Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: kenya

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  kenya
09Dec

Africa in the Crosshairs of New Disinformation and Surveillance Schemes That Undermine Democracy

Author admin Posted on

By Daniel Mwesigwa |

A range of spyware vendors including Italian Hacking Team, the Anglo-German Gamma Group, and Israeli’s NSO Group, have found a ready market in authoritarian and repressive governments in Africa and elsewhere. Similarly, systematic propaganda campaigns designed by meddlesome actors – including government agents and ambitious data analytics companies such as Cambridge Analytica working on behalf of state and non-state actors – are becoming conspicuous in Africa, especially during electoral periods. 

The tools and tactics of these operators, who are mostly non-African, are increasingly undermining democracy and respect for human rights in Africa, as they enable mass surveillance and disinformation that manipulates and undermines political discourse. 

For example, Chinese tech giant Huawei and its technicians were implicated in an August 15, 2019 exposé by The Wall Street Journal that detailed how the company’s staff had helped the Uganda Police to hack into the encrypted communications of an opposition figure. As a result, the security officers were able to thwart the opposition leader’s mobilisation plans. The article also stated that technicians from Huawei had helped Zambian authorities to access the phones and social media pages of a group of opposition bloggers who were tracked and arrested. 

Through security vulnerabilities, spyware tools and products give governments, notably intelligence and law enforcement authorities, super powers to surveil using covert intrusion systems across major mobile platforms and operating systems. In 2016, the Citizen Lab, an interdisciplinary lab working at the intersection of global affairs and technology at the University of Toronto, uncovered Pegasus – a sophisticated malware developed by the NSO Group that is injected into a target’s phone via text or WhatsApp, a popular messaging tool in Africa. The Citizen Lab has since identified Pegasus operations in over 45 countries including Algeria, Egypt, Ivory Coast, Kenya, Morocco, Rwanda, South Africa, Togo, Uganda, and Zambia. But NSO has reportedly bragged time and again how it can penetrate various operating systems and applications irrespective of the security patches.

According to the 2019 State of Internet Freedom in Africa Report, the “surveillance state” in Africa gained notoriety at the turn of the decade, after the infamous Arab Spring that swept across North Africa in 2011, allegedly amplified by dissident voices on social media. The report documents how repressive states such as Tanzania, Uganda, Ethiopia, Botswana, and Rwanda have since boosted their surveillance capabilities through procurement of advanced spyware. In 2015, it was revealed that Uganda and Tanzania had procured Hacking Team’s premium Remote Control System (RCS) for intrusion into systems across major mobile platforms and operating systems. 

More recently, the Financial Times reported that Rwanda paid up to USD 10 million to the NSO Group to spy on government critics and dissidents through WhatsApp – an allegation Rwanda president Paul Kagame denied in a presidential press briefing held on November 8, 2019, only acknowledging that they spy on “our enemies” using “human intelligence”. He added, “I wouldn’t spend my money over a nobody [Rwandan exiles] yet we have sectors like education to spend such money”. 

But Kagame’s denial is to be taken with a pinch of salt. In 2016, a Rwandan court sentenced a popular singer, Kizito Mihigo, to 10 years in prison on allegations of conspiracy to overthrow the government, based on hacked private WhatsApp and Skype messages exchanged with alleged dissidents in exile. 

The alleged Rwanda cases appear to be linked to others of NSO infiltrating the WhatsApp accounts of journalists, human rights activists, political dissidents, prominent female leaders, and other members of civil society in up to 20 countries, which prompted Facebook (the owners of WhatsApp) to sue NSO in October 2019. The lawsuit brought by Facebook in the U.S Federal Court accuses the spyware maker of hacking into the WhatsApp accounts of 1,400 users worldwide. While there are scanty details on the exact identities of the affected, it is reported that 174 are lawyers, journalists, human rights defenders and religious leaders.

