According to the Global Entrepreneurship Monitor, Nigeria is among the countries with the highest number of women entrepreneurs, most of whom conduct their business online. However, with the increasing prevalence of cyber attacks and fraud, the success of women-owned Small and Medium Enterprises (SMEs) in the country is under threat. In Nigeria, Africa’s largest economy, Sophos reports that 71% of businesses were hit with ransomware attacks in 2021.
In 2021, cybercrime caused an estimated USD 4 billion loss for African economies, equivalent to 3.5% of the continent’s USD 115 billion digital economy. Despite significant threats such as online scams, digital extortion, email compromise, ransomware and botnets, Interpol figures indicate that over 90% of businesses on the African continent operate without the necessary cyber security protocols in place.
In a bid to counter such threats, Tech Hive Advisory in partnership with Ikigai Innovation Initiative implemented the Cyber Smart Woman project to build a sustainable digital ecosystem for women entrepreneurs in Nigeria. The three-phase project featured 12 focus group discussions on data governance, cybersecurity challenges, and digital security needs of the women-owned SMEs, followed by four knowledge and skills workshops, and the development of a toolkit on data protection and cyber security practices for sustainability and competitiveness.
Tech Hive Advisory and Ikigai Innovation Initiative were one of ten initiatives awarded grants in the sixth round of the Africa Digital Rights Fund (ADRF). The supported initiatives focused on promoting effective data governance in Kenya, Nigeria and Senegal; countering gendered and election-related misinformation and disinformation in Kenya, South Sudan and Uganda; building digital resilience within the media fraternity in Ghana, Nigeria and Uganda; promoting digital inclusion in Uganda and Kenya; and building grassroots-based movements for internet freedom in South Africa.
The focus group discussions featured participants from various online business sectors, many of whom revealed that they lacked adequate digital protection for their businesses. Up to a quarter of the participants had been direct victims of device theft and cyber attacks such as scams and hacking. As a result, their businesses had suffered monetary loss, reputational damage, and, in extreme instances, loss of online assets such as social media accounts and client databases.
The discussions further revealed that despite the SMEs collecting various personal data, the majority did not include online security or data protection measures within their business strategies. Meanwhile, many clients did not invoke their rights as data subjects, which made their data more susceptible to abuse. Indeed, one participant admitted that she had shared a client’s contact information without permission.
Most of the focus group participants believed that with the appropriate knowledge and skills, business owners, just like data subjects, would be able to minimise vulnerability to cyber attacks and data breaches. Accordingly, four capacity building workshops were convened in four regions – Abuja, Ibadan, Kaduna and Lagos – benefiting 167 SME owners. Topics covered included data protection rights and obligations; compliance with data protection regulations; and cybersecurity best practices.
To complement the training workshops, a toolkit for data protection and cybersecurity was developed and disseminated. The toolkit outlines Nigeria’s data protection frameworks as well as the obligations and compliance requirements for business owners. It also provides tips and resources for data subject access procedures, privacy policies, records of processing activities and retention periods. The second section of the toolkit focuses on cybersecurity, also outlining the prevailing legal and regulatory frameworks, common vulnerabilities, best practice guidelines and resources.
Ayodeji Sarumi, the Co-Founder of Tech Hive Advisory, says the project has equipped female-owned businesses in Nigeria with better approaches to handling data protection and cybersecurity issues, which could be essential for their survival in a highly digitised world where cyber fraud is rampant.
Across Africa, a gender-inclusive digital society remains largely elusive. Beyond the challenges related to the gender digital divide and online gender-based violence, the growth in form and prevalence of online disinformation in Africa is also taking on a gendered lens. Pushback against gendered disinformation is thus critical to combating online harms against women and attaining gender equity.
In Uganda, there has been a notable upward trend in gendered disinformation, with attacks targeted at organisations working on sexual and reproductive rights. This, against a backdrop of offline attacks such as the August 2022 suspension of the operations of Sexual Minorities Uganda (SMUG) on allegations that the organisation had failed to register with the National Bureau for Non-Governmental Organisations.
