By Marilyn Vernon & Liz Orembo |
Threats to citizens’ access to information, privacy, security and freedom of expression online are increasingly coming under scrutiny in East Africa. According to the World Press Freedom Index, Kenya who was ranked number 71 out of 180 countries in 2013, dropped 29 places to number 100 in 2014. Meanwhile, cybercrime is also on the rise in the country. The Kenya Cyber Security Report 2014 shows a 108% increase in detected cyber threat incidents, from 2.6 million attacks in 2012 to 5.4 million in 2013.
The Cyber Security Report attributes the surge in criminal activity to the increasing value of information and the lower risk of detection and capture. Businesses and individuals are susceptible to threats stemming from spyware, social media, unsecured email, and theft of mobile computing devices.
Kenya’s ranking in the World Press Index reflects the deteriorating relationship between the media and the state. The steady decline is partly attributed to the passing of prohibitive legislation, most notably the Kenya Information and Communications (Amendment) Act and the Media Council Act of 2013, which subjects violators to heavy fines and asserts undue state control over media practice.
A few journalists in Kenya have boldly reported on sensitive topics at the risk of imprisonment or financial penalties. Reported cases of assassination, disappearance, destruction of property, confiscation of equipment, and arrests are among the list of violations committed against journalists and activists.
Notably, controversial blogger Bogonko Bosire, who worked for Agence France Presse (AFP), went missing two years ago. He was known for his criticism of President Uhuru Kenyatta’s administration during the International Criminal Court (ICC) proceedings. It is reported that Bosire had been threatened multiple times, and his website Jackal News suffered at least one digital attack. Various rumors surrounding his fate spread online, but his whereabouts remain unknown.
In a digital safety and security training workshop conducted last month by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with Kenya ICT Action Network (KICTANet), journalists, bloggers and activists admitted to using the Internet for research, communication and reporting but with little or no understanding of the existing digital threats.
“Why do I need security?” and “I’m not that important for anyone to waste time looking for information in my gadgets” were some of the comments participants made.
Other shortcomings identified in the pre-workshop assessment included poor organisation IT mobility policies whereby, just like other business organisations in Kenya, media houses allow their employees to carry their own devices to the workplace. Some of these devices are also used in public places by employees to meet their work targets. This increases the risks of journalists having their data lost or compromised especially since theft of mobile and computing devices is rampant in the country.
Freelance journalists indicated being unable to acquire the necessary digital safety resources as often availed to counterparts fully employed by the media houses. Besides, there was a widespread use of free web-based email services such as Yahoo, Google mail and Hotmail through which practitioners felt “sensitive communication can be intercepted since some of these email service companies have histories of being hacked”.
Accordingly, the CIPESA-KICTANet training workshop set out to equip participants with the necessary tools and knowledge needed to protect their digital information and communication, and to respond to various types of digital threats. The workshop topics ranged from the importance of digital security, secure communication and data storage, to PC and mobile device security, as well as the ethical and legal aspects of digital communication on social media platforms.
The interactive sessions enabled a knowledge-sharing environment in which participants were able to evaluate their security vulnerabilities and to choose security tools they would use to protect themselves and their work. Attendees engaged in group discussions, lab demonstrations, and case studies of ethical blogging. Participatory sessions demonstrated how to encrypt emails, create strong memorable passwords, and identify built-in security features on mobile devices to determine which are important for personal safety – taking into account that security features are only effective when used well.
As a means to protect information and guard against digital threats, the workshop facilitator, Harry Karanja, encouraged participants to use tools such as anonymous internet navigation settings, data encryption, and virtual private networks (VPN). He also recommended use of IP anonymisation and signing up with secure anonymous email services.
Participants were also urged to refrain from sharing personal identifiable information online, perform regular updates to the latest versions of operating systems, and back up their data.
Recommendations from participants for future workshops included partnering with learning institutions to train student journalists on digital security prior to engaging in professional work and the development of online tutorials for ongoing reference.
The workshop, held at Riara University in Nairobi, Kenya on June 17-18 2015, had 24 participants from Kenyan print, broadcast, and online news agencies. It is the fourth in a series of digital safety awareness and capacity building trainings conducted this year by CIPESA under its OpenNet Africa initiative. The others have been held in Tanzania and Uganda.
Civil Society’s Proposals on The African Cybersecurity Convention
In December 2013, the Kenya ICT Action Network (KICTANet) led online discussions on the proposed African Union Convention on Cyber Security (AUCC). The convention establishes a framework for cyber security in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime.”
