Using FIFAfrica17 Conversations To Drive Change

By Martha Chilongoshi |
The Africa I want is one that embraces diversity, promotes freedom of expression, values the right to information and prioritizes the elimination of all forms of discrimination on the basis of gender.
For my ideal Africa to be realized, actions, initiatives and conversations that challenge the status quo and disrupt structural systems which hinder development are very vital and this is what the Forum on Internet Freedom represents for me, an opportunity to meet like-minded people and share ideas as well as experiences on how to advance our societies for the better.
A communication for development professional like me finds great value in the Forum on Internet Freedom gatherings because it presents diverse opportunities for me to learn about the social, economic and political factors affecting internet access and usage in other countries in Africa and how I can apply lessons from there to address and solve prevailing issues in my own country – Zambia.
More importantly, the forum has deepened my knowledge on the role of the internet in the development agenda in that, I have been afforded the opportunity to meet my online community in an offline setting and build a support structure that offers solutions and coping strategies to challenges of internet shutdowns, restrictions on freedom of expression, women’s safety online, privacy and security among other things.
As a gender equality & human rights activist, I particularly enjoyed the session on “Finding equality in an age of discrimination online” with panelists, Emilar Gandhi (Facebook), Daniel Kigonya, (iFreedom Uganda), Caroline Tagny (CAL) and Fungai Machirori (APC). This was an important conversation for me because personally, I have committed to use my skills as a Journalist to create awareness and give prominence to issues that affect women and girls using social media and blogging platforms and in my experience, online spaces have not been spared from the patriarchal structures and attitudes that exist offline
Patriarchy has been defined in the Merriam Webster dictionary as;
– a social organization marked by the supremacy of the father in the clan of the family
– the legal dependence of wives and children, and the reckoning of descent and inheritance in the male line
– control by men of a disproportionately large share of power
With this in mind, it is not surprising that online spaces are being used to perpetuate the very inequalities that exist offline and policing how women and girls express themselves online, how they report violations and how they narrate their experiences. This is why the conversation on “Women’s safety online” by panellists, Francoise Mukuku (Si Jeunesse Savait DR Congo), Irene Kiwia (Tanzania Women of Achievement), Emilar Ghandi (Facebook) and Twasiima Patricia (Chapter Four Uganda) was also very key because it addressed the need to ensure women and girls are protected online and users of the Internet adhere to the set community standards and ideals that deter them from perpetuating abuse and discrimination.
I must add that apart from the panel discussions, I really enjoyed the personal conversations I had during tea and lunch breaks, one of my favourite discussions on the sidelines of the Forum was a conversation about feminism and gender equality with Tricia from Uganda and Tracey from Kenya. As the image below will show, we were so invested in the conversation and it was a brilliant, rich and empowering exchange of young women daring to stand up against structures and environments that perpetuate discrimination using online spaces.

