Introducing “Community Fakes”, A Crowdsourcing Platform to Combat AI-Generated Deepfakes

ADRF Grantee Update | 

As the world enters the era of artificial intelligence, the rise of deepfakes and AI-generated media presents significant threats to the integrity of democratic processes, particularly in fragile democracies. These processes are vital for ensuring fairness, accountability, and citizen engagement. 

When compromised, the foundational values of democracy—and society’s trust in its leaders and institutions—are at risk. Safeguarding democracy in the AI era requires vigilance, collaboration, and innovative solutions, such as building a database of verified AI manipulations to protect the truth and uphold free societies.

In the Global South, where political stability is often tenuous, the stakes are even higher. Elections can easily be influenced by mis/disinformation, now accessible at minimal cost and requiring little technical skill. Malicious actors can easily use these tools to create and amplify false content at scale. This risk is amplified in authoritarian regimes, where AI-generated mis/disinformation is increasingly weaponised to manipulate public opinion, undermine elections, or silence dissent. From fabricated videos of political figures to manipulated media, such regimes exploit advanced technologies to sow confusion and mistrust, further destabilising already fragile democracies.

Despite ongoing efforts by social media platforms and AI companies to develop detection tools, these solutions remain inadequate, particularly in culturally and linguistically diverse regions like the Global South. Detection algorithms often rely on patterns trained on Western datasets, which fail to account for local cultural cues, dialects, and subtleties. This gap allows deepfake creators to exploit these nuances, leaving communities vulnerable to disinformation, especially during critical events like elections.

Recognising the urgency of addressing these challenges, Threats developed Community Fakes, an incident database and central repository for researchers to submit, share, and analyse deepfakes and other AI-altered media. This platform enables collaboration, combining human insights with AI tools to create a robust defence against disinformation. By empowering users to identify, upload, and discuss suspect content, Community Fakes offers a comprehensive, adaptable approach to protecting the integrity of information.

The initiative was made possible through the CIPESA-run African Digital Rights Fund (ADRF), which supports innovative interventions to advance digital rights across Africa. The grant to Thraets for the project titled “Safeguarding African Elections—Mitigating the Risk of AI-Generated Mis/Disinformation to Preserve Democracy” aims to counter the increasing risks posed by AI-generated disinformation, which could jeopardise free and fair elections. 

The project has conducted research on elections in Tunisia and Ghana, with the findings feeding into tutorials for journalists and fact-checkers on identifying and countering AI-generated electoral disinformation and awareness campaigns on the need for transparency on the capabilities of AI tools and their risks to democracy. 

Additionally, the project held an Ideathon to generate novel ideas for combating AI-generated disinformation and developed the Spot the Fakes quiz, which gives users the opportunity to dive into the world of AI-generated synthetic media and how to distinguish between the authentic and the fake.

Community Fakes will crowdsource human intelligence to complement AI-based detection, thereby allowing users to leverage their unique insights to spot inconsistencies in AI-generated media that machines may overlook, while having conversations with other experts around the observed patterns. Users can submit suspected deepfakes to the platform, which the global community can then scrutinise, verify, and expose. According to Thraets, this approach ensures that even the most convincing deepfakes can be exposed before they can do irreparable harm. 

Find a full outline of Community Fakes here.

Togo: Fumbling With a Digital ID While Actively Surveilling Citizens

By Afi Edoh |

For four years Togo has been inching towards issuing a digital identity (ID) card. While there are indications that 2022 may be the year in which the west African country finally delivers the long-awaited digital ID, the road ahead remains uncertain. Challenges lie both in bureaucratic delays and citizens’ caginess about handing their data to a government with a penchant for surveilling citizens and shutting down digital communications.

The Togolese government announced the e-ID Togo project in 2018, but it was not until mid 2021 that the Ministry of the Digital Economy and Digital Transformation initiated efforts to recruit a communications consultant to devise an awareness campaign to precede the registration stage and a technology solutions service provider. The International Institute of Information Technology Bangalore was awarded the system contract in December 2021.

