Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Cybersecurity

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Cybersecurity
18Apr

The Stampede for SIM Card Registration: A Major Question for Africa

Author admin Posted on

By Edrine Wanyama |
It is anticipated that by 2025, there will be at least 5.9 billion mobile subscribers accounting for 71% of the world’s population. As of 2017,  Sub-Saharan Africa (SSA) had  a mobile subscription rate of 44% which is projected to reach  52% by 2025. Further, SSA’s mobile internet penetration by 2017 stood at 21% and is anticipated to increase to 40% by 2025.  However, the region has registered the largest number of cases of mandatory SIM card registration yet it suffers some of biggest challenges in personal data protection and privacy.
The benefits of SIM card registration include facilitation of citizens’ access to e-Government services, easy identification of an individual’s mobile number and number portability when switching networks. In addition, it aids combating cybercrime including terrorism by limiting covert communication and promotes good relations between consumers and service providers by simplifying identification of consumers and their use of SIM services. Accordingly, many governments argue that mandatory SIM card registration is for purposes of safeguarding digital and physical security. However, critics argue that when SIM card registration is effected without due safeguards, it poses a threat to privacy and freedom of expression.
Indeed, in 2013 Mexico repealed its policies on SIM card registration “after a policy assessment showed that it had not helped with the prevention, investigation and/or prosecution of associated crimes.” Finland has not enforced compulsory SIM card registration and nonetheless, through voluntary mobile signatures, service providers has succeeded in facilitating user’s access to relevant retail, banking and e-Government services.
Globally, over 90 countries conduct compulsory SIM card registration yet some remain without clear policy on its implementation. Amidst criticisms that mandatory registration does not necessary combat cybercrime, as criminals take the necessary precautions to avoid being detected and circumvent mandatory SIM card registration, African countries continue to proactively enforce SIM card registration. Among the prevailing challenges on the continent is the difficulty in validating identity documents in an environment with a wide range of service providers who create room for potential circumvention.
Mandatory registration has negatively affected access and usage of mobile telecommunication services due to the tedious process which entails the production of documentation such as passports and national identity cards prior to registration, which sometimes results in failure to attain a SIM card, disconnection, or  deactivation of SIM cards.
Additionally, there have been repetitive calls for registration of SIM cards in countries such as Uganda and Nigeria with personal data being collected  more than once. In Uganda, despite government explanation that SIM card verification is aimed at ensuring secure and safer communications, citizens have unanswered questions on the exercise. Suspicion arises due to a fresh validation of SIM card registration using national identity cards subsequent to registration which was initially done using valid documents such as students’ identity cards, driving permits and passports.
Double collection of personal data may partly imply collection of data beyond what is necessary for the purpose contrary to the internationally established data protection principles such as those set out in the Organisation for Economic Co-Operation and Development (OECD) Data Protection Principles. Further, there is no guarantee of individual privacy as most of the African countries do not have data protection laws. Moreover, most of the existing data protection laws do not meet internationally recognised standards considered sufficient to guarantee personal data protection and are therefore regarded as offering moderate or limited protection.
Meanwhile, efforts to buttress data protection in Africa have not yielded much. Out of 54 countries on the continent, only 14 have data protection laws (Angola, Benin, Burkina FasoMali, Gabon, GhanaIvory Coast, Lesotho, Madagascar, MoroccoSenegalSouth AfricaTunisia and Zimbabwe). A few others such as Uganda, Kenya, Nigeria, Tanzania and Niger have Bills. Regional efforts have also not yielded much. The Convention on Cyber Security and Personal Data Protection which was adopted by the African Union in 2014 has registered only 10 signatories (Benin, Chad, Congo, Ghana, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, Zambia and Comoros) and one ratification by Senegal.
Ultimately, there is need to reconcile state interests with citizens’ personal data and privacy rights. Mandatory registration, especially in the absence of clear registration guidelines and the lack of data protection laws, puts personal data at risk. African governments need to learn from other jurisdictions such as Europe with regards to processing of personal data as part of SIM card registration. In enforcing SIM card registration, there should be a clear set registration timelines, clear and unambiguous registration requirements.

21Apr

Is Tanzania Becoming an Internet Freedom Predator?

