CIPESA Joins over 125 Organisations and Academics In Submitting Letter to the UN Ad Hoc Committee on Cybercrime

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has joined over 125 organisations and academics who work to protect and advance human rights, online and offline in submitting a letter to the United Nations Ad Hoc Committee on Cybercrime. The letter stresses that the process through which the Ad Hoc Committee does its work includes robust civil society
participation throughout all stages of the development and drafting of a convention, and that
any proposed convention include human rights safeguards applicable to both its substantive and
procedural provisions. The first session of the Ad Hoc Committee, which was scheduled to begin on January 17, 2022, has been rescheduled to begin on February 28, 2022, due to the ongoing situation concerning the coronavirus disease. See the full letter below.

————————————————————————————————————————————-

December 22, 2021

H.E. Ms. Faouzia Boumaiza Mebarki

Chairperson

Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes

Your Excellency,

We, the undersigned organizations and academics, work to protect and advance human rights, online and offline. Efforts to address cybercrime are of concern to us, both because cybercrime poses a threat to human rights and livelihoods, and because cybercrime laws, policies, and initiatives are currently being used to undermine people’s rights. We therefore ask that the process through which the Ad Hoc Committee does its work includes robust civil society participation throughout all stages of the development and drafting of a convention, and that any proposed convention include human rights safeguards applicable to both its substantive and procedural provisions.

Background

The proposal to elaborate a comprehensive “international convention on countering the use of information and communications technologies for criminal purposes” is being put forward at the same time that UN human rights mechanisms are raising alarms about the abuse of cybercrime laws around the world. In his 2019 report, the UN special rapporteur on the rights to freedom of peaceful assembly and of association, Clément Nyaletsossi Voule, observed, “A surge in legislation and policies aimed at combating cybercrime has also opened the door to punishing and surveilling activists and protesters in many countries around the world.” In 2019 and once again this year, the UN General Assembly expressed grave concerns that cybercrime legislation is being misused to target human rights defenders or hinder their work and endanger their safety in a manner contrary to international law. This follows years of reporting from non-governmental organizations on the human rights abuses stemming from overbroad cybercrime laws.

When the convention was first proposed, over 40 leading digital rights and human rights organizations and experts, including many signatories of this letter, urged delegations to vote against the resolution, warning that the proposed convention poses a threat to human rights.

In advance of the first session of the Ad Hoc Committee, we reiterate these concerns. If a UN convention on cybercrime is to proceed, the goal should be to combat the use of information and communications technologies for criminal purposes without endangering the fundamental rights of those it seeks to protect, so people can freely enjoy and exercise their rights, online and offline. Any proposed convention should incorporate clear and robust human rights safeguards. A convention without such safeguards or that dilutes States’ human rights obligations would place individuals at risk and make our digital presence even more insecure, each threatening fundamental human rights.

As the Ad Hoc Committee commences its work drafting the convention in the coming months, it is vitally important to apply a human rights-based approach to ensure that the proposed text is not used as a tool to stifle freedom of expression, infringe on privacy and data protection, or endanger individuals and communities at risk.

The important work of combating cybercrime should be consistent with States’ human rights obligations set forth in the Universal Declaration of Human Rights (UDHR), the International Covenant on Civil and Political Rights (ICCPR), and other international human rights instruments and standards. In other words, efforts to combat cybercrime should also protect, not undermine, human rights. We remind States that the same rights that individuals have offline should also be protected online.

Scope of Substantive Criminal Provisions

There is no consensus on how to tackle cybercrime at the global level or a common understanding or definition of what constitutes cybercrime. From a human rights perspective, it is essential to keep the scope of any convention on cybercrime narrow. Just because a crime might involve technology does not mean it needs to be included in the proposed convention. For example, expansive cybercrime laws often simply add penalties due to the use of a computer or device in the commission of an existing offense. The laws are especially problematic when they include content-related crimes. Vaguely worded cybercrime laws purporting to combat misinformation and online support for or glorification of terrorism and extremism, can be misused to imprison bloggers or block entire platforms in a given country. As such, they fail to comply with international freedom of expression standards. Such laws put journalists, activists, researchers, LGBTQ communities, and dissenters in danger, and can have a chilling effect on society more broadly.

