Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Internet Freedom

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Internet Freedom
14Apr

Digital Democracy in Africa: What Has the Law Got to Do With It?

Author CIPESA Posted on

By Edrine Wanyama |

With digital freedoms continuing to take a hit amidst a wider democratic regression across Africa, the role of laws in curing what ails democracy in the region warrants scrutiny. In a number of countries, the laws that regulate how citizens use digital platforms and exercise their digital rights are retrogressive and fail to offer sufficient protection to citizens. Many of them are broadly worded, give extensive powers to state agencies to interpret the laws and to interfere with citizens’ rights.

In turn, the legal and regulatory framework has become central in shaping digital rights and digital democracy in Africa. Governments have enacted regressive and draconian laws that variously empower state agencies to limit the digital civic space. As a result, rights such as freedom of expression, access to information, and data privacy continue to come under threat due to the high-handed and often excessive control measures. 

In many countries laws have been weaponised to silence critics, notably those that use digital and social media to organise or express opinions critical of governments and state officials. Various laws are being used to arrest, persecute, detain and prosecute individuals over online communication, as have been witnessed in the Democratic Republic of Congo (DRC), Mozambique, Kenya, Rwanda, South Sudan, Tanzania, Uganda, Zambia, Zimbabwe and several other countries. These measures curtail press freedom and other digital rights that are at the root of democratic participation.

Laws that regulate state surveillance are among those that have a profound chilling effect on digital rights and citizen participation. Anonymous communication in the digital domain is crucial for citizens, journalists and political actors to operate without fear of reprisals, particularly in authoritarian countries. Yet the conduct of surveillance in the region is enabled by laws that give broad powers to state agencies to conduct surveillance amidst limited oversight and transparency, and strenuous demands on intermediaries to facilitate communications monitoring and interception.

Equally concerning is that various governments have weaponised disinformation laws to silence critical voices, rather than utilising them to counter the ills of disinformation. Similar to the purposes that state surveillance often serves, laws on countering disinformation have in many cases been used to target political critics.

In turn, those laws (which tend to be vague and ambiguous and fail to distinguish between disinformation or falsified information, making their enforcement open to the subjective interpretation of law enforcement agencies) are being used to stifle legitimate expression and to hamper access to critical and pluralistic information. This has been common in countries like Burkina Faso, Ethiopia, Kenya, Nigeria, Tanzania and Uganda where laws criminalising disinformation and false news, such as  those on computer misuse, are often deployed to silence government critics.

Governments have also relied on different laws to order internet disruptions, which create information blackouts, deny citizens their right to access information, associate and express themselves. Mostly ordered during elections and public protests, the network disruptions also undermine electoral credibility and hinder the ability of citizens to record and disseminate incidents of rights violations by security agencies and other actors.

Many observers around the continent, as well as the United Nations, have repeatedly urged states to refrain from ordering shutdowns, which they say are often not necessary or proportionate to address the threats that prompt governments to order them. However, such network disruptions continue unabated in parts of Africa, with governments and communications regulators citing various laws to justify them. According to the KeepItOn coalition, at least four of the region’s nine shutdowns during 2022 took place alongside reported human rights abuses, both in the context of violent crackdowns on protests and active conflict.

There are other ways still in which the law is undermining the protection of freedom of expression and access to information and data privacy. Many African countries have enacted access to information laws to facilitate public access to information in possession of the state. They include Kenya (enacted in 2016), Rwanda (2013), South Sudan (2013), Tanzania (2016), Uganda (2005), Malawi (2017), Mozambique (2014), and Zimbabwe (2020). On the other hand, countries like the DRC, Burundi, and Zambia do not have specific laws on access to information.

However, many of the existing laws have wide exemptions and limitations to the kinds of information that citizens can access. These limitations are primarily based on national security, official secrecy laws, individual privacy and confidentiality justifications. Proactive disclosure of information is rare in most countries, and information of vital importance to citizens is in short supply online. This undermines accountability and transparency of governments, which are key ingredients for citizen participation in democracy. 

