Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: Online Freedoms

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  Online Freedoms
15Mar

Événement en ligne: Échange Régional sur les Indicateurs d’Universalité d’Internet (IUI)

Author CIPESA Writer Posted on

Événement en ligne |

Le 16 Mars 2022, la Collaboration sur la Politique Internationale des TIC pour l’Afrique Orientale et Australe (CIPESA), en partenariat avec l’Organisation des Nations Unies pour l’éducation, la science et la culture (UNESCO), accueillera un dialogue régional sur les Indicateurs d’Universalité d’Internet (IUI). L’événement mettra en évidence les leçons tirées des évaluations de l’IUI menées au Bénin, en Éthiopie, au Ghana, au Kenya, au Niger et au Sénégal en 2021 dans le but de recueillir les meilleures pratiques en matière d’évaluations nationales des médias et des écosystèmes Internet.

L’événement s’appuie sur les efforts de la CIPESA et de l’UNESCO pour sensibiliser à l’intersection de l’accès à l’information et de l’application de l’IUI initiées lors des célébrations de la Journée Mondiale de la Liberté de la Presse en 2018 et du Forum sur la liberté de l’internet en Afrique de la même année dans le cadre des célébrations de la Journée Internationale de l’Accès Universel à l’Information (IDUAI) qui se tiennent chaque 28 Septembre.

Évolution des Indicateurs d’Universalité d’Internet (IUI)

En 2015, la 38e Conférence générale de l’UNESCO a approuvé une nouvelle définition de l’université de l’internet basée sur quatre principes – droits, ouverture, accessibilité à tous et participation multipartite – les principes ROAM. Les quatre principes, sur lesquels repose l’IUI, définissent un cadre d’évaluation des paysages numériques nationaux en vue de promouvoir la croissance et l’évolution de l’internet et la réalisation des objectifs de développement durable.

L’ajout d’indicateurs transversaux en 2018 a abouti au cadre d’indicateurs ROAM-X comprenant 303 indicateurs qui évaluent la mesure dans laquelle les parties prenantes nationales, y compris les gouvernements, les entreprises et la société civile, se conforment aux principes ROAM.

En 2008, le Programme international pour le développement de la communication (PIDC) de l’UNESCO a approuvé les Indicateurs de Développement des Médias (IDM) qui servent à évaluer l’environnement global du développement des médias dans un pays. Un autre cadre d’évaluation du PIDC est les Indicateurs de Sécurité des Journalistes (JSI), qui servent à identifier les mesures prises par les différentes parties prenantes concernées pour promouvoir la sécurité des journalistes et lutter contre l’impunité au niveau national.

Ensemble, l’IUI, le MDI et le JSI sont d’importants outils pour examiner les écosystèmes d’Internet et des médias, mais pour favoriser les collaborations numériques et stratégiques aux niveaux national, régional et international.

Pourquoi les Indicateurs sont Pertinents pour la Communauté de la Gouvernance de l’Internet et les Acteurs en Afrique.

Malgré la diversité croissante des médias et du paysage numérique en Afrique, la pluralité, la neutralité, la sécurité et la liberté d’expression font face à des affronts continus. Le secteur est également aux prises avec des préoccupations concernant la confidentialité des données, l’abordabilité de l’accès à Internet, la modération du contenu et la surveillance, entre autres.

Ces facteurs font en sorte que les médias de plusieurs pays ne sont pas à la hauteur des IMD et des JSI, tandis que les changements régressifs croissants dans l’accès et l’utilisation d’Internet par les citoyens et les médias affectent également la performance des États sur les IUI. Cependant, une évaluation approfondie et structurée peut mieux révéler la mesure dans laquelle les États fonctionnent réellement et permettre de parvenir à une réforme des politiques et des pratiques fondées sur des données probantes.

Voie à Suivre

En accueillant l’échange régional, on espère que davantage d’acteurs susciteront l’intérêt en utilisant les indicateurs pour éclairer le plaidoyer en faveur de la liberté des médias et des droits numériques

Inscrivez-vous au webinaire ici.