According to the Financial Times, those targeted in Rwanda, six of whom it interviewed and they confirmed being alerted by WhatsApp about the possible NSO-enabled surveillance of their communications. These included a journalist living in exile in Uganda, who had petitioned the Uganda government “to help protect Rwandans in the country from assassination”; South Africa and UK-based senior members of the Rwanda National Congress (RNC), an opposition group in exile; an army officer who fled Rwanda  in 2008 and testified against members of the Rwandan government in a French court in 2017; and a Belgium-based member of the FDU-Inkingi opposition party.

Meanwhile, some foreign powers are purportedly testing, as New York Times recently reported, “New Disinformation Tactics in Africa to Expand Influence”. The report detailed how the Wagner Group founded by businessman Yevgeny Prigozhin, who allegedly has close ties to the Russian government, has over the last couple of years been running aggressive disinformation campaigns on Facebook. 

It is reported that Prigozhin’s campaign used locally-opened Facebook accounts to disguise behaviour and also used sham news networks that regularly reposted articles from Russia’s state-owned Sputnik news organisation to promote Russian policies while undermining US and French policies in Africa. On October 31, 2019, Facebook reportedly removed these accounts that were influencing operations “in the domestic politics” of eight African countries – Cameroon, the Central African Republic, Congo Brazzaville, Ivory Coast, Madagascar, Mozambique, and Sudan.

Earlier in 2019, Facebook reportedly shut down a separate “fake news” operation targeting elections in African countries such as Nigeria, Senegal, Togo, Niger, Angola, and Tunisia, propagated by “inauthentic” accounts on Facebook and Instagram run by Israeli commercial firm, Archimedes Group.  Between 2013 to 2017, governments such as Kenya and Nigeria reportedly hired Cambridge Analytica to manipulate their electorate in a bid to win presidential elections for the incumbents.

Besides the disinformation campaigns linked to Russian actors, and the Israel-made spyware, there are also facial recognition surveillance programmes such as the Huawei’s “Smart Cities”, which has been deployed in 12 African countries. This phenomenon is referred to by some as an export of digital authoritarianism. 

It is now evident that governments and non-state actors face an uphill task of combatting the governance challenges caused by this phenomenon. Accordingly, governments, with the help of tech platforms, need to understand what legislation and policies, including oversight and enforcement mechanisms, are necessary to strengthen the protection of democracy and human rights in the rapidly changing digital world.

20Nov

New Law Holds Promise for Improved Data Governance in Kenya

Author admin Posted on

By CIPESA Writer |

Following a seven-year, windy journey, on November 8, 2019, Kenya got a data protection law. The Data Protection Act, 2019 has various positive elements and can go a long way in addressing the live issues in protecting the privacy of data in Kenya.

The law came at a time of widespread concern about privacy in the country, including the fragmented oversight over privacy and data protection; increased mass data collection programmes by the government; enhanced state surveillance capacity; rampant privacy breaches including by business entities; limited dispute resolution mechanisms and the deficiency of remedies in case of breach of privacy.

The new law provides a comprehensive framework to regulate the processing of personal data and the protection of individuals’ privacy. It consolidates the law on privacy in the country and articulates several principles of personal data protection, as the minimum standard which all data controllers or processors must abide by.

Further, the Act provides for autonomy of the data subject over their data. It defines what constitutes consent, and makes the requirement of consent mandatory. This potentially addresses situations where personal data is collected arbitrarily and without the explicit consent of users. The law also prohibits the use of personal data for commercial purposes without the consent of the data subject. It places the burden of proof for establishing a data subject’s consent on the data controller or processor, while allowing the subject to withdraw consent at any time.

Also key is that the Data Protection Act, 2019 amends other legislation that have an impact on privacy, meaning that institutions responsible for handling the registration of individuals at birth and death, issuance of national identity cards and passports, Huduma Namba registration, registration of students at all levels, and the registration of telecommunication services consumers, will need to review their current policies, practices and procedures to ensure compliance with the principles in the Act.

The law establishes an independent office of the Data Protection Commissioner. Hitherto, the lack of an oversight body and the fragmented oversight over privacy in the country meant that every institution collecting personal data “owned” and used such data as they wished.

However, whereas the Act hold much promise for improved personal data governance in Kenya, state agencies, including the communications regulator, as well private actors and civil society all have a role to play in its implementation.

