Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Human rights

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Human rights
14Dec

South Sudan’s Cybercrimes and Computer Misuse Order 2021 Stifles Citizens’ Rights

Author CIPESA Posted on

By Edrine Wanyama |

South Sudan has enacted the Cybercrimes and Computer Misuse Provisional Order 2021 aimed to  combat  cybercrimes. The country has a fast-evolving technology sector, with three mobile operators and 24 licensed internet service providers. Investments in infrastructure development have propelled internet penetration to 16.8% and mobile phone penetration to 23% of the country’s population of 11.3 million people, which necessitates a law to curb cybercrime.

The Order is based on article 86(1) of the Transitional Constitution of South Sudan 2011, which provides that when parliament is not in session, the president can issue a provisional order that has the force of law in urgent matters.

The Cybercrimes and Computer Misuse Order makes strides in addressing cybercrimes by extending the scope of jurisdiction in prosecuting cybercrimes to cover offences committed in or outside the country against citizens and the South Sudan state. The Order also establishes judicial oversight especially over the use of forensic tools to collect evidence, with section 10 requiring authorisation by a competent court prior to collecting such evidence. Furthermore, the Order attempts to protect children against child pornography (section 23 and 24), and provides for prevention of trafficking in persons (section 30) and drugs (section 31).

However, the Order is largely regressive of citizens’ rights including freedom of expression, access to information, and the right to privacy.

The Order gives overly broad definitions including of “computer misuse,” “indecent content,” “pornography,” and “publish” which are so ambiguous and wide in scope that they could be used by the state to target government opponents, dissidents and critics. The definitions largely limit the use of electronic gadgets and curtail the exercise of freedom of expression and access to information.

Article 22 of the Transitional Constitution of South Sudan 2011 guarantees the right to privacy. The country has ratified the International Convention on Civil and Political Rights (ICCPR) that provides for the right to privacy under article 17 and the African Charter on Human and Peoples Rights, whose article 5 provides for the right to respect one’s dignity, which includes the right to privacy. The Order appears to contravene these instruments by threatening individual privacy.

Despite a commendable provision in section 6 imposing an obligation on service providers to store information relating to communications, including personal data and traffic data of subscribers, for 180 days – a period far shorter compared to other countries – personal data is still potentially at risk. The section requires service providers and their agents to put in place technical capabilities to enable law enforcement agencies monitor compliance with the Order. With no specific data protection law in South Sudan and without making a commitment to the leading regional instrument, the African Union Convention on Cyber Security and Personal Data Protection, privacy of the citizens is at stake.

The section on offences and penalties lacks specificity on fines which may be levied on errant individuals or companies. On the other hand, some of the offences provided for under the Order potentially curtail freedom of expression and the right to information. For instance, the offence of spamming under section 21 could be interpreted to include all communications through online platforms including social media platforms like Facebook and WhatsApp. Under the provision, virtually all individuals who forward messages on social media stand the risk of prosecution. This also has a chilling effect on freedom of expression and the right to information.

The offence of offensive communication under section 25 potentially has a chilling effect on freedom of expression, media freedom and access to information. A similar provision under section 25 of the Computer Misuse Act, 2011 of Uganda has been widely misused to persecute, prosecute and silence political critics and dissidents. Section 25 of the South Sudan Cybercrimes Order could be used in a similar manner to target government critics and dissidents. 

In CIPESA’s analysis of the Order, we call for specific actions that could ensure the prevention of cybercrime while at the same time not hurting online rights and freedoms, including:

  • Deletion of problematic definitions or provisions from the Order.
  • Enactment of a specific data protection law to guarantee the protection of data of individuals.
  • Urgent drafting of rules and regulations to prescribe the procedures for implementing the Order.
  • Ratification of the African Union Convention on Cyber Security and Personal Data Protection.
  • Service providers should not be compelled to disclose their subscribers’ information to law enforcement agencies except on the basis of a court order.
  • Amendment of the Order to emphasise the oversight role of courts during the processes of access, inspection, seizure, collection and preservation of data or tracking of data under section 9.

Read the full analysis here.

16Nov

The Disproportionate Exclusion of Persons With Disabilities in Sub-Saharan Africa

Author CIPESA Posted on

By Evelyn Lirri |

For Persons with Disabilities, access to Information and Communication Technologies (ICT) can be an enabler for social and economic inclusion. Yet across Africa, despite the various laws and policies that have been passed and adopted by countries, persons with disabilities continue to lag behind in terms of access and use of digital tools.

