Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: Online Freedoms

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  Online Freedoms
16Nov

How Weaponization of Network Disruptions During Elections Threatens Democracy

Author CIPESA Posted on

By Evelyn Lirri |

In August 2021, Zambia became the latest country to restrict citizens’ access to social media platforms including Facebook, Twitter and WhatsApp as the country went to the polls. Citing the need to stop the spread of election misinformation, the Zambian government disrupted the internet in an election that saw an opposition politician defeat the incumbent president.

The disruption of digital communications is a recurring theme in numerous countries in as states pursue their ambitions of controlling information and communication flow during elections and other times of public protest.

Between January and May 2021, digital advocacy group Access Now documented at least 50 internet shutdowns in 21 countries, including in several African countries like Uganda, Ethiopia, Nigeria, Niger and Congo Brazzaville. However, there has also been pushback against these shutdowns by various civil society and digital rights actors, alongside users turning to Virtual Private Networks (VPNs) to circumvent blockages.

At the eighth edition of the Forum on Internet Freedom in Africa (FIFAfrica) that was hosted by the Collaboration on International ICT for East and Southern Africa (CIPESA) from September 28-30, 2021, members of the KeepItOn coalition, a global movement to end internet shutdowns, shared experiences from various countries on How Weaponization of Network Disruptions During Elections Threatens Democracy and some of the actions taken to prepare and advocate against election-related shutdowns.

Susan Mwape, an Election Analyst and Executive Director of Common Cause-Zambia, noted that in the lead up to the August 2021 elections in Zambia, the government imposed restrictions on public gatherings in the name of enforcing Covid-19 prevention measures. Consequently, citizens resorted to digital platforms to engage in election-related issues.

Threatened by the increased online engagement and mobilisation, the government hurriedly adopted the Cyber Security and Cyber Crimes Act, 2021. The Act was passed amidst criticism that it was primarily aimed at policing cyberspace, gagging freedom of expression and speech, and stifling internet use by opposition groups and supporters ahead of the general elections.

See this CIPESA analysis: Implications of Zambia’s  Cyber Security and Cyber Crimes Act 2021 on Digital Rights

Anticipating a shutdown ahead of the elections, Mwape said capacity building and advocacy activities were conducted  in collaboration with the KeepItOn coalition.

“We trained over 70 people – civil society, journalists, citizens and frontline defenders on secure tools they could use to stay online. But we also wrote an open letter to the President on why it was important to keep the internet on,” Susan Mwape.

Capacity building in circumvention techniques in anticipation of shutdowns has become a common strategy across the world. In Iraq, Hayder Hamzoz, the Founder and Chief Executive Officer of INSM Network, said efforts in this regard not only cover use of specific tools but prior installation of applications to overcome “governments’ first course of action” which is often to disable application stores where circumvention tools can be accessed.

Indeed, this was the case in Uganda, which has experienced various forms of election-related network disruptions – the most recent being a total shutdown during the January 2021 general elections and an ongoing block on Facebook access.

Allan Ssempala Kigozi, the Head of Legal Affairs at Unwanted Witness, explained that while a shutdown was anticipated in the country, civil society actors held a number of engagements with telecommunications companies and regulators on the need to keep the internet on.

“We wanted the government to understand that as the country was heading to the polls, an internet shutdown should not be the way to go because it has a wide-ranging impact on the economy beyond the misinformation that the government says it was trying to avert,” said Kigozi. He further noted that despite the shutdown, there was still an opportunity for misinformation to flow through text messages and added that upon the reinstatement of access, recorded videos and photos were shared thus maintaining the misinformation.

Despite having a long history of disruptions, Chad last April held an election without disrupting the internet. Abdeldjalil Bachar Bong, the Founder and Chief Executive Officer of House of Africa in Chad, attributed this to advocacy campaigns including by the #KeepItOn movement, which wrote an open letter to the President and telecommunications providers on the importance of keeping the internet on.

“We told them that shutting down the internet is not a solution. The solution is to educate the public on the benefits of using the internet,” he said. This was complemented by skills and knowledge building efforts targeting human rights defenders and civil society on how to use circumvention tools in the event of a shutdown.