Even laws that focus more narrowly on cyber-enabled crimes are used to undermine rights. Laws criminalizing unauthorized access to computer networks or systems have been used to target digital security researchers, whistleblowers, activists, and journalists. Too often, security researchers, who help keep everyone safe, are caught up in vague cybercrime laws and face criminal charges for identifying flaws in security systems. Some States have also interpreted unauthorized access laws so broadly as to effectively criminalize any and all whistleblowing; under these interpretations, any disclosure of information in violation of a corporate or government policy could be treated as “cybercrime.” Any potential convention should explicitly include a malicious intent standard, should not transform corporate or government computer use policies into criminal liability, should provide a clearly articulated and expansive public interest defense, and include clear provisions that allow security researchers to do their work without fear of prosecution.

Human Rights and Procedural Safeguards

Our private and personal information, once locked in a desk drawer, now resides on our digital devices and in the cloud. Police around the world are using an increasingly intrusive set of investigative tools to access digital evidence. Frequently, their investigations cross borders without proper safeguards and bypass the protections in mutual legal assistance treaties. In many contexts, no judicial oversight is involved, and the role of independent data protection regulators is undermined. National laws, including cybercrime legislation, are often inadequate to protect against disproportionate or unnecessary surveillance.

Any potential convention should detail robust procedural and human rights safeguards that govern criminal investigations pursued under such a convention. It should ensure that any interference with the right to privacy complies with the principles of legality, necessity, and proportionality, including by requiring independent judicial authorization of surveillance measures. It should also not forbid States from adopting additional safeguards that limit law enforcement uses of personal data, as such a prohibition would undermine privacy and data protection. Any potential convention should also reaffirm the need for States to adopt and enforce “strong, robust and comprehensive privacy legislation, including on data privacy, that complies with international human rights law in terms of safeguards, oversight and remedies to effectively protect the right to privacy.”

There is a real risk that, in an attempt to entice all States to sign a proposed UN cybercrime convention, bad human rights practices will be accommodated, resulting in a race to the bottom. Therefore, it is essential that any potential convention explicitly reinforces procedural safeguards to protect human rights and resists shortcuts around mutual assistance agreements.

Meaningful Participation

Going forward, we ask the Ad Hoc Committee to actively include civil society organizations in consultations—including those dealing with digital security and groups assisting vulnerable communities and individuals—which did not happen when this process began in 2019 or in the time since.

Accordingly, we request that the Committee:

●  Accredit interested technological and academic experts and nongovernmental groups, including those with relevant expertise in human rights but that do not have consultative status with the Economic and Social Council of the UN, in a timely and transparent manner, and allow participating groups to register multiple representatives to accommodate the remote participation across different time zones.

●  Ensure that modalities for participation recognize the diversity of non-governmental stakeholders, giving each stakeholder group adequate speaking time, since civil society, the private sector, and academia can have divergent views and interests.

●  Ensure effective participation by accredited participants, including the opportunity to receive timely access to documents, provide interpretation services, speak at the Committee’s sessions (in-person and remotely), and submit written opinions and recommendations.

●  Maintain an up-to-date, dedicated webpage with relevant information, such as practical information (details on accreditation, time/location, and remote participation), organizational documents (i.e., agendas, discussions documents, etc.), statements and other interventions by States and other stakeholders, background documents, working documents and draft outputs, and meeting reports.

Countering cybercrime should not come at the expense of the fundamental rights and dignity of those whose lives this proposed Convention will touch. States should ensure that any proposed cybercrime convention is in line with their human rights obligations, and they should oppose any proposed convention that is inconsistent with those obligations.

We would be highly appreciative if you could kindly circulate the present letter to the Ad Hoc Committee Members and publish it on the website of the Ad Hoc Committee.