At another level, proliferation of technology has led to a need to protect individual privacy. Previously, countries collected personal data in absence of enabling legislation, for such purposes as immigration, issuance of driving permits and SIM card registration. This has, in turn, necessitated the adoption of laws to protect privacy: Uganda (2019), Kenya (2019), Rwanda (2021), Tanzania (2022), South Africa (2013), Zambia (2021) and Zimbabwe (2021). Still, countries like South Sudan, DRC, Malawi, and Mozambique are yet to enact specific laws. 

Despite the adoption of laws, they generally fall short of the ideal practices. Many countries do not have independent data protection authorities and there is inadequate oversight and enforcement of personal data protection standards and mechanisms. Moreover, only 13 of Africa’s 55 countries have ratified the African Convention on Cyber Security and Personal Data protection. These are Algeria, Cape Verde, Congo Brazzaville, Ghana, Guinea, Mozambique, Mauritius, Namibia, Niger, Rwanda Senegal, Togo and Zambia. Reluctance to endorse this lead guiding instrument on data protection, privacy and cyber security is telling of countries’ commitment to respecting privacy.

Meanwhile, numerous data protection laws facilitate governments’ access to personal data without adequate safeguards, thereby enabling undue surveillance and interception of communications and unlawful use of private information. They fail to adequately regulate the mass collection of individuals’ personal data, including biometrics, for issuance of national identity cards, immigration documents, voters’ cards and driving permits. Furthermore, the laws often restrict the transfer of personal data outside national borders but do not put sufficient checks on governments’ access to this data.

Indeed, the place of the legal and regulatory framework in promoting and protecting fundamental freedoms was in focus at a regional convening on March 13-14, 2023, by the International Senior Lawyers Project (ISLP) in partnership with the Media Institute of Southern Africa (MISA) and Southern African Institute for Policy and Research (SAIPAR) in Harare, Zimbabwe. 

The workshop identified advocacy, capacity building, analysis of laws and proposed legislation, engagements with parliaments on law reform, and litigation at national and regional courts, as key to promoting the digital civic space. Yet, as CIPESA noted at the meeting, political interference, long periods taken to determine cases, and non-compliance of states with decisions of regional courts have hampered the effectiveness of litigation.

The convening made recommendations to governments, civil society, and the private sector:

  1. Governments
  • Sign and ratify key international human rights instruments on data protection and privacy especially the African Union Convention on Cyber Security and Personal Data Protection.
  • Ensure a favourable environment for the exercise and enjoyment of digital rights and freedoms by among others enacting progressive laws and repealing draconian legislation.
  • Promote accountability and transparency by proactively disclosing information in a timely manner and expeditiously responding to information requests from citizens.
  1. Civil Society, the Private Sector and Tech Communities
  • Jointly push for the amendment of regressive laws that undermine digital rights, and contribute to law-making processes by analysing bills and making proposals for reform, repeal or amendment. 
  • Advocate for compliance with the United Nations Guiding Principles on Business and Human Rights to ensure that violations of human rights are minimised in the course of doing business.
  • Engage in strategic and collaborative litigation to challenge all measures by governments which curtail digital rights and undermine digital democracy. 
  • Build capacity of stakeholders including the media and the general public to protect and promote digital rights and to demand accountability and transparency from governments and their agencies.
  • Use human rights monitoring mechanisms such as the Universal Periodic Review (UPR) to hold their states to account.
  • Advocate for states to ratify key human rights instruments such as the AU Convention on Cyber Security and Personal Data Protection.
06Feb

CIPESA, DefyHateNow Support Fact-Checking in South Sudan

Author CIPESA Posted on

By Emmanuel Bida Thomas |

Disinformation thrives in conflict situations and in the world’s youngest nation, South Sudan, years of political uncertainty have cultivated a severe information disorder. In the face of another postponement of elections, community peace building including through debunking disinformation is critical to the country being able to stave off hate speech and incitement to violence.

According to the United Nations Development Programme (UNDP), word-of-mouth remains the most prevalent source of information for the masses in South Sudan. However, with increased mobile and internet penetration, an explosion of user-generated content has created an environment where rumours fueled on social media take hold offline and become difficult to counter.

