The Stampede for SIM Card Registration: A Major Question for Africa

By Edrine Wanyama |
It is anticipated that by 2025, there will be at least 5.9 billion mobile subscribers accounting for 71% of the world’s population. As of 2017,  Sub-Saharan Africa (SSA) had  a mobile subscription rate of 44% which is projected to reach  52% by 2025. Further, SSA’s mobile internet penetration by 2017 stood at 21% and is anticipated to increase to 40% by 2025.  However, the region has registered the largest number of cases of mandatory SIM card registration yet it suffers some of biggest challenges in personal data protection and privacy.
The benefits of SIM card registration include facilitation of citizens’ access to e-Government services, easy identification of an individual’s mobile number and number portability when switching networks. In addition, it aids combating cybercrime including terrorism by limiting covert communication and promotes good relations between consumers and service providers by simplifying identification of consumers and their use of SIM services. Accordingly, many governments argue that mandatory SIM card registration is for purposes of safeguarding digital and physical security. However, critics argue that when SIM card registration is effected without due safeguards, it poses a threat to privacy and freedom of expression.
Indeed, in 2013 Mexico repealed its policies on SIM card registration “after a policy assessment showed that it had not helped with the prevention, investigation and/or prosecution of associated crimes.” Finland has not enforced compulsory SIM card registration and nonetheless, through voluntary mobile signatures, service providers has succeeded in facilitating user’s access to relevant retail, banking and e-Government services.
Globally, over 90 countries conduct compulsory SIM card registration yet some remain without clear policy on its implementation. Amidst criticisms that mandatory registration does not necessary combat cybercrime, as criminals take the necessary precautions to avoid being detected and circumvent mandatory SIM card registration, African countries continue to proactively enforce SIM card registration. Among the prevailing challenges on the continent is the difficulty in validating identity documents in an environment with a wide range of service providers who create room for potential circumvention.
Mandatory registration has negatively affected access and usage of mobile telecommunication services due to the tedious process which entails the production of documentation such as passports and national identity cards prior to registration, which sometimes results in failure to attain a SIM card, disconnection, or  deactivation of SIM cards.
Additionally, there have been repetitive calls for registration of SIM cards in countries such as Uganda and Nigeria with personal data being collected  more than once. In Uganda, despite government explanation that SIM card verification is aimed at ensuring secure and safer communications, citizens have unanswered questions on the exercise. Suspicion arises due to a fresh validation of SIM card registration using national identity cards subsequent to registration which was initially done using valid documents such as students’ identity cards, driving permits and passports.
Double collection of personal data may partly imply collection of data beyond what is necessary for the purpose contrary to the internationally established data protection principles such as those set out in the Organisation for Economic Co-Operation and Development (OECD) Data Protection Principles. Further, there is no guarantee of individual privacy as most of the African countries do not have data protection laws. Moreover, most of the existing data protection laws do not meet internationally recognised standards considered sufficient to guarantee personal data protection and are therefore regarded as offering moderate or limited protection.
Meanwhile, efforts to buttress data protection in Africa have not yielded much. Out of 54 countries on the continent, only 14 have data protection laws (Angola, Benin, Burkina FasoMali, Gabon, GhanaIvory Coast, Lesotho, Madagascar, MoroccoSenegalSouth AfricaTunisia and Zimbabwe). A few others such as Uganda, Kenya, Nigeria, Tanzania and Niger have Bills. Regional efforts have also not yielded much. The Convention on Cyber Security and Personal Data Protection which was adopted by the African Union in 2014 has registered only 10 signatories (Benin, Chad, Congo, Ghana, Guinea-Bissau, Mauritania, Sierra Leone, Sao Tome & Principe, Zambia and Comoros) and one ratification by Senegal.
Ultimately, there is need to reconcile state interests with citizens’ personal data and privacy rights. Mandatory registration, especially in the absence of clear registration guidelines and the lack of data protection laws, puts personal data at risk. African governments need to learn from other jurisdictions such as Europe with regards to processing of personal data as part of SIM card registration. In enforcing SIM card registration, there should be a clear set registration timelines, clear and unambiguous registration requirements.

