Civil Society’s Proposals on The African Cybersecurity Convention

In December 2013, the Kenya ICT Action Network (KICTANet) led online discussions on the proposed African Union Convention on Cyber Security (AUCC). The convention establishes a framework for cyber security in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime.”
Civil society and academia have raised concerns about some of the articles in the convention, which had earlier been expected to be signed in January 2014. Latest reports indicate that, at the earliest, the law could be signed in June this year.
The report on the discussions will be used by KICTANet and partners such as CIPESA to create awareness and lobby African governments to pass legislation and instruments that fully support the privacy of individuals and the fully enjoyment of their freedom of expression online.
The stated background to the convention is that the African Union is seeking ways to intensify the fight against cybercrime across the continent“in light of the increase in cybercrime, and the lack of mastery of security risks by African countries.”
Furthermore, the AU states that a major challenge for African countries is the lack of adequate technological security to prevent and effectively control technological and informational risks. As such, it adds, “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”.
The intentions may be legitimate but, as noted by the online discussions, some of the articles in the current version of the convention could be used to negate individuals’ privacy and their right to express themselves through online mediums.
Take, for example, Article III – 34. It states that AU member states have to “take necessary legislative or regulatory measures to set up as a penal offense the fact of creating, downloading, disseminating or circulating in whatsoever form, written matters, messages, photographs, drawings or any other presentation of ideas or theories of racist or xenophobic nature using an a computer system.”
How does this clause balance with the fundamental right to freedom of expression? Experts argue that this clause is problematic as it requires a measure of truth, which is hard to actually legislate or determine owing to the relativity of truth. They add that this sort of law would likely be unenforceable.
The discussion noted that although African countries needed legal framework on cybercrime, the current proposals need numerous amendments. The discussions also noted a need for the African Union Commission to engage with civil society to draw up progressive and enforceable laws. However, civil society had the added task of creating awareness and capacity among citizens on cyber security and the need to uphold freedoms of expression online.
These discussions were conducted on multiple lists of KICTANet and the Internet Society (ISOC) Kenya and on the I-Network and ISOC Uganda ists moderated  by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA), from 25 – 29, November 2013. They were also shared through numerous pan-Africa and global lists on ICT policy and online freedom.
Download the full discussions report here.

Balancing Freedom of Expression And Privacy

Striking a balance between freedom of expression and privacy on the internet was the focus of a panel discussion at a review of one decade after the World Summit of the Information Society (WSIS). The WSIS+10 Review meeting took place at the UNESCO headquarters in Paris, France, February 25-27, 2013.
What convergences and tensions exist between freedom of expression and privacy online? What are the implications of approaching the balance between free expression and privacy from a freedom of expression–centric point of view? What actions can governments, civil society, media and the private sector take to balance privacy with freedom of expression online? And what is the best way to empower users? These are some of the questions addressed at the session on ‘Promoting of Freedom of Expression and Privacy Online’. CIPESA’s Lillian Nalwoga was the remote moderator for the session.
The session built on earlier discussions held at the 7th Internet Governance Forum (IGF) in Baku, Azerbaijan on promoting both freedom of expression and privacy on the internet. It also drew from the Global Survey of Internet Privacy and Freedom of Expression – a UNESCO 2012 publication – which highlights a diverse international regulatory landscape, and the challenges posed by discrepancies in laws pertaining to the online and off-line spheres, and between national and international jurisdictions.
During the session, Pranesh Prakash from the India-based Center for Internet Society stressed the need for more relaxed regulations to govern the conduct of the private sector. He noted that “one must give the private sector enough leeway to safeguard them from responsibility for users’ actions and the requirement of taking down reasonable speech.” However, he added that the commercial sector has divergent interests and they do not necessarily align with public interests.
According to him, differing public and private sector interests coupled with unenforceability of self-regulation mechanisms and the jurisdictional issues of the internet mean that the conflict between freedom of expression and privacy cannot be easily resolved through public policy options that are only aimed at the private sector.
Patrick Ryan, a Policy Counsel from Google who was also a panelist, argued that the move to the “cloud” brings with it both enhanced privacy and security benefits, while at the same time putting data  potentially at risk. Noting that government surveillance remained one of the biggest threats to privacy, he stressed that the private sector needs to share more information on government take down requests that violate individuals’ privacy and free speech.
Meanwhile, William Dutton, a professor of Internet Studies at Oxford Internet Institute, stressed the importance of recognising the power of the internet in empowering networked individuals and enabling freedom of expression, like never before. He cautioned that if nations do not approach the issue of striking a balance between freedom of expression and privacy appropriately, some of the key benefits of the internet may be lost. He noted that whilst some nations have taken progressive steps, many others are moving in the wrong direction and various global policy choices are increasingly restricting freedom of expression.
Indeed, this has been illustrated by worldwide trends towards more content filtering and censorship. Dutton said adopting inappropriate models for internet governance and regulation, such as disproportionate levels of surveillance in the name of security, reliance on intermediaries to regulate content, and assertion of national sovereignty and jurisdiction in the online world are threatening privacy and freedom of expression.
Key recommendations from this session were: avoiding a moral panic over privacy; creating widespread awareness of issues concerning privacy and data protection among users especially the young generation; updating policy and regulatory frameworks that address freedom of expression and privacy online; and having a clear definition on national security interests.
For more information, please visit – https://www.unesco-ci.org/cmscore/events
Promoting of Freedom of Expression and Privacy Online
Follow WSIS+10 on twitter at #WSIS