For their part, circumvention tools developers such as TunnelBear have worked with digital rights groups and activists to ensure access to their platform in the event of a shutdown including through providing free bandwidth to use TunnelBear. Shames Abdelwahab, the Advocacy and Community Manager at TunnelBear, noted that in countries where they have done this, there has been a huge spike in the usage of the service. TunnelBear also provides free VPN accounts to activists on the ground. “The aim is to ensure digital activists keep online as they advocate against internet shutdowns,” said Abdelwahab.

Manson Gwanyanya, a researcher with the Business and Human Rights Resource Centre, noted that with increasing cases of internet shutdowns happening across the globe, more efforts including increased company transparency are being made to ensure that telecommunication companies and internet service providers are held accountable for their actions.

Blocking the internet ahead of the elections undermines electoral transparency, severely hinders the work of journalists, and denies citizens’ access to badly needed information. Governments should thus ensure the internet remains open to provide an opportunity for opposition actors to reach the electorate with information and for a pluralistic media to flourish.

04Nov

Putting Digital Inclusion Data into Practice

Author CIPESA Posted on

By Prudence Nyamishana |

Trends in global digitalisation have seen strides in the use of technology as an enabler for economic growth, public discourse, service delivery, transparency and accountability, access to education and public health. However, alongside these advancements, there has remained a persistent digital access gap that predominantly affects Sub-Saharan Africa.

Further, it appears that even for those countries in the region with high levels of access to digital technologies, there remain inconsistencies at national level, including in policy formulation and practice, and the business ethics and human rights of mobile network operators, which potentially exacerbate digital exclusion.

According to the International Telecommunications Union (ITU), global 4G coverage stood at 84% in comparison to 44% in Africa  – the lowest across all regions. 

In 2020, four of Africa’s leading digital companies (Safaricom, Jumia, MTN, and Naspers) were ranked and scored on digital inclusion by the World Benchmarking Alliance (WBA)‘s Digital Inclusion Benchmark. These companies have business footprints in more than numerous countries in Africa.

The Digital Inclusion Benchmark results showed that commitment and contribution towards digital inclusion are highly uneven across industries in the digital sector. Clear and consistent support to improve digital skills is needed, especially for vulnerable and underrepresented groups.

These results echoed similar sentiment in the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) Access Denied report, which showed that several telecom companies in Sub-Saharan Africa have failed to meet their obligations to provide information and services to persons with disabilities.

Both the WBA Benchmark and the CIPESA report call for adjustments to how business should be conducted, with a higher priority placed on the often digitally excluded and underrepresented communities such as women and persons with disabilities.

As such, in June 2021, the WBA and CIPESA hosted a roundtable with stakeholders committed to advancing digital inclusion in the region. Additionally, the roundtable sought to help foster coordinated multi-stakeholder actions on digital inclusion that can help achieve the Sustainable Development Goals (SDGs).

Watch the Africa RoundTable on Digital Inclusion

Speaking at the roundtable, Andrew Rugege, the Africa regional director for the International Telecommunications Union (ITU), noted that Covid-19 had laid bare the realities that underpin global economics and made it evident that broadband and Information and Communications Technology (ICT) play a critical role in daily lives for the overall growth of national economies.

However, Michael Minges, a WBA Research Analyst, highlighted gaps in current internet access policy and structures that affect national economics and also impact digital inclusion and access. He pointed out the issue of scale, noting that many African countries have not yet built up their internet markets to make them attractive for international investors.

Onica Makwakwa, Head of Africa at the Alliance for Affordable Internet (A4AI), highlighted the role that state policies and regulations have to play in enabling digital access. She stated: “We need to have policies and regulations that make this [internet access] universal … It requires intentional actions.”

The shift from data to action was stressed by Lourdes Montenegro, the WBA Lead on Digital Sector Transformation, who noted that the data emerging from research initiatives such as by the WBA and CIPESA triggers thinking on what public policy actions are needed, including by think tanks and governments that need to work towards addressing digital inclusion gaps with evidence-backed data.

Indeed, narratives from the roundtable discussion including the need for more stakeholder collaborations were carried through to the September 2021 CIPESA-hosted Forum on Internet Freedom in Africa 2021 (FIFAfrica). Digital inclusion was one of the themes at FIFAfrica21, and multiple sessions at the Forum entailed discussion on why digital inclusion should be attained including for the benefit of increased public participation, countering misinformation, fighting online violence against women, supporting progressive online movements, and encouraging online diversity especially from the Global South. Thus, as the data in support of digital inclusion grows, so does the need to put this data into practice in policy formation, business strategy and digital rights advocacy.

