Internet Governance Forum (IGF) 2022

CIPESA among other entities at the 17 annual IGF 2022.

IGF Participants are invited to chat with a digital security specialist about personal or organisational information security at the Digital Security Hub. The Digital Security Hub is staffed by volunteer trainers, auditors, and technologists from across the world. It is a collaboration of DefendDefenders, Cipesa, Greenhost, Digital Society of Africa, Dig/Sec Initiative and Digital Security Alliance. Supported remotely by AccessNow, CChub and Center for Digital Resilience.

For more information on the event, click here.

Skilling Distributed Digital Security Trainers Amidst Growing Digital Rights Attacks

By Neil Blazevic, Andrew Gole and Ashnah Kalemera |

Amidst increased attacks on digital rights activists, journalists, and human rights defenders (HRDs) during the Covid-19 pandemic, it has become crucial to grow the capacity of these actors to operate securely. A key concern is that, in many African countries, skills in digital security and safety are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply.

Without adequate digital security capacity, activists and HRDs are not able to meaningfully continue advocacy and engagements around human rights, transparent and accountable governance, during and in the aftermath of Covid-19. Accordingly, through the Level-Up programme, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has provided security support to 16 HRD organisations in Kenya, Ethiopia, Tanzania, South Sudan and Uganda. 

The initiative helped to strengthen the participating entities’ organisational and information systems security capacity, entailed a Training of Trainers (ToT) component – which benefitted 19 individuals – to grow the network of individuals and organisations that offer digital security training and support to journalists, activists, and HRDs, and organisational security assessments. The training and support were delivered through innovative approaches to geographically distributed individuals that could not meet physically due to Covid-19 social distancing and travel restrictions.

Covid-19 and Digital Attacks

In the wake of the global outbreak of the Covid-19 pandemic and government measures to curb its spread, digital technologies have played a vital role in enhancing disease surveillance, coordinating response mechanisms, and promoting public awareness in Africa. The potential of technology to facilitate containment of the spread of the coronavirus on the continent notwithstanding, concerns over surveillance, violation of rights to privacy, freedom of expression, access to information, and freedom of association and assembly were prevalent. 

Scores of journalists and bloggers in Kenya, Guinea, Uganda, Egypt, among others, were assaulted, detained, and/or prosecuted over their reporting on Covid-19; while some countries such as Kenya, Uganda and South Africa were reported to be conducting cell phone tracking of Covid-19 suspected patients and their contacts. Some others passed regulations and/or invoked laws that criminalised the spreading of false Covid-19 information. Accordingly, there have been fears that in the aftermath of the pandemic, some governments could shift the Covid-19 surveillance apparatus and lessons learnt to undermine digital rights, by surveilling and silencing critics and opponents. 

Meanwhile, hackers and adversaries are capitalising on the increased time spent online and remote working by a large portion of the population by designing new attacks through phishing and hijacking of virtual meetings, among others. Worryingly, despite a large gender disparity in digital access, more women face various forms of online violence than their male counterparts, which continues to undermine their participation online. With Covid-19 resulting in increased incidents of gender-based violence, it is imperative to continue activism and equip activists with digital security and safety skills.

Organisations supported Technologists supported 
Countries: Uganda (8) | Tanzania (4) | South Sudan (2) | Kenya (1) | Ethiopia (1)

Sectors: Sexual minorities (4), Environmental/resource extraction (1) Feminist/women’s rights organisations (3), Information access (1), Journalists/media (1), Human rights, democracy, human rights defenders (6)

Gender: Female (7) |Male (12)

Nationality: Uganda (8) | Ethiopia (3) | South Sudan (1) | Tanzania (4) | Kenya (3)

Assessing Organisational Security

Following an initial training on conducting organisational security assessments, the technologists led assessments to determine the status, challenges, past and potential future threats, and attacks on organisations, as well as the capacity of the organisations. The results of the assessments provided insight into the needs and vulnerabilities of the organisations and served as an opportunity to provide feedback to organisational IT staff on quick fixes and strategies to address some of the challenges or incidents identified. Technology solutions explored included the use of Umbrella for DNS server protection, Automox for patch management, and Microsoft 365 hosted tenants for an organisational management and security suite.

The findings of the assessments indicated a need to bolster capacity, organisational practices, and implementation of security and safety measures related to social media platforms usage by the organisations and staff. Several organisations reported losing access to their brand assets, experiencing hacking, and harassment on social media platforms. To this end, a Social Media Asset Continuity and Security Tool was designed and another  training for technologists conducted focused on 1) Continuity of organisation control of organisational Facebook/Twitter/Whatsapp for Business accounts; 2) Security of individual staff accounts; and 3) Staff ability to deal with harassment and unwanted messaging on platforms. The technologists went on to conduct safety and security on social media training sessions which  benefitted 120 staff of the participating organisations. Other skill-up sessions conducted included on organisational management suites and website security. 

