Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Human rights

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Human rights
24May

CIPESA Submission to the ACHPR on Ratification of the African Protocol on Disability Rights

Author Evelyn Lirri Posted on

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has made a submission to the Africa Commission on Human and People’s Rights (ACHPR) on the situation and issues on the continent that have a critical human rights dimension for persons with disabilities in the context of ICT. In the submission made in April 2022 and addressed to the Working Group on the Rights of Older Persons and People with Disabilities in Africa, CIPESA reiterates the urgent need for member states to ratify the  Protocol to the African Charter on Human and People’s Rights of Persons with Disabilities in Africa so that it comes into force.

CIPESA notes that four years after its adoption, the Protocol has been signed by less than a dozen countries and only two countries (Cameroon and Mali) have ratified it. For the protocol to come into force, at least 15 countries are required to ratify it.

“The adoption of the Protocol was a major step forward in protecting and advancing the rights of persons with disabilities, but the failure to sign and ratify it undermines these efforts,” submits CIPESA. The submission adds that, without a doubt, African governments must do more to ensure that persons with disabilities access and use digital technologies and that there is sufficient disaggregated data to inform programme interventions. Ratifying the protocol will be a major- but insufficient step in this direction.

In line with the Protocol’s provisions requiring State Parties to: put in place policy, legislative, administrative, and other measures to ensure persons with disabilities enjoy the right to access information (Article 24); ensure the systematic collection, analysis, storage and dissemination of national statistics and data covering disability to facilitate the protection and promotion of the rights of persons with disabilities (Article 32), CIPESA recommends that the Working Group prioritises and engages the Member States to:

  • Ratify the Protocol to the African Charter on Human and Peoples’ Rights on the Rights of Persons with Disabilities in Africa as a matter of utmost priority, and promote awareness of its content and the rights it protects.
  • States parties should issue periodic reports to the African Commission, in accordance with Article 62 of the African Charter, on legislative and other measures undertaken for the full realisation of the rights of persons with disabilities.
  • Enhance the development, implementation, and enforcement of relevant and enabling national policies and legislation on accessible communication products and services such as disability laws, Codes of Practice, consumer rights regulations, and ICT and disability policies.
  • Offer tax exemptions and incentives for innovation as well as investment in assistive devices and software tailored to the needs of persons with disabilities.
  • Promote the awareness of, and access of persons with disabilities to specialist devices and technologies such as manual Perkins Brailler, hand-held magnifiers, hand frames/slates and communication boards, screen readers, text-to-speech software, and Augmentative and Alternative Communication (AAC).
  • Promote meaningful participation of persons with disabilities in decision-making and policy development processes at national and regional levels through affirmative action and other efforts that promote fair representation.
  • Ensure that information on emergencies such as the COVID-19 pandemic, conflicts/wars, and natural calamities, is inclusive and provided in accessible and appropriate formats and languages, whether it is in SMS, audio, visual or document form.
  • Ensure the systematic collection, analysis, storage, and dissemination of national statistics and data covering disability to increase the availability of high-quality, timely, and reliable disaggregated data by disability, in order to facilitate the protection and promotion of the rights of persons with disabilities. The statistics and data should be disseminated in formats accessible to persons with disabilities.
  • Promote multi-stakeholder cooperation between governments, the private sector, civil society, and other relevant actors to promote the rights of persons with disabilities in accordance with the Protocol.

Read CIPESA’S full submission here. 

22Apr

Advancing Internet Freedom in Africa Through the Universal Periodic Review: Lessons and Gaps

Author CIPESA Posted on

By CIPESA Staff Writer |

Since its establishment in 2006, the Universal Periodic Review (UPR) has provided a unique process for reviewing the human rights records of all United Nations (UN) Member States. Over the years, however, there has been limited participation by African civil society in the review process. In particular, there is limited work by African actors to promote internet freedom through this process.