This brief recounts Kenya’s journey and efforts to develop a data protection law. It also provides an overview of the implication of the new law to the protection of privacy and data rights in the East African country.

11Sep

Placing ICT Access for Persons with Disabilities at the Centre of Internet Rights Debate in Kenya

Author admin Posted on

By CIPESA Writer |
Persons with disabilities have unique needs and have for long been disadvantaged, yet, the more some African countries get digitally connected, the deeper the digital divide for this community seems to grow. Indeed, debates about internet governance and the inclusiveness of the information society have not prominently featured the needs of persons with disabilities. This, despite Information and Communications Technology (ICT) having the potential to improve the lives of persons with disabilities.
However, it was a different story in Kenya a month ago, with disability rights featuring prominently at the Kenya Internet Governance (KIGF) and being the focus of a multi-stakeholder workshop held the day before the forum.
ICT for us is an enabler; for a person with disability, ICT makes the world go round,” remarked Erick Ngondi of the United Disabled Persons of Kenya (UDPK), at the end of a workshop organised by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) alongside the Kenya Internet Governance Week that is spearheaded by the Kenya ICT Action Network, or KICTANet. “For me this has been one of the first meetings as relates to ICT and disability, so this is an excellent move.”
The workshop brought together 28 participants who included representatives of disabled persons’ organisations, government departments, telecom companies, academic institutions, technology companies, civil society organisations, and the media. The workshop explored ICT inclusion obligations for the state and for private companies and discussed what Kenya needs to do so as to improve access and usage of ICT for persons with disabilities. (Watch video with highlights from the meeting.)

“This workshop is one of its kind because it is not only about issues of physical accessibility but also informational and technological accessibility for persons with disabilities. This is a good initiative by CIPESA and I want to applaud them for this. It is a journey that has started and I look forward to us going on with this journey until we achieve our goal of persons with disabilities being included in technology.” George Shimanyula, Cheshire Disability Services Kenya.

In addition, the workshop disseminated a draft tool for monitoring compliance and implementation of ICT and disability rights obligations, including those specified by national laws and the United Nations Convention on the Rights of Persons With Disabilities (CRPD). The aim was to receive feedback on the tool, and to create awareness of how state and non-state actors can assess the compliance of government departments and private entities with digital accessibility obligations.
Kenya’s constitution is strong on disability rights, outlawing discrimination on the grounds of disability in article 27(4); and providing that a person with disability shall be entitled to treatment with respect and dignity, access educational institutions and facilities, have reasonable access to all places, public transport and information, and access materials and devices including for communications (article 54). Moreover, Kenya’s National ICT Policy of 2016 outlines, under article 13, strategies for “an accessible ICT environment in the country in order to enable persons with disabilities to take full advantage of ICTs.”
https://twitter.com/BakeKenya/status/1156905814122217487
However, as was noted by Judy Okite, founder of the Association for Accessibility and Equality, many of the digital accessibility strategies outlined in the 2016 policy remained unfulfilled. While Kenya’s government is making significant steps to move its services online, the platforms are not favorable to those who are visually imparied. “Are we widening the digital divide by moving our services online? Is ICT recognised as an enabler for PWD in Kenya?” wondered Okite.

Unfulfilled: Digital accessibility strategies outlined in the Kenya National ICT Policy 2016
The Government will where appropriate take measures to:
(a) ensure that ICT services and emergency communications made available to the public are provided in alternative accessible formats for persons with disabilities (PWD);
(b) review existing legislation and regulations to promote ICT accessibility for PWDs in consultation with organisations representing PWDs among others;
(c) promote design, production and distribution of accessible ICT at an early stage;
(d) ensure that persons with disabilities can exercise the right to access to information, freedom of expression and opinion;
(e) require both public and private entities that render services to the public to provide information and services in accessible and usable formats for persons with disabilities;
(f) Require content producers for distribution and public consumption in Kenya to produce such content in accessible format such as audio description, audio subtitles, captions and signing for access to persons with disabilities.
(g) ensure that websites of government departments and agencies comply with international web accessibility standards and are accessible for persons with disabilities
(h) provide incentives to providers of accessible technology solutions including software, hardware and applications
(i) take such measures that will lessen the burden of acquisition of accessible technologies and associated gadgets by PWDs through fiscal means such as tax exemptions, subsidization, funding acquisitions, etc.
(j) ensuring that licensed ICT service providers offer special tariff plans or discounted rates for persons with disabilities communicate with the rest of society.
(k) Ensure that licensed providers of telecommunications services make available services and supporting technologies for persons with disabilities including emergency services, accessible public phones and relay services to enable persons with speech, hearing and seeing disabilities