With support from the Africa Digital Rights Fund (ADRF), an initiative of the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), DefyHateNow has recently concluded a six-months knowledge and skills building project on countering disinformation and hate speech, complemented with digital rights and cybersecurity advocacy in South Sudan.

Leveraging the 211 Check and SafetyComm South Sudan platforms, monthly trainings on fact-checking, rights and safety online benefitted 98 content creators and civic actors.

I loved it. We would like it to be regular; it should be a module in South Sudanese schools like universities and training for professionals,” said a trainee.

Select training beneficiaries were awarded fellowships through which they received more in-depth training and applied the acquired fact-checking and digital rights advocacy skills as part of placements within 211 Check and SafetyComm teams.

The network that I have created as a result of this fellowship, both locally within the country and internationally, will help me to remain relevant and focused on fact-checking and digital rights.” –  A fellow and Program Manager at Junub Youth Action Network (JYAN).

The fellowship has empowered and equipped me a lot in fact-checking, both theoretically and practically, with hands-on tools. It has shaped and broadened my ability to confidently take on the tasks of fact-checking and research in the mis/disinformation paradigm.” – A fellow and student at the University of Juba.

In addition to the training and fellowships, four radio talk shows on Advance Youth Radio and two virtual meetups were hosted to raise wider awareness about disinformation and hate speech. Among the meetup guest speakers was an analyst from the National Communications Authority who presented on government efforts to establish a Computer Emergency Response Team (CERT). Discussions also explored the challenges related to the Computer Misuse Order 2021, with a representative from the telecom services provider MTN speaking about the company’s efforts to uphold data privacy and overcome fraud.

Moreover, together with Junub Open Space, a local National Nongovernmental Organisation (NNGO) in Juba, DefyHateNow hosted five editions of “Salaam Fi Bet” (Peace at Home), a community-centred discussion on trust circles for information verification. Up to 107 individuals (62% women) from five neighbourhoods in Juba attended the discussions.

DefyHateNow’s ADRF-supported project builds on initiatives spearheaded by UNDP to tackle Covid-19 related misinformation and the Sentinel Project, which addressed hate speech and misinformation at the peak of the civil war in the East African country. As the perpetrators, pathways and effects of false news and information manipulation online evolve, the need for continued education and empowerment remains preeminent. This project demonstrates that collaborative efforts in knowledge and skills building can contribute to equipping people with the tools and resources to keep communities safe.

20Jan

Capacitating Civil Society Actors to Advance Digital Rights in Africa

Author CIPESA Posted on

By Paul Kimumwe |

Internet freedom in Africa has been on the decline over the past years with several countries continually adopting repressive measures that curtail civil liberties. Many governments have embraced digital authoritarianism, which has resulted in criminalisation of speech online, internet disruptions, arrests and prosecution of social media users, and abuse of citizens’ data rights, thus undermining free expression and civic participation. 

Several governments have continually enhanced their technical capacity to intercept and monitor electronic communications, including through the installation of equipment and software or spyware that enable remote controlled hacking and eavesdropping, and deployment of video surveillance systems, some of which have facial recognition capabilities. These enhancements have been partly aided by introduction of regressive laws ostensibly to fight terrorism and to protect national order. 

Some control measures – such as trolling and cyberbullying – target critical democracy actors, including women human rights defenders (WHRDs) and journalists, and have far-reaching impacts on rights protection, including free expression, access to information and civic participation. Other measures, such as digital taxation, registration and licensing of online users, greatly undermine internet access and affordability and weaken the potential of digital technologies to catalyse free expression and civic participation.

These measures are worrying not only because they directly undermine citizens’ digital rights and their appetite for public participation but also because they endanger the safety of some critical democratic actors. Without adequate digital security capacity, activists and human rights defenders (HRDs) are not able to meaningfully undertake advocacy and engagements around human rights, transparent and accountable governance. Concerningly, digital security and safety skills are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply. In this brief we review some key intervention measures necessary to  grow the capacity of  civil society actors to navigate the rising digital authoritarianism and highlight CIPESA’s work in this regard.