Accordingly, since 2018, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), Small Media Foundation and a coalition of regional partners have been working to support civil society organisations across Africa to engage with the UPR process through capacity development in research and advocacy. The project has made up to 16 UPR submissions on digital rights in Africa with a focus on the Democratic Republic of Congo, Ethiopia, the Gambia, Kenya, Liberia, Malawi, Mozambique, Namibia, Nigeria, Rwanda, Senegal, Sierra Leone, South Sudan, Tanzania, Uganda and Zimbabwe

To further concretise CIPESA and Small Media’s efforts, a survey was commissioned to gauge the awareness, engagement and existing capacities of stakeholders in relation to the UPR process and their development needs with regard to UPR advocacy, campaigning, and research. Conducted between July 2019 and December 2021, the survey recorded a total of 134 respondents from all 16 countries on which CIPESA, Small Media and partners made UPR submissions focused on digital rights. The respondents included activists, academics, diplomats, lawyers, journalists, government officials, development actors, and civil society organisations. 

The survey found that there is limited participation by African civil society in the UPR process despite the review process providing a framework within which activists and human rights defenders can lobby and hold governments to account to promote internet freedom. The number of internet freedom-related submissions on Africa is still small though growing, which is a reflection of the low number of actors conducting internet freedom work and participating in UPR reviews. 

While there is a relatively high level of awareness of the existence of the UPR process, partly the result of training efforts by various organisations in recent years, the level of knowledge about the process is limited. Similarly, the level of participation in the review is moderate, with only 27% having taken part in national consultations and one in four having participated in submission of stakeholder reports. It is also noteworthy that even for those processes that many respondents had participated in, such as stakeholder submissions, those efforts were often led by entities based outside the continent. Only one third of respondents had ever received UPR-related capacity development.

The survey findings indicate the need for skills and knowledge development in UPR engagement including advocacy and follow-up on recommendations; making stakeholder submissions; and participating in national consultations and review sessions. Further, it is crucial to capacite legacy human rights organisations to embrace digital rights work. Other skills development needs identified included data collection; analysis and report writing to feed into submissions; stakeholder engagement; and diplomacy and international negotiations. 

Specifically on digital rights, skills building in understanding the legal and regulatory environment for the digital sector at national, regional and global levels, as well as coalition building strategies, and communications for advocacy, were identified. Other skills needed included digital security for human rights  defenders; knowledge of the full range of the UN Human Rights Mechanisms; and crafting human rights policy recommendations.

In line with the capacity gaps identified by the survey, CIPESA and Small Media convened CSOs, activists and human rights defenders from the 16 countries for a three days workshop on UPR advocacy and coalition building for digital rights. The workshop, which was held in Kampala, Uganda on March 20-22, 2022, featured sessions on local engagement and mobilisation, international and regional legal frameworks, researching digital rights and identifying policy issues, campaign and advocacy planning and impact communications, among others.  

Speaking at the opening of the workshop, CIPESA’s Programme Manager Ashnah Kalemera stated that the training sought to capacitate organisations to more effectively leverage the UPR for advancing digital rights. “Increasing African-based organisations’ participation in the UPR, national level uptake and follow up on recommendations by governments requires growing skills and engendering collaboration among stakeholders,” said Kalemera.

The workshop builds on CIPESA’s multi-country efforts in building skills and knowledge in collaborative internet policy research, research methods, communicating research, and data-driven advocacy, among others, towards a free, open and secure internet in Africa.

See the Internet Freedom and UPR in Africa Survey report here.

15Apr

CIPESA Makes Submission to the OHCHR on Human Rights in the Tech Sector

Author CIPESA Posted on

Submission |

The Collaboration on International ICT Policy for East & Southern Africa (CIPESA) has made submissions to the Office of the United Nations High Commissioner for Human Rights (OHCHR) on how businesses in the technology sector can improve the observance of human rights. 

The submissions, made in February 2022 in response to a call for inputs on the application of the United Nations Guiding Principles on Business and Human Rights (UNGPs) to the activities of technology companies, will feed into a report the OHCHR will submit to the Human Rights Council in June 2022. 

Below is a summary of CIPESA’s submission.

Emerging Trends

The digital age presents new challenges and ways of working that necessitate a review of how the UNGPs can be applied in the technology sector. Increasingly, states have become purchasers of digital technologies from technology companies to facilitate the implementation of various national programmes which present previously unforeseen risks to privacy as they facilitate mass surveillance. Commonly implemented national programmes posing threats to individual privacy include national digital identification systems, voter registration using digital biometric systems, mandatory SIM card registration, smart cities programmes, and installation of national video surveillance (CCTV) programmes integrating facial recognition systems.

