Kenya’s 2022 Political Sphere Overwhelmed by Disinformation

Ahead of the August 9, 2022, general elections, Kenya has been hit by a deluge of disinformation, which is fanning hate speech, threatening electoral integrity, and is expected to persist well beyond the polls. Last month, the Kenya ICT Action Network (KICTANet) and CIPESA convened stakeholders in Nairobi to disseminate the findings of research on the nature, pathways, and effects of disinformation in the lead-up to the election, and the actions required to combat disinformation. Below is a summary of the report findings and takeaways from the dissemination event, as captured by KICTANet:

There is a lot of strange information going on around the country, and this has been happening for a while. During the Kenya Internet Governance Forum (IGF) week, the Kenya ICT Action Network (KICTANet) in partnership with the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) held a workshop to disseminate a report on  Disinformation in Kenya’s Political Sphere: Actors, Pathways and Effects. The research is part of a regional study conducted by CIPESA, that explores the nature, perpetrators, and effects of misinformation in Cameroon, Ethiopia, Uganda, Nigeria, and Kenya.

As Kenya nears the 2022 general elections, disinformation remains at its peak levels, both at grassroots and national levels. The availability of sophisticated technology and its ease of use has enabled a wide range of political actors to act as originators and spreaders of disinformation.

Currently, there is no law that clearly defines or distinguishes between misinformation and disinformation. However, it is an offense to deliberately create and spread false or misleading information in the country. False publications and the publication of false information are punishable under the Computer Misuse and Cyber Crimes Act under Sections 22 and 23. It is a crime to relay false information with the intent that such information is viewed as true, with or without monetary gain. However, these same laws can also be used to silence dissent, making it a double-edged sword.

The study identifies different forms of disinformation that take place both physically and online. They include deep fakes, text messages, WhatsApp messages, and physical copies such as pamphlets and fliers. These are spread through the use of keyboard armies on social media, where politicians up to the grassroots levels hire influencers, and content creators who spread messages around them or against their opponents. This is done through mass brigading and document and content manipulation. The rationale is driven by the desire to get ahead politically or economically and is fuelled by an ecosystem that is fertile for the spread of this vice.

According to Safaricom, in the year 2017, 50% of its communications department time was spent monitoring fraud and fake information at different times. The instigators of this disinformation are influencers, politicians themselves, people they work with, and their parties.

There is a flow to how the fake news gets to the audience, and disinformation does not start with the pictures but with a plan that is part of a bigger political strategy. It starts with identifying the target audience, choosing the personnel and people to push the message, and then narrative development is done. This is followed by content development, which includes videos, pictures or memes, and audio files. Once this is done, the content is then strategically released to the unknowing public, who, without critically analyzing the information, spread it far and wide to a wider audience. This results in diminished trust in democratic and political institutions and restricted access to reliable and diverse information.

This can be addressed by having increased government engagement on social media as opposed to it being reactive only. For example, the government needs to be an active contributor to accurate information. Considering there is a space in which disinformation thrives, in particular where there is a lack of response, rumors spread. Civil society should also engage with policymakers and media representatives on enhancing digital literacy and fact-checking skills. The intermediaries should increase transparency and accountability in content moderation measures and conduct cross-sectoral periodic policy reviews.

Key Takeaways

  1. The weakest link in disinformation is the citizen, and therefore, one of the most effective ways to tackle the issue is to empower the citizenry to be able to detect and respond wisely to misinformation. If the general public is not informed, it is a lost battle.
  2. There is a thin line between misinformation and mal-information and it can easily be blurred.
  3. The Computer Misuse and Cyber Crimes Act 2018 is a double-edged sword that censors yet tries to get some accountability from the general public in regard to spreading misinformation.
  4. Safaricom reported that during the 2017 election, 50% of its time was spent monitoring fraudulent interactions.

How the Covid-19 Fight Has Hurt Digital Rights in East Africa

By Paul Kimumwe |

The fight against the coronavirus (Covid-19) pandemic in Kenya, Tanzania, and Uganda has dealt a blow to the promotion and preservation of human rights in the region. The outbreak of Covid-19 could not have come at a worse time, as the countries were preparing for their respective general elections (October 2020 for Tanzania, January 2021 for  Uganda, and a potential referendum in 2021 and the August 2022 elections in Kenya).

