Promoting Effective and Inclusive ICT Policy in Africa

Blog

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog
21Feb

New Mali Cybercrime Law Potentially Problematic to Digital Rights

Author admin Posted on

By Simone Toussi |

On December 5, 2019, the president of Mali promulgated Law n° 2019-056 on the Suppression of Cybercrime. Although timely and relevant, a number of provisions pose potential threats to privacy and freedom of expression online, especially in view of Mali’s democracy deficits and low press freedom ranking.

The new law, applies to “any offence committed by means of Information and Communication Technologies (ICT) in whole or part on the territory of Mali, to any offence committed in cyberspace and whose effects occur on the national territory” (article 2).  It is part of a legislative framework deemed necessary to support reforms in the technology sector, pursuant to the 2000  Mali Telecommunications Sector Policy Declaration.

From Privacy Breaches to Digital Authoritarianism

Mali’s Constitution provides for privacy of communications under Article 6 while the Personal Data Protection Act of 2013 under article 5 and the Telecommunications Act, 1999 in article 1 buttress the constitutional provision. Unfortunately, the cybercrime law conflicts with these existing right to privacy guarantees.

The Cybercrime Law in articles 74 to 78 authorises search of computers and seizure of data as part of criminal investigations. Moreover, under article 75, data may be copied and stored where “seizure of the medium seems inappropriate”. The law does not provide for how the copied data should be stored, processed or disposed of upon conclusion of investigations. This undermines the data protection principle laid down in article 7 of the  Personal Data Protection Act – that personal data must only be kept for a specified period and purpose.

Further, articles 83 to 86 suggest real-time surveillance through interception of communications. Service providers are required to cooperate with authorities, including through ensuring that they have in place the necessary technical means to facilitate interception of communications. These wide powers double as an addition to those given to authorities under article 4 of the Telecommunications Act. This article which states: “When public security or the defense of the territory of Mali so requires, the Government may, for a limited period, requisition all the telecommunications networks established in the territory of Mali, as well as the equipment connected to it and / or prohibit the provision of telecommunications service.” This article has in the past been evoked when the government ordered  social media disruptions in 2016 during public protests and more recently during the 2018 elections when it ordered an internet shutdown.

Furthermore, communications service providers are required to put in place mechanisms to monitor systems for potential illegal activity, with failure to inform authorities of illegal activities being punishable by a prison sentence of between six months and two years, a fine of Central African Francs (CFA) 500,000 to 2,000,000  (USD 830 to 3,318 ) or both (article 25).

Warnings for Freedom of Expression

Although Mali’s constitution guarantees freedom of expression and opinion (article 4), the Law on the Press Regime and Press Offences (2000) is vague as it does not explicitly guarantee freedom of the press or media pluralism, nor does it define press offences. It also does not contain any provisions on online media. This constitutes a vacuum preceding the law on the Suppression of Cybercrime which, for its part, contains provisions which directly affect freedom of expression and opinion.

Articles 20 and 21 of the new law punish threats and insults made through an information system, with penalties ranging from six months to 10 years imprisonment, a fine of CFA 1,000,000 to 10,000,000 CFA (USD 1,680 to 16,800), or both. Without a clear definition and detail of the constituent elements of ‘threat’ or ‘insult’, these provisions are open to interpretation that can hinder freedom of expression. This is all the more critical since these terms are also not defined by the law on the press regime and press offences, in its article 33 on incitement and article 38 on defamation.

Moreover, articles 55 and 56 condemn the “public dissemination” of “all printed matter, all writings, drawings, posters, engravings, paintings, photographs, films or stereotypes, matrices or photographic reproductions, emblems, all objects or images that do not tie with good morality.” The corresponding penalties range from six months to seven years imprisonment, a fine of CFA 500,000 to 10,000,000 (USD 840 to 16,800), or both.

Article 54 of the cybercrime law states that “press offenses, committed through information and communication technologies, with the exception of those committed by the press on the internet, are punishable by ordinary law”. Given that the Press Law does not include provisions for online press, it is unclear what the distinction is between press offences via ICT and press offences via the internet. Furthermore, there is a lack of precision on the determination as to whether an offense falls under the cybercrime law, ordinary law, or press law.

