Promoting Effective and Inclusive ICT Policy in Africa

Category Archives: News

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Blog  /  News
21Feb

How the MTN Group Can Improve its Digital Human Rights Policy and Reporting

Author CIPESA Posted on

CIPESA Writer |

These proposals are made to the MTN Group in respect of its Digital Human Rights Policy. The proposals commend the positive elements of the Policy including the proclamation to respect the rights of users including in privacy, communication, access and sharing information in a free and responsible manner. The submission points to areas where the telecoms group can further improve its role in the protection of human rights.

The United Nations Guiding Principles on Business and Human Rights (UNGPs) enjoin corporate entities to act with due diligence to avoid infringements on human rights. They also provide ways through which adverse impacts on human rights can be addressed. It is therefore commendable that MTN developed a Digital Human Rights Policy and is open to commentary and suggestions for  strengthening its implementation. It is imperative that MTN takes proactive and consistent measures to comply with international human rights instruments such as the UNGPs, the leading global framework focused on business responsibility and accountability for human rights, which were unanimously endorsed by States at the United Nations in 2011.

Some of the Principles that MTN needs to pay close attention to include the following:

 Principle 11: Business enterprises should respect human rights. This means that they should avoid infringing on the human rights of others and should address adverse human rights impacts with which they are involved.

Principle 13: The responsibility to respect human rights requires that business enterprises (a) Avoid causing or contributing to adverse human rights impacts through their own activities, and address such impacts when they occur; (b) Seek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services by their business relationships, even if they have not contributed to those impacts.

Principle 15. In order to meet their responsibility to respect human rights, business enterprises should have in place policies and processes appropriate to their size and circumstances, including:

(a) A policy commitment to meet their responsibility to respect human rights;

(b) A human rights due diligence process to identify, prevent, mitigate and account for how they address their impacts on human rights;

(c) Processes to enable the remediation of any adverse human rights impacts they cause or to which they contribute.

Principle 23:  In all contexts, business enterprises should:

  1. Comply with all applicable laws and respect internationally recognised human rights, wherever they operate;
  2. Seek ways to honour the principles of internationally recognised human rights when faced with conflicting requirements;
  3. Treat the risk of causing or contributing to gross human rights abuses as a legal compliance issue wherever they operate.

Respect for digital rights is also stipulated in the Declaration of Principles on Freedom of Expression and Access to Information in Africa of 2019 which MTN needs to be cognisant of as part of efforts to ensure that it upholds respect for human rights.

CIPESA Proposals to the MTN Group
The MTN Group is a market leader in various service areas in several countries where it has operations. It is also a key employer and tax payer, and by facilitating the operations of other sectors,  MTN is a key contributor to the Gross Domestic Product (GDP) and to the health of the respective countries’ economies. It is crucial that the company develops and effects a robust Digital Human Rights Policy. Notably, MTN has trailed other operators, such as Orange, Millicom and Vodafone in rolling out a digital rights policy, and in transparency reporting.

While MTN last year issued its inaugural transparency report as part of its annual reporting, there are areas of concern for which we make the following recommendations:

  1. Provide more granular and disaggregated data about the number and nature of requests MTN receives from government agencies. At present, it is not clear how many of those requests relate to the release of users’ identifying data, how many were on metadata, and how many were on rendering support to communication monitoring and interception. Besides providing such a breakdown, MTN should also explain how many requests, if any, were not adhered to and why. Further, the report should indicate which particular government departments made the requests and whether all their requests were backed by a court order.
  2. Provide more nuanced information in reporting on the Digital Human Rights Policy to enable the contextualisation of country-specific explanations of government requests. In the last report, for instance, it is difficult to comprehend the information on government requests from Uganda. Given that Uganda is one of the countries where MTN has the largest number of subscribers, and given that country’s human rights record, the numbers are inexplicably few (12 in total) compared to Congo Brazzaville (1,600), eSwatini (3,661), Ghana (1,642), Guinea Conakry (6,480), Ivory Coast (4,215), Nigeria (4,751), Rwanda (602), South Africa (15,903), South Sudan (1,748), Sudan (5,105), and Zambia (8,294).
  3. In its transparency reporting on implementation of its Digital Human Rights Policy, MTN should reflect on the role of local laws and regulations in enabling or hampering the realisation of digital human rights. What elements are supportive and which ones are retrogressive? Which grey areas need clarification or call for repeal of laws?
  4. Include in the MTN transparency report a detailed and analytical section on network disruptions, as these are highly controversial and have wide-ranging economic, public service and human rights impacts yet they are becoming endemic in many of the countries where MTN operates. Further, MTN should include information on whether it received (or demanded – as we propose it should) written justifications from regulators (or government officials and bodies who issue shutdown orders) for the shutdown orders, including citation of the specific laws and provisions under which they are issued and the situation that warranted invoking the disruption. Additionally, the MTN Group should commit to scrutinise each demand, order or request and challenge them if they are not clear, specific, written, valid or do comply with national laws. It should also keep a written record of such demands, orders or requests.
  5. The MTN Policy and reporting should have a section and actions dedicated to inclusion of marginalised groups, a key area being enabling access and accessibility for persons with disabilities. Research conducted by CIPESA showed that, in countries where it operated, MTN had not taken any deliberate efforts to make its services more accessible to persons with disabilities. Beyond the additional section, MTN should appoint / designate Inclusion and Human Rights Ambassadors, and build the capacity of internal teams to facilitate engagement and compliance with digital accessibility obligations.
  6. MTN should take a proactive stance in making its Digital Human Rights Policy, including country-specific transparency information, well publicised among users, civil society and government officials in the respective countries. This will aid the growth of knowledge about MTN policies, inspire other companies to respect human rights, and draw feedback on how MTN can further improve its human rights policies and practices.
  7. MTN should develop relationships with, and have proactive and sustained engagements with civil society, consumer groups and governments on the implementation of its Digital Human Rights Policy. Such engagements should not only be post-mortem after-the-fact reviews of reports after their publication but should be continuous and feed into the annual reporting. This engagement should also include external experts and stakeholders in the conduct of regular human rights due diligence as envisaged by Principle 15 of the UNGPs. Such engagements could also relate to raising concern on the national laws, policies and measures which pose a risk to digital rights.
  8. As part of due diligence, MTN should periodically assess and examine the impact of its enforcement of its terms and service, policies and practices to ensure they do not pose risks to individual human rights, and the extent to which they comply with the UNGPs and are consistent with its Digital Human Rights Policy. Such assessments are essential to determining the right course of action when faced with government requests and other potential human rights harms.
  9. MTN should add to its Policy and make public its position on network disruptions and outline a clear policy and the procedures detailing how it handles information requests, interception assistance requests, and disruption orders from governments.
  10. Support initiatives that work to grow access, affordability, and secure use of digital technologies, and speak out about any licensing obligations and government practices that undermine digital rights.
  11. Join key platforms that collaboratively advance a free and open internet and respect for human rights in the telecommunications sector, such as the Global Network Initiative (GNI), endorse the GSMA Principles for Driving Digital Inclusion for Persons with Disabilities, and align with local actors on corporate accountability (such as the Uganda Consortium on Corporate Accountability).
  12. MTN should at a minimum, provide simple and clear terms of service, promptly notify users of decisions made affecting them, and provide accessible redress mechanisms and effective remedies.
  13. MTN should institutionalise its commitment to digital rights by putting in place a governance structure at the country level with oversight at a senior level, train its employees on the policy, and create awareness among its customers to ensure the realisation of the policy.

CIPESA stands ready to continue to engage with MTN on ways to improve and effect its Digital Human Rights Policy. We can be contacted at [email protected].

30Dec

Towards an Accessible and Affordable Internet in Africa: Key Challenges Ahead

Author CIPESA Writer Posted on

By Paul Kimumwe |

Over the last few years, Africa has experienced exponential growth in internet access spurred by mobile internet, which stood at 28% penetration  in 2020. However, internet access and affordability are still a major challenge for the majority of Africans, especially the rural poor, women, and persons with disabilities.

According to the State of Mobile Internet Connectivity 2021, Sub-Saharan Africa has the largest coverage gap (those living in areas without mobile broadband coverage) at 19%, which is more than three times the global average. While internet access has become more affordable, particularly through mobile phones, costs are still high and unaffordable to many in the region, who remain offline.

A new brief by CIPESA explores some of the retrogressive measures that undermine citizens’ rights to access a reliable and affordable internet in Lesotho, Mozambique, Tanzania, Uganda, Zimbabwe, and Zambia. Some of these measures include digital taxation that has led to increases in internet costs, registration and licensing of online users that imposes high licensing fees and tough penalties, network disruptions including internet shutdowns that lead to inaccessibility of the internet, and the failure to provide enabling infrastructure that exacerbates the digital divide.