Signatories,*

  1. Access Now – International
  2. Alternative ASEAN Network on Burma (ALTSEAN) – Burma
  3. Alternatives – Canada
  4. Alternative Informatics Association – Turkey
  5. AqualtuneLab – Brazil
  6. ArmSec Foundation – Armenia
  7. ARTICLE 19 – International
  8. Asociación por los Derechos Civiles (ADC) – Argentina
  9. Asociación Trinidad / Radio Viva – Trinidad
  10. Asociatia Pentru Tehnologie si Internet (ApTI) – Romania
  11. Association for Progressive Communications (APC) – International
  12. Associação Mundial de Rádios Comunitárias (Amarc Brasil) – Brazil
  13. ASEAN Parliamentarians for Human Rights (APHR)  – Southeast Asia
  14. Bangladesh NGOs Network for Radio and Communication (BNNRC) – Bangladesh
  15. BlueLink Information Network  – Bulgaria
  16. Brazilian Institute of Public Law – Brazil
  17. Cambodian Center for Human Rights (CCHR)  – Cambodia
  18. Cambodian Institute for Democracy  –  Cambodia
  19. Cambodia Journalists Alliance Association  –  Cambodia
  20. Casa de Cultura Digital de Porto Alegre – Brazil
  21. Centre for Democracy and Rule of Law – Ukraine
  22. Centre for Free Expression – Canada
  23. Centre for Multilateral Affairs – Uganda
  24. Center for Democracy & Technology – United States
  25. Center for Justice and International Law (CEJIL) – International
  26. Centro de Estudios en Libertad de Expresión y Acceso (CELE) – Argentina
  27. Civil Society Europe
  28. Coalition Direitos na Rede – Brazil
  29. Código Sur – Costa Rica
  30. Collaboration on International ICT Policy for East and Southern Africa (CIPESA) – Africa
  31. CyberHUB-AM – Armenia
  32. Data Privacy Brazil Research Association – Brazil
  33. Dataskydd – Sweden
  34. Derechos Digitales – Latin America
  35. Defending Rights & Dissent – United States
  36. Digital Citizens – Romania
  37. DigitalReach – Southeast Asia
  38. Digital Rights Watch – Australia
  39. Digital Security Lab – Ukraine
  40. Državljan D / Citizen D – Slovenia
  41. Electronic Frontier Foundation (EFF) – International
  42. Electronic Privacy Information Center (EPIC) – United States
  43. Elektronisk Forpost Norge – Norway
  44. Epicenter.works for digital rights – Austria
  45. European Center For Not-For-Profit Law (ECNL) Stichting – Europe
  46. European Civic Forum – Europe
  47. European Digital Rights (EDRi) – Europe
  48. ​​eQuality Project – Canada
  49. Fantsuam Foundation – Nigeria
  50. Free Speech Coalition  – United States
  51. Foundation for Media Alternatives (FMA) – Philippines
  52. Fundación Acceso – Central America
  53. Fundación Ciudadanía y Desarrollo de Ecuador
  54. Fundación CONSTRUIR – Bolivia
  55. Fundacion Datos Protegidos  – Chile
  56. Fundación EsLaRed de Venezuela
  57. Fundación Karisma – Colombia
  58. Fundación OpenlabEC – Ecuador
  59. Fundamedios – Ecuador
  60. Garoa Hacker Clube  –  Brazil
  61. Global Partners Digital – United Kingdom
  62. GreenNet – United Kingdom
  63. GreatFire – China
  64. Hiperderecho – Peru
  65. Homo Digitalis – Greece
  66. Human Rights in China – China
  67. Human Rights Defenders Network – Sierra Leone
  68. Human Rights Watch – International
  69. Igarapé Institute — Brazil
  70. IFEX – International
  71. Institute for Policy Research and Advocacy (ELSAM) – Indonesia
  72. The Influencer Platform – Ukraine
  73. INSM Network for Digital Rights – Iraq
  74. Internews Ukraine
  75. InternetNZ – New Zealand
  76. Instituto Beta: Internet & Democracia (IBIDEM) – Brazil
  77. Instituto Brasileiro de Defesa do Consumidor (IDEC) – Brazil
  78. Instituto Educadigital – Brazil
  79. Instituto Nupef – Brazil
  80. Instituto de Pesquisa em Direito e Tecnologia do Recife (IP.rec) – Brazil
  81. Instituto de Referência em Internet e Sociedade (IRIS) – Brazil
  82. Instituto Panameño de Derecho y Nuevas Tecnologías (IPANDETEC) – Panama
  83. Instituto para la Sociedad de la Información y la Cuarta Revolución Industrial – Peru
  84. International Commission of Jurists – International
  85. The International Federation for Human Rights (FIDH)
  86. IT-Pol – Denmark
  87. JCA-NET – Japan
  88. KICTANet – Kenya
  89. Korean Progressive Network Jinbonet – South Korea
  90. Laboratorio de Datos y Sociedad (Datysoc) – Uruguay
  91. Laboratório de Políticas Públicas e Internet (LAPIN) – Brazil
  92. Latin American Network of Surveillance, Technology and Society Studies (LAVITS)
  93. Lawyers Hub Africa
  94. Legal Initiatives for Vietnam
  95. Ligue des droits de l’Homme (LDH) – France
  96. Masaar – Technology and Law Community – Egypt
  97. Manushya Foundation – Thailand
  98. MINBYUN Lawyers for a Democratic Society – Korea
  99. Open Culture Foundation – Taiwan
  100. Open Media  – Canada
  101. Open Net Association – Korea
  102. OpenNet Africa – Uganda
  103. Panoptykon Foundation – Poland
  104. Paradigm Initiative – Nigeria
  105. Privacy International – International
  106. Radio Viva – Paraguay
  107. Red en Defensa de los Derechos Digitales (R3D) – Mexico
  108. Regional Center for Rights and Liberties  – Egypt
  109. Research ICT Africa
  110. Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC) – Canada
  111. Share Foundation – Serbia
  112. Social Media Exchange (SMEX) – Lebanon, Arab Region
  113. SocialTIC – Mexico
  114. Southeast Asia Freedom of Expression Network (SAFEnet) – Southeast Asia
  115. Supporters for the Health and Rights of Workers in the Semiconductor Industry (SHARPS) – South Korea
  116. Surveillance Technology Oversight Project (STOP)  – United States
  117. Tecnología, Investigación y Comunidad (TEDIC) – Paraguay
  118. Thai Netizen Network  – Thailand
  119. Unwanted Witness – Uganda
  120. Vrijschrift – Netherlands
  121. West African Human Rights Defenders Network – Togo
  122. World Movement for Democracy – International
  123. 7amleh – The Arab Center for the Advancement of Social Media  – Arab Region