Furthermore, digital technologies have fallen prey to retrogressive legal measures undertaken by states. Across Africa, countries have enacted legislation which compel telecommunications service providers to embed capability within their systems to facilitate the interception of communications by state security agencies, and the state acquisition of software and hardware equipment to facilitate surveillance and interception. 

In addition, some states have taken advantage of digital tools to carry out cyber attacks, censor online content, disseminate propaganda and disinformation. Moreover, many African governments have adopted laws limiting anonymity and the use of encryption.

Pressure on tech companies

Some governments continue to apply undue pressure on technology companies including social media platforms to provide personal information, take down content, and shut down the internet. Others have adopted repressive legislation to control the spread of information on social media, or to regulate internet intermediaries by placing undue liability on them for content on their platforms. During the Covid-19 pandemic, states developed various contact tracing systems and applications without adequate legal frameworks, or an assessment of the human rights impact of the applications. Also, state responses to hold companies accountable remain ad hoc, fragmented and not aligned with international standards.

Questionable company practices
Across the continent, social media, online search, fintech and advertising companies have adopted business models that are based on surveillance capitalism and thus continue to threaten the privacy of users, in some cases without users’ explicit knowledge or consent. Further, social media platforms have also contributed to the spread of harmful content online, which companies have failed to take effective measures to address. Also, social media content policies do not always adopt definitions of content that are rights-respecting, and their practices around content moderation are problematic. Content is often moderated using automated systems which lack local context, are discriminatory and embed bias.

Moreover, some platforms’ practices around content takedowns remain inaccessible, their content policies are not uniformly applied, and redress mechanisms do not always apply the rules of natural justice. In addition, some companies have continued to develop and sell surveillance technology to autocratic governments on the continent, which is subsequently used against human rights activists, government critics, and opposition leaders, which further exacerbates risks to human rights.

Trade of privacy for business continuity

The total sum of the government measures coupled with the pressure imposed on tech sector players is continent-wide trade of privacy for business continuity by technology companies. This is commonly seen in state surveillance through electronic technologies, including interception of communications, hacking of information of target persons especially political dissidents, activists and human rights defenders. The tech sector has, however, not done enough to ensure that individual privacy is guaranteed for their customers. 

In a continent where strong privacy laws remain scanty, the increased usage of online platforms and social media in the absence of adequate safeguards and oversight over companies remains a critical risk for privacy rights. The enjoyment of human rights and freedoms, especially freedom of expression and  access to information, association, assembly and movement have sharply declined.

Recommendations

Addressing human rights risks in business models:

  • The commitment to respect human rights as envisaged by the UNGPs  should be integrated at all levels in the company hierarchy and embedded across all its functions and processes.
  • Companies should take steps to mitigate risks within their existing business models, and continuously innovate new business models that are rights-respecting.
  • There is a need for continued research to promote greater understanding of the human rights risks in technology business models on the continent. 
  • Multistakeholder engagement should be promoted as it is a critical avenue to promote shared understanding of the human rights risks and impacts of technology in Africa.

Human Rights Due Diligence and end-use

Companies should do the following:

  • Conduct due diligence to identify, prevent or mitigate risks of harmful impact on their business. The due diligence should be conducted from project design and development phase of new products, services and solutions, and thereafter periodically through the lifecycle including promotion, deployment, sale and use.
  • Assess and monitor the effectiveness of their responses to human rights risks, with results of

such assessments guiding decision-making.

  • Review their state clients’ human rights records and ensure they do not develop, sell or offer

them technology products, services or solutions that contribute to or result in adverse human

rights impacts.

Accountability and remedy 

  • Companies should be transparent and accountable in how they address their human rights impact. Such transparency and accountability can be enhanced through periodic reporting to external stakeholders including through public reports.
  • Create platforms and avenues for engagement, information sharing and feedback between technology companies and various stakeholders.  
  • Implement credible and effective complaints reporting and handling mechanisms.
  • Companies should put in place measures to monitor and promote rights-respecting and responsible business practices and culture, and to remedy and mitigate adverse impacts caused by their actions.