Many governments have been eager to increase their tax base, particularly from the telecommunications sector and over-the-top (OTT) services, which they claim are eating into the revenues of licensed operators. Several other governments have slapped taxes on mobile phone handsets and other devices. These costs are passed on to consumers, thereby raising the cost of owning and using a mobile phone and accessing the internet.

In addition, the lack of an enabling infrastructure, including lack of access to reliable electricity, has been a major hurdle to broadband adoption in many African countries. It is  estimated that 45% of Africans live farther than 10 kilometres from the network infrastructure essential for online education, finance and healthcare services.

Network disruptions including internet shutdowns, internet throttling and social media blockages have recently become endemic in several African countries, and present yet another hurdle. Governments have sometimes shut down or restricted access to the internet or to social media platforms in an attempt to limit or control conversations online and prevent mobilisation for potential pro-democracy protests. The disruptions have mostly been initiated around election times, public protests, and during national exams.

Various countries have also adopted the registration and licensing of online users on whom they impose high licensing fees and tough penalties. This has forced many online users to abandon their platforms due to the high costs and threats of prosecution. Many of those who are online routinely practice self-censorship for fear of attracting reprisals.

The lack of internet access requires immediate counter action by several countries especially given the overbearing effects of digital exclusion caused by the Covid-19 pandemic. Countries with better access to online platforms for business and education are reaping faster economic rebounds compared to unconnected economies. The internet plays a vital role in the realisation of human development and facilitates the enjoyment of several human rights and freedoms, including the right to freedom of expression and information, the right to education, the right to assembly and association.

According to the brief, African governments need to recognise and nurture the true potential of the internet in driving inclusive economic growth and development, as well as digital transformation, especially in the post-Covid pandemic era. This calls for robust investments in internet infrastructure, digital literacy and refraining from taking actions that undermine the transformative potential of digital technologies.

See the full brief here.

23Dec

Sudan’s Bad Laws, Internet Censorship and Repressed Civil Liberties

Author CIPESA Posted on

By Khattab Hamad and CIPESA Writer | 

On December 19, 2021, the third anniversary of the start of the uprising that overthrew former Sudanese strongman Omar al-Bashir, protests against the current military rulers rocked the capital Khartoum. Yet these demonstrations are only a small part of the north African country’s challenges, as it remains saddled with a slew of repressive laws that undermine civil liberties, with the digital civic space particularly under attack.

Sudan’s 2019 constitution grants citizens the right to privacy (article 55) and to free expression (article 57) and “the right to access the internet” (article 57(2)). As of December 2020, Sudan had 34.2 million mobile subscriptions while internet subscriptions stood at 13.7 million, representing a penetration of 31%. Sudan has the most affordable mobile internet in Africa and is ranked among the five least expensive countries for mobile internet globally.

Despite the constitutional guarantees and proliferation of technology, a new briefing paper by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) shows that the state of digital rights remains precarious, with the cybercrimes law enabling the military rulers to harass dissenters and critics under the guise of fighting false information online. 

Frequent internet shutdowns remain a constant reminder that the government will go to great lengths to control access to and use of digital technologies for mobilisation. In the last three years, six internet disruptions have been recorded, mostly ordered to thwart public protests against bad governance. The disruptions have had significant economic implications and only ended following the intervention of the courts. 

The brief explores the repressive elements of media and technology-related laws and how they have been used to undermine freedom of expression, access to information and press freedom in the aftermath of al-Bashir’s overthrow. Overall, while there have been some improvements since al-Bashir’s ouster, the current government continues to institute regressive measures such as news website blockages and censorship. The latest power machinations that saw the military stage a coup on October 25, 2021 are making matters worse. 

The Sudanese Professionals’ Association (SPA), which spearheaded the uprising that overthrew al-Bashir, extensively used digital technologies to disseminate news about the uprising and to mobilise citizens to attend protests. The military rulers that succeeded Bashir seem to have realised the power of technology in mobilisation and embarked on continuous disruption of the internet, in addition to instituting other measures to curtail online organising, freedom of expression, and the free flow of information online.

Bashir’s dictatorship initiated internet disruptions in view of public protests calling for his overthrow, but the government that succeeded him has been more prolific in utilising shutdowns to try and shut off criticism and protests. 