Article 23 provides for a fine of CFA 200,000 to 2,000,000 (USD 332 to 3,318), imprisonment of between six months and one year, or both, for fake reports of illegal activity or content online, “with the aim of obtaining its withdrawal or having it stopped by a public eCommunications service provider”. However, activities and contents considered as illegal are not defined by the law, and therefore subject to denunciation.

Way forward

The law is well intentioned in seeking to ensure safe and secure use of ICT in Mali. However, it comes into effect in a fragile context. Provisions relating to data processing as part of criminal investigations pose significant risk to personal data integrity, security and privacy. Further, the law places a huge burden on telecommunications intermediaries to track and monitor network activity, and holds these intermediaries liable for the actions of their clients. Provisions relating to online press offences are inconsistent with legislating the media in the age of digitalisation. The new law and existing related laws therefore require revisions to safeguard and uphold constitutional guarantees of freedom of expression and privacy, online and offline.

21Feb

Togo: #KeepItOn During The Elections

Author admin Posted on

Joint Call |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has joined a call on the Government of Togo to keep digital communications accessible during its upcoming elections.

The country goes to the polls on February 22, 2020, marking the first presidential election since the amendment to the Constitution on term limits. The amendment capped the presidential mandate to two five-year terms. However, it would not apply retrospectively meaning that President Faure Gnassingbe, who succeeded his late father in 2005, can stand for the upcoming election, and again in 2025.  In 2017, internet access was disrupted during protests against the family’s 50-year rule of the country.

Access Now, the #KeepItOn campaign lead states that Togo should follow the footsteps of its neighbors GhanaNigeria, and Senegal who have shown that an open, secure, and accessible internet can foster civic participation during the electioneering processes and beyond, safeguard election results, and promote democracy.

See the full joint call here: English and French.

21Feb

La nouvelle loi du Mali sur la cybercriminalité potentiellement problématique pour les droits numériques

