Save The Date Announcement |
The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Association for Progressive Communication (APC) are happy to announce the date and location for the Forum on Internet Freedom in Africa (FIFAfrica) 2017.
This year’s edition of the Forum will held be in Johannesburg, South Africa, on September 27-29, 2017, thus expanding the physical footprint of the Forum which has since inception in 2014 been held in Kampala, Uganda.
This landmark event convenes various stakeholders from the internet governance and online rights arenas in Africa and beyond to deliberate on gaps, concerns and opportunities for advancing privacy, access to information, free expression, non-discrimination and the free flow of information online.
The Forum brings together human rights defenders, journalists, government officials, private sector players, global information intermediaries, bloggers, developers, the arts community, law enforcers and regulators – all of whom have a role to play in advancing internet freedom in Africa.
Highlights at FIFAfrica include the launch of the annual State of Internet Freedom in Africa research report as well the commemoration of the International Day for Universal Access to Information (IDUAI) that falls on September 28.
In the coming weeks, we will release more details of the Forum, including how to participate and to suggest topics for inclusion in the event programme.
Visit the Forum page for more information on previous Forums and updates over the coming weeks.
You can also contribute thoughts and ideas through the #InternetFreedomAfrica hashtag.
If you would like to support FIFAfrica17 please get in touch:
Send an email to Wakabi ([email protected]), Ashnah ([email protected]) or Sekoetlane ([email protected]) and ([email protected]) with any queries.
Tanzania Court Deals a Blow to Intermediary Liability Rules
By Ashnah Kalemera |
A court in Tanzania has dealt a blow to the rules governing the country’s internet intermediaries, after ruling that requests for disclosure of user information for law enforcement purposes pursuant to the Cybercrimes Act (2015) are not arbitrary. In a March 8, 2017 ruling, three judges of the court in Dar es Salaam also ruled that the absence of regulations to govern the enforcement of the Act did not render the controversial law unconstitutional.
The ruling dismissed a petition filed by Jamii Media, proprietors of the popular Jamii Forums discussion platform, who argued that Section 32 of the Cybercrimes Act was arbitrary and contrary to citizens’ right to privacy guaranteed by article 16 (1) of the country’s constitution. Jamii filed the petition last April, after receiving three notices from police demanding that it discloses the personal details of up to four users who had posted on the forum information on political tensions among members of the ruling party Chama Cha Mapinduzi, and scandals in one of the country’s leading banking institutions.
The notices, issued during January and February 2016 pursuant to Section 32 of the Act, demanded disclosure of the names of the users, their emails and Internet Protocol (IP) addresses. Last December, Jamii Forums founder Maxence Melo was charged with obstruction of investigations under Section 22 of the Cybercrimes Act for failure to comply with the disclosure notices.
Section 32 of the Cybercrimes Act provides:
(1) Where the disclosure of data is required for the purposes of a criminal investigation or the prosecution of an offence, a police officer in charge of a police station or a law enforcement officer of a similar rank may issue an order to any person in possession of such data compelling him to disclose such data.
(2) The order issued under subsection (1) shall be granted to a law enforcement officer who shall serve the order to the person in possession of the data.
(3) Where the disclosure of data cannot be done under subsection (1), the law enforcement officer may apply to the court for an order compelling:
(a) a person to submit specified data that is in that person’s possession or control; or
(b) a service provider offering its services to submit subscriber information in relation to such services in that service provider’s possession or control.
(4) Where any material to which an investigation relates consists of data stored in a computer system or device, the request shall be deemed to require the person to produce or give access to it in a form in which it is legible and can be taken away.
In its petition, Jamii Media argued that no procedures were in place to enforce Section 32 as required under Section 39 (2) of the Act to govern the circumstances and procedure of disclosure by intermediaries. Section 39 (2) states that the Minister for Information and Communication Technology shall “prescribe the procedures for service providers to avail competent authorities, at their request, with information enabling the identification of recipients of their services”.
However, the judges noted that, often, for laws that provide for putting in place regulations by the Ministers responsible, “it takes a while before the said regulations are formulated.” This implied that intermediaries were obliged to honour disclosure notices in the absence of the regulations.
