Unmasking Digital Security Threats facing Human Rights Defenders in Uganda and Tanzania

By Lillian Nalwoga |

Technology presents various challenges to the protection of human rights such as the lack of adequate avenues to verify authenticity of information shared, violation of the right to privacy, respect to copyright issues and the right to anonymity among others.  With a shrinking civic space in Uganda and Tanzania, Human Rights Defenders (HRDs) need to be more vigilant in securing their digital environments.

In both countries, government has increased clampdown on human rights organisation – including intimidation and arrests of HRDs, closure of their offices and harassment of social media users.  Despite moderate digital security threat perception rating, the occurrence of malicious attacks at both organisational and personal levels are still present among many HRDs in both countries from state and non-state actors. For Uganda, past reports have also indicated authorities in Uganda intensifying their efforts to obtain spyware and surveillance equipment.  While in Tanzania, government’s growing appetite for stifling citizens’ digital rights has been on the rise with the most recent issuance of regressive online content regulations being another blow to the already declining internet freedom in the country.

These deductions require an awareness of the digital security threats faced by HRDs, a clear understanding and implementation of internet freedom legalisation affecting their works and different digital security tools that they can use to protect their online privacy.

The Collaboration for International ICT Policy in East and Southern Africa (CIPESA) in partnership with Kampala based tech hub, Outbox and Sahara Ventures in Tanzania between November and December 2017, hosted a series of digital clinics, where HRDs and technologists shared insights on various forms of digital security threats and how to collaboratively develop effective digital security strategies in advancing digital rights protection in Uganda and Tanzania.

The digital security clinics provided an opportunity for techies and HRDs to explore and discuss digital security challenges as well as the need to promote Internet freedom in both countries. Additionally, the clinics exposed participants to digital safety tools and practices; legal and regulatory frameworks and knowledge on how to apply them in their day-to-day activities.

At the Uganda workshop, Immaculate Nabwire, a digital security trainer with Defend Defenders spoke inextricable link between digital security and human rights noting that the lack of digital security exposes valuable work and vulnerable communities to immense risk.

Participants explored some of the risks which lurk online including the various forms of digital attacks such as malware attacks, ransomware attackspassword attacks, phishing, Denial Of Service (DoS) alongside the extent of control one has over information that is shared online particularly – including in perceived closed spaces such as Facebook and Whatsapp groups.

To address these security gaps, some of the tactics and tools shared in both countries included the use of password managers through to basic methods such as the regular changing of passwords; use of –anonymity and circumvention tools such as Tor Browser; DuckDuckGo Search Engine and Opera Free VPN); Malware Protection tools; data encryption tools, among others.

In Tanzania, participants also analysed open source encryption tools – Mailvelope , Signal, and Martus for their strengths and weaknesses in use by HRDs. Elements tested included: –  User Experience and UX Design (ease of installation, internet speeds, literacy levels, language); Penetration Testing and Security Breach (level of confidentiality in securing user communication) and Localization (compatibility with other interfaces).  A similar exercise was conducted in Uganda, in 2015 were 5 digital security tools where tested. Whereas the 2015 exercise identified “lack of an attachment encryption function” for Mailvepe tool and “no option for retrieving a lost encryption key” for Martus, this was not the case for Tanzania developers.

Tool test findings in Tanzania

Tool Strength Limitation
Martus  ·         Easy to install even for people with low digital security skills –·         Provides a high confidence to use as no known security breaches have been documented·         Compatible for all operation systems (OS)
·         Can be used as a desktop application
Only operates with an internet connection and is affected by slow internet speed
Signal  ·         Easy to install·         It can be used as a desktop or mobile application.·         Can be used as a message app (does not require internet connection) or as a messenger app (require internet connection)
·         The app comes with only two themes (dark and light) pre-installed, there’s no option to add additional themes.·         Signal App requires internet connection which isolates users with feature phones and data subscription capacity.·         Can only be used by Android and IOS users can, thus isolating a large percentage of phone users with other operating systems
Mailvelope ·         Easy to customization, can add as many email service vendors as possible.·         Easy installation.
·         Can be translated in more than 35 languages in transfix.
The extension is not available in other browsers like Safari for Mac users 

The November 2017 engagements in Uganda highlighted the absence of a data privacy and protection law as major concern to the protection of their data at both national and global level. A draft Data Privacy and Protection bill (2015) currently remains before Parliament and awaits passing having been introduced in 2014. In Tanzania, participants called upon the government to use technology as a tool to promote development, not as a catalyst for social chaos.

Participants were further urged to make more informed decisions on the risks they expose themselves to online including – examining the amount of information they share directly, and that shared indirectly through members of their social networks. Indeed, as software increasingly mimics human behaviour and continues to mutate, the need for more agile digital security practices is needed to match these changes.

These events were part of CIPESA’s wider activities on building the digital rights knowledge as well as digital security, safety and capacity of human rights defenders, media, vulnerable women organisations in five African countries – Burundi, Ethiopia, South Sudan, Tanzania and Rwanda and supported by the Open Technology Fund (OTF).