Even before confirmation of Covid-19 cases in the region, the three East African countries had instituted Covid-19 mitigation measures, including the adoption of statutory instruments which quickly suspended constitutional guarantees without reasonable justification or meaningful stakeholder consultation. The measures were accompanied with a problematic onslaught on the media, the political opposition and ordinary citizens, which undermined the enjoyment of the rights to freedom of expression, assembly and association, and the right to access a variety of news and information, which was critical to informed decision-making particularly during electoral processes.

On March 18, 2020, Uganda instituted its first set of measures that included the closure of schools and a ban on all political, religious, and social gatherings. A week after the March 22, 2020 confirmation of the first case in the country, the Ministry of Health issued the Public Health (Control of Covid-19) (No. 2) Rules, 2020 that introduced further restrictions including a dusk-to-dawn curfew, the closure of institutions of learning and places of worship, the suspension of public gatherings, a ban on public transport and the closure of the country’s borders and the international airport to passenger traffic.

In Kenya, the government introduced several measures to curb the spread of Covid-19 that included the suspension of public gatherings and other social distancing requirements; limitation of travel into and outside the country; imposition of a dusk-to-dawn curfew under the Public Order Act, 2003; as well as inter-county travel bans between the capital, Nairobi, and three other high-risk counties of Mombasa, Kilifi and Kwale.

A day after the government confirmed its first coronavirus case, Tanzania introduced a series of measures that included the closure of schools and the suspension of sports events on March 17, 2020. Additional directives, including quarantining travelers from countries with confirmed cases of COVID-19 at the travelers’ own cost, were announced by President Pombe Magufuli.

While many of the restrictions such as the closure of international borders, schools and churches and prohibitions on public gatherings have since been relaxed, the long-term impact of these and other restrictions persist.

In this brief, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) researched Covid-19 related censorship and surveillance practices and related regulatory responses in Kenya, Tanzania and Uganda that affected people’s’ digital rights, including the right to freedom of expression, access to information, and privacy. It shows that the different measures adopted by the three countries, including enactment and enforcement of repressive laws on misinformation/fake news, as well as intimidation, arrests, detentions, and suspension of media operations, have led to an erosion of civil liberties online and offline.

The brief recommends the amendment of all the Covid-19 legislation that restricts freedoms to bring it into conformity with international standards on the right to privacy, data collection and processing as well as freedom of expression and access to information. Further, it urges governments to improve the affordability of the internet by more citizens, ensure the respect of citizens’ rights; and be transparent, and accountable in the conduct of Covid-19 related data collection and surveillance.

The Erosion of Digital Rights in the Fight Against Covid-19 in Kenya

By Victor Kapiyo |

Kenya confirmed its first coronavirus (Covid-19) case on March 12, 2020, and as of August 26, 2020, the country had recorded at least 559 deaths, 32,803 confirmed cases, and 19,055 recoveries, with 429,513 persons tested.

Even before the first case was confirmed in Kenya in February 2020, the government had moved to establish the National Emergency Response Committee on Covid-19 to coordinate its preparedness, prevention and response to Covid-19.

The government subsequently introduced several measures to curb the spread of Covid-19 including suspension of public gatherings and other social distancing requirements; limitation on travel outside the country; imposition of a dusk-to-dawn curfew under the Public Order Act, 2003; travel bans in and out of the capital, Nairobi, and three other high-risk counties of Mombasa, Kilifi and Kwale.

The Ministry of Health has been providing regular updates on the pandemic both online and offline through its various platforms. It has provided routine updates including situation reports; Covid-19 protocols and guidelines; various public awareness messages; and daily press updates on the status of the pandemic. The government also required all broadcasters to air the health ministry’s Public Service Announcements (PSA) at no cost. As at May 10, more than 43,000 Public Service Announcements had been aired.

However, concerns remained over the negative impact of these measures on peoples’ enjoyment of their fundamental human rights, including freedom of expression, access to information, privacy and data protection, and freedom of assembly. Meanwhile, a rise in misinformation with respect to covid-19, has been met with responses from the government that have threatened human rights.