Another key take away from these two sessions was the need to empower women and girls with information about their rights through access to the internet so they can recognise when those rights are being threatened or violated by another person. Often, women and girls are socialised and conditioned to think that they cannot make decisions without the approval of their male relations because from time in memorial, the power lies with men and women are constantly subjected to finding ways of not upsetting this hold on power and in effect remaining silent in the face of violence.
There are many progressive developments that online spaces have provided to ordinary people in terms of dealing with equality, freedom of expression and access to information. More people are now able to voice out on issues that affect them in real time and create a critical mass through social movements that have proved to be a force in challenging the powers that be. This has easily been evidenced by internet shutdowns by governments in Zimbabwe, Cameroon, Togo and Gambia among other countries.
This brings me to another conversation I found most intriguing at the forum themed “Privacy & Freedom of Expression” which was wonderfully moderated by Gbenga Sesan of Paradigm Initiative and featured panellists from state institutions namely James Mutandwa Madya (Ministry of ICT Postal and Courier Services Zimbabwe), Micheal Ilishebo (Zambia Police Service), Marian Shinn (MP, Parliament of South Africa) and Fortune Mgwili-Sibanda (Google).
For the last two years, my line of work has involved working on projects that are centred on democracy, good governance and civic participation especially during electoral processes and this particular conversation was key in understanding how state institutions view the internet and its power to connect people for social change. The conversation between the panellists and audience brought one thing to light, many African governments are threatened by the power that the internet gives to ordinary citizens and as a result, opt to shut it down in order to repress social movements that mobilise people towards an issue.
This can be proved by revisiting how the Zimbabwean government dealt with Evan Mawarire, a pastor whose social media movement dubbed #ThisFlag inspired thousands of Zimbabweans online and offline to demand for better conditions of living from their government. He had to flee his country because his family was no longer safe and when he eventually returned, he was immediately arrested and charged with “attempting to overthrow a constitutionally elected government”.
Another prominent case was that of Cameroon where the Internet was shut down for 3 months in the English speaking region of the country by the government. The shutdown caused hundreds of citizens to mobilise and find alternative means of accessing the internet and creating the hashtag #BringBackOurInternet to let the world know of the discrimination and suppression that was happening in Cameroon. Among the prominent Cameroonian voices that demanded for the restoration of the internet was the Forum’s keynote speaker, Rebecca Enonchong, Founder and CEO of Apps Tech who shared her experience on the impact of the internet shutdown on the rights and freedoms of Cameroonians and to a great extent, its impact on the economy.
If I have to sum up my experience at the forum on internet freedom 2017, I will say that it has given me a fresh and dynamic perspective of the internet, it has broadened my knowledge on the many ways I can use the internet as a tool and an enabler for my human rights activism and encourage civic participation in my community. It has also allowed me to see the economic impact that an internet shutdown can have on a country and for me, this is a great angle from which to advocate for an open, neutral and free internet.  I can’t wait for next year’s conversation!


Originally published on the Revolt For Her website
 

“Fake News” and Internet Shutdowns in Africa – What is to be Done?

By Jimmy Kainja |
Malawian lecturer and  blogger, Jimmy Kainja participated at the Forum on Internet Freedom in Africa 2017. He shares some insights on fake news and internet shutdowns post the Forum.

In 2016 after attending my first Re:publica, a techie conference in Berlin, I wrote of a need for Africa to have what I called a “collective thinking space” where like-minded actors on the African continent would converge to share ideas and inspire each other. The Forum on Internet Freedom in Africa, 2017 (FIFAfrica17) which was held in Johannesburg, South Africa which I recently attended was the type of gathering that I wrote about in 2016.

Organised by Corroboration on International ICT Policy for East and Southern Africa (CIPESA) and co-hosted by the Association for Progressive Communication(APC), the peak of FIFAfrica17 was the launch of two important reports by CIPESA: State of Internet Freedom in Africa 2017 and the Cost of Internet Shutdowns in Africa. The reports highlight how influential new technologies, specifically the Internet have become in African politics over the years. Speaking at the Forum, Google’s Fortune Mgwili-Sibanda, observed that not withstanding the low Internet penetration rate on the continent, the Internet today has become important to African politics in a similar way that broadcasting was in the age of coups in Africa.

State broadcasting stations were always among the first institutions to be ceased by successful coup leaders so they could announce their victories and spread propaganda. Today, noted Mgwili-Sibanda, authoritarian states are quick to shutdown the Internet to maintain power and control. The age of the Internet has arrived in Africa and it is only right that Africans engage with new technologies critically – FIFAfrica17 provided that space.

Apart from critical issues concerning security and gender equality online, cost of the Internet, freedom of expression, access to information and privacy online, there were two specific issues that stood-out for me: “fake news” and of Internet shutdown. “Fake news”, perhaps I happened to sit on its discussion panel and Internet shutdowns because for the first-time I got to meet people who have directly been affected by fake news and they spoke passionately about it.

Some thoughts on these two issues:

“Fake news”

We must first understand that the central problem with “fake news”, and this is why it matters, is the centrality of access to information in democratic societies. Information is a pre-requisite for citizen’s public participation, and meaningful public participation can only be realised when citizens have accurate and critical information. This can only be realised through free and independent media providing accurate and verified information, not “fake news”.

Of course “fake news” has always been around in various forms and guises – it is still the same today. There are “fake news” producers only using it as click-baits, the motive here is nothing more than monetising. Then there is “fake news” informed by cultural myths – in Africa, certainly in Malawi where I come from, you always have media reporting on cases such as witchcraft planes having landed somewhere, is this not “fake news”? Then the most critical one: deliberate “fake news” aimed at deceiving the audience, harming someone, maintaining or attaining power.