According to the government, the e-ID project will simplify the process of updating the electoral register, facilitate access to public services and to credit, reduce fraud in the financial sector, and facilitate the targeting of social protection beneficiaries. Only 25% of the country’s population of eight million has a form of identification, with women less likely to have an identification document, which hinders their ability to open bank accounts, enrol children in school, benefit from health insurance, or get a mobile phone number. In recognition of the gaps in civil registration among citizens, the government set out to enrol citizens for e-ID even without proof of birth registration.

Togo passed Law No. 2019-014 relating to the protection of personal data in October 2019. In 2020, parliament passed Law No. 2020-009 relating to the biometric identification of natural persons, whose objective is to establish a system for identification and authentication of natural persons. The law aims to establish a “secure and reliable methodology” for obtaining, maintaining, storing and updating data on the identity of registered individuals. The law requires all citizens and residents in Togo to obtain a Unique Identification Number (NIU) by submitting their demographic and biometric data (Article 4). The biometric data specified for purposes of obtaining a NIU are photograph and / or facial recognition, fingerprints, and iris scan. The National Identification Agency (ANID) is mandated to collect biometric data for the NIU.

SIM Card Registration
In July 2021, a SIM card registration and limitation of subscriptions per individual and network campaign was launched by the telecommunications regulatory authority ARCEP, supported by leading telecom operators Moov Africa Togo and TogoCom. The SIM registration requirements include a national identity card or passport and collection of biometric and demographic data. 

But this extensive collection of individuals’ personal data raises concerns for the safety of such data. These concerns are not unfounded and they partly arise from the state’s record on respect for digital rights, which have seen it order network disruptions and use malware to target opponents and dissidents.

State Surveillance
In 2020, lingering suspicions that the Togolese government was undertaking interceptions of communications gained credence when the Citizen Lab revealed that Israeli-made spyware Pegasus, supplied by the NSO Group, was used between April and May 2019 to target Togolese civil society, including a Catholic bishop and a priest, as well as two members of Togo’s political opposition. The surveillance reportedly coincided with nationwide pro-reform protests that were forcibly dispersed. The Togolese government did not respond to the allegations, which nonetheless sparked debate within Togolese media and civil society.

Further, in October 2021, Amnesty International research found that Togolese activists had been targeted with spyware by the Donot Team hacker group based in India – the  first time that Donot Team spyware was found in use outside of South Asia. According to the report, the activists’ devices were targeted between December 2019 and January 2020, during a tense political climate ahead of the 2020 presidential election.

Network Disruptions

During the February 2020 elections, authorities disrupted access to messaging services (WhatsApp, Facebook Messenger, and Telegram). Later that year, the Economic Community of West African States (ECOWAS) Court of Justice ruled that the 2017 internet shutdown in Togo was illegal and an affront on the right of freedom to expression. 

According to Access Now, the court ordered the government of Togo to pay two million francs (USD 3,459) to the plaintiffs as compensation, and to take all the necessary measures to guarantee the implementation of safeguards with respect to the right to freedom of expression of the Togolese people.

Privacy and Data Protection

Togo’s laws provide safeguards against unlawful surveillance and unauthorised access to data whilst also granting authorities sweeping powers to violate privacy. Law No. 2012-018 on electronic communications provides for privacy of communications but article 92 empowers the Prime Minister, and the Ministers responsible for the economy and finance, defence, justice, and security and civil protection, to trigger the interception of communications and electronic content.

The biometrics identification law requires the National Identification Agency to encode and encrypt data on its registry and only allows access to authorised agents (article 10, 21 & 22). Violation of the obligation of non-disclosure of personal data, identity theft and unauthorised processing of personal data are punishable with fines ranging from one million to 10 million Central African Francs (USD 1,747 to 17,472), imprisonment between one and five years, or both.   

