Stalking the Messenger: Ending Impunity for Illegal Surveillance

Opinion |

We know that the issues around digital surveillance are complicated. The tech side of the tools used and the means to circumvent them are complicated. Drawing a hard line between what may be acceptable to help ensure our personal security and what pushes our societies into Orwellian territory is also complicated.

As the revelations of the Pegasus Project show us, illegal surveillance is the latest weapon in the ever-growing arsenal used against journalists and human rights defenders. In effect, surveillance in this context is equivalent to stalking. A pernicious activity that can easily cross from online harassment to physical attacks. It’s illegal. It disproportionately affects those who are among the most vulnerable, whether because of their gender, sexual orientation, race, or ethnicity. And if people are permitted to stalk with impunity, the problem will not stop.

Increasingly used as a laser-focused tactic, a weapon to intimidate, instil fear, and paralyse the work of journalists, this kind of surveillance puts sources at risk and impedes journalists from providing us with information to expose crime and corruption, and to speak the truth about power.

“I don’t think it’s journalists as individuals that the government has a problem with. The government has a problem with the people […] It wants to continue committing crimes in the shadows so that no one will uncover those facts or ask questions about it. And journalists are the ones who spoil this plan.” — Azerbaijani journalist Sevinj Vaqifqizi.

On this International Day to End Impunity for Crimes Against Journalists, a day advocated for by IFEX, we need to bring surveillance to the fore as a tactic that is threatening journalists’ safety, and draw attention to how impunity creates the conditions under which it will continue to thrive.

IFEX members have long warned of the dangers of malware like Pegasus. A product of the Israeli NSO Group, it infects targets’ phones, exposes data, and even gains access to cameras and microphones. Despite the company’s claim that it vets clients based on their human rights records, it sold Pegasus to authoritarian regimes – as well as to countries like Mexico, where targets included media figures, a government scientist, and international human rights investigators – united by having publicly posed challenging questions to the government.

The personal impact of such surveillance can be devastating.

“When you are speaking, watching, or doing something with someone in your house or in a cafe or wherever you may be, they are there listening to you, watching everything that you do. Everything that you do in your bedroom, the shower, in your kitchen, in your office with your friends, or whoever.” — Mexican journalist Carmen Aristegui: profiled here

“My family members are also victimized. The sources are victimized, people I’ve been working with, people who told me their private secrets are victimized.” — Azerbaijani journalist Khadija Ismayilova: profiled here

Globally, at least 180 journalists were selected as Pegasus targets.

The decades our network has put into promoting journalists’ safety confirm that it cannot be fully achieved in a climate where individuals – or states – can intimidate, threaten, and harm them, and not be held accountable. Year-round, IFEX members work to bring perpetrators to justice, and to establish conditions that will make it harder for them to commit such crimes in the first place.

We know that it is a massive undertaking. In spite of being illegal under international human rights law, actors involved in illegal surveillance are almost never held accountable.

The challenge is to identify where to intervene, where to spend our energy, where we can have the biggest impact in stemming this predatory practice – including, but not limited to, confronting corporations and governments that enable and participate in the illegal surveillance of journalists.

It’s a many-headed beast, surveillance. There are multiple entry points to effect change, from policy work to set boundaries on what is considered ‘necessary and proportionate’ surveillance, to pressuring states to adopt international standards, to controls on the exports of spyware, to supporting preventive measures like strengthening and normalizing encryption.

Ending impunity for illegal surveillance has to be part of this work. It’s a long game, not for the weak-of-heart, and this is even more true when the perpetrators of the crimes are states. But we know from our experience seeking accountability for physical attacks on journalists that this type of sustained work does pay off. Just over a week ago, two decades of advocacy – by IFEX member FLIP, by Jineth Bedoya Lima herself, and by so many others – led to the groundbreaking Inter-American Court of Human Rights ruling in her case that there was “serious, precise and consistent evidence of State involvement in the acts of physical, sexual and psychological torture against the journalist.” This ruling sets an important precedent for the entire region.

The other good news is that we have a lot to draw on, on our side. There is a massive, global network of people – working in different fields, perhaps, or focusing on different issues – but with the combined skills, expertise, and clout needed to ensure that illegal surveillance does not go unchallenged, that those found culpable pay a price, and that this price effectively deters others.

As long as we keep leveraging opportunities like IDEI to come together, collaborate, learn from and support each other, raise our voices and find strategic pressure points where we can have a real impact, we can, and will, counter the scourge of illegal surveillance of journalists.