Author admin Posted on

Par Simone Toussi |
Le 5 décembre 2019, le président du Mali a promulgué la loi n° 2019-056 portant Répression de la Cybercriminalité. Bien qu’opportune et pertinente, certaines de ses dispositions constituent des menaces potentielles à la vie privée et la liberté d’expression en ligne, en particulier, compte tenu des défaillances démocratiques du Mali et de son faible classement en matière de liberté de la presse.
La nouvelle loi s’applique à « toute infraction commise au moyen des technologies de l’information et de la communication (TIC) en tout ou partie sur le territoire de la République du Mali, toute infraction commise dans le cyberespace et dont les effets se produisent sur le territoire national » (article 2). Elle fait partie d’un cadre législatif jugé nécessaire pour soutenir les réformes dans le secteur des TIC, conformément à la Déclaration de politique sectorielle des télécommunications du Mali, de l’année 2000.
Des atteintes à la vie privée à l’autoritarisme numérique
La Constitution du Mali garantit la confidentialité des communications en vertu de l’article 6, une disposition qui est renforcée par l’article 5 de la loi portant protection des données à caractère personnel de 2013 l’article 1er de la loi régissant les télécommunications de 1999. La loi sur la cybercriminalité est malheureusement en conflit avec ces prédispositions en faveur du droit à la vie privée.
Les articles 74 à 78 de la loi sur la cybercriminalité autorisent la perquisition et la saisie informatique de données dans les procédures d’enquêtes criminelles. En outre, en vertu de l’article 75, les données peuvent être copiées et stockées lorsque « la saisie du support ne paraît pas appropriée ». La loi ne prévoit pas comment les données copiées doivent être stockées, traitées ou supprimées à l’issue des enquêtes. Cela sape le principe de protection des données énoncé dans l’article 7 de la loi sur la protection des données à caractère personnel – selon lequel les données à caractère personnel ne doivent être conservées que pour une période et un objectif précis.
De plus, les articles 83 à 86 suggèrent une surveillance en temps réel par l’interception des communications. Les prestataires de services sont tenus de coopérer avec les autorités, notamment en veillant à ce qu’ils disposent des moyens techniques nécessaires pour faciliter l’interception des communications. Ces pouvoirs étendus doublent ceux qui sont accordés aux autorités en vertu de l’article 4 de la loi sur les télécommunications. Ce dernier stipule : « Lorsque la sécurité publique ou la défense du territoire du Mali l’exige, le gouvernement peut, pour une durée limitée, réquisitionner tous les réseaux de télécommunications établis sur le territoire du Mali, ainsi que les équipements qui y sont connectés et / ou interdire la fourniture de services de télécommunications. » Cet article a été utilisé par le passé, lorsque le gouvernement a ordonné des perturbations de réseaux sociaux en 2016 lors des manifestations publiques, et plus récemment, une coupure d’Internet lors des élections de 2018.
En outre, les prestataires de services de communication sont tenus de mettre en place des mécanismes de contrôle des systèmes d’activités illégales potentielles. Tout refus d’informer les autorités de ces activités illégales est passible d’une peine de prison allant de six mois à deux ans, une amende de 500 000 à 2 000 000 francs CFA (830 à 3 318 dollars américain – USD) ou les deux (article 25).
Des alertes pour la liberté d’expression
Bien que la constitution du Mali garantisse la liberté d’expression et d’opinion (article 4), la loi portant régime de la presse et délit de presse (2000) est vague car elle ne garantit pas explicitement la liberté de la presse ou le pluralisme médiatique, ni ne définit les délits de presse. Elle ne contient pas non plus des dispositions sur les médias en ligne. Cela constitue un vide qui précède la loi sur la répression de la cybercriminalité qui, pour sa part, contient des dispositions qui affectent directement la liberté d’expression et d’opinion.
Les articles 20 et 21 de la nouvelle loi punissent les menaces et les insultes faites par le biais d’un système d’information, avec des sanctions allant de six mois à 10 ans d’emprisonnement, et une amende de 1 000 000 à 10 000 000 CFA (1 680 à 16 800 USD), ou les deux. Sans définir ni clairement détailler les éléments constitutifs de la « menace » ou de l ‘ « insulte », ces dispositions sont sujettes à des interprétations pouvant entraver la liberté d’expression. Cela est d’autant plus critique que ces termes ne sont pas non plus définis par la loi portant régime de presse et délit de presse, dans son article 33 sur l’incitation et l’article 38 sur la diffamation.
De plus, les articles 55 et 56 condamnent la « diffusion publique » de « tous imprimés, tous écrits, dessins, affiches, gravures, peintures, photographies, films ou clichés, matrices ou reproductions photographiques, emblèmes, tous objets ou images contraires aux bonnes mœurs. » Les sanctions correspondantes vont de six mois à sept ans d’emprisonnement, une amende de 500 000 à 10 000 000 CFA (840 à 16 800 USD), ou les deux.
L’article 54 de la loi sur la cybercriminalité stipule que les infractions de presse, commises par le biais des technologies de l’information et de la communication, à l’exception de celles commises par la presse sur Internet, sont punies par les peines de droit commun ». Étant donné que la loi sur la presse ne comporte pas de disposition pour la presse en ligne, la distinction entre les délits de presse via les TIC et les délits de presse via internet n’est pas claire. En outre, il y a un manque de précision quant à déterminer si une infraction relève de la loi sur la cybercriminalité, du droit commun ou de la loi sur la presse.
L’article 23 prévoit une amende de 200 000 à 2 000 000 CFA (de 332 à 3 318 dollars américain), une peine d’emprisonnement de six mois à un an, ou les deux, pour les faux signalements d’activités ou contenus illicites, « dans le but d’en obtenir le retrait ou d’en faire cesser la diffusion par un prestataire de services de communications au public par voie électronique ». Cependant, les activités et contenus considérés comme illicites et donc soumis à dénonciation, ne sont pas définis par la loi.
Les mesures à prendre
La loi est bien orientée pour garantir une utilisation sûre et sécurisée des TIC au Mali. Elle entre cependant en vigueur dans un contexte fragile. Les dispositions relatives au traitement des données dans les procédures d’enquêtes criminelles présentent un risque important pour l’intégrité, la sécurité et la confidentialité des données personnelles. En outre, la loi impose une lourde charge aux intermédiaires de télécommunications pour suivre et surveiller l’activité du réseau, et tient ces intermédiaires responsables des actes de leurs clients. Les dispositions relatives aux délits de presse en ligne sont incompatibles avec la législation sur les médias à l’ère du numérique. La nouvelle loi et les lois connexes existantes nécessitent donc des révisions pour sauvegarder et faire respecter les garanties constitutionnelles de la liberté d’expression et de la vie privée, en ligne et hors ligne.