Civil society and academia have raised concerns about some of the articles in the convention, which had earlier been expected to be signed in January 2014. Latest reports indicate that, at the earliest, the law could be signed in June this year.
The report on the discussions will be used by KICTANet and partners such as CIPESA to create awareness and lobby African governments to pass legislation and instruments that fully support the privacy of individuals and the fully enjoyment of their freedom of expression online.
The stated background to the convention is that the African Union is seeking ways to intensify the fight against cybercrime across the continent“in light of the increase in cybercrime, and the lack of mastery of security risks by African countries.”
Furthermore, the AU states that a major challenge for African countries is the lack of adequate technological security to prevent and effectively control technological and informational risks. As such, it adds, “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”.
The intentions may be legitimate but, as noted by the online discussions, some of the articles in the current version of the convention could be used to negate individuals’ privacy and their right to express themselves through online mediums.
Take, for example, Article III – 34. It states that AU member states have to “take necessary legislative or regulatory measures to set up as a penal offense the fact of creating, downloading, disseminating or circulating in whatsoever form, written matters, messages, photographs, drawings or any other presentation of ideas or theories of racist or xenophobic nature using an a computer system.”
How does this clause balance with the fundamental right to freedom of expression? Experts argue that this clause is problematic as it requires a measure of truth, which is hard to actually legislate or determine owing to the relativity of truth. They add that this sort of law would likely be unenforceable.
The discussion noted that although African countries needed legal framework on cybercrime, the current proposals need numerous amendments. The discussions also noted a need for the African Union Commission to engage with civil society to draw up progressive and enforceable laws. However, civil society had the added task of creating awareness and capacity among citizens on cyber security and the need to uphold freedoms of expression online.
These discussions were conducted on multiple lists of KICTANet and the Internet Society (ISOC) Kenya and on the I-Network and ISOC Uganda ists moderated by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA), from 25 – 29, November 2013. They were also shared through numerous pan-Africa and global lists on ICT policy and online freedom.
Download the full discussions report here.
Call for Expression of Interest to participate in the Youth Fellowship to attend the 5th East African Internet Governance Forum (EAIGF)
The EAIGF was established to create a Community of Practice that will be a sustaining foundation for meaningful participation of East African stakeholders in Internet governance public policy debates at the national, regional and international level. The EAIGF model allows for the informed participation, contribution and engagement of community members through the sharing of experiences, information, addressing common problems and challenges, the creation of new knowledge and increasing local capacity.
Since its inception, EAIGF has continued to act as a catalyst for an inclusive information society in region and has to date addressed issues ranging from interconnection, IXPs, affordable access, Strengthening ccTLDs in East Africa, among others.
After four successful meetings, held in Kenya, Uganda, and Rwanda from 2008, the fifth EAIGF will be hosted by the Kenya ICT Action Network (KICTANET).
The EAIGF is now accepting applications from youth representatives to attend this year’s EAIGF to be held July 17 – 18, 2012 in Nairobi, Kenya.
As an EAIGF Youth fellow, you are expected to contribute to the wider regional IG policy debate while providing valuable expertise and know‐how to the policymakers and decision makers who participate in IGF meetings.
The Fellowship Award
Youth Fellows to the EAIGF receive the following assistance:
- a round‐trip, economy class airline ticket to attend the meeting
- hotel accommodation for the duration of the meeting
- a small stipend to offset incidental expenses
Expectations for the Fellows
Youth fellows are expected to:
- prepare in advance to make a presentation on a selected topic of the EAIGF meeting
- participate broadly in the EAIGF meeting agenda
- contribute to the EAIGF blog
- share the experience and knowledge gained at the EAIGF with their local communities when they return home (including writing a report on the activities)
Who should apply?
EAIGF youth fellowships are for Ugandans aged between 20‐30 who have a strong interest in the issues and themes of the EAIGF and have demonstrated interest in promoting Internet policy in Uganda.
Selection criteria
Selection for the fellowship is competitive. All applicants must:
- be between the ages of 20 and 30
- Present a strong motivation for attending the EAIGF meeting
- Demonstrate an understanding of Internet Governance issues both at the local, regional and international environment.
- Demonstrate experience in leading Internet governance discussions at the national/ regional/international level and in multi‐cultural environments
The selection committee will also attempt to achieve professional, geographical, and gender diversity in the overall selections.
How to apply
Send your expression of interest stating your motivation to attend the EAIGF, and how you meet the criteria above, to Lillian Nalwoga, at [email protected] CC [email protected] no later than Monday June 18, 2012.