Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: surveillance

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  surveillance
15Jun

OpenNet Africa Challenge Uncovers Gaps in Digital Safety Tools

Author admin Posted on

By Ashnah Kalemera |
There are numerous tools which can secure online users’ communications, including through anonymising their identities and enabling them to circumvent online surveillance and censorship. In some cases, developers have gone on to localise such tools to suit various contexts. However, the tools’ relevance to certain populations and how best to improve them for a diverse range of users remains largely unknown.
During May 2015, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with tech innovation hub OutBox challenged members of the Ugandan tech community to test five digital safety and security tools in order to gain an understanding, in a local context, of the tools’ strengths, weaknesses and opportunities for localisation. The challenge was in the context of CIPESA’s OpenNet Africa initiative which monitors and promotes internet freedom in east and southern Africa.
The tested tools were Cyrptocat, Mailvelope, Martus, TextSecure and Redphone. The scope of testing included how the tools enabled anonymisation, circumvention, and privacy of communications. The tests had to take into consideration different user communities, including women, bloggers, journalists, human rights defenders, and sexual minorities, and the nature of threats to internet freedom in the East African region.

A team presents to the panel during the OpenNet Africa Tools Testing Challnge
A team presents to the panel during the OpenNet Africa Tools Testing Challnge

These threats are often linked to the fight against terrorism, combating online hate speech, suppressing the views of opposition parties (mainly around election periods), and in crackdowns against particular groups, such as Lesbian, Gay, Bisexual, and Transgender (LGBT) community, critical media and human rights activists. The threats often come in the form of surveillance, blocking of websites and social media sites, and interception of communications.
Three teams participated in the challenge through trial exercises, user consultations and stakeholder interviews. In considering which tools were better suited to promote internet freedoms of the region’s citizens, the teams that conducted the tests also bore in mind the proliferation of technology, internet speeds and literacy levels in the region. Language, multiple device use and aesthetics such as the interface design including colours and icons, were also among the other features for testing.
The teams found a number of shortcomings on some tools, including the lack of protection from key loggers, poor or no consideration for low internet speed users and those with low ICT skills and literacy levels. Some tools were found to have limited cross platform/device operability, while others were not accessible to visually impaired persons.
Select test findings
 

Tool Safety and Security Features Key test finding limitation
Martus Allows for secure collection, transmission and storage of data. It is popularly used by human rights defenders.
  • There is no option for retrieving a lost encryption key

 
Cryptocat This app enables encrypted chat via a browser and mobile phone.
  • Lack of IP address anonymisation
  • There are no administrative privileges in group chats meaning there is free entry and exit of members in the conversations.
Mailvelope This is a browser extension that enables the exchange of encrypted emails
  • Lack of an attachment encryption function
Redphone An Android based mobile app that allows for encrypted voice calls over a Wi-Fi or data connection using a normal phone number.
  •  Unregistering a RedPhone number is not currently supported.
  • Very slow or no synchronisation with contacts that have RedPhone installed, meaning there is no possibility to upgrade calls to encrypted calls even when the user being called is running the RedPhone app.
TextSecure Secure messaging app
  • Recently dropped SMS support
  • Installation requires Google services

 

“Pious, a 25-year old IT student at Makerere said that he is now using Redphone with his girlfriend whenever they feel like phone sex in order to avoid the spying software announced by Fr. Simon Lukodo, Minister of Ethics and Integrity,” Tean Tech4Dev