20Feb

Burundi, Chad, Ethiopia and Sudan Revoke YouTube Access Throughout 2010s

Author admin Posted on

By Thomas Robertson |

YouTube is an important part of African online space because it offers a platform for both traditional media and independent producers to livestream and broadcast multimedia content. Crucially, YouTube comments provide an important channel for social and political discourse in Africa given the high levels of censorship in traditional media. Indeed, in many African countries, YouTube is the second most popular website.

Under the guise of defending public order and morality, authoritarian governments in Africa have blocked access to YouTube within their borders, with ban lengths ranging from several days to more than one year.

In North Africa, four countries – Algeria, Tunisia, Morocco and Libya – are reported to have intermittently blocked YouTube access between 2007 and 2019. The most recent outage was in August 2019 in Algeria, where YouTube and other Google services were blocked in the wake of an online video purportedly encouraging the military to depose then de-facto leader Ahmed Gaid Salah . This followed a consistent pattern of internet disruptions in the country, both before and after the resignation of president Abdelaziz Bouteflika.

Much earlier, Morocco had blocked access to YouTube for five days in 2007 after videos posted endorsed the independence of Western Sahara. Meanwhile, from 2007 to 2011, YouTube users in Tunisia faced intermittent blockages of the site, and when not completely blocked, certain protest videos remained inaccessible from within the country. In similarity, Libya also blocked YouTube from 2010 to 2011 after videos of anti-Gaddafi protests were posted.

In sub-Saharan Africa, YouTube was blocked in Sudan in the wake of its 2010 elections when videos revealed fraud committed by electoral staff, and again in 2012 after the posting of the film The Innocence of Muslims. Both of these events were preceded by widespread protests. In 2011, Eritrea blocked YouTube, and access to the website remains unreliable, but more so due to bandwidth concerns than censorship.

In April 2018, Chad instituted a 15-month ban on social media, including YouTube, that was only lifted in July 2019. This ban was a reaction to waves of protest against constitutional amendments that would allow President Idriss Déby to further extend his rule. Ethiopia intermittently blocked YouTube along with other social media platforms for several days in June 2019 after reports of an attempted coup against the Amhara Regional State Government.

More recently, a YouTube block was documented by the Open Observatory of Network Interference during December 2019 in Burundi without official explanation. With an estimated internet penetration rate of 7.4%, Burundi remains one of the least digitally connected countries in Africa. Nonetheless, President Pierre Nkurunziza’s government habitually restricts media and online expression. Earlier in 2019, the National Communication Council (NCC) banned Voice of America (VOA), the British Broadcasting Corporation (BBC) and their correspondents, regardless of nationality, from broadcasting in the country. Leading up to the alleged restriction on YouTube in December 2019, the Burundian government suspended the comment section on the YouTube channel of Nawe, an independent media outlet, and prohibited new channel uploads. Nawe’s website and Twitter, however, remained active.

According to Google’s Transparency Report, more than 11 African governments have made content removal requests relating to YouTube since 2009. During 2012-2013, Google received inquiries and requests from 20 countries relating to YouTube videos that contained clips of the movie “Innocence of Muslims”. From Africa, three governments – Djibouti, Egypt and Libya – requested that the videos be removed. According to Google, “due to difficult circumstances” the videos were temporarily restricted from view. It is unclear what the length of the temporary restriction was.