Watch the different sessions from the Forum.

02Nov

Stalking the Messenger: Ending Impunity for Illegal Surveillance

Author CIPESA Writer Posted on

Opinion |

We know that the issues around digital surveillance are complicated. The tech side of the tools used and the means to circumvent them are complicated. Drawing a hard line between what may be acceptable to help ensure our personal security and what pushes our societies into Orwellian territory is also complicated.

As the revelations of the Pegasus Project show us, illegal surveillance is the latest weapon in the ever-growing arsenal used against journalists and human rights defenders. In effect, surveillance in this context is equivalent to stalking. A pernicious activity that can easily cross from online harassment to physical attacks. It’s illegal. It disproportionately affects those who are among the most vulnerable, whether because of their gender, sexual orientation, race, or ethnicity. And if people are permitted to stalk with impunity, the problem will not stop.

Increasingly used as a laser-focused tactic, a weapon to intimidate, instil fear, and paralyse the work of journalists, this kind of surveillance puts sources at risk and impedes journalists from providing us with information to expose crime and corruption, and to speak the truth about power.

“I don’t think it’s journalists as individuals that the government has a problem with. The government has a problem with the people […] It wants to continue committing crimes in the shadows so that no one will uncover those facts or ask questions about it. And journalists are the ones who spoil this plan.” — Azerbaijani journalist Sevinj Vaqifqizi.

On this International Day to End Impunity for Crimes Against Journalists, a day advocated for by IFEX, we need to bring surveillance to the fore as a tactic that is threatening journalists’ safety, and draw attention to how impunity creates the conditions under which it will continue to thrive.

IFEX members have long warned of the dangers of malware like Pegasus. A product of the Israeli NSO Group, it infects targets’ phones, exposes data, and even gains access to cameras and microphones. Despite the company’s claim that it vets clients based on their human rights records, it sold Pegasus to authoritarian regimes – as well as to countries like Mexico, where targets included media figures, a government scientist, and international human rights investigators – united by having publicly posed challenging questions to the government.

The personal impact of such surveillance can be devastating.

“When you are speaking, watching, or doing something with someone in your house or in a cafe or wherever you may be, they are there listening to you, watching everything that you do. Everything that you do in your bedroom, the shower, in your kitchen, in your office with your friends, or whoever.” — Mexican journalist Carmen Aristegui: profiled here

“My family members are also victimized. The sources are victimized, people I’ve been working with, people who told me their private secrets are victimized.” — Azerbaijani journalist Khadija Ismayilova: profiled here

Globally, at least 180 journalists were selected as Pegasus targets.

The decades our network has put into promoting journalists’ safety confirm that it cannot be fully achieved in a climate where individuals – or states – can intimidate, threaten, and harm them, and not be held accountable. Year-round, IFEX members work to bring perpetrators to justice, and to establish conditions that will make it harder for them to commit such crimes in the first place.

We know that it is a massive undertaking. In spite of being illegal under international human rights law, actors involved in illegal surveillance are almost never held accountable.

The challenge is to identify where to intervene, where to spend our energy, where we can have the biggest impact in stemming this predatory practice – including, but not limited to, confronting corporations and governments that enable and participate in the illegal surveillance of journalists.

It’s a many-headed beast, surveillance. There are multiple entry points to effect change, from policy work to set boundaries on what is considered ‘necessary and proportionate’ surveillance, to pressuring states to adopt international standards, to controls on the exports of spyware, to supporting preventive measures like strengthening and normalizing encryption.

Ending impunity for illegal surveillance has to be part of this work. It’s a long game, not for the weak-of-heart, and this is even more true when the perpetrators of the crimes are states. But we know from our experience seeking accountability for physical attacks on journalists that this type of sustained work does pay off. Just over a week ago, two decades of advocacy – by IFEX member FLIP, by Jineth Bedoya Lima herself, and by so many others – led to the groundbreaking Inter-American Court of Human Rights ruling in her case that there was “serious, precise and consistent evidence of State involvement in the acts of physical, sexual and psychological torture against the journalist.” This ruling sets an important precedent for the entire region.