The longest internet disruption in Sudan’s history was recorded in 2019 and lasted 37 days. During protests around the time the shutdown was initiated, more than 100 protesters were killed. The latest shutdown started on October 25, 2021 and lasted 25 days. It was instituted after Lt. Gen. Abdel Fattah al-Burhan seized control of the government. The shutdown was ended by a court order on November 11.

In July 2021, Sudanese authorities blocked more than 30 local news websites in the run up to protests demanding the resignation of the government, a move that severely undermined the right to expression and access to information.

Meanwhile, the cybercrime law of 2020 punishes publishing “lies” and “fake news” online with a heavy penalty of four years imprisonment, or flogging, or both. This law has been used by the military to silence activists and critical state officials. Even Lt. Gen. Burhan has this year invoked it to bring a suit against a prominent critic. The Press and Publications Law of 2009 equally has repressive provisions and was last August controversially invoked to suspendAlitibaha and Alsayha newspapers.

In 2020, Sudan issued the National security law amendment of 2020, article 25 of which leaves latitude for staff of intelligence agencies to violate citizens’ privacy by giving the Sudanese General Intelligence Service “the right to request information, data, documents or things from anyone to check it or take it” without a court order. Last October, military forces that staged a coup appeared to use this provision to search people’s phones in the streets to delete documentation of human rights violations perpetuated by security forces.

See the policy brief for further details on Sudan’s Bad Laws, Internet Censorship and Repressed Civil Liberties.

14Dec

CIPESA Job Opportunity: Technology Officer

Author CIPESA Posted on

Call for Applications |

Job title: Technology Officer

Location: Can be Remote, or based at CIPESA offices in Kampala

Application Deadline: December 27, 2021 at 18.00 East African Time (EAST)

Contract: Fixed-term contract (Jan. 1, 2022-Dec. 31, 2022), Full-time

Annual Salary: USD 50,000

About CIPESA CIPESA works to enable various African stakeholders to use ICT to improve governance and livelihoods. We do this through research and contributing to the availability of information on the policy, legislative and practice environment affecting ICT in Africa; advocacy and awareness raising on threats to free speech, access to information, privacy and security online; spurring multi-stakeholder conversations on protecting and promoting internet rights; and knowledge and skills development in digital rights policy engagement, digital literacy, digital security, social accountability and human rights monitoring.

Position overview An assessment we conducted in 2020 indicated a need to bolster capacity, organisational practices, and implementation of security and safety measures for CIPESA and for partner social justice organisations and their staff. Meanwhile, as part of digital resilience support efforts by CIPESA to other civil society groups, several organisations reported losing access to their digital assets, and experienced hacking and harassment on digital platforms. Overall, skills and protections are inadequate among many of our partner human rights defender (HRD) organisations. Accordingly, we need an individual to build CIPESA’s digital resilience and that of our partner organisations. The individual will primarily contribute to the limb of our work concerned with knowledge and skills development in digital literacy, digital security, and digital rights threats modelling – supporting both CIPESA and our network of partners including grantees of the Africa Digital Rights Fund (ADRF). The Technology Officer will contribute to our campaigns on safety and security; develop a pool of resources on secure use of communications (e.g. in censored environments for circumvention, and to beat network disruptions); develop curriculum and offer training on effective and secure use of digital communication (including for public communication, advocacy, remote working, virtual conferencing).

Must-Have Skills

  • Digital security skills (including developing policies, conducting organisational assessments, offering digital security training to partner organisations, conducting Training of Trainers).
  • Proficiency with anti-censorship or secure communications tools.
  • Infrastructure security – determining front and back-end features, user policies, multi-device optimisation.
  • Ability to develop training and capacity building resources (e.g. curriculum, toolkits).

Nice-to-Have SKills

  • Ability to contribute to analysis of laws, policies and technical measures that affect a free, secure and open internet.
  • Conducting open source investigations online.
  • Supporting digital advocacy campaigns.
  • Data visualisation.
  • Experience working with human rights defenders.

Level of experience Proficient with more than three years’ experience and requiring little-to-no guidance. They should possess at least a Bachelors degree in a relevant field.

Language English is a must. Knowledge of other languages widely spoken in the region, i.e. French and Swahili, would be useful.

Location: The position can be based in Kampala, Uganda, or remotely based, preferably in a time zone close to East African Standard Time (EAST) and Southern African Standard Time (SAST).

Start and end dates for the position January 1, 2022- December 31, 2022 with a possibility for renewal.