During the second half of 2022, the activist group Her Internet implemented a project to create awareness and understanding of gendered disinformation including its effects and perpetrators in Uganda. With a focus on sexual minorities and sex workers, the project supported by the Africa Digital Rights Fund (ADRF) also worked to build alliances and networks as support systems for mitigation of impact and countering false narratives.
HER Internet convened an interactive dialogue in Uganda’s capital Kampala to share real life experiences as well as strategies on how to avert the negative effects of gendered disinformation. Targeting 20 individuals from communities of structurally marginalised women, the dialogue also covered aspects of fact-checking and safety online.
Extract from HerInternet handbook on understanding gendered disinformation
The dialogue called for non-discriminatory enforcement of current cyber laws and the need for diverse narratives to eliminate biased reporting, amongst other measures. In addition to the dialogue, Her Internet also conducted a campaign on its social media platforms on the key concepts of gendered disinformation, its manifestations and counter strategies. The project also compiled and disseminated a handbook on understanding gendered disinformation as a go-to guide for communities to understand and further engage beyond the campaign and dialogues.
According to a 2020 report by UN Women, women with multiple identities, such as sexual and ethnic minorities, are often targeted online through discrimination and hate speech, which often forces them to self-censor and withdraw from debates and online discussions. Similarly, the UN Special Rapporteur on violence against women, its causes and consequences, has stated that some groups of women, including women belonging to ethnic minorities, indigenous women, lesbian, bisexual and transgender women, and women with disabilities are particularly targeted by technology-facilitated violence.
Research by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has found that cyberstalking, online sexual harassment, blackmail through non-consensual sharing of personal information, promotes and normalises violence against women and girls who use the internet in Uganda. Her Internet’s project builds on ADRF’s gender and sexual inclusivity portfolio. The ADRF has previously supported digital literacy and safety programmes for sexual minority refugees from the Democratic Republic of Congo, Eritrea, South Sudan and Sudan, living in Uganda.
Disinformation thrives in conflict situations and in the world’s youngest nation, South Sudan, years of political uncertainty have cultivated a severe information disorder. In the face of another postponement of elections, community peace building including through debunking disinformation is critical to the country being able to stave off hate speech and incitement to violence.
According to the United Nations Development Programme (UNDP), word-of-mouth remains the most prevalent source of information for the masses in South Sudan. However, with increased mobile and internet penetration, an explosion of user-generated content has created an environment where rumours fueled on social media take hold offline and become difficult to counter.
With support from the Africa Digital Rights Fund (ADRF), an initiative of the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), DefyHateNow has recently concluded a six-months knowledge and skills building project on countering disinformation and hate speech, complemented with digital rights and cybersecurity advocacy in South Sudan.
Leveraging the 211 Check andSafetyComm South Sudan platforms, monthly trainings on fact-checking, rights and safety online benefitted 98 content creators and civic actors.
“I loved it. We would like it to be regular; it should be a module in South Sudanese schools like universities and training for professionals,” said a trainee.
Select training beneficiaries were awarded fellowships through which they received more in-depth training and applied the acquired fact-checking and digital rights advocacy skills as part of placements within 211 Check and SafetyComm teams.
“The network that I have created as a result of this fellowship, both locally within the country and internationally, will help me to remain relevant and focused on fact-checking and digital rights.” – A fellow and Program Manager at Junub Youth Action Network (JYAN).
“The fellowship has empowered and equipped me a lot in fact-checking, both theoretically and practically, with hands-on tools. It has shaped and broadened my ability to confidently take on the tasks of fact-checking and research in the mis/disinformation paradigm.” – A fellow and student at the University of Juba.