Article 94 of Togo’s 2012 electronic communication law obliges encryption service providers to comply with lawful interception orders, with refusal to provide secret decryption codes to government agencies punishable with a fine of between USD 3,544 and USD 14,178. Cryptology services providers are required to retain for one year, content and data allowing the identification of anyone who has used their services, and to provide the technical means that enable the identification of those users. The service providers are required to avail this data, on request, to the investigating judge, Prime Minister, Minister for the Economy and Finance, the Minister of Defence, the Minister  of Justice, and the Minister of Security. The multiple officials who access data – similar to the various officials that can trigger the interception of communications – offers wide latitude for abuse of citizens’ data privacy rights.

Digital Exclusion
In the wake of Covid-19, Togo initiated a relief programme for vulnerable citizens whose livelihoods were affected by the state of emergency. As at March 2021, the programme, known as NOVISSI, had disbursed a total of 13.3 billion francs (USD 22 million) to 819,972 citizens via mobile money.

However, the programme was criticised for requiring applicants to possess a voter’s ID card. During the last electoral census, opposition parties called on the population to boycott the exercise, which meant that some citizens had not renewed their voter ID cards. There were also cases of unscrupulous individuals utilising the voter’s ID details of other citizens to fraudulently benefit from the programme. As a result, the government temporarily halted the program to allow for physical verification of beneficiaries at dedicated centres.

Way forward

Whereas the various sanctions within the existing legal framework might be a deterrent against unauthorised access to and misuse of personal data, there is wide latitude for state agencies and officials to access the data, which could be abused. This calls for a review of the provisions to ensure they uphold citizens’ right to privacy and data protection, with adequate oversight and redress mechanisms. Further, the e-ID should be rolled out in a manner that ensures agency and dignity, without enhancing exclusion and surveillance. 

Call for Proposals: Round Six of the Africa Digital Rights Fund (ADRF)

Call for Proposals |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is pleased to issue the sixth call for proposals to the Africa Digital Rights Fund (ADRF), which supports digital rights work across the continent through flexible and rapid response grants.

Grant amounts for this round will range between USD 1,000 and USD 10,000, depending on the need and scope of the proposed intervention. The ADRF strongly encourages cost-sharing. The grant period will not exceed six months.

Launched in April 2019, the ADRF supports organisations and networks to implement activities that promote digital rights, including advocacy, litigation, research, policy analysis, skills development and movement building. As at August 2021, the ADRF had supported 45 initiatives with a total sum of USD 564,000. 

Grantees have advanced learning on the intersection of technology, society and the economy across the continent. Notable efforts include studying the role of technology in human trafficking, promoting data protection in digital financial services, digital rights coalition building, confronting online abuse against women, capacity development in digital literacy and security for refugees and pushing back against barriers to digital accessibility for persons with disabilities

Furthermore, the Fund has provided technical and institutional support in impact communications and data-driven advocacy to further enhance grantees’ capacity and ensure sustainability of their work.

Application Guidelines

Geographical Coverage

The ADRF is open to organisations/networks based and/or operational in Africa and with interventions covering any country on the continent.

Size of Grants

Grant size shall range from US$1,000 to US$10,000. Cost sharing is strongly encouraged.

Eligible Activities

The activities that are eligible for funding are those that protect and advance digital rights. These may include but are not limited to research, advocacy, engagement in policy processes, litigation, digital literacy and digital security skills building. The current call is particularly interested in proposals for work related to:

  • Data governance including aspects of data localisation, biometric databases and digital ID
  • Digital resilience
  • Digital economy
  • Digital inclusion
  • Misinformation/disinformation

Duration

The grant funding shall be for a period not exceeding six months.