The State’s duty to protect

  • Put in place administrative, policy, legislative, institutions to hold technology companies accountable for human rights violations, provide effective remedies for victims of rights violations related to technology, require companies to conduct due diligence and to have proper safeguards to protect the public from harm.
  • Develop laws, policies, regulations, standards, and guidance, including at the regional level to embed and ensure responsible business practices by technology companies and greater respect for human rights in the digital context.
  • Take measures to promote the use and adoption of digital technologies and address the growing digital divide, including by removing barriers to internet access and digital technologies.

See the full submission here.

28Feb

CIPESA Joins over 125 Organisations and Academics In Submitting Letter to the UN Ad Hoc Committee on Cybercrime

Author CIPESA Writer Posted on

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has joined over 125 organisations and academics who work to protect and advance human rights, online and offline in submitting a letter to the United Nations Ad Hoc Committee on Cybercrime. The letter stresses that the process through which the Ad Hoc Committee does its work includes robust civil society
participation throughout all stages of the development and drafting of a convention, and that
any proposed convention include human rights safeguards applicable to both its substantive and
procedural provisions. The first session of the Ad Hoc Committee, which was scheduled to begin on January 17, 2022, has been rescheduled to begin on February 28, 2022, due to the ongoing situation concerning the coronavirus disease. See the full letter below.

————————————————————————————————————————————-

December 22, 2021

H.E. Ms. Faouzia Boumaiza Mebarki

Chairperson

Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes

Your Excellency,

We, the undersigned organizations and academics, work to protect and advance human rights, online and offline. Efforts to address cybercrime are of concern to us, both because cybercrime poses a threat to human rights and livelihoods, and because cybercrime laws, policies, and initiatives are currently being used to undermine people’s rights. We therefore ask that the process through which the Ad Hoc Committee does its work includes robust civil society participation throughout all stages of the development and drafting of a convention, and that any proposed convention include human rights safeguards applicable to both its substantive and procedural provisions.

Background

The proposal to elaborate a comprehensive “international convention on countering the use of information and communications technologies for criminal purposes” is being put forward at the same time that UN human rights mechanisms are raising alarms about the abuse of cybercrime laws around the world. In his 2019 report, the UN special rapporteur on the rights to freedom of peaceful assembly and of association, Clément Nyaletsossi Voule, observed, “A surge in legislation and policies aimed at combating cybercrime has also opened the door to punishing and surveilling activists and protesters in many countries around the world.” In 2019 and once again this year, the UN General Assembly expressed grave concerns that cybercrime legislation is being misused to target human rights defenders or hinder their work and endanger their safety in a manner contrary to international law. This follows years of reporting from non-governmental organizations on the human rights abuses stemming from overbroad cybercrime laws.

When the convention was first proposed, over 40 leading digital rights and human rights organizations and experts, including many signatories of this letter, urged delegations to vote against the resolution, warning that the proposed convention poses a threat to human rights.

In advance of the first session of the Ad Hoc Committee, we reiterate these concerns. If a UN convention on cybercrime is to proceed, the goal should be to combat the use of information and communications technologies for criminal purposes without endangering the fundamental rights of those it seeks to protect, so people can freely enjoy and exercise their rights, online and offline. Any proposed convention should incorporate clear and robust human rights safeguards. A convention without such safeguards or that dilutes States’ human rights obligations would place individuals at risk and make our digital presence even more insecure, each threatening fundamental human rights.

As the Ad Hoc Committee commences its work drafting the convention in the coming months, it is vitally important to apply a human rights-based approach to ensure that the proposed text is not used as a tool to stifle freedom of expression, infringe on privacy and data protection, or endanger individuals and communities at risk.

The important work of combating cybercrime should be consistent with States’ human rights obligations set forth in the Universal Declaration of Human Rights (UDHR), the International Covenant on Civil and Political Rights (ICCPR), and other international human rights instruments and standards. In other words, efforts to combat cybercrime should also protect, not undermine, human rights. We remind States that the same rights that individuals have offline should also be protected online.