While there have not been reports of government efforts to block or filter content or to shut down websites to fight the spread of Covid-19 misinformation, it has used other means, including legal threats and arrests. In a public statement, the Cabinet Secretary for Health, Mutahi Kagwe, issued a warning, stating that “these rumours must stop … but because I know empty appeals will not work, we will proceed and arrest a number of them to prove our point.” Consequently, the government has abused the Computer Misuse and Cyber Crimes Act, 2018 to intimidate, arrest, and detain persons, including whistleblowers and critics, in order to censor what it has deemed false information in relation to covid-19.

Following these threats, the government has since arrested four individuals, with two bloggers charged under section 23 of the Act for publishing false information, which carries a penalty of five million shillings or imprisonment not exceeding 10 years, or both. In March 2020, 23-year old Elijah Kitonyo, a student, was arrested after publishing claims on Twitter that the government was deceiving people regarding the Covid-19 situation in the country. According to the authorities, this contravened the Computer Misuse and Cyber Crimes Act.

In the same month, blogger Robert Alai was arrested and charged under section 22(1) of the Computer Misuse and Cyber Crimes Act for publishing alarming and false information in a Twitter post that two people had died of Covid-19 in Mombasa. The arrest came a day after the statement by the Cabinet Secretary for Health warning against misinformation about the virus.

Another blogger, Cyprian Nyakundi, was detained the same week for claiming on Twitter that a senior Kenya Revenue Authority official had travelled out of the country and failed to self-quarantine after returning home. These arrests were unnecessary and disproportionate as there was no evidence of an intention to cause harm, or of harm being caused.

The government has also been accused of clamping down on freedom of association and assembly by restricting movement and mass gatherings during the pandemic period. In April 2020, the Law Society of Kenya challenged the curfew issued under the Legal Notice No. 36 – The Public Order (State Curfew) Order, 2020 under the Public Order Act, Cap. 56 as being unconstitutional. It also complained over the unconstitutionality of the use of unreasonable force by the police in enforcing the curfew.

In its ruling, the High Court found that the use of unreasonable force in enforcing the Order was unconstitutional. Undeterred, in July 2020, police stopped a public demonstration to commemorate the 30-year anniversary of the Saba Saba movement, whose origins date back to 1990 with calls for free elections and multiparty democracy. At least 50 people were arrested as police lobbed teargas at protesters, claiming the protest was illegal since the organisers lacked a permit, yet public gatherings were outlawed during the Covid-19 period.

Another critical aspect is the mass surveillance measures that have been quickly adopted to curb the spread of the virus. Massive data collection continues with collection of telephone numbers, personal information, residential addresses, details of people contacted, body temperatures, as well as location tracking. It is worth noting that all licensed telecom service providers are required to register all SIM cards issued with corresponding subscribers’ details. Also problematic is the development and use of various unproven technologies and mobile applications to support contact tracing. These increase the potential for abuse and present a risk for repurposing the technologies for mass surveillance after the pandemic.

Whereas Kenya has enshrined the right to privacy under Article 31 of the Constitution, and adopted a Data Protection Act in November 2019, the Data Commissioner is yet to be appointed. The contact tracing measures are questionable and potentially violate privacy rights. They lack clear or any legal oversight, and there are no documented safeguards in case of any breaches. Further, there is widespread ignorance regarding the application of the law to the government’s contact tracing programmes. Moreso, it is not manifestly clear how personal data from contact tracing will be collected, stored, and shared.

Civil society organisations have also raised concern regarding the independence of the Judiciary. This follows delayed funding for the Judiciary and recent Covid-19 budget cuts reducing the judiciary’s budget from KES 18.05 billion (USD 171 million) the previous financial year by KES 1.35 billion (USD 12.5 million), leading to suspension of key development programmes; suspension of judicial services during the Covid-19 period from March 2020, with limited court activity since; and the refusal of the President to appoint 41 Judges nominated by the Judicial Service Commission (JSC) in July 2019, despite court orders. Courts remain a critical point of call for those who seek constitutional remedies. Viewed collectively, these developments threaten access to justice and may affect the capacity of the Judiciary to effectively respond to and efficiently deliver justice to those whose rights may be violated during this period.