Eligibility Requirements

  • The Fund is open to organisations and coalitions working to advance digital rights in Africa. This includes but is not limited to human rights defenders, media, activists, think tanks, legal aid groups, and tech hubs. Entities working on women’s rights, or with youth, sexual minorities, refugees, and persons with disabilities are strongly encouraged to apply.
  • The initiatives to be funded will preferably have formal registration in an African country, but in some circumstances organisations and coalitions that do not have formal registration may be considered. Such organisations need to show evidence that they are operational in a particular African country or countries.
  • The activities to be funded must be in/on an African country or countries.

Ineligible Activities

  • The Fund shall not fund any activity that does not directly advance digital rights.
  • The Fund will not support travel to attend conferences or workshops, except in exceptional circumstances where such travel is directly linked to an activity that is eligible.
  • Costs that have already been incurred are ineligible.
  • The Fund shall not provide scholarships.

Administration

The Fund is administered by CIPESA. An internal and external panel of experts will make decisions on beneficiaries based on the following criteria:

  • If the proposed intervention fits within the Fund’s digital rights priorities.
  • The relevance to the given context/country.
  • Commitment and experience of the applicant in advancing digital rights.
  • Potential impact of the intervention on digital rights policies or practices.

The deadline for submissions is Friday April 15, 2022. The application form can be accessed here.

CIPESA Submits Comments on Tanzania’s Proposed Amendment to The Online Content Regulations 2021

By Edrine Wanyama |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has made a submission on the proposed amendments to Tanzania’s controversial Electronic and Postal Communications (Online Content) Regulations, 2020 that regulate online content service providers, internet service providers, application services licensees, and online content users.

On August 24, 2021, the government made a public call for comments on proposals to amend the 2020 Regulations, which entrenched the licencing and taxation of bloggers, online discussion forums, radio and television webcasters, and repressed online speech, privacy and access to information. The move towards amending the Regulations follows a series of concerns expressed in 2017, 2018 and 2020 over the regressive and repressive nature of online content regulation in the country, and its detrimental effect on freedom of expression, access to information, and the right of establishment of media.  

The proposed 2021 regulations largely reflect the previously issued regulations. While they have  some positive elements, they largely fail to address the threats posed to human rights defenders, political dissidents, journalists, academics, civil society organisations and actors.

On a positive note, the proposed regulations reduce licence application fees, as well as annual and renewal fees charged for online media content services and online content aggregators. Thus, online media content service providers will pay application fees of TZS 50,000 (USD 22) down from TZS 100,000 (USD43), initial licence fees of USD 217 from USD 433, annual licence fees of USD 217   from USD 433 and renewal fees of USD 43 from USD217.

The regulations also remove some ambiguous specification of obligations of service providers, such as the proposed deletion of the current regulation  9 (d) which potentially censors a broad variety of content by imposing on service providers the obligation to filter what is considered “prohibited content.” Regulation  9 (d) of the EPOCA Regulations of 2020 requires online content service providers to, “use moderating tools to filter prohibited content.” 

Furthermore, under regulation 3, some level of certainty in the scope of definitions is provided especially for “online media content services” and “online content aggregators”, which are lacking in the current regulations. The proposed regulations also make attempts to define and narrow the scope of categories of licences by removing all fees that were earlier imposed on online content relating to education and religion, and fees chargeable for the provision of Online Content Service Licence Category B (Simulcasting radio and television). 

However, the proposed regulation maintains broad and vague definitions, such as of “hate speech”, which could potentially be misused against individuals, media and private sector players.

Moreover, the licensing requirements under Part II of the EPOCA regulations of 2020, which have not been proposed for amendment, are still prohibitive with very heavy penalties of not less than five million shillings (USD 2,157) or  12 months imprisonment, or both, for operating without a license from the Tanzania Communications Regulatory Authority (TCRA). 

Further, the process of applying for a licence under regulation 6 remains tedious, requiring the applicant to furnish TCRA with extensive information including personal information. This comprises certified copies of certificate of incorporation or certificate of registration, tax identification number, tax clearance certificate, national identity cards, and list of owners and management teams, curriculum vitae of staff, editorial policy guidelines and any other documents required by the authority. 