The teams made recommendations for improvement and localisation, including translation of the tools into local languages, compatibility provisions across social media platforms, and feature phone support.
The teams also proposed numerous cases in which the tools can be used by marginalised and vulnerable user groups in East Africa. They cited youth mobilisation, gender-based violence and other human rights violations reporting, monitoring and victims support, facilitation of opposition groups’ activities, and protection from corporate espionage.
However, the teams also highlighted the potential of the tools promoting hate speech and radicalism in East Africa’s fragile socio-political environment through safeguarding the communications and activities of offenders.
“One of the primary uses of the Internet by terrorists is for the dissemination of propaganda. Through encrypted communications, terrorists can easily spread their propaganda and also plan their activities,” noted Team African Value. The team added that promotion of divisiveness and encouraging violent acts on ethnic grounds has become common on East African online platforms.
The teams also noted the need for increased awareness raising and capacity building among users to promote an understanding of cyber threats and online safety. Among the possible ways to achieve this was through working with academia to develop cyber security curriculums for education institutions.
The findings of the teams were showcased at a pitching event held on June 2, 2015 where a panel of judges determined the team with the best reports and localisation recommendations. The judges were Wilson Abigaba (Internet Society – Uganda Chapter), Richard Lusimbo (Sexual Minorities Uganda), Baldwin Okello (Uganda Telecom) and Neil Blazevic and Mark Kiggundu – both from East and Horn of Africa Human Rights Defenders Project.
The winning team was Tech4Dev, which was followed by Ghost In The Wires then African Values. See more on the event on  Storify

05May

World Press Freedom: Ugandan Journalists Convened for Digital Security Training

Author admin Posted on

By Juliet Nanfuka |
On May 2, a total of 27 Ugandan journalists were trained in digital security procedures. The training was held in commemoration of World Press Freedom Day (May 3), which this year was celebrated under the theme “Let Journalism Thrive! Towards Better Reporting, Gender Equality, and Media Safety in the Digital Age”.
The training, which was organised by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) in partnership with Uganda Journalists Union (UJU) and the East and Horn of Africa Human Rights Defenders Project (EHARDP), explored the status of journalism in Uganda as well as the legal and regulatory frameworks affecting freedom of expression in the country. Participants at the training workshop represented print, online and broadcast media houses from across Uganda.
During the training, it emerged that some journalists are not cautious about their online security, similar to those in a previous training hosted by CIPESA. The reuse of one password across different websites and platforms, and overexposure of personal information online were common among the training participants. Email encryption, the use of Virtual private networks (VPNs) and Multi Factor Authentication for passwords, were taught as skills that can aid journalists when investigating sensitive stories that may be prone to surveillance.
Norman Katende, an international award winning journalist, shared his experiences of being threatened while reporting on controversial stories and encouraged journalists to practice caution both online and offline. He questioned how journalism can thrive in the face of police attacks on the media, noting that journalists should not compromise on their security when covering sensitive stories just to earn a living.
According to the Committee to Protect Journalists (CPJ), an international organisation that defends the rights of journalists, over the past two decades, 1125 journalists across the world lost their lives while reporting or investigating stories. The medium increasingly used by journalists to source and disseminate information is the internet.
Last month, Somalia journalist Daud Ali Omar and his wife were murdered. The same month, Kenyan journalist Johan Kituyi, proprietor of the newspaper Mirror Weekly, which has covered controversial national issues, was also murdered.
Increasingly, online publishers and bloggers are also coming under attack in Africa. For instance, a year after their arrest, the Ethiopian Zone9 bloggers remain behind bars and in Burundi, civil unrest related to upcoming elections has led to government restrictions of information flow through various media houses – and radio stations.
Such attacks necessitate digital safety skills for journalists. “When you look at the level of knowledge on ICT that a journalist has – it’s really basic. We have several unsecured email accounts and we visit any website without [considering] security,” noted a journalist at the training in Kampala.
Journalists noted that they do not always exercise their rights and do not request security from their media houses when pursuing sensitive stories. They also indicated a lack of awareness of the laws in place that can aid them in developing stories, such as the Access to Information Act (2005), which compels Ministries, Departments and Agencies to release information.
Following a CIPESA presentation on the legal and regulatory frameworks affecting internet freedom, especially freedom of expression online in Uganda, a Soroti-based journalist said the training had made him re-evaluate how he used his mobile phone and the internet, saying that he had been using these tools “without considering their implications.”
Further to the commemoration of World Press Freedom day, CIPESA participated in the “Digital safety for journalists” plenary session of the global event hosted by UNESCO.  CIPESA and its partners in various countries were also involved in a series of Twitter engagements which explored press freedom, including in the digital world, particularly for African journalists.
The training was conducted in the context of CIPESA’s OpenNet Africa initiative that promotes internet freedom in Africa and is supported by the Open Technology Fund, Hivos and the Association for Progressive Communications (APC).