Barriers such as low levels of ICT skills, high illiteracy levels, poverty and the high cost of assistive technologies such as screen readers, screen magnification software, text readers, and speech input software, and digital inaccessibility of websites and mobile applications and services are shared across Sub-Saharan Africa. These barriers are often accompanied by limited clarity on what actions are being taken by states and companies to address these gaps.

The digital inclusion of marginalised and vulnerable communities was among the issues discussed at the September 2021 Forum on Internet Freedom in Africa (FIFAfrica). In a panel discussion titled Technology and Disability, various speakers noted that persons with disabilities continue to face numerous barriers that have prevented them from fully benefiting from the opportunities that technology enables, including access to crucial information and services such as education and health, civic engagement, and employment.

Speaking at the Forum, disability rights activist Clodoaldo Castiano from the Forum of Disabled Persons Organisation in Mozambique noted that despite the country being a signatory to the UN Convention on the Rights of Persons with Disabilities (CRPD), it has not set a specific agenda to enable ICT accessibility. The CRPD requires states to undertake measures which ensure that persons with disabilities have access to ICT, including assistive technologies and resources to realise the right to access.

“Although we have ratified the CRPD, the government has not been able to define a specific legal and policy agenda to address the obligations of the Convention,” said Castiano, adding that ICT accessibility for persons with disabilities also remains largely unregulated. He further added that although Mozambique has a Universal Access Fund, it does not include programmes that benefit persons with disabilities.

Some countries are, however, trying to put more effort into addressing the disability digital divide. Uganda’s State Minister for Disability Affairs, Hellen Grace Asamo, noted that the country has introduced a number of initiatives to support the promotion, inclusion and accessibility of ICT tools for persons with disabilities. In addition to laws such as the Persons with Disabilities Act, 2020 which recognise the rights of persons with disabilities, the Ministry of ICT and National Guidance has drafted the ICT and Disability Policy as an intervention to close gaps in the use of ICT by persons with disabilities.  Furthermore, the Uganda Communications Commission (UCC) has made it a requirement for television stations to have sign language interpreters to facilitate access and inclusion of people with hearing impairment.

“In Uganda where we have 16 per cent of people living with a form of disability, it is critical that we have programmes that ensure they are not left out. We have made available access to Braille and we are working to ensure that all government Ministries, Departments and Agencies (MDAs) have sign language interpreters,” said the minister.

The discussion also noted that the Covid-19 pandemic had amplified the gaps in digital access for marginalised and vulnerable communities including persons with disabilities. This resonated with a CIPESA report, ‘Access Denied: How telcom operators in Africa are failing persons with disabilities’ which investigated how operators have made minimal efforts in addressing the needs of consumers who are also persons with disabilities.

Across the world, the pandemic forced many activities to go online which disproportionately affected persons with disabilities especially in developing countries where it only served to further alienate them from access to information, public health updates and online civic participation. In countries where data costs are high, the drop in economic activity also  served to further isolate the community from accessing the internet due to prohibitive costs.

Despite progressive legislative efforts in some countries, while a number of laws and policies have been enacted in various African countries to ensure access to services for persons with disabilities, their implementation continues to lag behind. This, coupled with the lack of awareness by persons with disabilities of their rights has made it difficult for them to demand for ICT-friendly and affordable services.

Robert Nkwangu, the Executive Director of the Uganda National Association of the Deaf, spoke to this issue.  “Majority of people with disabilities have not gone to school and many do not know their rights. Similarly, digital rights are not seen to them as a challenge because they don’t know,” he said. “We need to do more capacity building of members to give them a firm ground to demand for what is rightfully theirs.”

To address these challenges, participants at the Forum acknowledged that increased domestic funding by governments for digital innovations that support people with disabilities will be critical.  This echoes recommendations in a CIPESA report which called for the relevant government agencies such as communication regulators and consumer protection units to enforce legislation on accessible communication products and services. The report also called for more vigilance in enforcing implementation of national disability laws, codes of practice, consumer rights regulations, and ICT and disability policies. More vigilance is also needed in monitoring compliance to avoid empty claims when in reality products and services are still inaccessible.