In their defense, the Tanzania Police argued that they had the duty to carry out investigations and prosecution of offences and maintained that the disclosure notices issued to Jamii Media were “justified”. According to the state attorney, the disclosure notices did not infringe upon citizens’ right to privacy because they were “intended to obtain the names of people who have published information that may turn out to be relevant to some offences under investigation”. The state attorney added that the Cybercrimes Act did not require the police to disclose to the recipient of the disclosure notices the offences under investigation.
Meanwhile, Jamii Media also argued that under sub-section 32 (4), the 2015 Act confers powers upon authorities to require the surrender of devices on which information is contained, without any safeguards. “If an investigator takes away one such device in order to access one piece of information relevant to a particular investigation, there is no guarantee that by taking the same, the investigation will not access other pieces of information contained in the same device and [which are] irrelevant to the matter being investigated,” it argued.
Judges ruled that Section 32 (4) did not empower the police to take away the devices as contended. “Our understanding of that section is that the person to whom the request has been made, like the petitioner in this case, may print the information such that it can be read and/or taken away by the investigators in printed form,” the judges stated.
Citing jurisprudence including provisions under Article 19 (2) and (3) of the International Covenant on Civil and Political Rights, the judges considered that Section 32 of the Cybercrimes Act was “proportional” for balancing individual human rights on the one hand and public interest on the other.
Lawyers representing Melo in the ongoing case plan to file submissions for police to seek court’s intervention for mandatory disclosure pursuant to provisions of the Act and dismiss the obstruction charges.
For more on the government’s tactics to stifle citizens’ digital rights in Tanzania see the State of Internet Freedom in Tanzania 2016 report.
Recent Developments in Telecoms Regulation Threaten Online Rights in Uganda
By Edrine Wanyama |
In April 2017, the parliament of Uganda gave the minister in charge of Information and Communication Technologies (ICT) powers to single-handedly make regulations that govern the telecommunications sector. Hitherto, regulations proposed by the minister had to receive parliamentary approval.
The Uganda Communications (Amendment) Bill (2016), which parliament passed on April 6, 2017, means that making regulations for the telecommunications sector is in the sole preserve of the minister. Among others, such regulations are related to licensing and fees, operator obligations, competition, consumer rights and protection. It is for this reason that the newly passed law, which was gazzetted back in February 2016 when still a bill faced criticism from civil society.
“The Minister may, after consultation with the Commission and with the approval of Parliament, by statutory instrument, make regulations for better carrying into effect the provisions of this Act.” Section 93(1) of the Uganda Communications Act 2013
“The Minister may, after consultation with the Commission, by statutory instrument, make regulations for better carrying into effect the provisions of this Act.” Section 93(1) of the Uganda Communications (Amendment) Bill (2016)
The authority, Uganda Communications Commission (UCC), was set up in 1997 by the now repealed Communications Act, Cap. 106 (section 3) and now established by the Uganda Communications Act, 2013 (section 4) (the Act) as the regulator of the communications sector but has since inception faced criticism over lack of independence from the government. The Act gives extensive powers to the minister of ICT, including to appoint the commission’s executive director and board members and to approve its budgets.
Meanwhile, there are growing concerns about mass surveillance particularly in the absence of a data protection and privacy law to safeguard citizen data collected by the state and private parties. These are further aggravated by the haphazard implementation of laws which have an impact on citizens’ communications.
On April 12, 2017, the telecom industry regulator Uganda Communications Commission (UCC) announced a seven-day deadline for subscribers to update their registration details using national identity (ID) cards in a move reportedly to address cybercrime. Mandatory SIM card registration has been in force since March 2012. At the time of the original deadline for conclusion of the exercise in August 2013, the commission reported that 92% of SIM cards were registered. However, investigations into past and recent crimes have revealed the continued existence and use of unregistered SIM cards.
The April 12 directive raised concerns about the conflicting requirements for the validation of SIM cards, with subscribers pointing out that various other forms of identification other than a national ID should be recognised. Pursuant to the Regulation of Interception of Communications Act 2010, Section 9(1), SIM card registration requires the subscriber’s full name, residential address, business address, postal address and identity number as contained in an identity document. Other forms of identification that have previously been used by subscribers have included employer identity cards, driving licenses, students’ identity cards and passports.
