Skilling Distributed Digital Security Trainers Amidst Growing Digital Rights Attacks

By Neil Blazevic, Andrew Gole and Ashnah Kalemera |

Amidst increased attacks on digital rights activists, journalists, and human rights defenders (HRDs) during the Covid-19 pandemic, it has become crucial to grow the capacity of these actors to operate securely. A key concern is that, in many African countries, skills in digital security and safety are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply.

Without adequate digital security capacity, activists and HRDs are not able to meaningfully continue advocacy and engagements around human rights, transparent and accountable governance, during and in the aftermath of Covid-19. Accordingly, through the Level-Up programme, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has provided security support to 16 HRD organisations in Kenya, Ethiopia, Tanzania, South Sudan and Uganda. 

The initiative helped to strengthen the participating entities’ organisational and information systems security capacity, entailed a Training of Trainers (ToT) component – which benefitted 19 individuals – to grow the network of individuals and organisations that offer digital security training and support to journalists, activists, and HRDs, and organisational security assessments. The training and support were delivered through innovative approaches to geographically distributed individuals that could not meet physically due to Covid-19 social distancing and travel restrictions.

Covid-19 and Digital Attacks

In the wake of the global outbreak of the Covid-19 pandemic and government measures to curb its spread, digital technologies have played a vital role in enhancing disease surveillance, coordinating response mechanisms, and promoting public awareness in Africa. The potential of technology to facilitate containment of the spread of the coronavirus on the continent notwithstanding, concerns over surveillance, violation of rights to privacy, freedom of expression, access to information, and freedom of association and assembly were prevalent. 

Scores of journalists and bloggers in Kenya, Guinea, Uganda, Egypt, among others, were assaulted, detained, and/or prosecuted over their reporting on Covid-19; while some countries such as Kenya, Uganda and South Africa were reported to be conducting cell phone tracking of Covid-19 suspected patients and their contacts. Some others passed regulations and/or invoked laws that criminalised the spreading of false Covid-19 information. Accordingly, there have been fears that in the aftermath of the pandemic, some governments could shift the Covid-19 surveillance apparatus and lessons learnt to undermine digital rights, by surveilling and silencing critics and opponents. 

Meanwhile, hackers and adversaries are capitalising on the increased time spent online and remote working by a large portion of the population by designing new attacks through phishing and hijacking of virtual meetings, among others. Worryingly, despite a large gender disparity in digital access, more women face various forms of online violence than their male counterparts, which continues to undermine their participation online. With Covid-19 resulting in increased incidents of gender-based violence, it is imperative to continue activism and equip activists with digital security and safety skills.

Organisations supported Technologists supported 
Countries: Uganda (8) | Tanzania (4) | South Sudan (2) | Kenya (1) | Ethiopia (1)

Sectors: Sexual minorities (4), Environmental/resource extraction (1) Feminist/women’s rights organisations (3), Information access (1), Journalists/media (1), Human rights, democracy, human rights defenders (6)

Gender: Female (7) |Male (12)

Nationality: Uganda (8) | Ethiopia (3) | South Sudan (1) | Tanzania (4) | Kenya (3)

Assessing Organisational Security

Following an initial training on conducting organisational security assessments, the technologists led assessments to determine the status, challenges, past and potential future threats, and attacks on organisations, as well as the capacity of the organisations. The results of the assessments provided insight into the needs and vulnerabilities of the organisations and served as an opportunity to provide feedback to organisational IT staff on quick fixes and strategies to address some of the challenges or incidents identified. Technology solutions explored included the use of Umbrella for DNS server protection, Automox for patch management, and Microsoft 365 hosted tenants for an organisational management and security suite.

The findings of the assessments indicated a need to bolster capacity, organisational practices, and implementation of security and safety measures related to social media platforms usage by the organisations and staff. Several organisations reported losing access to their brand assets, experiencing hacking, and harassment on social media platforms. To this end, a Social Media Asset Continuity and Security Tool was designed and another  training for technologists conducted focused on 1) Continuity of organisation control of organisational Facebook/Twitter/Whatsapp for Business accounts; 2) Security of individual staff accounts; and 3) Staff ability to deal with harassment and unwanted messaging on platforms. The technologists went on to conduct safety and security on social media training sessions which  benefitted 120 staff of the participating organisations. Other skill-up sessions conducted included on organisational management suites and website security. 