21Oct

Policy Brief: How African States Are Undermining the Use of Encryption

Author CIPESA Posted on

By Lillian Nalwoga |

Encryption enables internet users to protect their data and communications from unauthorised access. Accordingly, anonymity and the use of encryption in digital communications are key enablers of citizens’ enjoyment of the right to privacy.

Worryingly, many African countries have passed legislation that limits anonymity and the use of encryption, purportedly to aid governments’ efforts to combat terrorism and crime. Other governments in the region limit the use of encryption to enable them to monitor the communications of critical journalists, human rights defenders, and opposition politicians.

In commemoration of the inaugural Global Encryption Day, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has published a policy brief that highlights restrictions to encryption and what needs to be done by governments in Africa to promote the use of encryption. The brief shows that encryption laws and government practices in several countries undermine the privacy rights of citizens, which in turn hampers their right to free expression and to secure use of digital technologies.

The importance of the right to anonymity in the digital era has been recognised in the Declaration of Principles on Freedom of Expression and Access to Information in Africa of the African Commission on Human and Peoples’ Rights. Principle 40(3) provides that: “States shall not adopt laws or other measures prohibiting or weakening encryption, including backdoors, key escrows, and data localisation requirements unless such measures are justifiable and compatible with international human rights law and standards.”

However, encryption is under threat from governments in Africa, as indeed in other parts of the world. Among the concerns cited by the brief are legislation and regulations that require registration and licensing of encryption service providers before they can offer cryptographic services. This is the case in Benin, Chad,  Cameroon, Congo Brazzaville, Democratic Republic of Congo (DR Congo), Ethiopia, Guinea, Ivory Coast, Malawi, Mali, Morocco, Senegal, South Africa, Tanzania, Tunisia and Zambia, among others. Offering encryption services without a license attracts penalties, as does failure to hand over secret encryption codes to state authorities, or using prohibited encryption tools.

Encryption in Africa

The requirement for registration of encryption services providers makes it easy for regulators and other government agencies to access information held by these service providers, including decryption keys and encrypted data. This undermines best practices which require governments to reject laws, policies, and practices that limit access to or undermine encryption and other secure communications tools and technologies. 

Further, the brief points to how governments in Africa prohibit the use of some types of encryption and require disclosure to regulators of the characteristics of cryptology. Crucially, governments should not prohibit the use of encryption by grade or type. Further, governments should not mandate insecure encryption algorithms, standards, tools, or technologies. 

Meanwhile, laws on interception of communications across the continent including in Benin, Cameroon, Chad, Ivory Coast, Malawi, Mali, Niger, Nigeria, Rwanda, Senegal, Tanzania, Togo, Tunisia, Uganda, Zambia and Zimbabwe require communication service providers to put in place mechanisms, including the installation of software, which facilitates access and interception of communications by state agencies. Indeed, state agencies in several countries can request for decryption of data held by service providers, which poses a big concern. 

For instance, Zimbabwe’s Interception of Communications Act requires cryptography services providers to decrypt data at judicial authorities’ request or provide them with the codes allowing the decryption of data they have encrypted (article 78). Section 11(1)(d) permits security agents to demand that information is decrypted before it is handed to them, where the disclosure is necessary for national security, to prevent or detect a severe criminal offense, or in the interests of the country’s economic well being. Failure to comply is punishable with up to five years’ imprisonment, a fine not exceeding USD 373, or both. Similar provisions are found in the laws of several other countries.

Such compelled assistance from service providers has been reinforced with mandatory SIM card registration of phone users around the continent, as well as data localisation requirements amidst ineffective safeguards.

 In some countries, if the private communications of human rights defenders and opposition politicians fall into the hands of state agencies, the consequences can be dire. The brief cites Rwanda, where the private communications of musician Kizito Mihigo, opposition leader Diane Rwigara, and two former army officers were used in their separate prosecutions. In Ethiopia, the Zone 9 bloggers were detained and prosecuted, among others, for using encrypted communications.

Meanwhile, Uganda instituted a ban on use of Virtual Partial Networks (VPNs) in the face of internet taxes and network disruptions. For its part, Zimbabwe barred telecom operator Econet Wireless from introducing the Blackberry Messenger service, which provided encrypted messaging, arguing that it contravened the southern African country’s interception of communications law which bars provision of services which the communications regulator can not intercept. Another example cited is Mauritius, which this year attempted to introduce a controversial lawful interception mechanism that would decrypt and re-encrypt all social media traffic. 