Scope of Substantive Criminal Provisions

There is no consensus on how to tackle cybercrime at the global level or a common understanding or definition of what constitutes cybercrime. From a human rights perspective, it is essential to keep the scope of any convention on cybercrime narrow. Just because a crime might involve technology does not mean it needs to be included in the proposed convention. For example, expansive cybercrime laws often simply add penalties due to the use of a computer or device in the commission of an existing offense. The laws are especially problematic when they include content-related crimes. Vaguely worded cybercrime laws purporting to combat misinformation and online support for or glorification of terrorism and extremism, can be misused to imprison bloggers or block entire platforms in a given country. As such, they fail to comply with international freedom of expression standards. Such laws put journalists, activists, researchers, LGBTQ communities, and dissenters in danger, and can have a chilling effect on society more broadly.

Even laws that focus more narrowly on cyber-enabled crimes are used to undermine rights. Laws criminalizing unauthorized access to computer networks or systems have been used to target digital security researchers, whistleblowers, activists, and journalists. Too often, security researchers, who help keep everyone safe, are caught up in vague cybercrime laws and face criminal charges for identifying flaws in security systems. Some States have also interpreted unauthorized access laws so broadly as to effectively criminalize any and all whistleblowing; under these interpretations, any disclosure of information in violation of a corporate or government policy could be treated as “cybercrime.” Any potential convention should explicitly include a malicious intent standard, should not transform corporate or government computer use policies into criminal liability, should provide a clearly articulated and expansive public interest defense, and include clear provisions that allow security researchers to do their work without fear of prosecution.

Human Rights and Procedural Safeguards

Our private and personal information, once locked in a desk drawer, now resides on our digital devices and in the cloud. Police around the world are using an increasingly intrusive set of investigative tools to access digital evidence. Frequently, their investigations cross borders without proper safeguards and bypass the protections in mutual legal assistance treaties. In many contexts, no judicial oversight is involved, and the role of independent data protection regulators is undermined. National laws, including cybercrime legislation, are often inadequate to protect against disproportionate or unnecessary surveillance.

Any potential convention should detail robust procedural and human rights safeguards that govern criminal investigations pursued under such a convention. It should ensure that any interference with the right to privacy complies with the principles of legality, necessity, and proportionality, including by requiring independent judicial authorization of surveillance measures. It should also not forbid States from adopting additional safeguards that limit law enforcement uses of personal data, as such a prohibition would undermine privacy and data protection. Any potential convention should also reaffirm the need for States to adopt and enforce “strong, robust and comprehensive privacy legislation, including on data privacy, that complies with international human rights law in terms of safeguards, oversight and remedies to effectively protect the right to privacy.”

There is a real risk that, in an attempt to entice all States to sign a proposed UN cybercrime convention, bad human rights practices will be accommodated, resulting in a race to the bottom. Therefore, it is essential that any potential convention explicitly reinforces procedural safeguards to protect human rights and resists shortcuts around mutual assistance agreements.

Meaningful Participation

Going forward, we ask the Ad Hoc Committee to actively include civil society organizations in consultations—including those dealing with digital security and groups assisting vulnerable communities and individuals—which did not happen when this process began in 2019 or in the time since.

Accordingly, we request that the Committee:

●  Accredit interested technological and academic experts and nongovernmental groups, including those with relevant expertise in human rights but that do not have consultative status with the Economic and Social Council of the UN, in a timely and transparent manner, and allow participating groups to register multiple representatives to accommodate the remote participation across different time zones.

●  Ensure that modalities for participation recognize the diversity of non-governmental stakeholders, giving each stakeholder group adequate speaking time, since civil society, the private sector, and academia can have divergent views and interests.

●  Ensure effective participation by accredited participants, including the opportunity to receive timely access to documents, provide interpretation services, speak at the Committee’s sessions (in-person and remotely), and submit written opinions and recommendations.

●  Maintain an up-to-date, dedicated webpage with relevant information, such as practical information (details on accreditation, time/location, and remote participation), organizational documents (i.e., agendas, discussions documents, etc.), statements and other interventions by States and other stakeholders, background documents, working documents and draft outputs, and meeting reports.