Individual Experts and Academics

  1. Jacqueline Abreu, University of São Paulo
  2. Chan-Mo Chung, Professor, Inha University School of Law
  3. Danilo Doneda, Brazilian Institute of Public Law
  4. David Kaye, Clinical Professor of Law, UC Irvine School of Law, former UN Special Rapporteur on Freedom of Opinion and Expression (2014-2020)
  5. Wolfgang Kleinwächter, Professor Emeritus, University of Aarhus; Member, Global Commission on the Stability of Cyberspace
  6. Douwe KorffEmeritus Professor of International LawLondon Metropolitan University
  7. Fabiano Menke, Federal University of Rio Grande do Sul
  8. Kyung-Sin Park, Professor, Korea University School of Law
  9. Christopher Parsons, Senior Research Associate, Citizen Lab, Munk School of Global Affairs & Public Policy at the University of Toronto
  10. Marietje Schaake, Stanford Cyber Policy Center
  11. Valerie Steeves, J.D., Ph.D., Full Professor, Department of Criminology University of Ottawa

CIPESA Joins The Global Network Initiative

Announcement | The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is the newest member of the civil society constituency of the Global Network Initiative.
CIPESA works to inform policymakers and other stakeholders across the African continent about the connection between rights-based ICT policies and good governance and improved livelihoods. GNI will benefit from CIPESA’s policy and legal expertise to advance Internet freedom and privacy in Africa, and from its convening power as coordinator of the regional ICT4Democracy in East Africa Network and hosts of the Forum on Internet Freedom in Africa (FIFAfrica).
Through engagement with GNI companies and experts, CIPESA hopes GNI membership will allow them to widen their network, and enhance their multi-stakeholder approach at the global level. CIPESA’s Executive Director Dr. Wairagala Wakabi said: “Our membership will enable us to gain more skills and knowledge from a multiplicity of important actors, to continue playing the role of multipliers and advocates who are able to reach wide audiences and to influence the perceptions and actions of relevant African actors on digital rights.”
Some highlights of CIPESA’s work include an intensive regional training on ICT policy research for different stakeholders, annual reporting on the trends affecting Internet  freedom across Africa, and analyses or commentary on corporate transparency and laws and policies on the ground in a number of countries, including BurundiRwandaSouth Africa, and Tanzania. You can learn more about their work, which has received wide coverage. 
CIPESA’s membership marks a period of notable expansion for GNI’s civil society constituency in the Global South. For more information about CIPESA, visit: CIPESA.org. To learn more about GNI’s multi-stakeholder membership see here.