Similar sentiments were shared by lawyer and digital rights activist Angela Minayo, who said the workshop “was very productive” and had enabled participants to realise that there is a gap in the implementation of ICT policy and in awareness of how national policies and international legal frameworks provide for persons with disabilities to be able to access and use ICT.
Conversations from the workshop were carried forward to the KIGF, with a session on inclusion, where Okite joined Paul Kiage (Communications Authority), Nivi Sharma (BRCK), Ben Roberts (Liquid Telecom), Josephine Miliza (KICTANet) and Alfred Mugambi (Safaricom) on a panel.
Kiage, an assistant director in charge of the Universal Service Fund (USF), said the fund had collected KShs 9 billion (USD 86.6 million), mostly used to extend network coverage to areas without voice services and to offer broadband connection to 896 secondary schools across the 47 counties. He said they had installed JAWS software and other assistive devices in eight learning institutions, partnered with the National Council for Persons with Disabilities to create a portal to enable persons with disabilities to access information including job advertisements, and created platforms in some libraries to enable accessibility to digital content.
But, according to Okite, despite USF’s efforts, “the digital divide is growing bigger for persons with disabilities”. Research she was part of last year showed that computers in some of the learning institutions had not been replaced for several years, requisite software was not installed or out of date, and staff managing the labs were not trained to teach users. Sustainability of the initiative was thus in question.
Kiage’s response? “We could do a lot more because we know there’s even primary schools that are catering for persons with disabilities in Kenya so we could go lower and support such schools.”
As of March 2019, Kenya had a mobile penetration of 106%, or 51 million subscriptions, while internet subscriptions stood at 46.8 million, of which 46.7% were on broadband. But as the KIGF panel on inclusion heard, segments of Kenyans can not afford to use ICT, and those in rural areas, poor and uneducated women, and many persons with disabilities were cited.
Dr. Wairagala Wakabi of CIPESA asked the Kenya government to conduct a gap analysis to establish the unmet ICT needs of persons with disabilities, collect on a regular basis disaggregated data that shows how persons with different types of disabilities are using technology and the challenges hindering greater use, and invest a larger portion of universal service funds in promoting digital accessibility. He added that Kenya should grow awareness about assistive technologies and make these technologies affordable.
“We should leave no one behind when it comes to digital inclusion,” he said. “Clearly, the Communications Authority can do more to improve access for people with disabilities, including through the use of the Universal Service Fund,” he said.
The private sector needs to be compliant too, and to be held to account to fulfil its obligations. In Kenya, and indeed across Africa, Safaricom has been a pace-setter. Last November, it launched the DOT Braille Watch service to enable the use of its M-Pesa mobile money service by persons with disabilities, said Karimi Ruria, Public Policy Manager at the provider. In December 2017, Safaricom introduced the Interactive Voice Response (IVR) that enables visually impaired and blind customers to control their M-Pesa transactions.

20Nov

Call for Evaluation Consultant: ICT4Democracy in East Africa Network

Author admin Posted on

The Collaboration on International ICT Policy in East and Southern Africa (CIPESA) is seeking an evaluation consultant to establish the achievements, outcome and challenges registered by the ICT4Democracy in East Africa Network during the period June 2016 to December 2018. The evaluation will assess the appropriateness, effectiveness and outcomes of the network in relation to the program objectives
Closing date for applications: 17:00 hours East African Time (EAT) on Friday December 7, 2018
Further details on the scope, eligibility and how to apply are available here.