Countering cybercrime should not come at the expense of the fundamental rights and dignity of those whose lives this proposed Convention will touch. States should ensure that any proposed cybercrime convention is in line with their human rights obligations, and they should oppose any proposed convention that is inconsistent with those obligations.

We would be highly appreciative if you could kindly circulate the present letter to the Ad Hoc Committee Members and publish it on the website of the Ad Hoc Committee.

Signatories,*

  1. Access Now – International
  2. Alternative ASEAN Network on Burma (ALTSEAN) – Burma
  3. Alternatives – Canada
  4. Alternative Informatics Association – Turkey
  5. AqualtuneLab – Brazil
  6. ArmSec Foundation – Armenia
  7. ARTICLE 19 – International
  8. Asociación por los Derechos Civiles (ADC) – Argentina
  9. Asociación Trinidad / Radio Viva – Trinidad
  10. Asociatia Pentru Tehnologie si Internet (ApTI) – Romania
  11. Association for Progressive Communications (APC) – International
  12. Associação Mundial de Rádios Comunitárias (Amarc Brasil) – Brazil
  13. ASEAN Parliamentarians for Human Rights (APHR)  – Southeast Asia
  14. Bangladesh NGOs Network for Radio and Communication (BNNRC) – Bangladesh
  15. BlueLink Information Network  – Bulgaria
  16. Brazilian Institute of Public Law – Brazil
  17. Cambodian Center for Human Rights (CCHR)  – Cambodia
  18. Cambodian Institute for Democracy  –  Cambodia
  19. Cambodia Journalists Alliance Association  –  Cambodia
  20. Casa de Cultura Digital de Porto Alegre – Brazil
  21. Centre for Democracy and Rule of Law – Ukraine
  22. Centre for Free Expression – Canada
  23. Centre for Multilateral Affairs – Uganda
  24. Center for Democracy & Technology – United States
  25. Center for Justice and International Law (CEJIL) – International
  26. Centro de Estudios en Libertad de Expresión y Acceso (CELE) – Argentina
  27. Civil Society Europe
  28. Coalition Direitos na Rede – Brazil
  29. Código Sur – Costa Rica
  30. Collaboration on International ICT Policy for East and Southern Africa (CIPESA) – Africa
  31. CyberHUB-AM – Armenia
  32. Data Privacy Brazil Research Association – Brazil
  33. Dataskydd – Sweden
  34. Derechos Digitales – Latin America
  35. Defending Rights & Dissent – United States
  36. Digital Citizens – Romania
  37. DigitalReach – Southeast Asia
  38. Digital Rights Watch – Australia
  39. Digital Security Lab – Ukraine
  40. Državljan D / Citizen D – Slovenia
  41. Electronic Frontier Foundation (EFF) – International
  42. Electronic Privacy Information Center (EPIC) – United States
  43. Elektronisk Forpost Norge – Norway
  44. Epicenter.works for digital rights – Austria
  45. European Center For Not-For-Profit Law (ECNL) Stichting – Europe
  46. European Civic Forum – Europe
  47. European Digital Rights (EDRi) – Europe
  48. ​​eQuality Project – Canada
  49. Fantsuam Foundation – Nigeria
  50. Free Speech Coalition  – United States
  51. Foundation for Media Alternatives (FMA) – Philippines
  52. Fundación Acceso – Central America
  53. Fundación Ciudadanía y Desarrollo de Ecuador
  54. Fundación CONSTRUIR – Bolivia
  55. Fundacion Datos Protegidos  – Chile