Annie Game is the Executive Director of IFEX, the global network that promotes and defends freedom of expression and information as a fundamental human right.

Skilling Distributed Digital Security Trainers Amidst Growing Digital Rights Attacks

By Neil Blazevic, Andrew Gole and Ashnah Kalemera |

Amidst increased attacks on digital rights activists, journalists, and human rights defenders (HRDs) during the Covid-19 pandemic, it has become crucial to grow the capacity of these actors to operate securely. A key concern is that, in many African countries, skills in digital security and safety are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply.

Without adequate digital security capacity, activists and HRDs are not able to meaningfully continue advocacy and engagements around human rights, transparent and accountable governance, during and in the aftermath of Covid-19. Accordingly, through the Level-Up programme, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has provided security support to 16 HRD organisations in Kenya, Ethiopia, Tanzania, South Sudan and Uganda. 

The initiative helped to strengthen the participating entities’ organisational and information systems security capacity, entailed a Training of Trainers (ToT) component – which benefitted 19 individuals – to grow the network of individuals and organisations that offer digital security training and support to journalists, activists, and HRDs, and organisational security assessments. The training and support were delivered through innovative approaches to geographically distributed individuals that could not meet physically due to Covid-19 social distancing and travel restrictions.

Covid-19 and Digital Attacks

In the wake of the global outbreak of the Covid-19 pandemic and government measures to curb its spread, digital technologies have played a vital role in enhancing disease surveillance, coordinating response mechanisms, and promoting public awareness in Africa. The potential of technology to facilitate containment of the spread of the coronavirus on the continent notwithstanding, concerns over surveillance, violation of rights to privacy, freedom of expression, access to information, and freedom of association and assembly were prevalent. 

Scores of journalists and bloggers in Kenya, Guinea, Uganda, Egypt, among others, were assaulted, detained, and/or prosecuted over their reporting on Covid-19; while some countries such as Kenya, Uganda and South Africa were reported to be conducting cell phone tracking of Covid-19 suspected patients and their contacts. Some others passed regulations and/or invoked laws that criminalised the spreading of false Covid-19 information. Accordingly, there have been fears that in the aftermath of the pandemic, some governments could shift the Covid-19 surveillance apparatus and lessons learnt to undermine digital rights, by surveilling and silencing critics and opponents. 

Meanwhile, hackers and adversaries are capitalising on the increased time spent online and remote working by a large portion of the population by designing new attacks through phishing and hijacking of virtual meetings, among others. Worryingly, despite a large gender disparity in digital access, more women face various forms of online violence than their male counterparts, which continues to undermine their participation online. With Covid-19 resulting in increased incidents of gender-based violence, it is imperative to continue activism and equip activists with digital security and safety skills.

Organisations supported Technologists supported 
Countries: Uganda (8) | Tanzania (4) | South Sudan (2) | Kenya (1) | Ethiopia (1)

Sectors: Sexual minorities (4), Environmental/resource extraction (1) Feminist/women’s rights organisations (3), Information access (1), Journalists/media (1), Human rights, democracy, human rights defenders (6)

Gender: Female (7) |Male (12)

Nationality: Uganda (8) | Ethiopia (3) | South Sudan (1) | Tanzania (4) | Kenya (3)

Assessing Organisational Security

Following an initial training on conducting organisational security assessments, the technologists led assessments to determine the status, challenges, past and potential future threats, and attacks on organisations, as well as the capacity of the organisations. The results of the assessments provided insight into the needs and vulnerabilities of the organisations and served as an opportunity to provide feedback to organisational IT staff on quick fixes and strategies to address some of the challenges or incidents identified. Technology solutions explored included the use of Umbrella for DNS server protection, Automox for patch management, and Microsoft 365 hosted tenants for an organisational management and security suite.

The findings of the assessments indicated a need to bolster capacity, organisational practices, and implementation of security and safety measures related to social media platforms usage by the organisations and staff. Several organisations reported losing access to their brand assets, experiencing hacking, and harassment on social media platforms. To this end, a Social Media Asset Continuity and Security Tool was designed and another  training for technologists conducted focused on 1) Continuity of organisation control of organisational Facebook/Twitter/Whatsapp for Business accounts; 2) Security of individual staff accounts; and 3) Staff ability to deal with harassment and unwanted messaging on platforms. The technologists went on to conduct safety and security on social media training sessions which  benefitted 120 staff of the participating organisations. Other skill-up sessions conducted included on organisational management suites and website security. 