The proposed amendments do not make any attempt to address the wanton restrictions laid down in the Third Schedule to regulation 16 on prohibited content.  This  includes content in paragraph 1 on sexuality and decency, content on personal privacy and respect for human dignity which extends to insults, slander and defamation or exposes news related to a person’s privacy under Paragraph 2(b)

Further, there are restrictions on content  on public security, violence and national security (Paragraph 3), content that is considered to be disrespectful of religion and personal beliefs (paragraph 7), public information that may cause public havoc and disorder (paragraph 8), use of bad languages and disparaging words (paragraph 9) and false, untrue and misleading content (paragraph 10). 

The scope of prohibited content under the Third Schedule is wide and ambiguous, and the provisions facilitate curtailment of freedom of expression and access to information. 

Additionally, the schedule prohibits publication of “content with information with regards to the outbreak of a deadly or contagious disease in the country or elsewhere without the approval of the respective authorities.” The penalty for breach of regulations is a fine of not less than five million Tanzanian shillings (USD 2,174), imprisonment for not less than 12 months, or both. This prohibition undermines freedom of expression and access to health information as it provides room for suspension of content.

Regulation 9(g) maintains  the status quo of the obligations of online content service providers to ensure that prohibited content  is removed immediately upon being ordered by TCRA. This ultimately means the sweeping powers of the authority to determine what content is available for public consumption are still on the statute books. Such powers are also a potential tool for censorship of content and hinder free expression and access to information.

The proposed amendments to the regulations come a few months after the death of Tanzania’s former president, John Magufuli. His reign was characterised by systematic clampdown and curtailment of freedoms including of expression, access to information, assembly and associations. The period before Magufuli’s death was also  characterised  by a lacklustre response to the Covid-19 pandemic.  

The analysis concludes that the proposed amendments provide some ray of hope especially in providing some degree of certainty in definition of key terms and reduction of application and licensing fees. However, the proposals are not sufficient to tackle the deep concerns in the 2020 regulations. 

You can read the full submission here.

Apply for Data Driven Advocacy Sketchathon at FIFAfrica21

Call for Applications |

Do you want to use data for advocacy but you’re not sure where to start? Would you like to transform statistics into compelling stories? Are you passionate about a digital rights cause, and want to convince others to join your efforts?

In the lead up to the Forum on Internet Freedom in Africa 2021 (FIFAfrica21), the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and Data4Change will host a virtual data sketchathon and series of critical discussions to get you thinking more about how to use data in digital rights advocacy. The sketchathon will take place on Monday 27 September 2021.

The schedule
Starting at 10am East African Time (EAT) and finishing at 5pm EAT, the sketchathon will entail a combination of live Zoom sessions and self-paced activities.

We’ll use the answers in your application forms to set an agenda for the group discussions as we explore themes like: data biases; representation, accessibility and ownership of data; and data inequalities. You’ll also have an opportunity to work in small groups to map your data advocacy aspirations and to tackle some of the data questions you’re grappling with as individuals or organisations.

Participants will also have an opportunity to create a data design using data from the #KeepItOn campaign Shutdown Tracker Optimisation Project.

Who should apply
There are no prerequisites, and literally anybody can apply. We are looking for people who are passionate about uncovering the potential of using numbers to drive forward emotive stories that have the power to advance digital rights preferably in Lesotho, Mozambique, Tanzania, Uganda, Zambia, and Zimbabwe.

A limited number of spaces are available for the workshop. We endeavour to create diverse and collaborative spaces and to foster a sense of community that lasts beyond the event and will strive to create a balanced representation of different geographies, abilities, and approaches among participants.

How to apply
Submit this form before 18.00 East African Time on Wednesday September 22, 2021.

Successful applicants will be notified by Friday September 24, 2021. A modest reimbursement will be provided for participants’ connectivity costs.