12Mar

Is Kenya Putting the Chill on Internet Freedoms?

Author admin Posted on

By Juliet Nanfuka |
The rights of Kenya’s digital citizens are fast shrinking in the face of new restrictive laws and increased arraignment of individuals for expressing online opinions which authorities deem in breach of the law.
The Security Laws (Amendment) Act 2014, assented to by President Uhuru Kenyatta last December, allows blanket admissibility in court of electronic messages and digital material regardless of whether it is not in its original form.
It is feared that retrogressive provisions in this law could be used to put the chill on internet freedoms in East Africa’s most connected country where mobile phone penetration stands at 80% and internet access at 50% of the population.
Part V of the new security law regarding “special operations” has raised particular concerns, as it expands the surveillance capabilities of the Kenyan intelligence and law enforcement agencies without sufficient procedural safeguards.
It gives broad powers to the Director General of the National Intelligence Service to authorise any officer of the Service to monitor communications, “obtain any information, material, record, document or thing” and “to take all necessary action, within the law, to preserve national security.”
In addition, the amendments also contain unclear procedural safeguards especially in the interception of communications by “National Security Organs” for the purposes of detecting or disrupting acts of terrorism.
Even though there is a provision for a warrant to be issued by a court of law, the broad definition of ‘national security’ leaves no room for restrictions on the extent of power the law grants to National Intelligence Service when it comes to accessing personal data, information and communications.
In February 2015, the Kenya High Court struck some clauses from the security law. The government says it may appeal.
Government says the new law is necessary to fight al Shabaab militants who have repeatedly rocked the country with fatal attacks such as the Westgate shopping centre attack on September 21, 2013, which left 67 people dead. Human rights activists blame President Kenyatta’s government for steadily shrinking the space for civil actors, a pattern they say was manifested in the Kenya Information and Communications (Amendment) Act 2013 and the Media Council Act 2013. These laws, they say, placed restrictions on media freedom and general freedom of expression.
The proposed Cybercrime and Computer related Crimes Bill (2014) also falls short of constitutional guarantees as it is contains “broad” speech offences with potentially chilling effects on free speech. See a full legal analysis of the Bill by Article 19. Proposed regulations to the law governing non-government organisations, which cap the funds received from foreigners at 15% of their overall budgets, have also been criticised as aimed to curtail and control the activities of civic groups engaged in governance and human rights work.
Over the 2012-2013 election period, several individuals were charged in court over their online communications. The National Cohesion and Integration Act of 2008 has been used to charge many for promoting hate speech – which some Kenyan citizens found justifiable given the role that hate speech played in the 2007 to 2008 post-election violence.
Hate Speech is defined by the 2008 Act as speech that is “threatening, abusive or insulting or involves the use of threatening, abusive or insulting words” with the intention to stir up ethnic hatred or a likelihood that ethnic hatred will be stirred up. Authorities, however, seem to be shifting gear and using this charge among others against online journalists and bloggers that criticise the Kenyatta government.
In December 2014, blogger Robert Alai was arrested and charged with undermining the authority of a public officer contrary to Section 132 of the Penal Code by allegedly calling President Kenyatta an “adolescent president” in a blog. He was again arrested in February 2015 for offending a businessman online by linking him to a land saga that involved the illegal acquisition of the Langata Primary School playground.
Meanwhile, Allan Wadi – a student – was also arrested for “hate speech” and jailed in January 2015 for posting negative comments on Facebook about the president. In the same month, journalist Abraham Mutai was arrested following tweets he posted on corruption in the Isiolo County Government. He was charged with the “misuse of a licensed communication platform to cause anxiety.”
Nancy Mbindalah, an intern with the department of finance at the Embu County Government, was charged on similar grounds for social media posts dating as far back as 2013 in which she is alleged to have abused County Governor Martin Wambora.
In all instances, some social media users claimed there were “selective” arrests and prosecution of those critical of government. Critics cited the case of Moses Kuria, a Member of Parliament (MP) for Gatundu South, who allegedly made remarks on Facebook against the Luo Community but did not face the same punitive actions.
A recent news report, however, indicates that the National Cohesion and Reconciliation Commission and the Public Prosecutor are calling for the MP’s case to be revisited for the “incitement to violence, hate speech and fanning ethnic hatred.”
The incidents of arrest, prosecution and law amendments demonstrate a recurring theme of clamping down on dissenting citizen voices, a concern that was highlighted by the Kenya Human Rights Commission and the International Federation for Human Rights following the enactment of the Security Laws (Amendment) Act.
While the country remains on a constant alert for terror attacks, this has been used to strengthen the control that the state has on freedom of expression and surveillance. The lack of laws that limit state access to citizens’ information further exacerbates this concern.