In addition to the training and fellowships, four radio talk shows onAdvance Youth Radio and two virtual meetups were hosted to raise wider awareness about disinformation and hate speech. Among the meetup guest speakers was an analyst from the National Communications Authority who presented on government efforts to establish a Computer Emergency Response Team (CERT). Discussions also explored the challenges related to the Computer Misuse Order 2021, with a representative from the telecom services provider MTN speaking about the company’s efforts to uphold data privacy and overcome fraud.
Moreover, together withJunub Open Space, a local National Nongovernmental Organisation (NNGO) in Juba, DefyHateNow hosted five editions of “Salaam Fi Bet” (Peace at Home), a community-centred discussion on trust circles for information verification. Up to 107 individuals (62% women) from five neighbourhoods in Juba attended the discussions.
DefyHateNow’s ADRF-supported project builds on initiatives spearheaded by UNDP to tackle Covid-19 related misinformation and the Sentinel Project, which addressed hate speech and misinformation at the peak of the civil war in the East African country. As the perpetrators, pathways and effects of false news and information manipulation online evolve, the need for continued education and empowerment remains preeminent. This project demonstrates that collaborative efforts in knowledge and skills building can contribute to equipping people with the tools and resources to keep communities safe.
Across Africa, the fast-evolving technology landscape has created pressure to adopt appropriate legislation to keep up with the pace of technological development. However, these efforts are being shackled by numerous challenges, including silo approaches to policy development, limited citizens’ inclusion in policy formulation, failure to harmonise stakeholder positions, ad hoc advocacy efforts by Civil Society Organisations (CSOs), and the failure to leverage the influence of private sector actors.
At the Forum on Internet Freedom in Africa 2022 (FIFAfrica22), digital rights activists and policymakers examined how existing processes and mechanisms that provide input into digital policies can be improved. In a panel session organised by the Centre for International Private Enterprise (CIPE), participants explored experiences and practical tips for policy engagement that upholds democratic values.
A key concern was that, on the one hand, Africa’s digital rights landscape has for years remained unregulated, leading to resistance to efforts to regulate it, and yet the absence of laws creates room for violation of rights online and abuse by state and non-state actors. On the other hand, where laws have been enacted, implementation and enforcement have been weaponised to target critics and dissent, as reflected in the continued infringement of rights online. This creates the need for proactive multi-stakeholder efforts in pushing back against regressive developments.
“While we should be [engaged] at the beginning of the process, we are ignored and when we enact a law, CSOs come to challenge it, yet if they involve us early enough, we would all be in agreement,” said Neema Lugangira, Member of Parliament from Tanzania and Chair of the African Parliamentary Network on Internet Governance (APNIG).
She noted that with a negative attitude towards each other, many parliamentarians question the motives of CSOs in pushing certain agendas and called for a change in approach. “I want to champion issues in which I have been involved. How do we make your agenda my agenda? You can scream whatever you want but you cannot get legislative change without working with Parliament,” said Lugangira.
Indeed, Boye Adegoke from Paradigm Initiative reiterated that one of the pitfalls of policy advocacy was to adopt the angel/devil relationship approach. He added that many CSOs lack adequate knowledge and skills to engage in policy processes. In turn, he called for more proactive efforts in tracking parliamentary debates and business related to digital policy and undertaking research to inform policy advocacy.
Building alliances, including with the local business and the tech community, was also cited as critical to strategic support for policy influence. “When they [business and tech community] speak, they tend to be listened to and governments tend to respect their views,” said Nashilongo Gervasius, a Namibian technology policy researcher and founder of NamTshuwe Media.
Equally emphasised was the need to leverage the power and influence of private sector players at international level, where the quality of policy negotiations by some African governments remains wanting, as noted by Ayaan Khalif, the Co-Founder of Digital Shelter, a digital rights group in Somalia. Citing the example of the 15% tax agreement between OECD countries and multinational companies, Ayaan stated that African countries and CSOs must bring the continent’s big market potential to the “negotiating table” in order to tap into the multinationals’ revenue.
Away from negotiations, the need to increase inclusive participation in public policy processes was also stressed. As Khalif stated, “Holistic stakeholder involvement should clearly define those being involved, ensure that they are actually given the opportunity to make meaningful input and outline the issues being addressed”.
