situation in the country.

25Mar

Uganda Moves to Register Online Content Providers  

Author admin Posted on

 
By Daniel Mwesigwa |
Uganda has become the latest East African country to threaten access to information and free speech online by putting in place measures that require the registration of online content providers. In a notice issued earlier this month, the Uganda Communications Commission (UCC) called for online publishers, news platforms, radio and television operators to “apply and obtain authorization” for provision of services.
Without specifying the requirements necessary for application, the UCC indicates that within a month of issuance of the notice, measures will be enforced against non-compliant service providers and this “may entail directing Internet Service Providers (ISP) to block access to such websites and/or streams.”
The UCC is mandated under Section 5 of the Uganda Communications Act 2013 (UCC Act) to monitor, inspect, license, supervise, control and regulate all communications services. This mandate extends to audio, visual or data content production or dissemination through traditional broadcast media as well as internet based platforms.
According to the notice, registration of the various operators which the UCC classifies as “online data communication and broadcast content providers”, is within the regulator’s mandate to set standards and enforce compliance relating to content.
Over the years, UCC’s regulatory role has come under criticism over its lack of independence. Its establishing Act gives powers to the minister in charge of ICT to appoint the commission’s executive director and board members and to approve its budgets.  In April 2017, the parliament of Uganda passed the Uganda Communications (Amendment) Bill (2016) which further gave the minister the power to single handedly make regulations for the sector without parliamentary oversight.
More recently, UCC instructed telecommunications service providers to enforce two social media shutdowns during the presidential elections in 2016, and in September 2017 barred live broadcasts of parliamentary proceedings on the Presidential age limit amendment bill. National security and public safety have been cited as the grounds for the various directives.
There are an estimated 24 million mobile subscriptions and 18.1 million  internet users in Uganda, reflecting an internet penetration rate of 48%. The country has licensed over 40 TV and 300 FM radio stations, many of which maintain online presences through live streaming on platforms such as YouTube, Facebook and Twitter.
Meanwhile, licensed print operators maintain online portals whilst there is a growing number of independent online news publishers and bloggers. Growing media convergence has seen traditional media maintain a dominance online as was witnessed during the Uganda Presidential debate in 2016, where the television stations NTV and NBS TV influenced narrative according to a Twitter sentiment analysis.
However, without regulations in place to guide the proposed registration, it remains to be seen what obligations will be put forth for online content providers and the resultant impact that the registration will have on the country’s growing media landscape as well as the rights of users. Nonetheless, the move is a regressive development for digital rights in the country. It reflects a growing trend in neighbouring countries that are seeking to regulate online content through requirements for registration of users and service providers as well as accreditation to practice journalism.
In 2017, Tanzania published draft regulations on Electronic and Postal Communications (Online Content). The proposed regulations confer powers upon the Tanzania Communications Regulatory Authority (TCRA) to regulate online content, including through registration of users and platforms, and taking action against non-compliance with the obligations, such as ordering the removal of “prohibited content.”
A more targeted avenue has been used in Burundi, through the Press Law of 2015 which calls for all media practitioners to be accredited, including those operational purely in the online domain. A similar stance exists in Rwanda where even social media posts are theoretically regulated by the country’s National Communication Council (CNC).
The move by Uganda, proposed measures in Tanzania and existing practices in Burundi and Rwanda restrict the number of content providers online and thus inhibit the diversity and wider availability of information online. Furthermore, there is the potential for such practices to engender censorship to legitimate content which might be critical of public officials and bodies.

07Mar

Call For Proposals: Mapping and Making Available Evidence-Based Research for Internet Policies in Africa

Author admin Posted on

Call For Proposals |
A coalition of prominent internet rights policy and civil society advocates are pleased to issue this open call for proposals for a consultancy on “Mapping and Making Available Evidence-Based Research for Internet Policies in Africa.
This international Call for Proposals invites submissions from researchers, academicians, scholars, and professionals. Successful proposals will help involved organizations to overcome the limited availability and accessibility of evidence-based research regarding internet policies in Africa to nurture public debate and due consideration by policy makers within the region.
The details of this Call for Proposals, including application instructions and timeline, may be downloaded. Applications must be submitted by March 25, 2018. Chosen proposal will be announced within April 2018. Requests for clarification and submissions, please sent to Alberto Cerda at [email protected]
This coalition includes Article 19 Eastern Africa, BudgIT, the Centre for Intellectual Property and Information Technology Law at Strathmore University (CIPIT), Co-Creation Hub, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), iHub, the Kenya ICT Action Network (KICTANet), and Paradigm Initiative, with the support from the Ford Foundation´s Internet Freedom Program.

1 15 16 17 18 19 39