The first version of “fake news” is likely to drift away as society figures out this disruptive technology. The second version is harmless – societies are bound and they exist by cultural beliefs and myths. We must be worried with the third version of “fake news” as it is politically motivated and its consequences have a greater impact in society.

In some cases there is nothing that media institutions can do to stop the spread of “fake news”, and this is one of the reasons that the “fake news” phenomenon is technology specific – the Internet. Yet, this also emphasises the critical role that journalists have in ensuring that the public have access to accurate and credible information.

Verification and fact-checking in journalism have never been so important. It is also the only way that journalism is going to maintain its credibility intact. As the saying goes, it is better to be late and accurate than break inaccurate or incorrect news.

Internet Shutdowns

The cost of Internet shutdowns is colossal as indicated in the report launched at FIFAfrica17. Yet, for paranoid political leader trying to maintain control and power, there is no price that cannot be paid.

But then it is crucial to appreciate that Internet shutdowns involve two players – government and service providers. Governments are interested is shutting down the Internet to close off citizens expressing their dissatisfaction and misgivings about the government. While service providers have to abide by government orders or risk loosing operating licenses. Service providers are not charity organisations – their prime motive is to make profits.

This leaves civil society to battle for open and accessible Internet for all, against the collusion between governments and service providers. Gatherings such as FIFAfrica17, though seemingly techie niche, are thus very important for activists, civil society groups, academia etc. to bang heads, share experiences and chart the way forward.

If everything in the past has failed to bring about African consciousness and solidarity among the huge diversity of Africans then Internet is proving an exception. According to a 2015 Portland Communication study, “Africa Tweets” the political #hashtags in Africa show that there is more solidarity among Africans online – or at least on Twitter. South Africa’s #feesmustfall hashtag was more popular in Egypt than South Africa itself, for example.

This article was first published on Jimmy Kainja’s blog Spirit of Umunthu

Bridging Cyber Security Gaps: The Commonwealth Telecommunications Organization Trains SMEs in Uganda

By Edrine Wanyama |

Uganda’s Small and Medium Enterprise (SME) sector is credited with contributing 20% to the country’s Gross Domestic Product (GDP) in 2016. While the level of adoption of technology as a key component of operations within the sector remains unclear, its effective utilisation requires entities to also embrace safety and security measures as a priority.

Identifying security controls to defend against cyber threats and data protection thus formed the basis of discussions at a cyber standards training workshop for SMEs in Uganda. Organised by the National Information Technology Authority (NITA-U) in collaboration with the Commonwealth Telecommunications Organization (CTO), the workshop, held in Kampala, Uganda on August 23-24,2017 targeted SME entrepreneurs, banking industry officials as well as ICT sector representatives from non-government organisations and other ICT stakeholders.

The workshop explored the Information Assurance for Small Information Assurance for Small to Medium Enterprises (IASME) which encourages SME’s to comply with international information security management standards.

Currently, possible cyber risks include; theft of data for monetary gain or competition by criminals, hacking, physical insecurity to staff and office equipment, malware attacks, insecure configuration, updating software from unreliable sources, access control and spam.

Discussions on information security are abound in Uganda as the Data Protection and Privacy Bill, 2015 makes slow progress in Parliament while laws like the Computer Misuse Act, 2011, the Electronics Signatures Act, 2011 and the Electronic Transactions Act, 2011 do not fully address the issue of data protection and privacy.

According to a 2016 report based on a global survey of cybersecurity managers and practitioners, cyber security and information security is considered a technical issue rather than a business imperative.  The findings of this study echo sentiment held by civil society orgnaisations which face similar digital security threats including increasingly sophisticated threats and rate of incidents.

In order to be better positioned to address cyber threats, civil society and SME need to be equipped with skills encompassing both online and offline responses. These include know how on policy and compliance, physical environmental protection, risk assessment, access controls, incident management, monitoring, backup, malware identification and technical intrusions.

Through a cyber essentials course and practical exercises, participants at the workshop were equipped with basic skills for enabling non-technical users to establish five information security controls including malware protection, access control, patch management, secure configuration, boundary firewalls and internet gateways.