Overall, the programme found that skills and protections (software and hardware) were low and inadequate among many HRD organisations and individuals. Also, there were variable levels of technology integration within the organisations. 

The various gaps identified were rising during the pandemic when many entities could not readily access support networks and training skills due to restrictions on gatherings arising from Covid-19, making the intervention particularly timely. Indeed, the ToT model helped to transfer skills and knowledge among distributed beneficiaries and build support networks in-country.

Ethiopia's New Hate Speech and Disinformation Law Weighs Heavily on Social Media Users and Internet Intermediaries

By Edrine Wanyama |

In March 2020, Ethiopia enacted the Hate Speech and Disinformation Prevention and Suppression Proclamation to address hate speech and disinformation, which have historically troubled the country. However, whereas government regulation is legitimate to control hate speech, Ethiopia’s new law poses a threat to freedom of expression and access to information online. 

The Proclamation appears well-intentioned judging from its objectives. These are stated as: “to protect freedom of expression while suppressing all forms of hatred and discrimination; promote tolerance, civil discourse and dialogue, mutual respect and strengthen democratic governance; and to control and suppress the dissemination and proliferation of hate speech, disinformation, and other related false and misleading information.”

In reality, besides having overbroad and ambitious definitions that are subject to misinterpretation and abuse, the new law also weighs heavily on social media users and intermediaries, and introduces harsh penalties, contrary to international human rights instruments, including articles 19 of the Universal Declaration of Human Rights (UDHR) and the International Covenant on Civil and Political Rights (ICCPR), and article 9 of the African Charter on Human and Peoples Rights. 

The overbroad definitions in the law render it subject to discretionary interpretation by law enforcers such as prosecutors and courts, which creates fertile ground for abusing citizens’ rights to freedom of expression and the right to information. Shortly after it came into force, the law was used to charge journalist Yayesew Shimelis for allegedly attempting to incite violence by spreading false information contrary to article 5 of the Proclamation.

The law holds intermediaries liable for content policing,  with article 8 requiring providers of social media services to act within 24 hours to remove or take out of circulation disinformation or hate speech upon receiving notifications about such communication or post.

Further, the law introduces harsh penalisation of hate speech or disinformation over social media accounts with more than 5,000 followers. The punishment prescribed is imprisonment of up to three years and 100,000 birr (USD 2,907), but where violence or a public disturbance occurs as a result of dissemination of disinformation, the punishment is “rigorous imprisonment from two year up to five years”. 

The new law – as well as the internet shutdown imposed in the country at the end of June 2020 – go counter to the reform programme introduced by Prime Minister Abiy Ahmed, who took office in early 2018. Indeed, some suggested that the indictment of Shimelis under the new law might be politically motivated.

In a country with a history of severe restrictions to digital rights and freedoms,  censorship, as well as persecution and prosecution of journalists, the likelihood for the new law to become a tool of suppression is high.

In this brief, CIPESA outlines the problematic provisions of the Proclamation and calls upon the government to amend or repeal the law. 

Good News, Bad News: A Story of Internet Shutdowns in Togo And Ethiopia

By Juliet Nanfuka |

The pushback against internet shutdowns in Africa received a boost last month when the Economic Community of West African States (ECOWAS) Community Court of Justice ruled that the 2017 internet shutdown in Togo was illegal. This followed another win just over a year ago when, in January 2019, the Zimbabwe High Court ruled that the state-initiated internet shutdown that same month was illegal.

However, barely a week after the ECOWAS ruling, Ethiopia  initiated a nationwide shutdown, thus serving a reminder of the persistent threat of internet shutdowns on the continent. Ethiopia has a history of repeated network disruptions, including during national high school exams, but mostly as a means to stifle public protests. Prior to the latest disruption, last year a 10-day nationwide disruption was initiated following the assassination of six top government officials.

The latest disruption comes on the heels of protests triggered by the murder of Hachalu Hundessa, a popular musician and democracy activist. Between January and March 2020, millions of Ethiopians in the western Oromia region were similarly disconnected from the internet and were in the midst of a government-imposed shutdown of internet and phone services and thus could not readily access information, including Covid-19 news.

Ethiopia’s shutdown also bears some traits with the Togolese shutdown of 2017, which was initiated following the announcement of planned anti-government protests by members of the opposition and resulted in internet access being disrupted during September 5–11, 2017. In 2019, the digital rights advocacy group Access Now led a coalition of eight organisations, including CIPESA, in filing an amici curiae (friends of the court)  brief in a lawsuit filed by Amnesty International Togo and other applicants.