However, following an interim order as well as public statements by the Uganda Law Society and other stakeholders, the Prime Minister issued a directive extending the SIM card verification and validation deadline for a month to May 19, 2017.
The SIM card registration exercise has attracted criticisms from human rights defenders who claim it violates freedom of expression and goes against Article 27 of the Constitution which guarantees the right to privacy by possibly enabling mass surveillance of communications. Further, the absence of a data protection and privacy law continues to expose citizens’ data which is increasingly and now repeatedly being collected by the state. There is accordingly no guarantee that personal data will not be unlawfully processes and used.
Over the past year, national security has been cited as the basis for directives by the UCC including instructions given to telecommunications service providers to enforce two social media shutdowns during 2016.
Although Uganda has signed and ratified the African Charter on Human and Peoples Rights and also fully subscribes to the international bill of rights, specifically the Universal Declaration for Human Rights and the International Covenant on Civil and Political Rights there are repeated affronts to the rights enshrined in these instruments.
It is for this reason that the Collaboration on International Policy for East and Southern Africa (CIPESA) calls for the following actions to be taken:
- The Government should adopt a multistakeholder approach in decisions affecting the ICT industry in Uganda. Decisions that affect the rights of citizens should be evidence-based and reached in consultation with other stakeholders including academia, civil society, media and the private sector.
- The Parliament should immediately pass the Data Protection and Privacy Bill, 2015 subject to the proposed amendments from the citizenry.
- Government should harmonise the implementation of laws pertaining to registration of data of citizens, refugees and non-citizens in Uganda, including the Regulation of Interception of Communications Act (2010) and the Registration of Persons Act (2015).
- There is a need to reinstate the oversight role of the Parliament over the Minister for ICT in making regulations for the ICT sector. Failure to do so will leave excessive powers within the ambit of the minister and resultantly, lead to abuse.
Read more on the State of Internet Freedom Uganda 2016.
The Evolution of Internet Shutdowns in DR Congo
By Arsene Tungali |
In the past seven years, citizens in the Democratic Republic of Congo (DRC) have experienced a series of intentional interruptions to online communications, affecting the exercise of rights to freedom of expression and information as well as access to services.
The first shutdown of digital communications reported in DRC was in December 2011. The shutdown affected SMS, and lasted 25 days. At the time, few people appreciated the magnitude of this state-initiated act or knew how to respond to it.
The SMS shutdown came in the aftermath of the general elections but just before the announcement of the election results. One of the reasons cited by the government for blocking communication was to prevent the spread of fake results over the internet before the electoral commission announced official results. This SMS communications shutdown went largely unnoticed by the global community who had been captivated earlier in the year by the January 2011 Egyptian internet shutdown.
Three years later in January 2015, the Congolese government again ordered telecommunications companies to block access not only to SMS but also the internet. This shutdown came on the backdrop of protests against a proposed electoral bill. Whereas banks and government agencies were granted access to the internet four days after the shutdown, the general public did not regain access until after three weeks.
The most recent Internet shutdown in DRC occurred on December 19, 2016 – the day President Joseph Kabila was supposed to step down as head of state. There were a lot of planned protests across the country against the president’s stay in office beyond the two term limit, in response to which the government ordered telecom operators to block to social media sites as an attempt to thwart mobilising by protestors.
Recent statistics show that for a population of over 70 million, only 4% of the inhabitants are connected to the Internet due to limited infrastructure and high access costs. Nonetheless, those with access are exploiting various online tools for communication, discourse on governance and activism. According to the State of Internet Freedom in DRC 2016 report, political parties maintain WhatsApp groups for strategic planning of campaign rallies. Meanwhile, through trending hashtags on social media, activists and ordinary citizens create public awareness on issues such as arbitrary arrests and other human rights concerns.
Government actions such as shutdowns, alongside surveillance and censorship practices as documented in the 2016 report, undermine the development of inclusive internet society in the central African country.