20Jun

Uganda: When National Security Trumps Citizens’ Internet Freedoms

Author admin Posted on

The Ugandan telecommunications sector was liberalised in 1998, resulting in an influx of service providers – there are currently four major mobile telecom operators and more than 30 Internet Service Providers (ISPs). The establishment of a Uganda Internet Exchange Point (UIXP) allows for local internet traffic routing, increased speeds and lower costs. The regulatory body reports a teledensity of 52 phones per 100 inhabitants and an internet penetration rate of 20%.
Ugandans have embraced social media as an alternative means of communication with their peers as well as for engaging with government. This is seen in the increase in the popularity of social networking sites such as Facebook, Twitter, LinkedIn, Youtube and Blogspot, which are ranked among the top 10 most visited websites in Uganda. As such the government has developed social media guidelines to aid its ministries, agencies and departments in communicating and engaging with citizens online.
However, as the telecommunications sector grows, so have the number of laws passed to regulate it. Some of these laws have drawn criticism from internet actors both locally and internationally due to their severity, infringement on human rights and contradictions with other existing legislation, including the constitution.

“No person shall be subjected to interference with the privacy of that person’s home, correspondence, communication or other property.”

Article 27 (2) of Ugandan Constitution

The use of ICTs in Uganda is threatened by the very laws that are meant to both protect citizens and ensure their rights. The Regulation of Interception of Communications Act, 2010, the Anti-Terrorism Act No.14 of 2002, the Anti-Pornography Act of 2014 and the Anti-Homosexuality Act of 2014 have undercurrents of surveillance, content filtering, and monitoring.
Although these laws are guised under provisions aimed to protect national security or fight cybercrime, in effect they may serve to silence voices critical to the state. Ultimately, these provisions are resulting in self-censorship by both ordinary online users and the media.
Provisions in the Electronic Transactions Act of 2011 limit the liability of ISPs for users’ content and do not require them to monitor stored or transmitted data including for unlawful activity. However, other laws place ISPs at a cross roads of service provision and protection of subscriber information. They are required to lawfully release users’ data to state agencies for purposes such as fighting terrorism and cybercrime. Moreover, the Anti-Pornography Act (2014) requires them to monitor, filter and block content of a pornographic nature.
In the absence of a data protection and privacy law, just like other countries in East Africa (State of Internet Freedom in East Africa), users’ data is vulnerable to mishandling and abuse by the state and ISPs. These vulnerabilities are also transferred to the offline world where freedom of expression and assembly have not been spared as seen in the limiting provisions under the Public Order Management Act, 2013.
It should be noted that the Ugandan government recently announced plans to draft a Data Protection and Privacy Bill. This is a positive step toward the protection of personal information and its use by the government and the private sector.
Read more in the 2014 Internet Freedom in Uganda Report prepared by CIPESA under the OpenNet Africa initiative. The report provides a status of the legislative environment and threats to internet freedoms in the country.