The ruling by the ECOWAS court acknowledges that the internet shutdown, in addition to being illegal, was also an affront on the right of freedom to expression, echoing a 2016 resolution by the United Nations on the promotion, protection and enjoyment of human rights on the internet. Further, Access Now reports that the court ordered the government of Togo to pay two million CAF (USD 3,459) to the plaintiffs as compensation, and to take all the necessary measures to guarantee the implementation of safeguards with respect to the right to freedom of expression of the Togolese people.

In both Ethiopia and Togo, old habits die hard. Last February, when Togolese citizens went to vote, authorities disrupted access to messaging services (WhatsApp, Facebook Messenger, and Telegram) on election day after the polls had closed. The disruption was imposed despite the call by local and international rights groups urging the government to ensure an open, secure, and accessible internet throughout the election period.

A statement issued by the #KeepItOn coalition in the wake of latest disruption noted that the Ethiopian government has a responsibility to protect freedom of expression and access to information rights of all persons in the country, as enshrined in its national constitution, as well as regional and international frameworks including the Universal Declaration of Human Rights, International Convention on Civil and Political Rights (ICCPR) and African Charter on Human and Peoples Rights, to which Ethiopia is a signatory. It added: “The government should be working to make sure Ethiopians connect to the internet, not the contrary.”

Almost two weeks after the disruption was initiated, reports started emerging that internet was partly restored. Digital rights advocates have noted that disruptions undermine the economic benefits of the internet, disrupt access to essential services such as health care, and often fail to meet the established test for restrictions on freedom of expression and the right of peaceful assembly under the ICCPR.

The network disruption does not help Ethiopia’s reputation which is battling to shake off its autocratic history.  The Horn of Africa country, which was due to hold parliamentary elections this August, has since postponed these plans but continues wading through political and economic reforms, some of which impact on internet access and digital rights.

A study of network disruptions in Sub-Saharan Africa showed that the less democratic a government is, the more likely it is to order an internet disruption. Both Ethiopia and Togo are characterised as authoritarian on the Economist Democracy Index.

The decision by the ECOWAS court marks a notch in the push back against internet shutdowns in Sub-Saharan Africa. Other cases against shutdowns have been lodged in various courts, including in Uganda and Cameroon, and serve as reference points for the necessity of strategic litigation in fighting network disruptions. However, judging from the experience of countries like Ethiopia, which have repeatedly disrupted networks, the strategic litigation needs to be complimented by several other efforts in fighting the scourge of shutdowns in the region and to become a thing of the past.

Image by Tumisu from Pixabay 

Ethiopia’s Digital Rights Record on the Spot at May 2019 Universal Peer Review

By Ashnah Kalemera |
Despite the promises and efforts made by Ethiopia’s new Prime Minister, Abiy Ahmed Ali, to transform the country after years of political repression and state control of major forms of media, the country is yet to experience substantive change in the state of digital rights.
Restrictions to freedom of expression, privacy, and access to information remain in force including through legislation such as the 2008 Mass Media and Freedom of Information law, the 2009 Anti-Terrorism law, the Computer Crime law of 2016 and the Telecom Fraud Offences law (2012). While the establishment of the Advisory Law Reforms Committee, with a mandate to review existing laws to bring them in line with human rights standards, is a welcome development, pledges to reform problematic legislation are yet to be delivered.
Meanwhile, since November 2015, the Ethiopian government has consistently blocked and initiated national or regional shutdowns during public protest and exams, on grounds of national security. Whereas access to affected regions was restored during reforms in early 2018, there were reports of a shutdown in the eastern part of country in August 2018.   
At its upcoming Universal Periodic Review (UPR) by the Human Rights Council scheduled for May 14, 2019, Ethiopia should be tasked to implement reforms that fundamentally promote and protect citizens’ rights both online and offline.

What is the UPR? It’s a full assessment of a country’s human rights. Every United Nations (UN) member state has its human rights record assessed, and all UN member states are involved in the review process. It happens every four-and-a-half years, for every state.

Such reforms should include the amendment of the 2008 Mass Media and Freedom of Information law, the 2009 Anti-Terrorism law, the Computer Crime law of 2016 and the 2012 Telecom Fraud Offences law to bring them in line with international human rights instruments on freedom of expression. Further, changes should be implemented to curb state surveillance of citizens, including by introducing independent judicial oversight over interception of communications.
In this UPR advocacy brief, the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and Small Media analyse the state of freedom of expression, freedom of information, the right to equal access and opportunity, as well as data protection and privacy developments in Ethiopia since the previous UPR review in April 2014. We make recommendations for consideration by UN member states at the upcoming review of Ethiopia.
See the full brief.