Shrinking Civic Space

Recent years have seen an increase in the number of reported incidents of governments in the region cracking down on civil society organisations, especially those addressing human rights and social justice issues. Various illegal means, including physical assaults, arbitrary detention, torture, killings, intimidation and surveillance by security agencies, have been adopted to limit the rights to freedom of assembly, association, expression, and access to information.

The situation was exacerbated by measures adopted by national governments to curb the spread and mitigate the effects of the Covid-19 pandemic. The different measures including the clamp down on media platforms, intimidation, arrests, detention and prosecution, affected the work and operations of HRDss and civil society organisations (CSOs) in many countries. The ability of citizens to participate in civic matters and the conduct of public affairs were also eroded. Meanwhile, HRDs, journalists, activists, the political opposition, and ordinary citizens have been forced to self-censor, disengage from participating in public affairs, and refrain from exercising their rights to participate.

Limited Capacity of Civil Society Actors

Although there has been a growing number of civil society and justice actors responding to, and challenging government excesses, some of them have been hampered by lack of requisite knowledge, skills, and tools to engage in meaningful policy advocacy. There is also limited understanding of the linkages between Information and Communication Technologies (ICT), human rights and democracy and how government control measures undermine democratic participation.

According to Ashnah Kalemera, Programme Manager at CIPESA, advancing digital rights is a new phenomenon for most of the traditional human rights organisations in Africa, “with many still trying to understand the relationship between ICT and human rights, on top of dealing with an already hostile environment.” 

Through various interventions, CIPESA is building the capacity of different social justice organisations and equipping them with the requisite skills, including research, communicating digital rights, designing evidence-based advocacy campaigns, as well as digital resilience, especially how to cope with the increasing cyber attacks.

Findings from a 2017 joint research study conducted by Small Media, DefendDefenders, the Centre For Intellectual Property And Information Technology Law (CIPIT), and CIPESA showed that in Burundi, Rwanda, Tanzania, and Uganda, most CSOs failed to demonstrate a baseline of digital security knowledge and practices.

The study noted that although the internet and other ICT had empowered CSOs to engage with the public, share information, and advocate for citizens’ rights in sometimes challenging and closed political environments, it had also offered means and tools that regional state and non-state actors utilised to interfere with their work, surveil them, and censor their voices.

Similarly, an assessment CIPESA conducted in five countries during 2020 indicated a need to bolster capacity, organisational practices, and implementation of security and safety measures for social justice organisations and staff. It also found that skills and protections (software and hardware) were low and inadequate among many HRD organisations and individuals. 

Building Digital Resilience Among CSOs

In many countries in the region, skills in digital security and safety are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply. Without adequate digital security capacity, activists and HRDs are not able to meaningfully continue advocacy and engagements around human rights, transparent and accountable governance.

For several years CIPESA has provided digital security resilience including conducted training for civil society groups, HRDs and other democracy actors. Through the Level-Up programme, CIPESA has provided security support to 16 HRD organisations in Kenya, Ethiopia, Tanzania, South Sudan, and Uganda. 

The initiative helped to strengthen the participating entities’ organisational and information systems security capacity, entailed a Training of Trainers (ToT) component – which benefitted 19 individuals – to grow the network of individuals and organisations that offer digital security training and support to journalists, activists, and HRDs, and organisational security assessments. The training and support were delivered through innovative approaches to geographically distributed individuals that could not meet physically due to Covid-19 social distancing and travel restrictions.

The individuals trained in turn conducted safety and security training sessions which benefitted 120 staff of HRD organisations. The Level Up programme also conducted an assessment of organisational digital security needs and practices which informed the provision of hardware, software and security equipment to nine beneficiary organisations in four countries, and the development of organisational digital security policies.

“Several justice actors, both individuals and organisations, have fallen victims to cyber attacks, hacking, and online harassment, with some reporting loss of  their brand assets. It is therefore important to bolster their capacity, enhance their organisational practices, especially the implementation of security and safety measures related to digital and social media platforms usage by the organisations and their staff,” says Brian Byaruhanga, Technology Officer at CIPESA.