Prochains pays d’Intérêt

À la suite du webinaire, des sessions de formation nationales sur les indicateurs seront organisées au Cameroun, en Somalie, en Namibie, au Malawi et en Ouganda. Pour vous impliquer, envoyez un courriel à [email protected].

11Mar

Online Event: Regional Exchange on The Internet Universality Indicators (IUIs)

Author CIPESA Writer Posted on

Online Event |

On March 16, 2022, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with the United Nations Educational, Scientific and Cultural Organisation (UNESCO) will host a regional dialogue on the Internet Universality Indicators (IUI). The event will highlight lessons from IUI assessments conducted in Benin, Ethiopia, Ghana, Kenya, Niger and Senegal during  2021 in a bid to garner best practices in national assessments of media and internet ecosystems.

The event builds on CIPESA and UNESCO efforts on raising awareness about the intersection of access to information and application of the IUI initiated at World Press Freedom Day celebrations in 2018 and the same year’s Forum on Internet Freedom in Africa as part of the International Day for Universal Access to Information (IDUAI)  celebrations held every September 28.

Evolution of the Internet Universality Indicators (IUIs)

In 2015, the 38th General Conference of UNESCO endorsed a new definition on the university of the internet based upon four principles – Rights, Openness, Accessibility to all and Multi-stakeholder participation- the ROAM principles. The four principles, against which the IUI are based outline a framework for assessment of national digital landscapes towards promoting the growth and evolution of the internet, and the achievement of the Sustainable Development Goals.

The addition of cross-cutting indicators in 2018 resulted in the ROAM-X Indicator framework comprising of 303 indicators that assess the extent to which national stakeholders, including governments, businesses and civil society, comply with the ROAM principles.

Back in 2008 the UNESCO International Programme for the Development of Communication (IPDC) endorsed the Media Development Indicators (MDI) which serve to assess the overall environment for media development in a country. Another IPDC assessment framework is the Journalist Safety Indicators (JSI) which serve to identify the actions that are taken by the various relevant stakeholders in promoting journalists’ safety and fighting impunity at national level.

Together, the IUI, MDI and JSI are important tools for reviewing internet and media ecosystems but fostering digital and strategic collaborations at national, regional and international levels.

Why the Indicators Are Relevant To The Internet Governance Community and Actors in Africa

Despite growing diversity in Africa’s media and digital landscape, plurality, neutrality, safety, and freedom of expression face continued affronts. The sector is also grappling with concerns around data privacy, internet access affordability, content moderation and surveillance, among others.

These factors are causing the media in several countries to fall short of the MDIs and the JSIs, while increasing regressive shifts in internet access and use by citizens and the media alike are also affecting the performance of states on the  IUIs. However, indepth, structured assessment can better reveal the extent to which states are actually performing and allow for achieving evidence-based policy and practice reform.

Way Forward

Through hosting of the regional exchange, it is hoped that more actors will pick interest utilising the indicators to inform advocacy for media freedom and digital rights

Register for the webinar here.

Next Countries of Interest

Following on from the webinar, in-country training sessions on the indicators will be conducted in Cameroon, Somalia, Namibia, Malawi and Uganda. To get involved send an email to [email protected].

03Mar

Online Event: Combating Online Violence Against Women and Girls Towards a Digital Equal World (March 8, 2022)

Author CIPESA Posted on

Online Event |

Sustainable Development Goal five aims to achieve gender equality and empower all women and girls. Target 5B calls for enhancing the use of enabling technology, in particular information and communications technology, to promote the empowerment of women. However, women in eastern Africa face various challenges that undermine their use of digital technologies, with these challenges tending to mirror the impediments that they face in the offline world, such as in access to education and economic opportunities, or participation in civic processes. There is also a wide gender digital divide in the region. For instance, in Uganda men are 43% more likely to be online than women. In Kenya, a study found that in the slums of the capital Nairobi, only 20% of women were connected to the internet, compared to 57% of men.