  56. Fundación EsLaRed de Venezuela
  57. Fundación Karisma – Colombia
  58. Fundación OpenlabEC – Ecuador
  59. Fundamedios – Ecuador
  60. Garoa Hacker Clube  –  Brazil
  61. Global Partners Digital – United Kingdom
  62. GreenNet – United Kingdom
  63. GreatFire – China
  64. Hiperderecho – Peru
  65. Homo Digitalis – Greece
  66. Human Rights in China – China
  67. Human Rights Defenders Network – Sierra Leone
  68. Human Rights Watch – International
  69. Igarapé Institute — Brazil
  70. IFEX – International
  71. Institute for Policy Research and Advocacy (ELSAM) – Indonesia
  72. The Influencer Platform – Ukraine
  73. INSM Network for Digital Rights – Iraq
  74. Internews Ukraine
  75. InternetNZ – New Zealand
  76. Instituto Beta: Internet & Democracia (IBIDEM) – Brazil
  77. Instituto Brasileiro de Defesa do Consumidor (IDEC) – Brazil
  78. Instituto Educadigital – Brazil
  79. Instituto Nupef – Brazil
  80. Instituto de Pesquisa em Direito e Tecnologia do Recife (IP.rec) – Brazil
  81. Instituto de Referência em Internet e Sociedade (IRIS) – Brazil
  82. Instituto Panameño de Derecho y Nuevas Tecnologías (IPANDETEC) – Panama
  83. Instituto para la Sociedad de la Información y la Cuarta Revolución Industrial – Peru
  84. International Commission of Jurists – International
  85. The International Federation for Human Rights (FIDH)
  86. IT-Pol – Denmark
  87. JCA-NET – Japan
  88. KICTANet – Kenya
  89. Korean Progressive Network Jinbonet – South Korea
  90. Laboratorio de Datos y Sociedad (Datysoc) – Uruguay
  91. Laboratório de Políticas Públicas e Internet (LAPIN) – Brazil
  92. Latin American Network of Surveillance, Technology and Society Studies (LAVITS)
  93. Lawyers Hub Africa
  94. Legal Initiatives for Vietnam
  95. Ligue des droits de l’Homme (LDH) – France
  96. Masaar – Technology and Law Community – Egypt
  97. Manushya Foundation – Thailand
  98. MINBYUN Lawyers for a Democratic Society – Korea
  99. Open Culture Foundation – Taiwan
  100. Open Media  – Canada
  101. Open Net Association – Korea
  102. OpenNet Africa – Uganda
  103. Panoptykon Foundation – Poland
  104. Paradigm Initiative – Nigeria
  105. Privacy International – International
  106. Radio Viva – Paraguay
  107. Red en Defensa de los Derechos Digitales (R3D) – Mexico
  108. Regional Center for Rights and Liberties  – Egypt
  109. Research ICT Africa
  110. Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC) – Canada
  111. Share Foundation – Serbia
  112. Social Media Exchange (SMEX) – Lebanon, Arab Region
  113. SocialTIC – Mexico
  114. Southeast Asia Freedom of Expression Network (SAFEnet) – Southeast Asia
  115. Supporters for the Health and Rights of Workers in the Semiconductor Industry (SHARPS) – South Korea
  116. Surveillance Technology Oversight Project (STOP)  – United States
  117. Tecnología, Investigación y Comunidad (TEDIC) – Paraguay
  118. Thai Netizen Network  – Thailand
  119. Unwanted Witness – Uganda
  120. Vrijschrift – Netherlands
  121. West African Human Rights Defenders Network – Togo
  122. World Movement for Democracy – International
  123. 7amleh – The Arab Center for the Advancement of Social Media  – Arab Region