Ultimately, context remains paramount given that most countries on the continent are at different levels of democracy and what is possible in one may not be tenable in another. What is important is to understand the policy making ecosystem and respond appropriately. “Policy advocacy is about incremental wins. If you are not invited to the table you can bring your own chair to the table, or you can set up your own table and bring people to it,” concluded Adegoke.
Over three years since the ouster of long-term authoritarian president Omar al-Bashir, Sudan’s ongoing political crisis continues to present challenges for internet freedom in the country. Initial positive reforms initiated by the transitional government led by Prime Minister Abdalla Hamdok have been clawed back since a military coup in October 2021. The new military government has weaponised laws, continues to institute network disruptions, and is clamping down on civil society organisations so as to consolidate its grip on power and silence critics.
The political situation in the country has had a marked correlation with the state of internet freedom in the north African state, whose record was largely poor even before the crisis deepened. According to the Freedom On The Net 2022 report, Sudan scored 29 out of 100 on internet freedom, thus continuing its classification on the index as “Not Free”. Developments in 2022 signalled a rapid decline from the progress recorded in 2021 and2020, when the country scored 33 and 30 respectively on the index, up from a lower score of 25 in 2019.
The Cybercrime Law Continues to Repress
One of the measures adopted by Sudanese authorities has been the use of internet-related laws as a weapon for repression. The cybercrimes law, which first came into force in the final days of al-Bashir’s regime in 2018, and its amendments in subsequent years, appear to be aimed at thwarting mass protests and restricting critical opinion of the government and its officials. The most recent amendment to the law, which contains vague provisions, was first announced in April 2022, with some reports stating that it was intended to criminalise acts such as insulting the leaders of the state and undermining the prestige of the state.
On November 2, 2022, the government spokesperson announced that the cabinet had adopted the amendments. The announcement stated that the law was necessary to address the proliferation of information-related crimes and the concealment of their perpetrators through the use of modern computer applications. Also, it claimed that it was necessary to address the shortcomings of the application of court fines that had failed to achieve complete deterrence. The amendment obliges courts to imprison offenders where the victim of defamation or fake news is a governmental public figure. As of December 2022, the amendment law is yet to be published and is awaiting the final approval of the President of the Sovereign Council.
Article 21 of the cybercrime law provides that: “Whoever prepares or uses the information or communications network or any information means or any applications to publish or promote ideas, programs, words or actions contrary to public order or morals, shall be punished with imprisonment for a period not exceeding six years”. Under article 24, “Anyone who publishes lies or fake news in cyberspace will be punished [with imprisonment of] four years, fined or both”.
Meanwhile, article 25 states that “Whoever prepares or uses the information or communications network, or any information means or applications to defame any person shall be punished with imprisonment for a term not exceeding six years.” The law also imposes a penalty of up to seven years imprisonment for anyone who obtains data or information that affects the “economy or the national security” of the country, which terms are not defined.
These articles limit access to information and freedom of expression as they fail to provide a clear definition of the acts constituting the offence, are excessive, and use undefined terms such as “public order” and “morals”, which can be interpreted subjectively by security and prosecutorial agencies and applied to punish legitimate expression.
Censorship
The contentious provisions of the cybercrime law have been used to limit press freedom through the blockage of access to online news websites. In September 2022, the public prosecutor ordered the blockage of the website of the Al-Sudani newspaper, one of the most respected dailies in Sudan, without even notifying the newspaper’s management. The Sudanese Electronic Press Association condemned the order, stating: “We reject prior trials and convictions from any party except the judiciary”. Ultimately, the website was not blocked after the leakage of the prosecutor’s order.
