Africans Want Cross-Border Data Access Reform, But They Might Get Left Out

By Mailyn Fidler |
At the first session of the 2016 Forum on Internet Freedom in Africa, questions about cross-border data access—usually a dry topic—took center stage. The moderator and participants grilled representatives from Google and Facebook about the fairness of limited African access to African data held by U.S. companies, invoking the need for greater “internet sovereignty.” These remarks contrasted with one year ago, when I could find no one at this forum talking about African data access problems. Africans are now thinking about this issue, but the U.S. government is not really considering Africa as it debates the future of cross-border data requests. The standards outlined in the Obama administration’s draft proposal will be most easily met by favored U.S. partners; the United Kingdom appears to be first in line for a deal. Left-out countries will have few viable options for accessing data and may turn to damaging alternatives.
Background: A Year of MLAT Reform
The past year brought cross-border data access into the limelight. Countries have grown frustrated with the primary mechanism for accessing data held by U.S. tech companies: Mutual Legal Assistance Treaties (MLATs). As communications increasingly depend on U.S. tech companies, data needed for run-of-the-mill criminal investigations often resides in the United States, and countries turn to MLATs for access. MLATs with the United States generally require countries to meet U.S. legal standards when seeking data stored in the United States.
The MLAT process is usually slow and opaque, frustrating countries using it. It can take six weeks to ten months to process requests, depending on the request’s complexity and compliance with U.S. legal standards. Countries also take issue with U.S. law essentially dictating global practices. Countries have sought other troubling means of accessing data, with the UK seeking extraterritorial powers, Russia exploring data localization, and Brazil threatening companies with legal action.
Over the past year, efforts to reform cross-border data access have progressed. The United States and the United Kingdom have negotiated a proposed agreement, and the Department of Justice released draft legislation to make such agreements possible for approved countries. (The legislation is unlikely up for consideration until after the U.S. election.)
Africans Want Improved Data Access
Although Africa currently has low levels of internet penetration, it also has some of the highest internet use growth rates. Internet policy issues are increasingly important to Africans, and African internet policy wonks are joining the call for cross-border data access reform. Tefo Mohapi, the moderator of the opening panel, asked company representatives about building mirror datasets in African countries to allow African countries greater access to data held by U.S. companies, a form of data localization. “It all goes back to internet sovereignty,” Mohapi argued. “You operate with legal impunity without regard for state sovereignty.”
Participants continued to criticize the United States, adding that, “America has ceased to be the shining jewel of internet freedom” post-Snowden. African countries are often portrayed as untrustworthy and undeserving of data, even by the company representatives at this conference. Post-Snowden, African countries “want the discourse to expand beyond bad African governments, with the kind United States coming to save us.” African governments should have the same access as the now-untrustworthy United States, participants argued.
The company representatives responded to these criticisms by highlighting ongoing cross-border data access reform efforts. They emphasized that existing cross-border data access procedures are burdensome, and that they are in conversation with governments to change the process. They eagerly pointed out that ultimate responsibility for fixing this problem rests with governments, not companies.
Only two African countries, South Africa and Egypt, currently have MLATs with the United States. The proposed U.S. legislation could allow countries without MLATs to gain legal access to data (see Section 4), in theory addressing African concerns. In practice, however, it could be difficult for some African countries to meet the legislation’s legal standards. The United States must determine that a country has an independent judiciary, adequate substantial and procedural cyber laws, and adequate international human rights practices. The lack of adequate cyber laws alone would be enough to thwart most African data access agreements with the United States. More generally, the United States will likely not consider countries without MLATs a priority for new data access agreements. African countries’ general lack of political pull could considerably slow or reduce new African data access agreements.
Left Out of MLAT Reform: Potential Consequences
Cross-border data access reform is generally portrayed as the solution to the data localization laws, prosecutions of tech companies, and extraterritorial application of laws that countries have pursued when frustrated with MLATs. Most countries who have been turning to these methods, however, at least have MLATs, while African countries do not. African countries will likely be last in line for new data access agreements. Being shut out of both data access options means African countries will be twice marginalized.
African countries lacking an MLAT and a data access agreement with the United States will have few options for pursuing data. Countries can submit emergency requests to companies or ask for a joint investigation with the United States. African countries are already sensitive to concerns that they lack autonomy, and autonomy-constrained states are often most motivated to protect their autonomy. African countries might respond to their double marginalization by enacting data mirroring requirements, as the moderator at the forum suggested. Another forum participant suggested that African governments might increase internet shutdowns if they lack post-hoc data access, as a way of preemptive control. Ironically, U.S. efforts to allow countries greater access to data in the United States may result in African citizens having less access to the internet.
Cross-border data access should not be extended without qualification. Still, current reform plans seem likely to place African countries in a difficult position on a policy area that is increasingly important to them. If the United States really seeks to limit the proliferation of damaging data-access workarounds, it should think about what will happen to those who are left out of cross-border data access reform.
Mailyn Fidler is a fellow at the Berkman Klein Center for Internet and Society at Harvard University. You can follow her @mailynfidler. This article was first published at Council on Foreign Relations on October 26, 2016.