Salary US$50,000 per annum

Benefits Medical insurance, flexible hours and workplace, paid time off, out of station allowances and connection to a diverse group of happy staff and partners.

Application requirements Kindly send applications to [email protected] latest

December 27, 2021 at 18:00 East African Time (EAST), including a cover letter outlining how you fit the job requirements and your areas of expertise; a CV; two writing samples (or alternative samples of your work); names and contacts of two referees.

14Dec

South Sudan’s Cybercrimes and Computer Misuse Order 2021 Stifles Citizens’ Rights

Author CIPESA Posted on

By Edrine Wanyama |

South Sudan has enacted the Cybercrimes and Computer Misuse Provisional Order 2021 aimed to  combat  cybercrimes. The country has a fast-evolving technology sector, with three mobile operators and 24 licensed internet service providers. Investments in infrastructure development have propelled internet penetration to 16.8% and mobile phone penetration to 23% of the country’s population of 11.3 million people, which necessitates a law to curb cybercrime.

The Order is based on article 86(1) of the Transitional Constitution of South Sudan 2011, which provides that when parliament is not in session, the president can issue a provisional order that has the force of law in urgent matters.

The Cybercrimes and Computer Misuse Order makes strides in addressing cybercrimes by extending the scope of jurisdiction in prosecuting cybercrimes to cover offences committed in or outside the country against citizens and the South Sudan state. The Order also establishes judicial oversight especially over the use of forensic tools to collect evidence, with section 10 requiring authorisation by a competent court prior to collecting such evidence. Furthermore, the Order attempts to protect children against child pornography (section 23 and 24), and provides for prevention of trafficking in persons (section 30) and drugs (section 31).

However, the Order is largely regressive of citizens’ rights including freedom of expression, access to information, and the right to privacy.

The Order gives overly broad definitions including of “computer misuse,” “indecent content,” “pornography,” and “publish” which are so ambiguous and wide in scope that they could be used by the state to target government opponents, dissidents and critics. The definitions largely limit the use of electronic gadgets and curtail the exercise of freedom of expression and access to information.

Article 22 of the Transitional Constitution of South Sudan 2011 guarantees the right to privacy. The country has ratified the International Convention on Civil and Political Rights (ICCPR) that provides for the right to privacy under article 17 and the African Charter on Human and Peoples Rights, whose article 5 provides for the right to respect one’s dignity, which includes the right to privacy. The Order appears to contravene these instruments by threatening individual privacy.

Despite a commendable provision in section 6 imposing an obligation on service providers to store information relating to communications, including personal data and traffic data of subscribers, for 180 days – a period far shorter compared to other countries – personal data is still potentially at risk. The section requires service providers and their agents to put in place technical capabilities to enable law enforcement agencies monitor compliance with the Order. With no specific data protection law in South Sudan and without making a commitment to the leading regional instrument, the African Union Convention on Cyber Security and Personal Data Protection, privacy of the citizens is at stake.

The section on offences and penalties lacks specificity on fines which may be levied on errant individuals or companies. On the other hand, some of the offences provided for under the Order potentially curtail freedom of expression and the right to information. For instance, the offence of spamming under section 21 could be interpreted to include all communications through online platforms including social media platforms like Facebook and WhatsApp. Under the provision, virtually all individuals who forward messages on social media stand the risk of prosecution. This also has a chilling effect on freedom of expression and the right to information.

The offence of offensive communication under section 25 potentially has a chilling effect on freedom of expression, media freedom and access to information. A similar provision under section 25 of the Computer Misuse Act, 2011 of Uganda has been widely misused to persecute, prosecute and silence political critics and dissidents. Section 25 of the South Sudan Cybercrimes Order could be used in a similar manner to target government critics and dissidents. 

In CIPESA’s analysis of the Order, we call for specific actions that could ensure the prevention of cybercrime while at the same time not hurting online rights and freedoms, including:

  • Deletion of problematic definitions or provisions from the Order.
  • Enactment of a specific data protection law to guarantee the protection of data of individuals.
  • Urgent drafting of rules and regulations to prescribe the procedures for implementing the Order.
  • Ratification of the African Union Convention on Cyber Security and Personal Data Protection.
  • Service providers should not be compelled to disclose their subscribers’ information to law enforcement agencies except on the basis of a court order.
  • Amendment of the Order to emphasise the oversight role of courts during the processes of access, inspection, seizure, collection and preservation of data or tracking of data under section 9.

Read the full analysis here.

1 22 23 24 25 26 102