As a follow-up to the exercise, selected participants will undergo further training for possible contracting as IASME information security assessors for SME’s.

CTO’s international events and seminars are conducted in all countries of the Commonwealth, across the continents of Africa, Europe, the Americas, Asia and the Pacific region. Specifically, in Africa, the events have been held in Botswana, Cameroon, Ghana, Kenya, Liberia, Mozambique, Nigeria, Papua New Guinea, South Africa, Swaziland and Uganda.

In the meantime, the Ministry of ICT & National Guidance on August 20, 2017 held an Awareness Workshop on Cyber Laws such as the Constitution of the Republic of Uganda 1995, National Information Technology Authority, Uganda Communications Act 2013, Electronic Signatures Act, Computer Misuse Act, Registration of Persons Act, Electronic Transactions Act, Electronic Transaction Regulations 2013, Electronic Signatures Regulations 2013, Open Data Policy, 2017, ICT for Disability Policy Draft and the Data Protection and Privacy Bill, 2015, to sensitize member of the public, private sector, academia, government officials and other stakeholders on information security threats and how to best combat them. The work shop put emphasis on the need to know, learn and understand existing and upcoming laws, policies and guidelines that regulate cyber security and how they can be best applied.

 
 
 

Bridging Cyber Security Gaps: SMEs Trained in Uganda

By Edrine Wanyama |
Uganda’s Small and Medium Enterprise (SME) sector is credited with contributing 20% to the country’s Gross Domestic Product (GDP) in 2016. While the level of adoption of technology as a key component of operations within the sector remains unclear, its effective utilisation requires entities to also embrace safety and security measures as a priority.
Identifying security controls to defend against cyber threats and data protection thus formed the basis of discussions at a cyber standards training workshop for SMEs in Uganda. Organised by the National Information Technology Authority (NITA-U) in collaboration with the Commonwealth Telecommunications Organization (CTO), the workshop, held in Kampala, Uganda on August 23-24,2017 targeted SME entrepreneurs, banking industry officials as well as ICT sector representatives from non-government organisations and other ICT stakeholders.
The workshop explored the Information Assurance for Small Information Assurance for Small to Medium Enterprises (IASME) which encourages SME’s to comply with international information security management standards
Possible risks include; theft of data for monetary gain or competition by criminals, hacking, physical insecurity to staff and office equipment, malware attacks, insecure configuration, updating software from unreliable sources, access control and spam.
Discussions on information security are abound in Uganda as the Data Protection and Privacy Bill, 2015 makes slow progress in Parliament while laws like the Computer Misuse Act, 2011, The Electronics Signatures Act, 2011 and the Electronic Transactions Act, 2011 do not fully address the issue of data protection and privacy.
According to a 2016 report based on a global survey of cybersecurity managers and practitioners, cyber security and information security is considered a technical issue rather than a business imperative.  The findings of this study echo sentiments held by civil society organisations which face similar digital security threats including increasingly sophisticated threats and rate of incidents according research conducted by the Collaboration for International ICT Policy in East and Southern Africa (CIPESA). It revealed that various CSOs were concerned about, or had been victims of hacking attempts on their email accounts and internal networks, that they had been targeted by phishing emails, and that they feared their activities were being surveilled by authorities
In order to be better positioned to address cyber threats, civil society and SME need to be equipped with skills encompassing both online and offline responses. These include knowhow on policy and compliance, physical environmental protection, risk assessment, access controls, incident management, monitoring, backup, malware identification and technical intrusions.
Through a cyber essentials course and practical exercises, participants at the workshop were equipped with basic skills for enabling non-technical users to establish five information security controls including malware protection, access control, patch management, secure configuration, boundary firewalls and internet gateways.
As a follow-up to the exercise, selected participants will undergo further training for possible contracting as IASME information security assessors for SME’s. CTO’s international events and seminars are conducted in all countries of the Commonwealth, across the continents of Africa, Europe, the Americas, Asia and the Pacific region. Specifically, in Africa, the events have been held in Botswana, Cameroon, Ghana, Kenya, Liberia, Mozambique, Nigeria, Papua New Guinea, South Africa, Swaziland and Uganda.
 