Earlier in 2010, Libya made 147 requests to remove more than 1,000 YouTube videos. Google removed “portions” of the videos for violating YouTube’s Community Guidelines but did not remove the rest of the videos. Google does not indicate the exact number of video portions which were removed. Since then, Google has gone on to receive content removal requests from eight other African governments – Gabon, Kenya, Mali, Mauritius, Morocco, Nigeria, Sierra Leone, and Tanzania.

More than 22 governments have conducted internet shutdowns since 2016. They often cite the need to  prevent the use of the internet as a tool to spread false information, and to allegedly fan public disorder and undermine national security. Where complete shutdowns have not occured, more targeted blockages have been sought, particularly of media showing government corruption, civil disobedience, dissenting opinions or contentious statistics that contradict government figures shared on platforms like YouTube, Twitter, Facebook and WhatsApp.

Although the various blockages of YouTube in Africa have since ended, the instances documented in this report indicate that blocking YouTube may well be a strategy of internet manipulation and civic suppression, with trends suggesting that such restrictions to online content may continue into the new decade across Africa.

28Jan

Advancing Collaborations in Strategic Litigation for Digital Rights in East Africa

Author admin Posted on

By Edrine Wanyama |

Strategic litigation has gained recognition as a tool for pushing back against restrictions on rights to privacy, access to information and freedom of expression, assembly and association in the digital sphere in Africa. Notable cases have been recorded in Burundi, Kenya, Tanzania, Uganda, Cameroon, Gambia, Zimbabwe, and Sudan.

However, litigation for digital rights remains under-utilised across the continent due to lack of effective collaboration between actors such as lawyers, activists, academia, civil society organisations and other technical experts.

At the 2019 Forum on Internet Freedom in Africa (FIFAfrica19) in Addis Ababa, Ethiopia, a workshop was hosted to promote best practices for more effective collaboration across disciplinary silos in digital rights litigation. The session also aimed to raise the visibility of the outcomes and lessons learned from three recent digital rights cases and campaigns in Kenya, Tanzania and Uganda, alongside global experiences by Access Now, the Electronic Frontier Foundation (EFF) and the Media Legal Defense Initiative (MLDI), so as to inform future intervention. It was attended by 22 participants comprising of parliamentarians, lawyers, academics, journalists, digital rights activists, civil society actors and representatives of government agencies.

The workshop and case analysis were premised on the catalysts for collaboration which outline 12 principles in advancing digital rights campaigns using litigation.

The 12 Catalysts for Collaboration

Various issues emerged during the workshop and in many instances echoed the experiences of cases in East Africa and beyond. In his presentation, “Litigating Digital Rights and Online Freedom of Expression in East, West and Southern Africa”, Padraig Hughes from MLDI explored  internet regulation and international human rights instruments provisions related to digital rights, including data protection and privacy, the right to be forgotten, encryption, anonymity and cybercrime. He noted that whereas countries across the world were party to many of the instruments, case law on internet regulation in Africa was not as advanced as in other continents. Indeed, a study of the case of The Bloggers Association of Kenya (BAKE) v Hon. Attorney General & Three Others in Kenya indicates that due to limited precedent and case law on strategic litigation in Africa, BAKE had to rely heavily on European Union case law as a reference point.

BAKE’s petition challenged the Computer and Misuse Act, 2018, stating that it violated, infringed and threatened fundamental freedoms protected in the Bill of Rights in the Constitution of Kenya, 2010. In May 2018, a judge granted interim conservatory orders, suspending 26 clauses in the Act. To-date, a hearing date is yet to be set for the case. However, the orders granted remain in force pending the hearing.