The other good news is that we have a lot to draw on, on our side. There is a massive, global network of people – working in different fields, perhaps, or focusing on different issues – but with the combined skills, expertise, and clout needed to ensure that illegal surveillance does not go unchallenged, that those found culpable pay a price, and that this price effectively deters others.

As long as we keep leveraging opportunities like IDEI to come together, collaborate, learn from and support each other, raise our voices and find strategic pressure points where we can have a real impact, we can, and will, counter the scourge of illegal surveillance of journalists.

Annie Game is the Executive Director of IFEX, the global network that promotes and defends freedom of expression and information as a fundamental human right.

21Oct

Policy Brief: How African States Are Undermining the Use of Encryption

Author CIPESA Posted on

By Lillian Nalwoga |

Encryption enables internet users to protect their data and communications from unauthorised access. Accordingly, anonymity and the use of encryption in digital communications are key enablers of citizens’ enjoyment of the right to privacy.

Worryingly, many African countries have passed legislation that limits anonymity and the use of encryption, purportedly to aid governments’ efforts to combat terrorism and crime. Other governments in the region limit the use of encryption to enable them to monitor the communications of critical journalists, human rights defenders, and opposition politicians.

In commemoration of the inaugural Global Encryption Day, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has published a policy brief that highlights restrictions to encryption and what needs to be done by governments in Africa to promote the use of encryption. The brief shows that encryption laws and government practices in several countries undermine the privacy rights of citizens, which in turn hampers their right to free expression and to secure use of digital technologies.

The importance of the right to anonymity in the digital era has been recognised in the Declaration of Principles on Freedom of Expression and Access to Information in Africa of the African Commission on Human and Peoples’ Rights. Principle 40(3) provides that: “States shall not adopt laws or other measures prohibiting or weakening encryption, including backdoors, key escrows, and data localisation requirements unless such measures are justifiable and compatible with international human rights law and standards.”

However, encryption is under threat from governments in Africa, as indeed in other parts of the world. Among the concerns cited by the brief are legislation and regulations that require registration and licensing of encryption service providers before they can offer cryptographic services. This is the case in Benin, Chad,  Cameroon, Congo Brazzaville, Democratic Republic of Congo (DR Congo), Ethiopia, Guinea, Ivory Coast, Malawi, Mali, Morocco, Senegal, South Africa, Tanzania, Tunisia and Zambia, among others. Offering encryption services without a license attracts penalties, as does failure to hand over secret encryption codes to state authorities, or using prohibited encryption tools.

Encryption in Africa

The requirement for registration of encryption services providers makes it easy for regulators and other government agencies to access information held by these service providers, including decryption keys and encrypted data. This undermines best practices which require governments to reject laws, policies, and practices that limit access to or undermine encryption and other secure communications tools and technologies. 

Further, the brief points to how governments in Africa prohibit the use of some types of encryption and require disclosure to regulators of the characteristics of cryptology. Crucially, governments should not prohibit the use of encryption by grade or type. Further, governments should not mandate insecure encryption algorithms, standards, tools, or technologies. 

Meanwhile, laws on interception of communications across the continent including in Benin, Cameroon, Chad, Ivory Coast, Malawi, Mali, Niger, Nigeria, Rwanda, Senegal, Tanzania, Togo, Tunisia, Uganda, Zambia and Zimbabwe require communication service providers to put in place mechanisms, including the installation of software, which facilitates access and interception of communications by state agencies. Indeed, state agencies in several countries can request for decryption of data held by service providers, which poses a big concern. 

For instance, Zimbabwe’s Interception of Communications Act requires cryptography services providers to decrypt data at judicial authorities’ request or provide them with the codes allowing the decryption of data they have encrypted (article 78). Section 11(1)(d) permits security agents to demand that information is decrypted before it is handed to them, where the disclosure is necessary for national security, to prevent or detect a severe criminal offense, or in the interests of the country’s economic well being. Failure to comply is punishable with up to five years’ imprisonment, a fine not exceeding USD 373, or both. Similar provisions are found in the laws of several other countries.

Such compelled assistance from service providers has been reinforced with mandatory SIM card registration of phone users around the continent, as well as data localisation requirements amidst ineffective safeguards.