Despite a large gender disparity in digital access, more women face various forms of online violence than their male counterparts. The absence of laws designed to specifically address the various forms of digital violence (such as “revenge pornography”, trolling, and threats) and the lack of sufficient in-country reporting mechanisms, exacerbate these being forced to go offline or resorting to self-censorship. Research by CIPESA has found that cyberstalking, online sexual harassment, blackmail through non-consensual sharing of personal information, promotes and normalises violence against women and girls who use the internet in Uganda.

However, these digital threats and attacks remain difficult to quantify due to several inhibitions including the culture of silence and the absence of structured reporting mechanisms. Nonetheless, there have been various documented cases of online harassment and abuse. In a study conducted in Kenya, more than one in five women reported having experienced online harassment. Meanwhile, redress mechanisms were insufficient, as the national legal framework safeguarding security online is broad, “and does not pay special attention to women and girls.”

The true extent of online violence against women (OVAW) remains unknown, partly due to cultural inhibitions, lack of data and lower levels of internet access among women. However, as more women go online, the cases are increasing, yet there are insufficient safeguards to enable victims to protect and enhance their personal security, including the absence of laws prohibiting online violence against women. Moreover, such cases continue to go unreported, leaving victims with limited legal recourse or resources to seek justice. Further, many women are uninformed of their rights online and are not aware of the tools available to secure themselves online.

According to a 2020 UN Women report, women in politics and the media are at higher risk of online and ICT-facilitated violence due to their public personas.  Indeed, research related to Uganda’s 2021 elections found that men and women politicians experienced online violence differently: women, especially candidates in elections, were more likely to experience trolling, sexual remarks, and body shaming, while men were more likely to experience hate speech and satirical comments. This mirrored Previous findings in the region that also found that women who are more prominent online and in society appeared to be targeted more, with the women who advocated for gender equality, feminism, and sexual minority rights facing heightened levels of  OVAW. This undermines the ability of women to embrace and meaningfully use digital technologies.

The UN Women report also cites evidence  suggesting  that  women  with  multiple identities (such as the LBTQI community, ethnic minority, indigenous) are often targeted online through  discrimination and hate speech, which often forces them to  self-censor  and  withdraw  from  debates and online discussions. Similarly, the UN Special Rapporteur on violence against women, its causes and consequences, has stated that some  groups  of  women,  including human  rights  defenders,  women  in  politics, journalists, bloggers, women belonging to ethnic minorities, indigenous women, lesbian, bisexual and transgender women, and women with disabilities are particularly targeted by ICT-facilitated violence.

The extent to which cyber harassment affects women in marginalised communities in the region is not well known. However, interviews conducted in 2019 as part of digital literacy and security training for refugee rights defenders, from the Democratic Republic of Congo, Eritrea, South Sudan and Sudan, who are living in Uganda, showed that three in four of the respondents had experienced some form of cyber harassment including abuse, stalking, unwarranted sexual advances and hacking of social media accounts. The perpetrators included anonymous individuals, security agents in their home countries, known friends and ex-partners. These online affronts against the women refugees run in parallel to gender-based violence in refugee camps, at border crossings and resettlement communities. Urban refugees in the country face heightened gender-based violence risks due to unmet multiple and complex social, economic and medical needs as well as intersecting oppressions based on race, ethnicity, nationality, language, sexual orientation and gender identity.

On the occasion to mark the International Women’s Day, 2022 the Collaboration in International ICT Policy for East and Southern Africa (CIPESA) has organised a webinar to foster multi-stakeholder dialogue on OVAW towards promoting women’s ability to meaningfully participate in the information society, democratic and decision making processes. The webinar will also serve as an opportunity to promote engagement between platforms operator Meta, user communities and stakeholders, and to collect feedback and strategize on how to mitigate harm online.