30May

Sections of Kenya’s Computer Misuse and Cybercrimes Act, 2018 Temporarily Suspended

Author admin Posted on

By Juliet Nanfuka |
Barely two weeks after the presidential assent to the Computer Misuse and Cybercrimes Act, 2018, a High Court judge has issued a conservatory order suspending the entry into force of 26 sections of Kenya’s contentious Computer Misuse and Cybercrimes Act, 2018. The order by Judge Chacha Mwita, suspending the sections until July 18, follows a petition filed by the Bloggers Association of Kenya (BAKE), which challenged the law for contravening constitutional provisions on freedom of opinion, freedom of expression, freedom of the media, freedom and security of the person, right to privacy, right to property and the right to a fair hearing.
In the order issued on May 29, the judge certified BAKE’s petition as urgent, and stated that  respondents (who include the Attorney General, the Speaker of the National Assembly, the head of the National Police Service, and the Director of Public Prosecutions) be served immediately. The respondents would have seven days from receipt to file written submissions. Hearing of the petition is scheduled for July 18, 2018.
Although the conservatory order only stalls the enforcement and could be lifted or maintained thereafter, it nonetheless represents a win for digital rights advocates in Kenya, as they have in the interim satisfied the judge that there is an arguable case to be made against the constitutionality of the recently enacted law. The order also marks another landmark ruling in the litigation towards respect and realisation of digital rights across Africa.

According to the  order, the suspended sections are: 5, 16, 17, 22, 23, 24, 27, 28, 29, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 48, 49, 50, 51, 52 & 53.


Various organisations criticised the bill prior to its assent on May 16, 2018 calling it unconstitutional. Among the organisations were the Kenya ICT Action Network (KICTANET), Article 19 Eastern Africa, BAKE and the Centre to Protect Journalists (CPJ) who deemed numerous sections unconstitutional and detrimental to Kenyan citizens’ digital rights. They said it infringed on the privacy of individuals, freedom of expression, speech, opinion and access to information online.
Kenya already has a history of stifling online critics of the state and state actors, as echoed by James Wamathai, the Director of Partnerships at BAKE. In a statement, he said: “In the past several years, there have been attempts by the government to clamp down on the freedom of expression online. This Act is a testament of these efforts, especially after other sections were declared unconstitutional by the courts.
Among the prevailing concerns on the law is the use of vague language on issues such as “false” or “fictitious” content and false publications in Section 22 and 23, accompanied with heavy obligations on users to verify truthfulness or untruthfulness of information before disseminating. As per section 12, failure to comply would result in a fine of five million Kenyan shilling (USD 50,000), up to two years in prison, or both.
The  court order comes on the heels of the two judgments (Okiya Omtatah Okoiti v The Communication Authority of Kenya and 3 others Constitutional Petition No. 53 of 2017 and Kenya Human Rights Commission v Communications Authority of Kenya and 3 others no. 86 of 2017) by the Kenya High Court in which the petitioners successfully challenged the installation on mobile phone networks of a communication surveillance system dubbed Device Management System (DMS), by the Communications Authority (CA) Kenya (CA). The petitioners argued that, through this system, the authority would have undue access to the communications of citizens.
As more countries in Sub-Saharan Africa develop technology related laws, it is fundamental that the laws uphold human rights standards prescribed at global and regional levels, including in the International Covenant on Civil and Political Rights (ICCPR), the African Charter on Human and Peoples Rights (ACHPR), and African Union Convention on Cybersecurity and Personal Data Protection. However, recent developments such as has been witnessed in East Africa appear to prioritise the criminalisation and penalisation of internet use rather than encourage its adoption as a tool for greater access to information, and for expanding free expression and civic engagement.
Kenya’s neighbours Tanzania and Uganda have this year taken actions detrimental to digital rights. In Uganda, social media taxes that could be introduced in July 2018 threaten internet access and affordability while in in Tanzania, online content producers will have to pay over USD 900 to register with the state for permissions to maintain their platforms, according to new regulations.
 

1 2 3 4 5