 In some countries, if the private communications of human rights defenders and opposition politicians fall into the hands of state agencies, the consequences can be dire. The brief cites Rwanda, where the private communications of musician Kizito Mihigo, opposition leader Diane Rwigara, and two former army officers were used in their separate prosecutions. In Ethiopia, the Zone 9 bloggers were detained and prosecuted, among others, for using encrypted communications.

Meanwhile, Uganda instituted a ban on use of Virtual Partial Networks (VPNs) in the face of internet taxes and network disruptions. For its part, Zimbabwe barred telecom operator Econet Wireless from introducing the Blackberry Messenger service, which provided encrypted messaging, arguing that it contravened the southern African country’s interception of communications law which bars provision of services which the communications regulator can not intercept. Another example cited is Mauritius, which this year attempted to introduce a controversial lawful interception mechanism that would decrypt and re-encrypt all social media traffic. 

In light of the above concerns, the CIPESA brief is urging governments to repeal or amend provisions that place undue restrictions on the use of encryption tools; cease blanket compelled service providers and intermediary assistance to state agents and instead provide for clear and activity-bound assistance; and enact data protection and privacy laws that robustly promote the use of strong encryption. 

The full brief can be accessed here.

12Oct

Will Our Human Rights and Freedoms and a Free and Open Internet be the Next Victims of Cybercrime?

Author CIPESA Writer Posted on

Manifesto Launch |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has joined civil society organisations and industry in a rally against the potential threat of cybercrime on human rights and freedoms as well as the open internet.

Day-by-day the effects of cybercrime continue to get worse. Although something clearly needs to be done, there is growing concern that any efforts to tackle this modern scourge come at the expense of fundamental human rights and that they threaten the open and free internet.

As countries are considering their input to the United Nations ahead of the scheduled January negotiations on a Cybercrime Convention, the CyberPeace Institute and the Cybersecurity Tech Accord have brought together a range of stakeholders to publish the Multistakeholder Manifesto on Cybercrime. The principles outlined in the Manifesto should be at the heart of any cybercrime legislation and to guide the negotiating process.

The Manifesto is supported by over 50 members of civil society, industry organizations (such as the Center for Democracy and Technology, World Wide Web Foundation, Cyber Threat Alliance, and Derechos Digitales) and individuals. Signatories to the Manifesto want to also ensure that any cybercrime convention preserves and upholds basic human rights and freedoms guaranteed under existing international UN and other treaties.

“Today, industry and civil society are coming together through a Multi-Stakeholder Manifesto on Cybercrime which provides a set of principles to guide governments in their negotiations at the United Nations” says Klara Jordan, Chief Policy Officer at the CyberPeace Institute. 

In the build up to the convention negotiations, this Manifesto is an urgent appeal to all UN member states, UN agencies, and others involved in the current process, to address concerns regarding the draft and align their submissions with the Manifesto.

The Manifesto also highlights the importance of ensuring cybercrime perpetrators are held accountable for their actions: “In an area as opaque as cyberspace, public-private partnerships are often an indispensable tool to gain insights into evolving cyber threats and those behind them,” said Annalaura Gallo, Head of Secretariat, Cybersecurity Tech Accord. “A new Cybercrime Convention should establish clear mechanisms for states to reduce the operating space for criminals,” added Annalaura Gallo

The Manifesto also tackles the challenges inherent in the current UN process, in particular the lack of multistakeholder participation. “We are concerned about the lack of consultation, inclusion and involvement of stakeholders from across civil society and industry”, said Klara Jordan, adding: “The participation of civil society entities is crucial to ensure that the impact of these crimes on society is properly taken into account.” “The technology industry is ready to offer its expertise and input to UN states in the upcoming negotiations on cybercrime. We hope that our input will be sought more consistently than has been the case in the past in discussions involving the security of our internet ecosystem,” emphasized Annalaura Gallo.

*********

About the CyberPeace Institute: Headquartered in Geneva, Switzerland, the CyberPeace Institute is a nongovernmental organization whose mission is to reduce the harms from cyberattacks on people’s lives worldwide, provide assistance to vulnerable communities and call for responsible cyber behaviour, accountability and cyberpeace.

About the Cybersecurity Tech Accord: The Cybersecurity Tech Accord is a coalition of over 150 technology companies committed to advancing peace and security in cyberspace. The group’s mission revolves around four foundational principles: strong defense, no offense, capacity building and collective response.

1 3 4 5 6 7 41