Individual Experts and Academics

  1. Jacqueline Abreu, University of São Paulo
  2. Chan-Mo Chung, Professor, Inha University School of Law
  3. Danilo Doneda, Brazilian Institute of Public Law
  4. David Kaye, Clinical Professor of Law, UC Irvine School of Law, former UN Special Rapporteur on Freedom of Opinion and Expression (2014-2020)
  5. Wolfgang Kleinwächter, Professor Emeritus, University of Aarhus; Member, Global Commission on the Stability of Cyberspace
  6. Douwe KorffEmeritus Professor of International LawLondon Metropolitan University
  7. Fabiano Menke, Federal University of Rio Grande do Sul
  8. Kyung-Sin Park, Professor, Korea University School of Law
  9. Christopher Parsons, Senior Research Associate, Citizen Lab, Munk School of Global Affairs & Public Policy at the University of Toronto
  10. Marietje Schaake, Stanford Cyber Policy Center
  11. Valerie Steeves, J.D., Ph.D., Full Professor, Department of Criminology University of Ottawa
14Dec

South Sudan’s Cybercrimes and Computer Misuse Order 2021 Stifles Citizens’ Rights

Author CIPESA Posted on

By Edrine Wanyama |

South Sudan has enacted the Cybercrimes and Computer Misuse Provisional Order 2021 aimed to  combat  cybercrimes. The country has a fast-evolving technology sector, with three mobile operators and 24 licensed internet service providers. Investments in infrastructure development have propelled internet penetration to 16.8% and mobile phone penetration to 23% of the country’s population of 11.3 million people, which necessitates a law to curb cybercrime.

The Order is based on article 86(1) of the Transitional Constitution of South Sudan 2011, which provides that when parliament is not in session, the president can issue a provisional order that has the force of law in urgent matters.

The Cybercrimes and Computer Misuse Order makes strides in addressing cybercrimes by extending the scope of jurisdiction in prosecuting cybercrimes to cover offences committed in or outside the country against citizens and the South Sudan state. The Order also establishes judicial oversight especially over the use of forensic tools to collect evidence, with section 10 requiring authorisation by a competent court prior to collecting such evidence. Furthermore, the Order attempts to protect children against child pornography (section 23 and 24), and provides for prevention of trafficking in persons (section 30) and drugs (section 31).

However, the Order is largely regressive of citizens’ rights including freedom of expression, access to information, and the right to privacy.

The Order gives overly broad definitions including of “computer misuse,” “indecent content,” “pornography,” and “publish” which are so ambiguous and wide in scope that they could be used by the state to target government opponents, dissidents and critics. The definitions largely limit the use of electronic gadgets and curtail the exercise of freedom of expression and access to information.

Article 22 of the Transitional Constitution of South Sudan 2011 guarantees the right to privacy. The country has ratified the International Convention on Civil and Political Rights (ICCPR) that provides for the right to privacy under article 17 and the African Charter on Human and Peoples Rights, whose article 5 provides for the right to respect one’s dignity, which includes the right to privacy. The Order appears to contravene these instruments by threatening individual privacy.

Despite a commendable provision in section 6 imposing an obligation on service providers to store information relating to communications, including personal data and traffic data of subscribers, for 180 days – a period far shorter compared to other countries – personal data is still potentially at risk. The section requires service providers and their agents to put in place technical capabilities to enable law enforcement agencies monitor compliance with the Order. With no specific data protection law in South Sudan and without making a commitment to the leading regional instrument, the African Union Convention on Cyber Security and Personal Data Protection, privacy of the citizens is at stake.

The section on offences and penalties lacks specificity on fines which may be levied on errant individuals or companies. On the other hand, some of the offences provided for under the Order potentially curtail freedom of expression and the right to information. For instance, the offence of spamming under section 21 could be interpreted to include all communications through online platforms including social media platforms like Facebook and WhatsApp. Under the provision, virtually all individuals who forward messages on social media stand the risk of prosecution. This also has a chilling effect on freedom of expression and the right to information.

The offence of offensive communication under section 25 potentially has a chilling effect on freedom of expression, media freedom and access to information. A similar provision under section 25 of the Computer Misuse Act, 2011 of Uganda has been widely misused to persecute, prosecute and silence political critics and dissidents. Section 25 of the South Sudan Cybercrimes Order could be used in a similar manner to target government critics and dissidents. 

In CIPESA’s analysis of the Order, we call for specific actions that could ensure the prevention of cybercrime while at the same time not hurting online rights and freedoms, including:

  • Deletion of problematic definitions or provisions from the Order.
  • Enactment of a specific data protection law to guarantee the protection of data of individuals.
  • Urgent drafting of rules and regulations to prescribe the procedures for implementing the Order.
  • Ratification of the African Union Convention on Cyber Security and Personal Data Protection.
  • Service providers should not be compelled to disclose their subscribers’ information to law enforcement agencies except on the basis of a court order.
  • Amendment of the Order to emphasise the oversight role of courts during the processes of access, inspection, seizure, collection and preservation of data or tracking of data under section 9.

Read the full analysis here.

1 14 15 16 17 18 21