In the same month, Abdalrahman Al-Aqib, a journalist, was arrested by police after publishing an investigative article on corruption at the Ministry of Minerals in a local daily and on his Facebook account. Al-Aqib was charged under articles 24 and 25 of the cybercrimes law for publishing lies and fake news. Following his arrest, the Sudanese Journalists Syndicate condemned the actions of the police. It stated: “Al-Aqib was treated in a humiliating manner, and they did not respect his most fundamental rights, amid delays from the police’s duty officer, so as not to obtain his legal right to the guarantee”.
In both cases, the government’s response was primarily reprisal as opposed to offering counter-responses to the allegations raised in the stories. Notably, authorities did not use the press law against the journalist, perhaps because it prescribes less penalties in comparison to the harsh penalties under the cybercrimes law. The press law does not provide for imprisonment of journalists; rather, it stipulates disciplinary sanctions, such as fines and suspending a journalist from publishing for a specific period.
Network Disruptions
Disruptions to internet access and blockage of social media continues unabated, with authorities justifying them as necessary to ensure “national security and emergency state”. Five have been recorded during the past 15 months.
During the October 2021 coup, the army imposed a nationwide internet shutdown to isolate the protestors from mobilisation to resist the coup. The shutdown lasted 25 days, and after access was restored, some social media platforms remained blocked for two more days. On the one year anniversary of the coup, the authorities shut down the internet for eight hours during a public march organised by pro-democracy groups against the coup. Earlier the same month on October 18, 2022, a regional internet shutdown was imposed in Wad Al-Mahi, a governorate in the Blue Nile region. The shutdown was in response to tribal conflict in several villages in the area. It could not be independently verified when access was restored.
Also, on June 11, 2022, the public prosecutor ordered the shutdown of the internet for three hours on a daily basis, over a 12-day period. The reason given was that it was necessary to prevent cheating during the national secondary school exams. Following the 12-day period, the internet was again disrupted for 25 hours on June 30, 2022, during the “Million Man March” to mark the anniversary of the 2019 massacre of protestors by the military.
Catalogue of Internet Disruptions in Sudan Since October 2021
These recent incidents mirror Sudan’s long history of instituting network disruptions, rivalled only by neighbouring Ethiopia. Crucially, the disruptions are indicative of the current regime’s bias and disregard for freedom of association and assembly. Three of the internet disruptions (October 2021, June 2022 and October 2022) were in response to protests against military rule. In contrast, the military did not implement any disruptions on October 29, 2022, when the Sudan People’s Appeal Initiative held protests. The initiative comprises supporters of former president Al-Bashir’s ousted regime, who protested in Khartoum demanding that the United Nations not interfere in Sudanese affairs.
Crackdown on Civil Society
The government has also led an onslaught against civil society organisations. For example, on October 23, 2022, the Human Aid Commission (HAC), which is the regulator of non-governmental organisations in Sudan, notified the director of the Sudanese Consumers Protection Society (SCPS) of its decision to cancel SCPS’s registration, seize its assets and properties and freeze its bank accounts inside and outside Sudan. The SCPS has been at the forefront of advocating against network disruptions by pushing for the enforcement of contractual obligations of Internet Service Providers (ISPs) to provide services to their customers.
Looking Ahead
The affronts by the Sudanese government on internet freedom and civic space go against its obligations under international human rights law. The design and deployment of punitive laws by authorities to target and silence activists, government critics, journalists, human rights defenders (HRDs), and the political opposition create an environment of fear and self-censorship. Equally, responses such as the deregistration of civil society organisations only serve as a threat to other civil society organisations, of possible sanctions. Lastly, these actions together with internet shutdowns and the repression of digital rights through the cybercrime laws constitute unjustifiable limitations of freedom of expression, assembly, association, access to information, rights of the media, and rights to political participation.
In order to chart a democratic path in the coming years, the Sudanese government must show commitment to uphold media and internet freedom. Policy reforms should repeal regressive provisions such as the cybercrimes law. Sudan should also desist from interrupting access to the internet and social media.
+ Khattab Hamad is a journalist and digital rights researcher who has recently co-founded the Digital Rights Lab Sudan.