Overall, the programme found that skills and protections (software and hardware) were low and inadequate among many HRD organisations and individuals. Also, there were variable levels of technology integration within the organisations. 

The various gaps identified were rising during the pandemic when many entities could not readily access support networks and training skills due to restrictions on gatherings arising from Covid-19, making the intervention particularly timely. Indeed, the ToT model helped to transfer skills and knowledge among distributed beneficiaries and build support networks in-country.

Strengthening Africa’s Conversation and Actions on Internet Freedom

By Juliet Nanfuka |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) with the support of Facebook, the Ford Foundation, Google, Hivos, Open Technology Fund (OTF) and Small Media will assemble an audience in Kampala, Uganda for the Forum on Internet Freedom in Africa 2016. Set to take place on September 27–29, the Forum has become a crucial convening for actors on online freedom of expression and association, and the free flow of information in Africa.
Panel discussions at this year’s Forum will explore the growing trend of internet shutdowns, the increasing presence of violence against women online, the intersection of open data and human rights, African frameworks that protect online rights and their conflicts with outdated laws, amongst others.
“Recent events across various African countries make the Forum as indispensable as it ever has been in discussing challenges to online rights and the opportunities for collaborative efforts by state and non-state actors to meaningfully protect and advance internet freedom on the continent,” says CIPESA Executive Director Dr. Wairagala Wakabi. “We are glad to be facilitating growing awareness of online rights in Africa and are keen to continue contributing towards building this awareness amongst different stakeholders.”
Indeed, one of the pre events at the Forum will be the training of journalists and human rights defenders on human rights and internet policy. The training will be hosted by CIPESA, together with Paradigm Initiative Nigeria (PIN) and the United Nations Office of the High Commissioner for Human Rights (OHCHR) in Uganda.
The Forum, set to coincide with the International Day for Universal Access to information (September 28), will also serve as an opportunity to delve into the current trends on access to information on the continent. In partnership with the Africa Freedom of Information Center (AFIC) and Office of the Prime Minister (Uganda), a public dialogue on access to information as a driver to achieving the 2030 Development Agenda and the Sustainable Development Goals (SDGs) will also be held.
A key highlight of the Forum since its inception is the launch of the annual State of Internet Freedom in Africa regional reports. Previous editions of this report have focused on seven African countries – Burundi, Ethiopia, Kenya, Rwanda,  Tanzania and Uganda – with a stand-alone report produced on South Africa. This year’s report has been expanded to include 10 countries. The countries featured in the 2016 State of Internet Freedom in Africa report are Burundi, Democratic Republic of Congo, Ethiopia, Kenya, Rwanda, Somalia, South Sudan, Tanzania, Uganda, Zambia and Zimbabwe.
Dr. Wakabi adds, “Access to information and the state of internet freedom are closely interlinked. Countries with higher levels of information access tend to have more online liberties than those without, and they also generally have a healthier democratic culture. The power of public information, open data and a free and open internet should not be undermined if we are to achieve effective civic participation, respect for human rights, transparent, accountable and democratic governance, and realisation of the 2030 Development Agenda.”
The Forum serves as an opportunity to gather insights from the different stakeholders in the information society ecosystem towards promoting a free and safe internet, hence the key themes that emerge from the Forum are widely disseminated. The 2015 outcomes and recommendations were shared in spaces such as the Internet Governance Forum (Brazil), the Africa IGF (Cameroon) and the Stockholm Internet Forum, and in various national convenings.
The Forum has confirmed participants from at least 23 countries and speakers from over 46 organisations including the Berkman Klein Center for Internet & Society at Harvard Law School, Panos Institute Southern Africa, BudgIT (Nigeria), Article 19 (Kenya), Digital Society of Zimbabwe, the Web Foundation, Association for Progressive Communications (APC), iAfrikan, Namibia Broadcasting Corporation (NBC), Access Now, Kenya ICT Action Network (KICTANET), National Information Technology Agency (NITA) Ghana, and Research ICT Africa. Others include Hivos, Nation Media Group, Africa Media Institute, Media Institute of Southern Africa Zimbabwe Chapter, Freedom of Expression Institute (FXI), Privacy International (PI) , Uganda Police, Zambia Police Service, University of Malawi, Communications Regulators Association of Southern Africa (CRASA) and the Ministry of Information, Communications and National Guidance (Uganda).
Follow the conversation at #FIFAfrica16.