Bridging Cyber Security Gaps: SMEs Trained in Uganda

By Edrine Wanyama |
Uganda’s Small and Medium Enterprise (SME) sector is credited with contributing 20% to the country’s Gross Domestic Product (GDP) in 2016. While the level of adoption of technology as a key component of operations within the sector remains unclear, its effective utilisation requires entities to also embrace safety and security measures as a priority.
Identifying security controls to defend against cyber threats and data protection thus formed the basis of discussions at a cyber standards training workshop for SMEs in Uganda. Organised by the National Information Technology Authority (NITA-U) in collaboration with the Commonwealth Telecommunications Organization (CTO), the workshop, held in Kampala, Uganda on August 23-24,2017 targeted SME entrepreneurs, banking industry officials as well as ICT sector representatives from non-government organisations and other ICT stakeholders.
The workshop explored the Information Assurance for Small Information Assurance for Small to Medium Enterprises (IASME) which encourages SME’s to comply with international information security management standards
Possible risks include; theft of data for monetary gain or competition by criminals, hacking, physical insecurity to staff and office equipment, malware attacks, insecure configuration, updating software from unreliable sources, access control and spam.
Discussions on information security are abound in Uganda as the Data Protection and Privacy Bill, 2015 makes slow progress in Parliament while laws like the Computer Misuse Act, 2011, The Electronics Signatures Act, 2011 and the Electronic Transactions Act, 2011 do not fully address the issue of data protection and privacy.
According to a 2016 report based on a global survey of cybersecurity managers and practitioners, cyber security and information security is considered a technical issue rather than a business imperative.  The findings of this study echo sentiments held by civil society organisations which face similar digital security threats including increasingly sophisticated threats and rate of incidents according research conducted by the Collaboration for International ICT Policy in East and Southern Africa (CIPESA). It revealed that various CSOs were concerned about, or had been victims of hacking attempts on their email accounts and internal networks, that they had been targeted by phishing emails, and that they feared their activities were being surveilled by authorities
In order to be better positioned to address cyber threats, civil society and SME need to be equipped with skills encompassing both online and offline responses. These include knowhow on policy and compliance, physical environmental protection, risk assessment, access controls, incident management, monitoring, backup, malware identification and technical intrusions.
Through a cyber essentials course and practical exercises, participants at the workshop were equipped with basic skills for enabling non-technical users to establish five information security controls including malware protection, access control, patch management, secure configuration, boundary firewalls and internet gateways.
As a follow-up to the exercise, selected participants will undergo further training for possible contracting as IASME information security assessors for SME’s. CTO’s international events and seminars are conducted in all countries of the Commonwealth, across the continents of Africa, Europe, the Americas, Asia and the Pacific region. Specifically, in Africa, the events have been held in Botswana, Cameroon, Ghana, Kenya, Liberia, Mozambique, Nigeria, Papua New Guinea, South Africa, Swaziland and Uganda.
 

DR Congo Parliament Urged to Pass Laws That Support Citizens’ Rights Online

Statement |
Civil society actors in the Congolese town of Goma have urged the Government of the Democratic Republic of Congo (DRC) to make amendments to its current laws governing Information and Communication Technologies (ICT) to make them favourable to the growth of internet usage, as well as online privacy, access to information and freedom of expression.
The civil society actors, including journalists, digital rights activists and bloggers, also urged the country’s Parliament and the Ministry for ICT to offer meaningful avenues for citizens to provide inputs to proposed new laws related to the telecommunications industry.
The Government has recently sent to the Parliament the Telecommunications and ICT Bill which is aimed at updating the Framework Law 013/2002 on Telecommunications, as well as the e-Transactions Bill, and a law amending the Act that set up the regulator – the Authority of the Post and Telecommunications of Congo (ARPTC). However, neither the Parliament, nor the Ministry, have announced opportunities for other stakeholders to make comments or submissions on these draft laws.
The importance of stakeholder consultations in Congo’s policy-making processes was among the issues that emerged during a two-day ICT policy and advocacy training workshop hosted in Goma on June 10- 11, 2017, by Rudi International and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA). Participants noted that the exclusion of private sector and civil society actors from the law-making process could lead to the passing of laws that are detrimental to internet access and usage in the central African country.
Presently, ICT adoption in DRC faces several challenges including unreasonably high data costs which have largely contributed to the low internet penetration rate of 4.2% as of 2016. The Framework Law 013/2002 on Telecommunications and the Law 14/2002 on the Regulator are the primary laws governing online communication but they do not adequately provide for citizens’ rights to privacy, nor do they provide a conducive environment for citizens to enjoy the right to free expression.
Further, these laws contain vague clauses such as ‘public interest’, ‘disruption of public order’, ‘ultimate truth’, and ‘national security’ which create the latitude for unwarranted abuse of the laws including through censorship and surveillance. Meanwhile, internet and telecommunications services providers lack protection from undue state interference as has been evidenced by the evolution of communications shutdowns in recent years.
The proposed new laws are welcome because they present an opportunity to expunge retrogressive articles from the existing laws and to address the current gaps. However, the current drafts neither reflect sufficient protections for citizens’ rights to privacy and freedom of expression, nor do they adequately support the free flow of information online. For instance, the Telecommunications and ICT Bill contains several problematic clauses, including granting the minister excessive powers over the interception of communications and interruptions to communications. The minister and the regulator also maintain strong over the operations of service providers. Furthermore, there are weak provisions related to data protection, with the bill lacking independent oversight mechanisms particularly with regards to the state making user information requests to service providers.
The lack of independent oversight mechanisms to safeguard against the abuse of the excessive power by the minister fails to ensure that citizens are protected against unwarranted interception of communication.
While article 175 of the proposed ICT and Telecommunications law recognises the right of a citizen to demand for information on their personal data from the state or another entity, there are no clear provisions on how this information can be requested or whether the holders of this information are obliged to respond to an information request within a specified timeframe.
Secure online communication is prioritised in articles 116–117. However, clauses which permit the state to intercept private communication with limited safeguards are also included. Further, article 119 includes a provision for the General Prosecutor to designate a chief magistrate who can instruct any qualified agent from the Ministry of ICT or a telecommunications company to put in place mechanisms that allow for interception of citizens’ online communication.
During the training workshop, the civil society actors noted that these clauses contravene international human rights standards as set out in a number of instruments including the Universal Declaration of Human Rights, African Charter on Human and Peoples’ Rights and the African Declaration on Internet Rights and Freedoms. As such, they recommended that:

  • There should be increased participation by more stakeholders in the law development process, as well as regular multi-stakeholder engagements between government, service providers and civil society;
  • Government, particularly the Ministry of ICT and Parliament, should widely circulate the three bills, create awareness about their objectives and invite comments on the draft laws from various stakeholders;
  • The legislature should ensure that  vague terminologies in the bills, including “national security”, “illicit” and “public order interference”, are defined before they are passed;
  • Since in its current form the Telecommunications and ICT bill creates room for abuse by giving excessive powers to the regulator and the Ministers of Interior, Defence and Security Affairs, the judiciary and Parliament should be granted wider oversight mandate over the regulator and the minister.
  • A specific law on data protection should be enacted to  ensure that citizens’ personal data and privacy are safeguarded;
  • The ICT and telecommunications bill should specify the procedures for citizens to request for information from the state, and the release of such information by the state;
  • The three laws under consideration by Parliament should include clauses that protect the right to freedom of expression and the free flow of information.
  • Clauses on non-discrimination and equality should be introduced in the proposed law on Telecommunications and ICT specifically through criminalising actions that promote cyber bullying, cyber stalking, revenge pornography, and other acts that constitute online violence against women and other minority and vulnerable groups.

These recommendations echo those made by CIPESA in the State of Internet Freedom in DR Congo 2016 report, which also called for the Parliament to work with more stakeholders including civil society, internet users, private sector, academics and the media to review laws and amend those that limit and restrict citizens’ rights to privacy, assembly, expression and access to information. The report also stated that the drafting and amendment of laws should meet acceptable international human rights standards.

