By Marilyn Vernon & Liz Orembo |
Threats to citizens’ access to information, privacy, security and freedom of expression online are increasingly coming under scrutiny in East Africa. According to the World Press Freedom Index, Kenya who was ranked number 71 out of 180 countries in 2013, dropped 29 places to number 100 in 2014. Meanwhile, cybercrime is also on the rise in the country. The Kenya Cyber Security Report 2014 shows a 108% increase in detected cyber threat incidents, from 2.6 million attacks in 2012 to 5.4 million in 2013.
The Cyber Security Report attributes the surge in criminal activity to the increasing value of information and the lower risk of detection and capture. Businesses and individuals are susceptible to threats stemming from spyware, social media, unsecured email, and theft of mobile computing devices.
Kenya’s ranking in the World Press Index reflects the deteriorating relationship between the media and the state. The steady decline is partly attributed to the passing of prohibitive legislation, most notably the Kenya Information and Communications (Amendment) Act and the Media Council Act of 2013, which subjects violators to heavy fines and asserts undue state control over media practice.
A few journalists in Kenya have boldly reported on sensitive topics at the risk of imprisonment or financial penalties. Reported cases of assassination, disappearance, destruction of property, confiscation of equipment, and arrests are among the list of violations committed against journalists and activists.
Notably, controversial blogger Bogonko Bosire, who worked for Agence France Presse (AFP), went missing two years ago. He was known for his criticism of President Uhuru Kenyatta’s administration during the International Criminal Court (ICC) proceedings. It is reported that Bosire had been threatened multiple times, and his website Jackal News suffered at least one digital attack. Various rumors surrounding his fate spread online, but his whereabouts remain unknown.
In a digital safety and security training workshop conducted last month by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with Kenya ICT Action Network (KICTANet), journalists, bloggers and activists admitted to using the Internet for research, communication and reporting but with little or no understanding of the existing digital threats.
“Why do I need security?” and “I’m not that important for anyone to waste time looking for information in my gadgets” were some of the comments participants made.
Other shortcomings identified in the pre-workshop assessment included poor organisation IT mobility policies whereby, just like other business organisations in Kenya, media houses allow their employees to carry their own devices to the workplace. Some of these devices are also used in public places by employees to meet their work targets. This increases the risks of journalists having their data lost or compromised especially since theft of mobile and computing devices is rampant in the country.
Freelance journalists indicated being unable to acquire the necessary digital safety resources as often availed to counterparts fully employed by the media houses. Besides, there was a widespread use of free web-based email services such as Yahoo, Google mail and Hotmail through which practitioners felt “sensitive communication can be intercepted since some of these email service companies have histories of being hacked”.
Accordingly, the CIPESA-KICTANet training workshop set out to equip participants with the necessary tools and knowledge needed to protect their digital information and communication, and to respond to various types of digital threats. The workshop topics ranged from the importance of digital security, secure communication and data storage, to PC and mobile device security, as well as the ethical and legal aspects of digital communication on social media platforms.
The interactive sessions enabled a knowledge-sharing environment in which participants were able to evaluate their security vulnerabilities and to choose security tools they would use to protect themselves and their work. Attendees engaged in group discussions, lab demonstrations, and case studies of ethical blogging. Participatory sessions demonstrated how to encrypt emails, create strong memorable passwords, and identify built-in security features on mobile devices to determine which are important for personal safety – taking into account that security features are only effective when used well.
As a means to protect information and guard against digital threats, the workshop facilitator, Harry Karanja, encouraged participants to use tools such as anonymous internet navigation settings, data encryption, and virtual private networks (VPN). He also recommended use of IP anonymisation and signing up with secure anonymous email services.
Participants were also urged to refrain from sharing personal identifiable information online, perform regular updates to the latest versions of operating systems, and back up their data.
Recommendations from participants for future workshops included partnering with learning institutions to train student journalists on digital security prior to engaging in professional work and the development of online tutorials for ongoing reference.
The workshop, held at Riara University in Nairobi, Kenya on June 17-18 2015, had 24 participants from Kenyan print, broadcast, and online news agencies. It is the fourth in a series of digital safety awareness and capacity building trainings conducted this year by CIPESA under its OpenNet Africa initiative. The others have been held in Tanzania and Uganda.