Meanwhile, the pandemic has led many to work from home, creating increased demand for internet services, and highlighting the ever-rising digital divide. Not all Kenyans have access to fast, and affordable internet, yet access to the internet and digital public services is increasingly being seen as essential for a dignified living.

According to the Communications Authority, internet subscriptions as of March 2020 stood at 39.3 million, while mobile SIM card penetration stood at 116%. While some companies such as Safaricom doubled the bandwidth allocation to their home fibre subscribers, the cost of accessing the internet remains a barrier for most of the population. Working and studying online also means that the public is at a higher risk of cyber incidents. Internet users can be exposed to hacking on online meeting tools, online banking fraud, surveillance, phishing and other email scams. According to the Communications Authority, the Kenya National Computer Incident Response Team detected 34.6 million cyber threats, comprising malware, distributed denial-of-service (DDOS) attacks, web application attacks and system vulnerabilities between January and March 2020, a rise from the 11.2 million attacks reported during a similar period in 2019.

Nonetheless, a number of positive measures have been adopted. In March 2020, the Central Bank of Kenya announced emergency measures to promote the use of mobile money for a three month period. These included the elimination of charges for transactions below KES 1,000 (USD 9.2); increase of daily transaction limits to KES 300,000 (USD 2,763); elimination of charges for transfers between mobile money wallets and bank accounts.

In conclusion, digital technologies have proven to be a key part of the solution to the current Covid-19 crisis. However, the rapid adoption of technologies could lead to decisions without consideration of the complex and long-term human rights impact, especially with regards to transparency and accountability.

According to the UN Secretary General, António Guterres, the post-Covid-19 world is expected to be more digital than before. Therefore, it will be essential for all stakeholders to ensure the respect for privacy, freedom of speech, transparency, participation, accessibility and accountability, including in the digital domain. There will also be a need for continued efforts to build trust and ensure fairness in the use of digital technologies, and bridge the digital divide across the country, to ensure marginalised and excluded groups are included to benefit from digitalisation.

Africa ICS Cybersecurity Conference 2020

Technology and cyberspace are key enablers of Africa’s agenda 2063, Kenya’s Vision 2030 coupled with the current big 4 agenda on Manufacturing, Food security and Health which aims at using technology and innovation to transform Kenya into an industrialized and secure middle-income country.
Click here for more details on the event.

Africa in the Crosshairs of New Disinformation and Surveillance Schemes That Undermine Democracy

By Daniel Mwesigwa |

A range of spyware vendors including Italian Hacking Team, the Anglo-German Gamma Group, and Israeli’s NSO Group, have found a ready market in authoritarian and repressive governments in Africa and elsewhere. Similarly, systematic propaganda campaigns designed by meddlesome actors – including government agents and ambitious data analytics companies such as Cambridge Analytica working on behalf of state and non-state actors – are becoming conspicuous in Africa, especially during electoral periods. 

The tools and tactics of these operators, who are mostly non-African, are increasingly undermining democracy and respect for human rights in Africa, as they enable mass surveillance and disinformation that manipulates and undermines political discourse. 

For example, Chinese tech giant Huawei and its technicians were implicated in an August 15, 2019 exposé by The Wall Street Journal that detailed how the company’s staff had helped the Uganda Police to hack into the encrypted communications of an opposition figure. As a result, the security officers were able to thwart the opposition leader’s mobilisation plans. The article also stated that technicians from Huawei had helped Zambian authorities to access the phones and social media pages of a group of opposition bloggers who were tracked and arrested. 

Through security vulnerabilities, spyware tools and products give governments, notably intelligence and law enforcement authorities, super powers to surveil using covert intrusion systems across major mobile platforms and operating systems. In 2016, the Citizen Lab, an interdisciplinary lab working at the intersection of global affairs and technology at the University of Toronto, uncovered Pegasus – a sophisticated malware developed by the NSO Group that is injected into a target’s phone via text or WhatsApp, a popular messaging tool in Africa. The Citizen Lab has since identified Pegasus operations in over 45 countries including Algeria, Egypt, Ivory Coast, Kenya, Morocco, Rwanda, South Africa, Togo, Uganda, and Zambia. But NSO has reportedly bragged time and again how it can penetrate various operating systems and applications irrespective of the security patches.