Author admin Posted on

By Juliet Nanfuka |
Tanzania appears to be steadily sliding into a predator of critical social media users, as state authorities continue to arrest and prosecute users for expressing what many see as legitimate opinions. In recent months, the country’s newly elected government has used  a controversial new law  to prosecute at least seven social media users, in spite of  constitutional guarantees of free speech.
Tanzanian netizens are falling foul of the Cybercrimes Act enacted last year, whose stated goal is “criminalizing offences related to computer systems and Information Communication Technologies”. The law has been used to charge citizens for “publication of false information” in accordance with Section 16 of the Act. It states: “Any person who publishes information or data, presented in a picture, text, symbol or any other form in a computer system knowing that such information or data is false, deceptive, misleading or inaccurate and with intent to defame, threaten, abuse, insult or otherwise deceive or mislead the public or councelling the commission of an offence, commits an offence, and shall on conviction be liable to a fine not less than five million shillings or to imprisonment for a term not less than three years or to both.“
On April 15, 2016 Isaac Habakuk Emily was appeared in court for the publication of false information using a computer system – in this instance Facebook. In a post, Emily referred to President Pombe Magufuli as an imbecile that could not be compared to the country’s founding leader, Julius Nyerere.  He appeared in court for insulting the president after his post was reported to the Tanzania Communications Regulatory Authority (TCRA).
See report on State of Internet Freedom in Tanzania 2015
Since the Cybercrimes Act took effect last September, Tanzanian social media users have “gone a little quiet”, according to journalist Joseph Warungu. And for good reason, as Emily is not the first individual against whom the law has been used. In October 2015, Benedict Angelo Ngonyani was charged for “spreading misleading information” after he posted on Facebook that Tanzania’s Chief of Defence Forces, General Davis Mwamunyange, had been hospitalised following food poisoning. In the same month, Sospiter Jonas was charged for posting to Facebook content stating that Tanzanian Prime Minister Mizengo Pinda “will only become a gospel preacher.” The following month, four staff of an opposition party were charged for publishing “inaccurate” election results on Facebook and Twitter.
The stated objective of the Cybercrimes Act was to fight rising incidents of cybercrime such as bank fraud, mobile money theft, phishing attacks, website hacking and spoofing. However, even as it was being debated, human rights defenders warned that the government would use the law to suppress critical voices. As one activist stated, “We usually use various internet platforms to communicate our information—Twitter, Facebook, blogs, SMS, WhatsApp, etc. The use of all these forms will be rendered useless by the Act which in part criminalises transmission of any information deemed misleading, defamatory, false or inaccurate by the government.”
The Cybercrimes Act was reportedly passed in the middle of the night and has been criticised for disregarding press freedom and freedom of expression, granting excessive powers to police, and offering limited protections to ordinary citizens.
Clamping down on social media users is a trend that has been increasingly witnessed in East Africa and beyond.  In Kenya, Section 29 of the Kenya Information and Communications Act (2013) has been used to charge up to 10 social media users for “the improper use of a telecommunication system” in 2016 alone. In Uganda, Section 25 of the Computer Misuse Act bears similar language and states, “Any person who willfully and repeatedly uses electronic communication to disturb or attempts to disturb the peace, quiet or right of privacy of any person with no purpose of legitimate communication whether or not a conversation ensues commits a misdemeanor.” In the lead up to the February 2016 general elections, a series of arrest were made which saw social media users charged using this law.
Further afield, South Africa’s Cybercrimes and Cybersecurity Bill (2014) also bears similar vague clauses that muzzle opinion of the media, bloggers and other independent actors that promote freedom of expression and increased state transparency. In Nigeria, the Frivolous Petitions Bill (2015), popularly known as the Social Media Bill, threatens to muzzle public expression online.
The Cybercrimes Act is one of several laws Tanzania  enacted in the lead up to the October 2015 general elections despite public outcry that these laws granted excessive powers to the police criminalised  expression and access to information, and did not provide clear legal recourse to citizens.
As affronts to citizens’ online rights in Tanzania and other countries continue, self-censorship is likely to prevail which in turn would have a negative impact on citizen participation, transparency and accountability in governance.
NB: Section 16 of the Cybercrimes Act 2015 has been adjusted to reflect the fine of not less than five million shillings or to imprisonment for a term not less than three years or to both.

1 2 3