By Neil Blazevic, Andrew Gole and Ashnah Kalemera |
Amidst increased attacks on digital rights activists, journalists, and human rights defenders (HRDs) during the Covid-19 pandemic, it has become crucial to grow the capacity of these actors to operate securely. A key concern is that, in many African countries, skills in digital security and safety are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply.
Without adequate digital security capacity, activists and HRDs are not able to meaningfully continue advocacy and engagements around human rights, transparent and accountable governance, during and in the aftermath of Covid-19. Accordingly, through the Level-Up programme, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has provided security support to 16 HRD organisations in Kenya, Ethiopia, Tanzania, South Sudan and Uganda.
The initiative helped to strengthen the participating entities’ organisational and information systems security capacity, entailed a Training of Trainers (ToT) component – which benefitted 19 individuals – to grow the network of individuals and organisations that offer digital security training and support to journalists, activists, and HRDs, and organisational security assessments. The training and support were delivered through innovative approaches to geographically distributed individuals that could not meet physically due to Covid-19 social distancing and travel restrictions.
Covid-19 and Digital Attacks
In the wake of the global outbreak of the Covid-19 pandemic and government measures to curb its spread, digital technologies have played a vital role in enhancing disease surveillance, coordinating response mechanisms, and promoting public awareness in Africa. The potential of technology to facilitate containment of the spread of the coronavirus on the continent notwithstanding, concerns over surveillance, violation of rights to privacy, freedom of expression, access to information, and freedom of association and assembly were prevalent.
Scores of journalists and bloggers in Kenya, Guinea, Uganda, Egypt, among others, were assaulted, detained, and/or prosecuted over their reporting on Covid-19; while some countries such as Kenya, Uganda and South Africa were reported to be conducting cell phone tracking of Covid-19 suspected patients and their contacts. Some others passed regulations and/or invoked laws that criminalised the spreading of false Covid-19 information. Accordingly, there have been fears that in the aftermath of the pandemic, some governments could shift the Covid-19 surveillance apparatus and lessons learnt to undermine digital rights, by surveilling and silencing critics and opponents.
Meanwhile, hackers and adversaries are capitalising on the increased time spent online and remote working by a large portion of the population by designing new attacks through phishing and hijacking of virtual meetings, among others. Worryingly, despite a large gender disparity in digital access, more women face various forms of online violence than their male counterparts, which continues to undermine their participation online. With Covid-19 resulting in increased incidents of gender-based violence, it is imperative to continue activism and equip activists with digital security and safety skills.
Organisations supported | Technologists supported |
Countries: Uganda (8) | Tanzania (4) | South Sudan (2) | Kenya (1) | Ethiopia (1)
Sectors: Sexual minorities (4), Environmental/resource extraction (1) Feminist/women’s rights organisations (3), Information access (1), Journalists/media (1), Human rights, democracy, human rights defenders (6) |
Gender: Female (7) |Male (12)
Nationality: Uganda (8) | Ethiopia (3) | South Sudan (1) | Tanzania (4) | Kenya (3) |
Assessing Organisational Security
Following an initial training on conducting organisational security assessments, the technologists led assessments to determine the status, challenges, past and potential future threats, and attacks on organisations, as well as the capacity of the organisations. The results of the assessments provided insight into the needs and vulnerabilities of the organisations and served as an opportunity to provide feedback to organisational IT staff on quick fixes and strategies to address some of the challenges or incidents identified. Technology solutions explored included the use of Umbrella for DNS server protection, Automox for patch management, and Microsoft 365 hosted tenants for an organisational management and security suite.
The findings of the assessments indicated a need to bolster capacity, organisational practices, and implementation of security and safety measures related to social media platforms usage by the organisations and staff. Several organisations reported losing access to their brand assets, experiencing hacking, and harassment on social media platforms. To this end, a Social Media Asset Continuity and Security Tool was designed and another training for technologists conducted focused on 1) Continuity of organisation control of organisational Facebook/Twitter/Whatsapp for Business accounts; 2) Security of individual staff accounts; and 3) Staff ability to deal with harassment and unwanted messaging on platforms. The technologists went on to conduct safety and security on social media training sessions which benefitted 120 staff of the participating organisations. Other skill-up sessions conducted included on organisational management suites and website security.
Overall, the programme found that skills and protections (software and hardware) were low and inadequate among many HRD organisations and individuals. Also, there were variable levels of technology integration within the organisations.
The various gaps identified were rising during the pandemic when many entities could not readily access support networks and training skills due to restrictions on gatherings arising from Covid-19, making the intervention particularly timely. Indeed, the ToT model helped to transfer skills and knowledge among distributed beneficiaries and build support networks in-country.