In light of the above concerns, the CIPESA brief is urging governments to repeal or amend provisions that place undue restrictions on the use of encryption tools; cease blanket compelled service providers and intermediary assistance to state agents and instead provide for clear and activity-bound assistance; and enact data protection and privacy laws that robustly promote the use of strong encryption. 

The full brief can be accessed here.

12Oct

Will Our Human Rights and Freedoms and a Free and Open Internet be the Next Victims of Cybercrime?

Author CIPESA Writer Posted on

Manifesto Launch |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has joined civil society organisations and industry in a rally against the potential threat of cybercrime on human rights and freedoms as well as the open internet.

Day-by-day the effects of cybercrime continue to get worse. Although something clearly needs to be done, there is growing concern that any efforts to tackle this modern scourge come at the expense of fundamental human rights and that they threaten the open and free internet.

As countries are considering their input to the United Nations ahead of the scheduled January negotiations on a Cybercrime Convention, the CyberPeace Institute and the Cybersecurity Tech Accord have brought together a range of stakeholders to publish the Multistakeholder Manifesto on Cybercrime. The principles outlined in the Manifesto should be at the heart of any cybercrime legislation and to guide the negotiating process.

The Manifesto is supported by over 50 members of civil society, industry organizations (such as the Center for Democracy and Technology, World Wide Web Foundation, Cyber Threat Alliance, and Derechos Digitales) and individuals. Signatories to the Manifesto want to also ensure that any cybercrime convention preserves and upholds basic human rights and freedoms guaranteed under existing international UN and other treaties.

“Today, industry and civil society are coming together through a Multi-Stakeholder Manifesto on Cybercrime which provides a set of principles to guide governments in their negotiations at the United Nations” says Klara Jordan, Chief Policy Officer at the CyberPeace Institute. 

In the build up to the convention negotiations, this Manifesto is an urgent appeal to all UN member states, UN agencies, and others involved in the current process, to address concerns regarding the draft and align their submissions with the Manifesto.

The Manifesto also highlights the importance of ensuring cybercrime perpetrators are held accountable for their actions: “In an area as opaque as cyberspace, public-private partnerships are often an indispensable tool to gain insights into evolving cyber threats and those behind them,” said Annalaura Gallo, Head of Secretariat, Cybersecurity Tech Accord. “A new Cybercrime Convention should establish clear mechanisms for states to reduce the operating space for criminals,” added Annalaura Gallo

The Manifesto also tackles the challenges inherent in the current UN process, in particular the lack of multistakeholder participation. “We are concerned about the lack of consultation, inclusion and involvement of stakeholders from across civil society and industry”, said Klara Jordan, adding: “The participation of civil society entities is crucial to ensure that the impact of these crimes on society is properly taken into account.” “The technology industry is ready to offer its expertise and input to UN states in the upcoming negotiations on cybercrime. We hope that our input will be sought more consistently than has been the case in the past in discussions involving the security of our internet ecosystem,” emphasized Annalaura Gallo.

*********

About the CyberPeace Institute: Headquartered in Geneva, Switzerland, the CyberPeace Institute is a nongovernmental organization whose mission is to reduce the harms from cyberattacks on people’s lives worldwide, provide assistance to vulnerable communities and call for responsible cyber behaviour, accountability and cyberpeace.

About the Cybersecurity Tech Accord: The Cybersecurity Tech Accord is a coalition of over 150 technology companies committed to advancing peace and security in cyberspace. The group’s mission revolves around four foundational principles: strong defense, no offense, capacity building and collective response.

27Sep

Africa Law Tech Festival 2021: CIPESA Underscores Strategies to Cutting Through Common Emerging Barriers To Access To Justice Despite the Covid-19 Pandemic

Author CIPESA Posted on

By the Lawyers hub |

At the onset of the COVID-19 pandemic, governments across Africa implemented measures to curb the spread of the virus that greatly disrupted judicial processes, slowing down access to justice. Such measures include suspension of all in- person court activities like mentions, hearings and appeals as well as execution of court judgements. Gradually, courts looked to adopting technological measures to aid in the delivery of justice; measures which despite the noble intentions, had to be grounded in law. 