According to the 2019 State of Internet Freedom in Africa Report, the “surveillance state” in Africa gained notoriety at the turn of the decade, after the infamous Arab Spring that swept across North Africa in 2011, allegedly amplified by dissident voices on social media. The report documents how repressive states such as Tanzania, Uganda, Ethiopia, Botswana, and Rwanda have since boosted their surveillance capabilities through procurement of advanced spyware. In 2015, it was revealed that Uganda and Tanzania had procured Hacking Team’s premium Remote Control System (RCS) for intrusion into systems across major mobile platforms and operating systems. 

More recently, the Financial Times reported that Rwanda paid up to USD 10 million to the NSO Group to spy on government critics and dissidents through WhatsApp – an allegation Rwanda president Paul Kagame denied in a presidential press briefing held on November 8, 2019, only acknowledging that they spy on “our enemies” using “human intelligence”. He added, “I wouldn’t spend my money over a nobody [Rwandan exiles] yet we have sectors like education to spend such money”. 

But Kagame’s denial is to be taken with a pinch of salt. In 2016, a Rwandan court sentenced a popular singer, Kizito Mihigo, to 10 years in prison on allegations of conspiracy to overthrow the government, based on hacked private WhatsApp and Skype messages exchanged with alleged dissidents in exile. 

The alleged Rwanda cases appear to be linked to others of NSO infiltrating the WhatsApp accounts of journalists, human rights activists, political dissidents, prominent female leaders, and other members of civil society in up to 20 countries, which prompted Facebook (the owners of WhatsApp) to sue NSO in October 2019. The lawsuit brought by Facebook in the U.S Federal Court accuses the spyware maker of hacking into the WhatsApp accounts of 1,400 users worldwide. While there are scanty details on the exact identities of the affected, it is reported that 174 are lawyers, journalists, human rights defenders and religious leaders.

According to the Financial Times, those targeted in Rwanda, six of whom it interviewed and they confirmed being alerted by WhatsApp about the possible NSO-enabled surveillance of their communications. These included a journalist living in exile in Uganda, who had petitioned the Uganda government “to help protect Rwandans in the country from assassination”; South Africa and UK-based senior members of the Rwanda National Congress (RNC), an opposition group in exile; an army officer who fled Rwanda  in 2008 and testified against members of the Rwandan government in a French court in 2017; and a Belgium-based member of the FDU-Inkingi opposition party.

Meanwhile, some foreign powers are purportedly testing, as New York Times recently reported, “New Disinformation Tactics in Africa to Expand Influence”. The report detailed how the Wagner Group founded by businessman Yevgeny Prigozhin, who allegedly has close ties to the Russian government, has over the last couple of years been running aggressive disinformation campaigns on Facebook. 

It is reported that Prigozhin’s campaign used locally-opened Facebook accounts to disguise behaviour and also used sham news networks that regularly reposted articles from Russia’s state-owned Sputnik news organisation to promote Russian policies while undermining US and French policies in Africa. On October 31, 2019, Facebook reportedly removed these accounts that were influencing operations “in the domestic politics” of eight African countries – Cameroon, the Central African Republic, Congo Brazzaville, Ivory Coast, Madagascar, Mozambique, and Sudan.

Earlier in 2019, Facebook reportedly shut down a separate “fake news” operation targeting elections in African countries such as Nigeria, Senegal, Togo, Niger, Angola, and Tunisia, propagated by “inauthentic” accounts on Facebook and Instagram run by Israeli commercial firm, Archimedes Group.  Between 2013 to 2017, governments such as Kenya and Nigeria reportedly hired Cambridge Analytica to manipulate their electorate in a bid to win presidential elections for the incumbents.

Besides the disinformation campaigns linked to Russian actors, and the Israel-made spyware, there are also facial recognition surveillance programmes such as the Huawei’s “Smart Cities”, which has been deployed in 12 African countries. This phenomenon is referred to by some as an export of digital authoritarianism. 

It is now evident that governments and non-state actors face an uphill task of combatting the governance challenges caused by this phenomenon. Accordingly, governments, with the help of tech platforms, need to understand what legislation and policies, including oversight and enforcement mechanisms, are necessary to strengthen the protection of democracy and human rights in the rapidly changing digital world.

1 2 3 5