05Jun

Online Privacy and Security: The Debate And The Dilemma

Author admin Posted on

By Ashnah Kalemera
The issue of internet users’ privacy and security has been widely debated since the Edward Snowden revelations last June put a magnifying glass on the extremes that some governments, such as the U.S., are prepared to go to in the fight against terrorism and cybercrime.
To-date, debate rages on amongst human rights activists, government, media, academia and the private sector on the effects of surveillance on internet freedoms. It is also becoming apparent that some developing countries are also taking to surveillance of their citizens’ communications.
These discussions continued at this year’s Stockholm Internet Forum (SIF), themed “Internet: privacy, transparency, surveillance and control”. The annual forum hosted by the Swedish Ministry for Foreign Affairs in partnership with the country’s Internet Infrastructure Foundation (.se) and the Swedish Development Cooperation Agency (Sida), took place in Stockholm, Sweden, May 27–28, 2014.
In her opening address, Anna-Karin Hatt, Sweden’s Minister for Information Technology, said there would be grave consequences to basic human rights if states across the world continued to undertake unrestricted surveillance.
“During the last year, we have had more than one reason to discuss the behaviour between states and the behaviour of states within their borders,” she said. “The most valuable lesson has been that all surveillance must be subjected to strict limitations.” She added that “no system of surveillance must be justified because it is technologically possible.”
Rather, where legitimate cause exists, “surveillance must be proportional to the benefits it brings to citizens in terms of reduction in crime and improved security”. Furthermore, she argued, it must be based on transparent laws that are adopted through democratic processes.
She also noted that the last year had seen many multi-stakeholder meetings and processes on the matter. These included the 2013 global Internet Governance Forum, NetMundial, the Freedom Online Coalition, and the 2014 Cyber Dialogue. However, she added, it was still important to continue these discussions with participation from a broad range of state and non-state stakeholders in order to reach a consensus.
According to the International Telecommunications Union (ITU), only 19% of Africans use the internet compared to 75% (Europe), 32% (Asia) and 65% (the Americas). Africa also has the lowest mobile phone penetration rates. Low literacy levels, high cost of accessing and owning ICT, acute shortages of electricity, gender inequalities and a shortage of skilled human resources have contributed to the continent’s low ICT use. Even with this limited access, internet use is further impeded by government policies and practices that threaten internet freedom.
While African governments may not be blatantly or capably conducting surveillance on the scale of the National Security Agency (NSA) in the U.S., in recent years they have not shied away from requesting for social media users’ information and seeking content take downs. This is a reflection of the growing interest in what citizens are doing online.
According to the recently published State of Internet Freedom in East Africa report, national constitutions and a number of legislations on the continent provide for freedoms of expression, assembly, privacy and access to information. However, various recently enacted laws take away from citizens’ enjoyment of these freedoms in the online space.
James A. Lewis, director and senior fellow at the American Centre for Strategic and International Studies, asserted that post-Snowden, the debate had shifted from freedom of expression to privacy versus security. The latter were not guaranteed on the internet. “I have never seen a government that does not conduct surveillance on its own citizens. The challenge is extending sovereignty without sacrificing human rights,” he said.
But what is the perception in the developing world where it is estimated that the next billion internet users will come from? Should Africa prioritise access over security? Alison Gillwald, executive director of Research ICT Africa, noted that many people on the continent are more concerned about getting access to the internet and less so their privacy online.
Meanwhile, emerging threats from terrorist and militia groups in Africa seem to have influenced the way some governments perceive internet freedom. In Nigeria, Gbenga Sesan noted that the abduction of 300 schoolgirls by a Muslim extremist group had re-enforced state surveillances measures. “The government is using such incidents to justify ‘rule of law’: ‘if we should provide you with more security, we need to access your privacy’,” said Mr. Sesan.
Perhaps, as Eileen Donahue, Director of Global Affairs at Human Rights Watch pointed out, even with continued discussion and research on the matter, “we may not be able to figure out how to proactively reconcile the internet and human rights.”

1 7 8 9 10