“There should be more effort towards developing infrastructure, progressive legislations, private sector investment, local content in local languages and more trainings in digital rights and digital security.” State of Internet Freedom in DRC 2016
As internet users have become more conscientious of their online rights, many activists and Internet users have turned to the use of Virtual Private Networks (VPN) to circumvent internet blockages. Many more are interested in taking digital security trainings, which explore topics like encryption, mitigating surveillance and tools for safe online communication.
“We knew nothing about VPNs until Internet was blocked in the DRC.” DRC Journalist
The trend of governments initiating internet shutdowns, not only in DRC, has attracted global condemnation. In many cases, these calls have gone unanswered by government officials and communication regulators, leading many to believe that this trend is likely to continue. In the spirit of the multi-stakeholder model of internet governance, other actors (not only government) should continue to play active roles to counter this practice or to support initiatives aimed at promoting more access and affordability in developing countries.
- Continued pressure on governments: Stakeholders should keep on applying pressure to those governments that shut down the internet. They should also increase awareness of the implication of a shutdown including the economic losses suffered at a national and micro level. However, this should be supplemented with more research on the economic impact of Internet shutdowns.
- The Autonomy of Service Providers: Telecommunications companies often receive orders from governments to block internet access. Clauses in their license agreements force them to comply when such orders are issued, failure of which could result in termination of licences. Nonetheless, telecom companies and ISPs should more actively release details of government information requests, takedown and shutdown notices in a bid to support the transparency of processes and accountability of oversight bodies.
- Civil society organisations and awareness: CSOs are among the most vocal groups condemning internet shutdowns in alliance with end-users, activists, journalists, and even private sector. They should also increase the number of trainings and capacity building programs on digital security and inform more people of their digital rights in order to be in a position to demand these rights.
- Development of Progressive Policy: In DRC there is a pressing need for new laws that cover the ICT sector. Apart from the constitution, there are only two legislations (the first on Telecommunications and the other establishing the Regulator) both from 2002. The existing legislative and policy framework need to be updated and reframed to provide more clarity on the role of all players in DR Congo’s ICT arena and to provide for online privacy and freedom of expression.
Safeguarding Civil Society: Assessing Internet Freedom and the Digital Resilience of Civil Society in East Africa
By Small Media |
Over the past decade, East Africa has seen a tremendous boom in connectivity and online participation that is beginning to transform the way that citizens across the region communicate, express themselves, and establish communities. In a similar manner, the growth of internet access in the region is beginning to empower civil society organisations (CSOs) to engage with the public, share information, and advocate for citizens’ rights in sometimes challenging and closed political environments. Although the internet offers opportunities to advocates, it also offers the possibility for regional state and non-state actors to interfere with their work, surveil them, and censor their voices.
In this report Small Media, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), DefendDefenders, and Strathmore University’s Centre for Intellectual Property and Information Technology Law have sought to map out the state of internet freedom in East Africa, and assess the extent to which ongoing challenges have impacted negatively upon the work of civil society actors in the region. Although we were not able to map out the state of internet freedom across the entire region, we were able to focus our efforts on some of the lesser-studied digital landscapes – Burundi, Rwanda, South Sudan, Tanzania and Uganda.
To measure the state of internet controls in the region, we have taken the African Declaration of Internet Rights and Freedoms (ADIRF) as our key point of reference. This declaration – drafted and signed by a large array of African civil society organisations in collaboration with global internet freedom organisations – establishes a set of rigorous principles by which governments and other stakeholders must abide in order to guarantee the online rights and freedoms of citizens across Africa.
Over the course of this research, we have found that there is an urgent need for East African civil society to be given support to improve their digital resilience in the face of growing threats of surveillance and censorship across the region. In all of the countries surveyed in this report, CSOs failed to demonstrate a baseline of digital security knowledge, or else failed to implement practices effectively.
At the same time, we found that governments across the region require support to bring their policies into compliance with the principles of the African Declaration on Internet Rights and Freedoms – a set of principles developed by African internet freedom stakeholders to guarantee a free and open internet in Africa.
Small Media, CIPESA, Defend Defenders and CIPIT hope that this research can help to support the security of civil society actors, empower activists to support the principles of the African Declaration, and press their governments to adopt it.
Read the full report here.