Supporting Impactful Digital Rights Advocacy and Communication

Digital rights advocacy and communication has become crucial in promoting human rights in Africa. Accordingly, CIPESA has over the years supported capacity development for CSOs, HRDs particularly WHRDs, and key duty bearers, to cultivate cross-country and cross-sectoral partnerships, and promoted joint advocacy and communications campaigns. 

In June 2022, CIPESA convened a regional advocacy and engagement training workshop in Lusaka, Zambia that brought together media, civil society and technology policy actors from 10 African countries – Ethiopia, Kenya, Malawi, Mozambique, Rwanda, South Africa, Uganda, Zambia, and Zimbabwe. The regional engagement equipped participants with a keen understanding of key digital rights trends in the region, alongside practical skills in impactful digital rights advocacy and communication.

Also in June 2022, CIPESA convened a digital rights policy advocacy webinar where participants shared their experiences, challenges and lessons learned in advocating for digital rights in Africa. Panelists were mainly drawn from the Africa Digital Rights Fund (ADRF) beneficiaries, a grant facility managed by CIPESA whose main purpose is to offer flexible and rapid response grants to select initiatives in Africa to implement activities that advance digital rights, including advocacy, litigation, research, policy analysis, digital literacy and digital security skills building 

In July 2021, CIPESA in partnership with the African Centre for Media Excellence (ACME), conducted an intensive training course on Digital Rights and Impact Communication for grantees of the ADRF. The training was preceded by a capacity and training needs assessment. The ADRF was launched in April 2019 to offer funding and capacity development to expand the pool of actors that advance digital rights in Africa, amidst rising digital rights violations.

These capacity building efforts serve to equip civil society actors with skills, knowledge, and tools to effectively engage in evidence-based advocacy as well as communicating digital rights issues. They inspire these actors to approach advocacy and communication systematically in order to increase the visibility of digital rights issues in different media and to promote public discussion of digital rights issues.

Building Capacity and Collaborations for Digital Rights Research

Evidence-based digital rights advocacy has become particularly crucial in Africa as a growing number of governments and powerful private actors continue to undermine citizens’ online rights through legal and extra-legal means. However, as the need for internet policy advocacy that is informed by research grows, it is essential to increase the amount and depth of research originating from, and relevant to, Africa. 

Over the last few years, CIPESA has responded by building capacity and enhancing collaborations for digital rights research among academia and CSOs. During the 2019 Forum on Internet Freedom in Africa (FIFAfrica19) in Addis Ababa, Ethiopia, CIPESA organised a Digital Rights Research Methods Workshop as one of the pre-events. The workshop was attended by 58 participants who included university lecturers, staff of international human rights organisations, digital rights researchers, activists, technologists, and lawyers.

The Ethiopian training built on the foundations of a five-day intensive training on internet policy research methods co-organised with the Annenberg School for Communications Internet Policy Observatory in 2018, which aimed to train, connect, and build collaboration between researchers, activists, academics and internet freedom advocates, and brought together 40 participants from 17 countries.

CIPESA has continued to build this capacity through additional training, and providing research and grant opportunities through the CIPESA Academic and Media Fellowships, which seek to nurture university students’ and early career academics’ understanding of ICT for governance, human rights and development, as well as enhance the media’s understanding of and coverage of ICT, democracy and human rights issues, respectively.

Digital rights continue to evolve alongside technological changes and advancement. CIPESA will continue to tap into the opportunity of skilling civil society personnel to facilitate knowledge building and enhance their capacity to continually engage in digital rights proactively and securely.

12Jan

A Section of Uganda’s Computer Misuse Act Outlawed! But, the Greater Part of the Law Remains Thorny

Author CIPESA Posted on

By Juliet Nanfuka |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) welcomes the ruling by Uganda’s Constitutional Court that section 25 of the Computer Misuse Act of 2011, which penalises “offensive communication”, is null and void. This section has severally been used by state authorities to silence dissent, and CIPESA has for long supported efforts to expunge it from the eastern African country’s key internet law.

On January 10, 2023, Uganda’s constitutional court ruled that section 25 of the Computer Misuse Act is inconsistent with the country’s constitution and called for an immediate halt to its enforcement, including for all cases being prosecuted or investigated. The court’s decision could bring to an end the utilisation of this problematic provision that has for a decade been weaponised to silence critics, political opponents and dissidents. The government can appeal the constitutional court’s decision to the Supreme Court within 14 days.