Forum on Internet Freedom in Africa 2016 – My Testimony

By Blaise Ndola |
Through presentations and interventions at the Forum on Internet Freedom in Africa 2016 (FIFAfrica16),I learned about different ways Africans countries are stifling citizens digital rights. But the most important at this level is that through these presentations and experiences shared, I realized that the battle for Internet freedoms is as important as ever because internet shutdowns, abuses of courts of law, blockages of websites and content removals continue to find their place on the continent.
Coming from the Democratic Republic of Congo (DRC), I became aware of the work I have to do as an Internet freedom fighter and web activist once back home. Apart from that, I also realized the high level of danger faced by internet users when their privacy or personal data are not protected by themselves and by intermediaries (Telecoms). We need to fight at all the levels, first against practices of telecoms who are ready to respond governments’ requests to release information of their customers and then, to call upon policy makers to enact laws that will reinforce rights of citizens to privacy and freedom of expression.
Access to the internet and internet freedom should now become fundamental rights in African societies. At the same time, we should also fight the normalization of online violence against women and for gender equity in access to digital tools.
As suggestions to African governments, they should make efforts to put in place conducive legal frame works for the ICT sector. For instance, make laws that will not be restrictive of some rights as it’s the case nowadays. And also, they shouldincreasingly respect the rights of citizens to access  information, to freedom of expression and toprivacy.To intermediaries (telecoms), I suggest they remain neutral and aim to protect the privacy anddata of users of their services despite pressure from government.
To us, as part of civil society, I will suggest to continue advocating for internet freedoms in law and in practice and to require other stakeholders to respect certain fundamentals rights. Civil society, through campaigns and advocacy must raise awareness among internet users of the need for responsibility in their actions and usage of internet.
Finally, having attended two forums (2015 and 2016), I am proud to have networked and got connected to influencers and internet freedom activists in Africa and beyond. Thanks to the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and to all the partners for facilitating my attendance.
To follow the online discussion: #FIFAfrica16 @Cipesaug
This article was first published at blaisendola on October 11, 2016.

Africa’s Internet of Things: Challenges and Opportunities

By Dorothy Mudavanhu |
The Forum on Internet Freedom in Africa 2016 served as an opportunity to gather insights from different stakeholders in the information society ecosystem towards promoting a free and safe internet. The platform was used to assemble the different perspectives and thoughts on the path that Internet Freedom should take in Africa. The Forum also gave stakeholders the opportunity to commemorate the International Day of Universal Access to Information held on September 28th every year.
There were fruitful deliberations around issues on transparency and accountability of intermediaries, internet shutdowns and internet rights, using data to track rights, working against normalisation of violence against women online, counting the cost of shutdowns and cyber security strategies for African countries, to name but a few.
Problems Highlighted

  • There is a gender divide in access to ICT among women and men and a lack of policies for gender inclusion in ICT.
  • Internet users are ignorant of how floating data is used hence the increase in cyber crime challenges such as fraud and online stalking.
  • Crimes such as terrorism and hate speech existed long before digital platforms and in order to tackle them, cyber platforms in themselves should not be the problem governments seek to eliminate. Nonetheless, unclear jurisdictions for violators pose a challenge for law enforcement.
  • More and more countries have seen the politicization and militarization of the cyber space as a means to control the free flow of information. This has seen an increase in internet shutdowns and attacks against freedom of expression, which comes at a high expense. Uganda’s two internet shutdowns during 2016 cost the economy an estimated $25 million, according to some estimates.
  • Depsite privacy being a fundamental right, less than 20 countries in Africa have data protection laws.
  • Who carries the burden of user awareness and understanding of terms of service for social media platforms? Users, service providers or the government? Where do we draw the line?