Overall, the programme found that skills and protections (software and hardware) were low and inadequate among many HRD organisations and individuals. Also, there were variable levels of technology integration within the organisations. 

The various gaps identified were rising during the pandemic when many entities could not readily access support networks and training skills due to restrictions on gatherings arising from Covid-19, making the intervention particularly timely. Indeed, the ToT model helped to transfer skills and knowledge among distributed beneficiaries and build support networks in-country.

Strengthening Africa’s Conversation and Actions on Internet Freedom

By Juliet Nanfuka |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) with the support of Facebook, the Ford Foundation, Google, Hivos, Open Technology Fund (OTF) and Small Media will assemble an audience in Kampala, Uganda for the Forum on Internet Freedom in Africa 2016. Set to take place on September 27–29, the Forum has become a crucial convening for actors on online freedom of expression and association, and the free flow of information in Africa.
Panel discussions at this year’s Forum will explore the growing trend of internet shutdowns, the increasing presence of violence against women online, the intersection of open data and human rights, African frameworks that protect online rights and their conflicts with outdated laws, amongst others.
“Recent events across various African countries make the Forum as indispensable as it ever has been in discussing challenges to online rights and the opportunities for collaborative efforts by state and non-state actors to meaningfully protect and advance internet freedom on the continent,” says CIPESA Executive Director Dr. Wairagala Wakabi. “We are glad to be facilitating growing awareness of online rights in Africa and are keen to continue contributing towards building this awareness amongst different stakeholders.”
Indeed, one of the pre events at the Forum will be the training of journalists and human rights defenders on human rights and internet policy. The training will be hosted by CIPESA, together with Paradigm Initiative Nigeria (PIN) and the United Nations Office of the High Commissioner for Human Rights (OHCHR) in Uganda.
The Forum, set to coincide with the International Day for Universal Access to information (September 28), will also serve as an opportunity to delve into the current trends on access to information on the continent. In partnership with the Africa Freedom of Information Center (AFIC) and Office of the Prime Minister (Uganda), a public dialogue on access to information as a driver to achieving the 2030 Development Agenda and the Sustainable Development Goals (SDGs) will also be held.
A key highlight of the Forum since its inception is the launch of the annual State of Internet Freedom in Africa regional reports. Previous editions of this report have focused on seven African countries – Burundi, Ethiopia, Kenya, Rwanda,  Tanzania and Uganda – with a stand-alone report produced on South Africa. This year’s report has been expanded to include 10 countries. The countries featured in the 2016 State of Internet Freedom in Africa report are Burundi, Democratic Republic of Congo, Ethiopia, Kenya, Rwanda, Somalia, South Sudan, Tanzania, Uganda, Zambia and Zimbabwe.
Dr. Wakabi adds, “Access to information and the state of internet freedom are closely interlinked. Countries with higher levels of information access tend to have more online liberties than those without, and they also generally have a healthier democratic culture. The power of public information, open data and a free and open internet should not be undermined if we are to achieve effective civic participation, respect for human rights, transparent, accountable and democratic governance, and realisation of the 2030 Development Agenda.”
The Forum serves as an opportunity to gather insights from the different stakeholders in the information society ecosystem towards promoting a free and safe internet, hence the key themes that emerge from the Forum are widely disseminated. The 2015 outcomes and recommendations were shared in spaces such as the Internet Governance Forum (Brazil), the Africa IGF (Cameroon) and the Stockholm Internet Forum, and in various national convenings.
The Forum has confirmed participants from at least 23 countries and speakers from over 46 organisations including the Berkman Klein Center for Internet & Society at Harvard Law School, Panos Institute Southern Africa, BudgIT (Nigeria), Article 19 (Kenya), Digital Society of Zimbabwe, the Web Foundation, Association for Progressive Communications (APC), iAfrikan, Namibia Broadcasting Corporation (NBC), Access Now, Kenya ICT Action Network (KICTANET), National Information Technology Agency (NITA) Ghana, and Research ICT Africa. Others include Hivos, Nation Media Group, Africa Media Institute, Media Institute of Southern Africa Zimbabwe Chapter, Freedom of Expression Institute (FXI), Privacy International (PI) , Uganda Police, Zambia Police Service, University of Malawi, Communications Regulators Association of Southern Africa (CRASA) and the Ministry of Information, Communications and National Guidance (Uganda).
Follow the conversation at #FIFAfrica16.