This week’s ruling is the result of a 2016 petition in which the litigants argued that section 25 was vague, violated civil liberties, and contravened constitutional guarantees. 

The law on computer misuse defines offensive communication as the “willful and repeated use of electronic communication to disturb or attempt to disturb the peace, quiet or right of privacy of any person with no purpose of legitimate communication whether or not a conversation ensues.” The offence is punishable by a fine not exceeding USD 130 or imprisonment not exceeding one year, or both. 

However, opponents of the law have argued that this provision is vague, overly broad and ambiguous. Further, they contended that the provision does not give a fair warning regarding what conduct is deemed illegal under the right and freedom of speech and expression pursuant to article 29(1)(a) of Uganda’s constitution.

In this week’s ruling, Justice Kenneth Kakuru, who wrote the lead judgement, stated that he  had determined that the words used under section 25 were “vague, overly broad and ambiguous.” According to the judge, what constitutes an offence is “unpredictable” and this gives the law enforcer the discretion to choose what qualifies as offensive. Justice Kakuru added that the provision “gives law enforcement unfettered discretion to punish unpopular or critical protected expression.” 

Section 25 of the Computer Misuse Act has severally been invoked to issue threats, effect arrests, detention, and prosecution of individuals over their online communications. 

The Computer Misuse Act has been previously used to suppress digital rights including free expression and access to information. For instance, academic and social critic Dr. Stella Nyanzi was arrested for insulting the president in a social media post. In 2019, she was convicted of cyber harassment contrary to section 24 of the Act but acquitted of offensive communications, which is proscribed under section 25. Other individuals who have suffered the wrath of the same law include former presidential aspirant Henry Tumukunde who was arrested over alleged treasonable utterances in radio and television interviews, the Bizonto comedy group who were arrested over alleged offensive and sectarian posts, and author Kakwenza Rukirabashaija who was arrested, detained and prosecuted over offensive communication against the president and his son. (Source: CIPESA Submits Comments on the Computer Misuse (Amendment) Bill, 2022 to Parliament )

Despite this progressive decision by the Constitutional court, the Computer Misuse Act will remain a key impediment to free expression and the enjoyment of digital rights, notably because of amendments made to the law in late 2022. Those amendments ambiguously prohibit the “misuse of social media,” sending or sharing of unsolicited information through a computer, and sending, sharing or transmission of malicious information about or relating to any person. These prohibitions, whose introduction was condemned by wide sections of Ugandan civil society, human rights defenders and some government officials, present a key curtailment of freedom of expression and access to information. 

Promoters of the amendments argued that existing laws did not “specifically address the regulation of information sharing on social media” or were “not adequate to deter the vice”. However, critics argued that efforts should instead have focused on addressing the existing retrogressive provisions in the law, notably those on “cyber harassment” and “offensive communication”. 

Accordingly, CIPESA alongside 13 civil society organisations and individuals filed a petition challenging those amendments. This followed CIPESA’s submission of comments and presentation of concerns before the Parliamentary Committee on Information and Communication Technology ahead of the enactment of the amendments. In those submissions, CIPESA argued that since its enactment, the Computer Misuse Act had been used to suppress digital rights including free expression and access to information and the proposed amendment would present a further blow to online civil liberties.

In its ruling, the constitutional court noted that, “In a democratic and free society, prosecuting people for the content of their communication is a violation of what falls within guarantees of freedom of expression in a democratic society.” The ruling is a step in the right direction in combating wanton limitations to digital rights in Uganda, where a flurry of technology-related laws were enacted in the wake of the 2010 Arab Spring during which users leveraged digital platforms and social media to build movements and mobilise public protests against their autocratic governments.

Besides the Computer Misuse Act, other laws enacted in Uganda during this time include the Regulation of Interception of Communications Act, 2010, the Electronic Signatures Act, 2011, and the Electronic Transactions Act, 2011, all of which variously interfere with digital rights including data privacy, access to information, and freedom of expression.

1 12 13 14 15 16 24