Positives highlighted

  1. Citizen awareness and engagement has increased through the use of ICT for participation in governance processes and social accountability.
  2. Countless businesses are dependent on digital platforms. States might/ will desist from shutdowns once they discover internet shutdowns come with an exorbitant cost to national revenue such as taxation.
  3. Internet penetration in Africa has increasingly bridged the gap between traditional and new media for citizens.
  4. Service providers such as Google, Facebook and Whatsapp are working to ensure safety and security of users for their products through innovations such as end-to-end encryption which decreases the chances of interception of communication, as well as community standards and reporting mechanisms.


  • Continued lobbying and advocacy for access to the internet for all.
  • Human rights-based approaches and principles should be integrated with campaigns for accessibility and inclusivity of the internet.
  • There is need for citizens to invest more in media literacy as a way of protecting themselves against false news and misinformation.
  • More media coverage of women’s voices and concerns related to the internet.
  • Initiation of support spaces to work against online violence, particularly that directed against women. These spaces should be platforms for victims, and also send out positive message that deters violations online.
  • Enactment and/or enforcement of all-encompassing cyber laws, through multistakeholder approach, that limit the powers of governments, ensure independent oversight, and uphold rights to privacy, among others.
  • Due processes for lodging cyber complaints should be transparent, made easier and less time-consuming.
  • Citizens’ access to information especially that held by governments is paramount. Civil society should take a leading role in engaging on information requests and disclosure.
  • Regional cooperation should resolve issues on standardisation of ICT sectors including operator standards, market growth and quality of service.

The struggle for internet freedom calls for tenacious stakeholders that do not get weary until the global community realizes unfettered access to information.
This article was first published at Zimbabwe Human Rights NGO Forum on October 10, 2016

Africa At Internet Freedom And Citizen Rights Cross Roads

By Thomas Sithole (@thomysithole)|
The Forum on Internet Freedom in Africa 2016 (FIFAfrica16) was my first time to attend and participate in a continental event on internet freedom. I have previously attended a number of workshops and conferences on internet freedom in my home country Zimbabwe.
Whereas these national level dialogues were useful in terms of making me appreciate the challenges we are facing as a country with regards to issues of freedom of expression, access to and dissemination of information, and other digital rights, they did not really empower me on the same issues as they are bedevilling our region and continent.
FIFAfrica16 made me realise that Africa is facing a host of challenges in so far as freedom of expression, access to and dissemination of information, freedom of the media, civic space and voice are concerned. The conversations at the Forum were strategic, rich and deep with regards to the subject at hand. The networking itself was, just like the space itself, very empowering!
What is more exciting is that this Forum coincided with the International Day for Universal Access to Information (IDUAI). A Day that is set aside to celebrate this very important right to information as enshrined in the Universal Declaration of Human Rights (UDHR) to which many African countries are signatories yet sadly, and regrettably, most seem not to uphold this very important right for enjoyment by all citizens.
Many African governments, and indeed some in the global South, have gone out of their way to suppress this right and a gamut of others that empower citizens to have a voice and to express themselves freely without fear of being harassed, arrested, and in some instances killed.
It is thus befitting that FIFAfrica16 was a reminder to all of us, physical participants and those who were following proceedings through various online platforms, of the need not only to celebrate this right and other related rights, but to ensure that we don’t rest until all citizens enjoy it.
It is very unfortunate and indeed regrettable that despite its immense potential, the internet has not fully enabled some Africans the enjoyment of freedom of expression, and access to and dissemination of information, among other rights, that are enjoyed by their counterparts in more developed countries.
Governments, especially those that are authoritarian, autocratic and dictatorial have taken strides to limit civic space and voice online through draconian, archaic, retrogressive and repressive pieces of legislation all in the name of national security. One wonders though, how do states or governments become secure by shrinking citizen space and muffling citizen voices?
Internet shut downs are becoming more prevalent and ubiquitous in these authoritarian regimes before, during and sometimes after events like elections, referenda, census, citizen protests, and the list goes on.
As if shut downs on their own aren’t enough, members of the opposition, those in independent media and ordinary citizens whose voices are deemed critical to the establishment face arrests, intimidation, torture and in some instances death, all in the name of state security, public nuisance, insulting the powers that be and so forth.
Yet these shut downs come with heavy costs on the part of governments themselves, business and ultimately the citizens.
In addition to the draconian pieces of legislation that are used to limit citizen space and voice and other liberties online, our societies need to dismantle ugly patriarchal norms, values and cultural practices that have for centuries been used to oppress women and subject them to second class citizen status. Offline, women are still subjected to bullying, intimidation and various forms of dehumanising behaviours.
It is unfortunate that these practices have been transferred online. This kind of behaviour has no space in any progressive and democratic society. Marginalisation of women should be nipped in the bud and perpetrators should be identified and be brought to book in order to ensure that all citizens freely enjoy the internet and digital rights without discrimination.
It is clear that there is need for a multi-stakeholder approach towards resolving these growing challenges to internet freedom. Efforts should be made to demystify fears some governments have over use of technology and the need to strike a balance between citizens’ rights and national security.
Governments need to appreciate that rights to free speech and access to information are fundamental rights enshrined in the HDHR, the African Charter on Human and People’s Rights as well as in their own respective constitutions. It cannot be business as usual when these rights are given with one hand and taken away by another.
Therefore, all retrogressive and draconian national pieces of legislation need to be repealed and revised in line with international standards, conventions, national constitutions and best practice.
Laws to do with use of technology must be drafted in consultation with all stakeholders including citizens, civil society organisations, media, private sector and other interests groups to ensure that they ensure the safety and security of citizens, whilst upholding rights but also embracing the benefits of various online tools and platforms.
This article was first published at Plumtree Development Trust on October 10, 2016.