Speakers

  • Nashilongo Gervasius, Researcher
  • Suzan Elsayed, Meta (Facebook)
  • Hon. Neema Lugangira, Member of Parliament Representing NGOs – Tanzania National Assembly
  • Hon. Sarah Opendi, Chairperson Uganda Women Parliamentary Association (UWOPA)
  • Justice David Batema, High Court of Uganda

Join the Conversation

  • Date: Tuesday March 8, 2022
  • Time: 15:00 – 16:45 East African Time EAT
  • Where: Online via Zoom. Register here
27Jan

Data Privacy Still A Neglected Digital Right in Africa

Author CIPESA Writer Posted on

By Juliet Nanfuka |

In recent years, the threats to data privacy have evolved at a quicker pace than the development of regulatory frameworks dedicated to safeguarding the right to privacy, especially in the digital era. Currently, just over half of African countries have enacted privacy laws and policies. Still, the right to privacy is repeatedly under threat through the introduction of new laws  that  facilitate  surveillance  and  the  collection  of  biometric  data  and  limit  the  use  of  encryption. There are growing concerns that in several African countries, government agencies and private entities are collecting and processing personal data without adequate data protection frameworks, amidst weak oversight mechanisms and inadequate remedies.

Most African countries are parties to international human rights instruments such as the International Covenant on Civil and Political Rights (ICCPR) and the Universal Declaration of Human Rights (UDHR) which provide for the right to privacy. However, the African Charter on Human and Peoples’ Rights does not provide for the right to privacy, although its article 9 has been interpreted to encompass the right to privacy.

Meanwhile, the continent’s model instrument on privacy and data protection, the African Union Convention on Cybersecurity and Personal Data Protection, has been signed by 14 countries and only eight countries had ratified it by June 2020. Indeed, adherence to these instruments remains low.

“In recent years, various African countries have enacted  laws  and  policies  to  regulate  the  right  to  privacy.  Many of  the  laws  enacted  do  not  measure  up to  international  human  rights  standards  and  fail  to  establish  clear  and  appropriate  oversight,  redress  and  remedy mechanisms.” CIPESA Mapping and Analysis of Privacy Laws in Africa

Increased digitalisation, which was accelerated by Covid-19, has seen rising use of  technology in health, business, education, and civic participation and engagement, necessitating greater need for progressive personal data privacy policies and practices. However, as many positive developments emerged in the region so did gaps in the respect for data protection and privacy  in the numerous state responses.

See: How Surveillance, Collection of Biometric Data and Limitation of Encryption are Undermining Privacy Rights in Africa

For example, Ethiopia has embarked on a national digital identification (ID) biometric-based project which it argues will support access to services for citizens and hasten trade relations with other nations on the continent. However, the country has no comprehensive data protection law.  In 2020, the government published the draft Personal Data Protection Proclamation which is yet to come into force.

In Kenya, the Data Protection Act, 2019 which establishes the Office of the Data Protection Commissioner also prohibits the sharing of data with third parties without consent of the data subjects and requires that individuals are informed when their data is being shared and for what purposes. In December, an amendment to the Central Bank of Kenya Act addresses digital lenders that share personal data of loan defaulters with third parties could have their licenses revoked. Tactics used by lenders reportedly included calling friends and family, to shame and compel their borrowers to repay the loans.

In South Africa, the data privacy debate recently surged when the Department of Basic Education stated that high school leaving exam (National Senior Certificate) results would no longer be published on media platforms, in line with the Protection of Personal Information Act (POPIA). However, a court ruled against the department and instructed that the results be published publicly on media platforms and newspapers. Historically, the results have been made available with students identified through their ID numbers or exam numbers. The Department argued that in order to publish the results, it would have to seek consent from every pupil per the POPIA.

Private entities in South Africa have also come under scrutiny for their surveillance systems’ compliance with privacy regulations and their data privacy practices. Among these entities is Vumacam, which in 2021 announced that it was gearing up to instal additional “hundreds of thousands of cameras” in the country. Vumacam currently has over 5,000 cameras that have been installed in Johannesburg suburbs since 2019.

The concerns raised about private surveillance actors in South Africa echo those that have emerged about state actors in Botswana, Equatorial Guinea, Kenya, Morocco, Nigeria, Uganda, Zambia, and Zimbabwe who have heavily invested in state-run video surveillance systems commonly referred to as “Safe Cities” – which in the absence of sufficient safeguards, present risks through their collection and processing of personal data.