The EFF’s Corynne McSherryn presented collaborative cases which challenged border device search and seizures in the United States of America, as part of which border and pocket guides have been issued to help travellers in securing their digital data before travelling. The publicity and awareness approach of the guides is similar to that adopted in pushing back against a social media tax in Uganda by encouraging the use of Virtual Private Networks (VPNs). A case related to this pushback is the Cyber Law Initiative (U) Limited and Five Others Versus The Attorney General of Uganda and Two Others.

On July 2, 2018, Cyber Law Initiative (U) Limited and four individuals – Opio Daniel Bill, Baguma Moses, Okiror Emmanuel and Silver Kayondo – sued the Attorney General, the Uganda Communications Commission (UCC), and the Uganda Revenue Authority (URA) in the Constitutional Court over an amendment to the Excise and Duty Act. The amendment introduced a tax of Uganda Shillings (UGX) 200 (USD 0.05) per day in order to access Facebook, WhatsApp, Twitter, and Viber, among other social media platforms. The case relied heavily on print, broadcast and online media to raise public awareness and push back against the tax through encouraging use of Virtual Private Networks (VPNs). It is over a year since the case was filed and all relevant submissions have been tabled before court. However, a hearing date has not been fixed. Efforts to have the case hearing date fixed have included a petition to the Deputy Chief Justice with an annexation of over 400 signatures, to no avail.

Aaron Kiiza, part of the legal team on the Uganda social media tax case, noted that collaborative litigation remains a major challenge due to group dynamics and unforeseen circumstances. This was the case in Tanzania where three collaborators withdrew from Legal and Human Rights Center and Two Others v. The Minister for Information, Culture, Arts and Sports, the Tanzania Communications Regulatory Authority and the Attorney General, which demoralised the group and was deemed as the “starting point of defeat” in the case.

The Legal and Human Rights Centre, Media Council of Tanzania, Tanzania Media Women Association (TMWA), Jamii Media, Tanzania Human Rights Defenders Coalition (THRDC), and the Tanzania Editors Forum (TEF) filed a case in the High Court of Tanzania challenging enforcement of the Electronic and Postal Communications Act (EPOCA) (Online Content Regulations) of 2018. The applicants argued that the regulations were promulgated in excess of power, illegal, against the principles of natural justice, unreasonable, arbitrary and ambiguous. However, three applicants (Jamii Media, TAMWA and TEF), later withdrew from the case. TAMWA and TEF’s withdrawal from the case was attributed to waning interest, while that of Jamii Media was due to separate criminal proceedings against its Executive Director, which had already put a strain on the organisation’s operations.

 On May 4, 2018, the Court issued a temporary injunction preventing the implementation of the Regulations which were to take effect the following day on May 5, 2018. However, the government of Tanzania appealed against the decision, and Court overturned the injunction and dismissed the case, with each party bearing its own costs.

Meanwhile, in the Zimbabwean case against the network disruption of January 2019, Kuda Hove from the Media Institution of Southern Africa (MISA) Zimbabwe observed that collaborative litigation sometimes leads to delays which can affect justice. In the Kenyan case, time constraints required BAKE to draft and file the petition, under certificate of urgency, with only two days left before the Computer Misuse and Cybercrimes Act, 2018 came into force. Hove noted that there is always the need to strengthen communications among parties and collaborators who may fail on their duties and obligations during the litigation.

Participants also highlighted the lack of digital rights knowledge, skills and competencies amongst judges and lawyers a shared experience across all three cases studied. Resource constraints which affect evidence gathering are another shared challenge.

Furthermore, the slow nature of legal processes was acknowledged. The cases in East Africa have been fraught with setbacks, including case backlog and judiciary transfers leading to fatigue of both the legal counsel and the general public.

The workshop and case analysis were carried out as part of a CIPESA-MLDI project aimed at increasing the availability of information on digital rights cases in Africa and lessons learned to inform future intervention for effectiveness, creativity and resilience of cases. The documenting of the case studies was conducted by CIPESA in partnership with the Kenya ICT Action Network (KICTANet) and Tanzania Human Rights Defender’s Coalition (THRDC), and involved expert consultations, literature review and interviews.

1 62 63 64 65 66 158