What African Countries Can Learn from European Privacy Laws and Policies

By Edrine Wanyama |
The General Data Protection Regulation (GDPR) came into force in the European Union (EU) in May 2016. The 28 EU member states have until May 2018 to apply the Regulation to existing national laws to ensure the protection of citizens with regard to the processing of personal data and its transfer within the EU and beyond.
In Africa, only 14 countries (Angola, Benin, Burkina Faso, Mali, Gabon, Ghana, Ivory Coast, Lesotho, Madagascar, Morocco, Senegal, South Africa, Tunisia and Zimbabwe) have enacted data protection and privacy laws. Others, including Kenya, Niger, Nigeria, Tanzania and Uganda, have bills that are yet to be passed into law.
Whereas a continent-wide convention on Cyber Security and Personal Data protection was adopted by the African Union back in 2014, only eight countries (Benin, Chad, Congo, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe and Zambia) are signatories and only one (Senegal) has ratified the convention.
Meanwhile, as part of efforts to ensure data protection within the different regional blocs, the Southern African Development Community (SADC) has developed a model law on data protection while as of 2010, the Economic Community of West African States (ECOWAS) had the  Supplementary Act A/SA.1/01/10 on Personal Data Protection Within ECOWAS. Unlike its regional bloc counterparts in the south and west, the East African Community (EAC) has not adopted legislation on data protection and privacy – it only has a Framework for Cyberlaws which calls for member states to enact laws that protect personal data.
Meanwhile, some of the proposed and existing national laws fall short of comprehensively protecting data and privacy. For instance, Uganda’s Data Protection Bill, 2015 and Ghana’s Data Protection Act, 2012 lack succinct clauses on key areas such as notification of breach and data portability, and also have limitations on the right to access, among others. Despite this, mass collection of personal data continues across the continent, leaving the majority of Africans vulnerable to the violation of their data privacy.
This contrasting state of affairs formed part of the discussions at a July 2017 convening of lawyers, government officials, civil society representatives, academics, and students at the Institute for Information Law at the University of Amsterdam for a five-day training course on issues pertaining to privacy and data protection law relate to the internet and electronic communications.
For over 60 years, the European Convention on Human Rights (1950) has functioned as the framework to guarantee the right of privacy for private and family life. More recently, the European Charter of Fundamental Rights, 2000 has reinforced this right. These instruments are the basis of the robust protections provided for under the GDPR. In Africa similar frameworks which address privacy are less than 15 years old, such as the Declaration of Principles on Freedom of Expression in Africa (2002) (Part V), the  Resolution on the Right to Freedom of Information and Expression on the Internet in Africa – ACHPR/Res. 362(LIX) 2016, and the civil society led African Declaration on Internet Rights and Freedoms.
However, where European instruments have been largely endorsed and supported by member states, many African instruments still struggle to gain similar recognition by member states.  As in the EU, African countries need to uphold the principles laid down in these instruments towards the recognition and enforcement of citizens’ right to privacy and data protection.
Further, per the GDPR, European states are required to establish Data Protection Authorities (DPAs) to ensure that safeguards are in place to protect user data including across different jurisdictions. African states should embrace similar measures to guard against infringement on citizens’ privacy.

Data Protection Authorities are mandated to independently monitor, raise awareness, handle complaints and conduct investigations, among others, to uphold personal data protection.

Overall, the course highlighted the need for a robust privacy regime across the world to ensure that citizens enjoy due protection of their online data. It also highlighted the need for more efforts in citizen sensitisation on data protection and privacy alongside better frameworks in the African context to support these rights.
CIPESA participated in the course together with representatives from Ohio State Moritz College of Law and Capital University Law School; Global Privacy Practice, Covington & Burling; Institute for Information Law, University of Amsterdam; Berkeley Center for Law & Technology, UC Berkeley School of Law; Dutch Data Protection Authority; and the Washington University Law School, among others.
There are lessons for Africa to learn from the European experience, including the establishment of state and regional mechanisms that strengthen data protection frameworks. However, it is integral that more African countries enact data protection laws, and for countries that have with this law, it should be implemented with oversight from independent bodies as more user data is generated and stored online.