Indeed, there are concerns on the true extent to which governments are committed to ensuring citizens’ data privacy rights. In 2019, Clément Voule, the United Nations Special Rapporteur on the Rights to Freedom of Peaceful Assembly and of Association, stated that a surge in legislation and policies aimed at combating cybercrime had also opened the door to punishing and surveilling activists and protesters in many countries around the world.

See this Mapping and Analysis of Privacy Laws in Africa

Among the ways in which data privacy is being undermined through legislation and policy is by increasing restrictions to the use of anonymity and encryption – both of which are fundamental to upholding other rights including press freedom, access to information and freedom of expression. States fear the use of anonymisation and encryption tools will hamper their capacity to fight terrorism and crime.

See this Policy Brief on How African States Are Undermining the Use of Encryption

Anonymity and encryption protect privacy, and without effective protection of the right to privacy, the right of individuals to communicate anonymously and without fear of their communications being unlawfully detected cannot be guaranteed. Whether used to protect sensitive information or to verify identities, individuals and corporations alike benefit from cryptographic software in a world that is becoming increasingly networked.

In the absence of robust oversight, legal and practical safeguards, and the selective application of data protection laws, data privacy remains a primary concern for digital users in several African countries.  This is compounded by  governments who continue to encourage and support an enabling environment that facilitates efforts by state and non-state actors to undermine privacy-related rights at the cost of numerous digital rights in Africa.

—————————————————————————————————————-

This Data Privacy Day (January 28), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) reaffirms its commitment towards advancing effective policy that shapes and informs a progressive data privacy landscape in Africa. See some of our blogs and indepth research reports on data privacy and protection in Africa.

27Jan

Centering Digital Rights and the Digital Economy in Encryption Regulation

Author CIPESA Writer Posted on

By CIPESA Writer |

In many African countries, the regulation of the use of encryption considers “national security” as the predominant concern and gives limited consideration to other areas that would benefit from the use of secure tools and technologies. Accordingly, many countries in the region are saddled with laws that unreasonably limit the use of encryption by individuals and businesses, which in turn undermine digital rights and the digital economy.

Encryption technologies enable users of digital technologies, including the internet and messaging services, to protect the confidentiality of their data and communications from unwarranted interception, observation and intrusion. Such protections are essential for businesses to thrive and be resilient, in addition to being key considerations by their customers. Those protections are crucial for individuals to enjoy their rights to privacy, free expression, and public participation.

As the world marks the Data Privacy Day on January 28, it is imperative that reflection is drawn onto Africa’s performance in regards to the role that encryption regulation plays in human rights protection online and promoting the digital economy.

The Digital Economy

The digital economy in Africa is steadily growing and contributes significantly to countries’ Gross Domestic Product (GDP), besides being a notable direct employer.  As of the end of 2021, around 33% of individuals in Africa used the internet, while there were eight mobile cellular telephones for every 10 individuals in the region, according to the International Telecommunications Union (ITU) figures.

Across the continent there has been significant growth in the penetration, access, and usage of Information and Communications Technologies (ICT). At the same time, the use of ICT is taking centre stage in education, health, economic, and governance sectors. It is also driving financial inclusion, with fintechs proliferating at high speed. In 2020, mobile technologies and services generated more than USD 130 billion of economic value added (or 8% of GDP) in Sub-Saharan Africa, according to the GSMA. In that year, the value of transactions on mobile money platforms in the region reached USD 490 billion.

Many governments are undertaking digitalisation programmes and have prioritised the integration of technology into more sectors to drive economic and social transformation. However, the growing rate of digital transformation in Africa is creating new cybersecurity threats which must be addressed to unlock new pathways for technology-enabled  economic growth, innovation, job creation and service delivery.

Regulation that facilitates the use of strong encryption by individuals and companies as opposed to limitation and prohibition of use is one way of nipping those risks in the bud and building trust and confidence to embrace and participate in the digital economy.