Should Internet-based Firms Explain Terms and Conditions to Users?

By Kofi Yeboah|
There are many users of internet based platforms, like Facebook and Google, who are unaware of the existence of the terms and conditions that are available on the platform websites for users to familiarise themselves with and understand. The terms and conditions outline what is expected of both parties in agreement and also what both parties can and cannot do including with private data. Whose responsibility is it to popularise these often long policies to users?
This question was one of the most debated and discussed at the just ended Forum on Internet Freedom in Africa 2016 (FIFAfrica16) which was organised by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA). Sharing of user data by internet based firms, either upon request by particular governments or other entities has become one of the most worrying factors for many internet users. Users of social media platforms do not entirely have control over who has access to their data, neither do they always have an understanding of the privacy policy associated with using these platforms.
As part of the panel discussion on transparency and accountability of intermediaries at#FIFAfrica16, Ebele Okobi, Head of Public Policy, Africa, Facebook, stated that “terms of service are the main mechanism used by companies to communicate with customers. Read them”. In other words, it is the responsibility of the user to read and understand what the terms of service say. However, most users do not read the terms of service “before clicking accept” and as pointed out by Anriette Esterhuysen of the Association for Progressive Communications (APC), firms hide behind that user ignorance to achieve their strategic goals at the detriment of user privacy.
 Do Terms of Service Govern the Relationship?
“Terms of services do not govern the relationship between users and the company,” noted Ms. Okobi. She added that terms of service are the mechanism by which companies communicate with their users on the product. This implies that a firm can take an action that will affect a user with or without his/her permission.
 What can be done?
Terms of services need to be in clear language and displayed boldly for users to read and understand. Internet-based firms should also consciously create awareness about the importance of reading the terms of services and also interpreting them to users. The firms should take the first step in explaining to users what the terms of services actually mean and what are they agreeing to for using the products. Terms of service should be simplified for users to understand the risks involved in signing up onto a platform and also outline how their data will be collected and used.
Meanwhile, users need to understand the rights they are giving up to internet-based firms when they check the “I agree” box on terms of service. On an ongoing basis, companies need to communicate with users to help understand why they need to collect their information and assure them the data being collected will be secured and not shared with third parties without their consent.
This article was first published at on October 10, 2016.