These developments informed the Collaboration on International ICT Policy for East and Southern Africa (CIPESA)’s masterclass at the second edition of the Africa Law Tech Festival, a five-day annual conference that convenes different stakeholders in Africa to deliberate on digital policy issues. In line with this year’s theme, ‘Digital Policy for Economic Growth’, the class explored The Role of Lawyers and Courts digital access to Justice amidst the Covid 19 Pandemic. CIPESA affirmed that for many African countries, the basis for e-justice can be founded on the supreme law- the Constitution. In July 2020, the Supreme Court of Nigeria ruled in favour of virtual courts and  dismissed suits by Lagos and Ekiti States in which they sought to have virtual courts declared unconstitutional and null and void. 

Since the emergence of COVID-19, the African Judicial system has greatly changed. Courts have developed guidelines and practice notes for development of virtual courts and adopted online case management systems. As at December 2020, at least 20 African states had adopted e-filing and e-service and incorporated virtual hearings. Despite these successes, there are various challenges inhibiting the growth and adoption of virtual courts in Africa including:

The costs of acquisition of hardware and software needed for virtual courts. Africa has the lowest internet penetration rate caused by high cost of services and connectivity devices. In 2020, the Alliance for Affordable Internet reported that Africa had the least affordable smart devices globally costing about 62.8% of individual monthly income. Unaffordable devices raise the cost of connectivity for most Africans, pushing many offline. Conversely, those offline are not able to effectively utilize and participate in virtual courts, thus limiting access to justice. In Uganda, the judiciary obtained support from the UNDP to purchase zoom licenses. In Kenya, the judiciary partnered with the Ministry of ICT to acquire licenses for teleconferencing facilities and technical officers to provide support in respective court stations. 

Africa’s increasing digital divide has further degenerated access to justice. The International Telecommunication Union reports that Africa has the lowest percentage of persons using the internet globally. Moreover, urban areas have twice as much home internet access than rural areas. Despite having internet access, the reliability may be affected by constant power outages. Other justice actors like prisons would also need to be meaningfully connected. Previous efforts to implement the e-filling system and virtual courts by the judiciary in Kenya were slowed down due to lack of digital infrastructure and unreliable electricity in courts. As the adoption of virtual courts becomes widespread, it is crucial to ensure accessibility for all by addressing issues of digital infrastructure, device and broadband affordability otherwise justice would be discriminatory and a violation of their right to access to justice. 

Law and policies regulating the internet are not favourable. For instance, taxation of the internet leads to high data costs which in most cases aggravates digital exclusion. In 2021, Uganda replaced the unpopular social media tax of 200 shillings (USD 0.02) by introducing a 12% excise duty on the internet. In 2018 Zambia introduced a daily tax of USD 0.03 on internet voice calls following research that 80% of the citizens were using internet voice calls like WhatsApp, Skype and Viber. Recently, Kenya raised excise duty on internet services by from 15% to 20% further raising the cost of internet.  Such tax raises the cost of the internet, decreasing affordability for most citizens. Limitation on access and usage stifles innovation and ultimately access to justice as litigants would also be required to meet these high costs whether directly or indirectly. 

While digital security is important for a safe digital space, there has been a rise in cybercrimes during the COVID-19 pandemic. This includes malware that was previously dormant. The Communication Authority of Kenya reported a 152.9% increase in cybercrimes during the pandemic as cyber criminals exploit vulnerable computer systems. With recent cyberattacks in Uganda’s financial system as well as South Africa’s healthcare, there is concern over capacity to deal with cyberattacks given the sensitivity of judicial proceedings. Cyberattacks and crime are usually associated with a chilling effect on the use of digital platforms.

Meanwhile lack of the required digital skills pose a challenge to use of ICTs. While the goal remains to leave no one in Africa offline, African participation may be hindered by lack of digital skills. According to a study by the International Finance Corporation, by 2030,  over 200 million jobs in Africa will require digital skills. This means that Africans should strive to have the basic skills required that allows for full participation in virtual court system such as the filing of documents or attendance of virtual hearings. This is especially so in critical times like the pandemic where isolation could cause one to be away from those with the digital skills.   

From the aforementioned highlights, it is necessary to undertake practice measures that harness access and use of technology for justice. This would in turn lead to maximization of the benefits of e-justice. Similarly, governments should undertake a favourable licensing policy and legal frameworks that encourage investment and connectivity in ICTs. 

1 11 12 13 14 15 17