Various countries’ laws require registration and licensing of encryption service providers, and regulators have extensive powers to prohibit the use of some encryption technologies. Moreover, offering encryption services without licenses attracts penalties, as does failure to hand over secret encryption codes to state authorities, or using prohibited encryption tools. How African Countries Undermine Use of Encryption.

In 2021, research by the Internet Society (ISOC) showed that laws that undermine encryption can significantly harm the national economy, with the single biggest source of adverse economic effects being the indirect threat that such laws pose for trust in the internet and digital services. This reduced trust in data security depresses aggregate demand across the digital economy and induces firms to incur higher costs in attempts to build trust in their services.

Digital Rights

Compelled assistance by service providers as part of interception of communications, including the requirement to decrypt encrypted data and communications or disclose encryption keys gives governments and their agencies unfettered access to personal data, undermining citizens’ right to privacy and various other digital rights. Countries including Benin, Gabon, Namibia, Niger, Nigeria, Sierra Leone, and Zimbabwe prohibit service providers from providing any communications services that cannot be lawfully intercepted.

Such prohibitive regulations undermine digital rights in similar ways to laws on surveillance, which impose undue liability on intermediaries, and fail to provide for strong judicial oversight over surveillance operations. Meanwhile, data localisation requirements in some countries further grant authorities easier access to data for decryption and surveillance purposes with or without compelled assistance, “as they would not need to go through foreign countries’ or intermediaries’ data management protocols to access this data”, as highlighted by recent CIPESA research. Combined with mandatory SIM card registration and growing biometric databases, they thus contribute to the regressive situation for online freedom in a region fraught with human rights abuses and violations.

Securitising Encryption

Various countries regulate the use of encryption with national security as the sole key consideration. In Ivory Coast, the Telecommunications Regulatory Authority (ARTCI) is tasked to ensure that no service provider employs encryption that is contrary to public order or which undermines the interests of national defence, internal or external security of the state. Similarly, in the Central African Republic, the Electronic Communications Law of 2018 empowers the security minister to approve encryption services “based on the need to preserve the internal and external security of the state and national defence.”

Moroccan legislation restricts the import and use of encryption “to prevent its use for illegal purposes, and to protect the interests of national defence and the internal or external security of the State.” In that spirit, in 2015, the responsibility for authorising and monitoring encryption in Morocco was moved from the civilian National Telecommunications Regulatory Agency (ANRT) to the military’s General Directorate for the Security of Information Systems (DGSSI).

In Algeria, the acquisition and use of encryption by individuals and organisations must be authorised by the Regulatory Authority of Post and Electronic Communications (ARPCE) after approval by the Ministry of Defence and the Ministry of the Interior. Further, Algerian law requires that the type and nature of the equipment that will be used, list of cryptography algorithms, the size of the encryption keys, the type of virtual private network (VPN) used, the authentication methods, and the Public IP address, be provided to the regulator while applying for authorisation.

Many other countries require registration, while also requiring service providers to disclose the technical characteristics of the cryptology means, and the source code of the software used. Concerningly, some countries (including Benin, Gabon, Namibia, Niger, Nigeria, Sierra Leone, and Zimbabwe) prohibit service providers from providing any communications services that cannot be lawfully intercepted.

Overall, these limitations to the use of encryption go against Principle 40(3) of the Declaration of Principles on Freedom of Expression and Access to Information in Africa, which provides that “States shall not adopt laws or other measures prohibiting or weakening encryption, including backdoors, key escrows, and data localisation requirements unless such measures are justifiable and compatible with international human rights law and standards.”

Ultimately, all laws that place undue restrictions on the use of encryption tools should be repealed.

To promote the use of encryption in the region, it is imperative to desist from the current trends towards securitisation of encryption regulation. While governments often require surveillance to curb crime, laws should not outrightly prohibit or criminalise the use of encryption technologies. Rather, they should be supportive of legitimate state interests, which  also robustly protect digital rights and support growth of the digital economy.

1 2 3 4 39