Joint Letter on Internet Shutdown in Uganda

By Access Now |
Mr. Zeid Ra’ad Al Hussein, Mr. David Kaye, Mr. Joseph Cannataci, Mr. Maina Kiai, Mr. Michel Forst, Ms. Faith Pansy Tlakula, and Ms. Reine Alapini-Gansou
cc: African Union
African Peer Review Mechanism (APRM) Secretariat
Common Market for Eastern and Southern Africa Secretariat
Domestic & International Election Observer Missions to the Republic of Uganda
East African Community Secretariat
International Conference on the Great Lakes Region Secretariat
New Partnership for Africa’s Development (NEPAD) Secretariat
Uganda Communications Commission
Uganda Electoral Commission
Uganda Ministry of Information and Communications Technology
23 February 2016
Re: Internet shutdown in Uganda and elections
Your Excellencies,
We are writing to urgently request your immediate action to condemn the internet shutdown in Uganda, and to prevent any systematic or targeted attacks on democracy and freedom of expression in other African nations during forthcoming elections in 2016. [1]
On February 18, Ugandan internet users detected an internet outage affecting Twitter, Facebook, and other communications platforms. [2] According to the Uganda Communications Commission (UCC), blocking was carried out on orders of the Electoral Commission, for security reasons. [3] The shutdown coincided with voting for the presidential election, and remained in place until the afternoon of Sunday, February 21. During this period, two presidential candidates were detained under house arrest. [4] The telco MTN Uganda confirmed the UCC directed it to block “Social Media and Mobile Money services due to a threat to Public Order & Safety.” [5] The blocking order also affected the telcos Airtel, Smile, Vodafone, and Africel. President Museveni admitted to journalists on February 18 that he had ordered the block because “steps must be taken for security to stop so many (social media users from) getting in trouble; it is temporary because some people use those pathways for telling lies.” [6]
Research shows that internet shutdowns and state violence go hand in hand. [7] Shutdowns disrupt the free flow of information and create a cover of darkness that allows state repression to occur without scrutiny. Worryingly, Uganda has joined an alarming global trend of government-mandated shutdowns during elections, a practice that many African Union member governments have recently adopted, including:  Burundi, Congo-Brazzaville, Egypt, Sudan, the Central African Republic, Niger, Democratic Republic of Congo. [8], [9], [10], [11], [12], [13], [14]
Internet shutdowns — with governments ordering the suspension or throttling of entire networks, often during elections or public protests — must never be allowed to become the new normal. Justified for public safety purposes, shutdowns instead cut off access to vital information, e-financing, and emergency services, plunging whole societies into fear and destabilizing the internet’s power to support small business livelihoods and drive economic development.
Uganda’s shutdown occurred as more than 25 African Union member countries are preparing to conduct presidential, local, general or parliamentary elections. [15]
A growing body of jurisprudence declares shutdowns to violate international law. In 2015, various experts from the United Nations (UN) Organization for Security and Co-operation in Europe (OSCE), Organization of American States (OAS), and the African Commission on Human and Peoples’ Rights (ACHPR), issued an historic statement declaring that internet “kill switches” can never be justified under international human rights law, even in times of conflict. [16] General Comment 34 of the UN Human Rights Committee, the official interpreter of the International Covenant on Civil and Political Rights, emphasizes that restrictions on speech online must be strictly necessary and proportionate to achieve a legitimate purpose. Shutdowns disproportionately impact all users, and unnecessarily restrict access to information and emergency services communications during crucial moments.
The internet has enabled significant advances in health, education, and creativity, and it is now essential to fully realize human rights including participation in elections and access to information.
We humbly request that you use the vital positions of your good offices to:

  • call upon the Ugandan government to provide redress to victims of the internet shutdown, and pledge not to issue similar orders in the future;
  • call on African states to uphold their human rights obligations, and not to take disproportionate responses like issuing shutdown orders, especially during sensitive moments like elections;
  • investigate shutdowns, in their various forms, in order to produce public reports that examine this alarming trend and its impact on human rights, and make recommendations to governments and companies on how to prevent future disruptions;
  • encourage telecommunications and internet services providers to respect human rights and resist unlawful orders to violate user rights, including through public disclosures and transparency reports;
  • encourage the African Commission on People’s and Human Rights, the United Nations Human Rights Council, and the UN General Assembly to resolve that Internet Shutdowns violate freedom of expression per se and without legal justification.

We are happy to assist you in any of these matters.
Sincerely,
Access Now
African Centre for Democracy and Human Rights Studies (ACDHRS)
Association for Progressive Communications (APC)
Article 19 East Africa
Chapter Four Uganda
CIPESA
CIVICUS
Committee to Protect Journalists
DefendDefenders (The East and Horn of Africa Human Rights Defenders Project)
Electronic Frontier Foundation (EFF)
Global Partners Digital
Hivos East Africa
ifreedom Uganda
Index on Censorship
Integrating Livelihoods thru Communication Information Technology (ILICIT Africa)
International Commission of Jurists Kenya
ISOC Uganda
KICTANet (Kenya ICT Action Network)
Media Rights Agenda
Paradigm Initiative Nigeria
The African Media Initiative (AMI)
Unwanted Witness
Web We Want Foundation
Women of Uganda Network (WOUGNET)
Zimbabwe Human Rights NGO Forum
Endnotes
[1] Uganda election: Facebook and Whatsapp blocked’ (BBC, 18 February 2016) <http://www.bbc.co.uk/news/world-africa-35601220> accessed 18 February 2016.
[2] Omar Mohammed, ‘Twitter and Facebook are blocked in Uganda as the country goes to the polls’ (Quartz Africa, 18 February 2016) <http://qz.com/619188/ugandan-citizens-say-twitter-and-facebook-have-been-blocked-as-the-election-gets-underway/> accessed 18 February 2016.
[3] Uganda blocks social media for ‘security reasons’, polls delayed over late voting material delivery (The Star, 18 February 2016) <http://www.the-star.co.ke/news/2016/02/18/uganda-blocks-social-media-for-security-reasons-polls-delayed-over_c1297431> accessed 18 February 2016.
[4]  Brian Duggan, “Uganda shuts down social media; candidates arrested on election day” (CNN, 18 February 2016) <http://www.cnn.com/2016/02/18/world/uganda-election-social-media-shutdown/> accessed 22 February 2016.
[5] MTN Uganda <https://twitter.com/mtnug/status/700286134262353920> accessed 22 February 2016.
[6] Tabu Batugira, “Yoweri Museveni explains social media, mobile money shutdown” (Daily Nation, February 18, 2016) <http://www.nation.co.ke/news/Yoweri-Museveni-explains-social-media-mobile-money-shutdown/-/1056/3083032/-/8h5ykhz/-/index.html> accessed 22 February 2016.
[7] Sarah Myers West, ‘Research Shows Internet Shutdowns and State Violence Go Hand in Hand in Syria’ (Electronic Frontier Foundation, 1 July 2015)
<https://www.eff.org/deeplinks/2015/06/research-shows-internet-shutdowns-and-state-violence-go-hand-hand-syria> accessed 18 February 2016.
[8] ‘Access urges UN and African Union experts to take action on Burundi internet shutdown’ (Access Now 29 April 2015) <https://www.accessnow.org/access-urges-un-and-african-union-experts-to-take-action-on-burundi-interne/> accessed 18 February 2016.
[9] Deji Olukotun, ‘Government may have ordered internet shutdown in Congo-Brazzaville’ (Access Now 20 October 2015) <https://www.accessnow.org/government-may-have-ordered-internet-shutdown-in-congo-brazzaville/> accessed 18 February 2016.
[10]  Deji Olukotun and Peter Micek, ‘Five years later: the internet shutdown that rocked Egypt’ (Access Now 21 January 2016) <https://www.accessnow.org/five-years-later-the-internet-shutdown-that-rocked-egypt/> accessed 18 February 2016.
[11] Peter Micek, ‘Update: Mass internet shutdown in Sudan follows days of protest’ (Access Now, 15 October 2013) <https://www.accessnow.org/mass-internet-shutdown-in-sudan-follows-days-of-protest/> accessed 18 February 2016.
[12] Peter Micek, ‘Access submits evidence to International Criminal Court on net shutdown in Central African Republic’(Access Now 17 February 2015) <https://www.accessnow.org/evidence-international-criminal-court-net-shutdown-in-central-african-repub/> accessed 18 February 2016.
[13] ‘Niger resorts to blocking in wake of violent protests against Charlie Hebdo cartoons.’ (Access Now Facebook page 26 January 2015) <https://www.facebook.com/accessnow/posts/10153030213288480> accessed 18 February 2016.
[14] Peter Micek, (Access Now 23 January 2015) ‘Violating International Law, DRC Orders Telcos to Cease Communications Services’ <https://www.accessnow.org/violating-international-law-drc-orders-telcos-vodafone-millicon-airtel/> accessed 18 February 2016.
[15] Confirmed elections in Africa in 2016 include: Central African Republic (14th February), Uganda (18th February), Comoros and Niger (21st February), Rwanda (22nd -27th February), Cape Verde (TBC February), Benin (6th-13th March), Niger, Tanzania and Congo (20th March), Rwanda (22nd March), Chad (10th April), Sudan (11th April), Djibouti (TBC April), Niger (9th May), Burkina Faso (22nd May), Senegal (TBC May), Sao Tome and Principe (TBC July), Zambia (11th July), Cape Verde (TBC August), Tunisia (30th October), Ghana (7th November), Democratic Republic of Congo (27th November), Equatorial Guinea (TBC November), Gambia (1st December), Sudan, and Cote d’Ivoire (TBC December). Other elections without confirmed dates are scheduled to occur in Sierra Leone, Mauritania, Libya, Mali, Guinea, Rwanda, Somalia, and Gabon.
[16] Peter Micek, (Access Now 4 May 2015) ‘Internet kill switches are a violation of human rights law, declare major UN and rights experts’ <https://www.accessnow.org/blog/2015/05/04/internet-kill-switches-are-a-violation-of-human-rights-law-declare-major-un> accessed 18 February 2016.