Bridging Cyber Security Gaps: SMEs Trained in Uganda

By Edrine Wanyama |
Uganda’s Small and Medium Enterprise (SME) sector is credited with contributing 20% to the country’s Gross Domestic Product (GDP) in 2016. While the level of adoption of technology as a key component of operations within the sector remains unclear, its effective utilisation requires entities to also embrace safety and security measures as a priority.
Identifying security controls to defend against cyber threats and data protection thus formed the basis of discussions at a cyber standards training workshop for SMEs in Uganda. Organised by the National Information Technology Authority (NITA-U) in collaboration with the Commonwealth Telecommunications Organization (CTO), the workshop, held in Kampala, Uganda on August 23-24,2017 targeted SME entrepreneurs, banking industry officials as well as ICT sector representatives from non-government organisations and other ICT stakeholders.
The workshop explored the Information Assurance for Small Information Assurance for Small to Medium Enterprises (IASME) which encourages SME’s to comply with international information security management standards
Possible risks include; theft of data for monetary gain or competition by criminals, hacking, physical insecurity to staff and office equipment, malware attacks, insecure configuration, updating software from unreliable sources, access control and spam.
Discussions on information security are abound in Uganda as the Data Protection and Privacy Bill, 2015 makes slow progress in Parliament while laws like the Computer Misuse Act, 2011, The Electronics Signatures Act, 2011 and the Electronic Transactions Act, 2011 do not fully address the issue of data protection and privacy.
According to a 2016 report based on a global survey of cybersecurity managers and practitioners, cyber security and information security is considered a technical issue rather than a business imperative.  The findings of this study echo sentiments held by civil society organisations which face similar digital security threats including increasingly sophisticated threats and rate of incidents according research conducted by the Collaboration for International ICT Policy in East and Southern Africa (CIPESA). It revealed that various CSOs were concerned about, or had been victims of hacking attempts on their email accounts and internal networks, that they had been targeted by phishing emails, and that they feared their activities were being surveilled by authorities
In order to be better positioned to address cyber threats, civil society and SME need to be equipped with skills encompassing both online and offline responses. These include knowhow on policy and compliance, physical environmental protection, risk assessment, access controls, incident management, monitoring, backup, malware identification and technical intrusions.
Through a cyber essentials course and practical exercises, participants at the workshop were equipped with basic skills for enabling non-technical users to establish five information security controls including malware protection, access control, patch management, secure configuration, boundary firewalls and internet gateways.
As a follow-up to the exercise, selected participants will undergo further training for possible contracting as IASME information security assessors for SME’s. CTO’s international events and seminars are conducted in all countries of the Commonwealth, across the continents of Africa, Europe, the Americas, Asia and the Pacific region. Specifically, in Africa, the events have been held in Botswana, Cameroon, Ghana, Kenya, Liberia, Mozambique, Nigeria, Papua New Guinea, South Africa, Swaziland and Uganda.
 

Announcement: Forum on Internet Freedom in Africa 2016

The Forum on Internet Freedom in Africa is scheduled to take place on September 27–29, 2016 in Kampala, Uganda.
The Forum provides a unique opportunity to deliberate and build a network of supporters of internet freedom in Africa. It brings together a wide range of civic actors such as journalists, bloggers, human rights defenders, and activists, private sector actors such as telecom companies, as well as communication regulators and law enforcement.
In 2015 the Forum assembled panelists from a diversity of backgrounds, which facilitated spirited discussions as captured in this report.

See the 2015 Forum Highlights video

A key highlight at the Forum is the launch of the State of Internet Freedom in Africa report that captures trends on internet freedom in select African countries. The 2016 report will cover the most number of countries so far.
These deliberations come as various African countries witness a slide in online freedom of expression and association, as well as breaches of the rights to privacy and access to information.
Visit the Forum page for more information.
Eventbrite - Forum on Internet Freedom in Africa 2016

Report: Women's Rights and the Internet in Uganda

By APC, CIPESA, WOUGNET |
This submission is a joint stakeholder contribution to the second cycle of the Universal Periodic Review (UPR) mechanism for Uganda. This submission focuses on women’s rights and the internet in Uganda. It explores the extent of implementation of the recommendations made in the previous cycle of the UPR and also identifies emerging concerns in Uganda regarding women’s rights online.
See the full report here

Forum Sparks Debate on Internet Freedom in Africa

By Juliet Nanfuka |
The recently concluded two-day Forum on Internet Freedom in East Africa 2015 sparked debate on the many facets of internet freedom, including access to information, digital safety, media freedom, online violence against women, regulation of the internet, freedom of expression online, and the online economy.
The first day of the Forum coincided with the internationally celebrated Right to Know Day (September 28) and also served as a platform to recognise the tenth anniversary of the Access to Information Act  in the host country, Uganda.
The Forum, organised by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) under the OpenNet Africa initiative, brought together just under 200 participants, a dramatic increment from the 85 who participated at last year’s inaugural Forum. Participants represented a wide spectrum of stakeholders including communications regulators, civil society, intermediaries, private sector, tech enthusiasts, artists, media and ordinary citizens. It was supported by the African Centre for Media Excellence (ACME), Hivos, Ford Foundation, Open Technology Fund, UNESCO and Web We Want.
According to the ITU, there are currently 3.2 billion people using the internet of which, by end 2015, two billion will come from developing countries. There is therefore a need to create awareness and to advocate for internet rights in developing countries that are registering a dramatic uptake of the internet.
The African Declaration on Human Rights has set the foundation upon which human rights standards and principles of openness in internet policy formulation can be developed in Africa. While various policies and laws have been developed in the continent’s 54 countries, many contradict the rights to privacy, access to information, data security, and freedom of expression.
In his opening remarks at the Forum, Jaco du Toit, Communication and Information Adviser at the UNESCO Regional Office for Eastern Africa, pointed to growing concerns over the mechanisms used by governments in the region to monitor citizen’s activities both online and offline. These concerns threaten legitimate online interactions including by the media that  plays  the role of  society’s watchdog, and by critical citizens with large online footprints and human rights organisations that rely on information to encourage civic participation and good governance.
The use of ICT tools by citizens to exercise their right to free expression and as an engine for development is widely recognised especially as the push for open data gains momentum across the African continent. However, recognition of internet rights in the same breath as the rights guaranteed offline by national constitution remains a grey area.
 Internet Freedom in East Africa
The forum served as the launch of the State of Internet Freedom in East Africa 2015 report on access, privacy and security online in Burundi, Kenya, Rwanda, Tanzania, and Uganda. The report is the result of qualitative and quantitative research conducted in the focus countries between May 2014 and August 2015.
The report highlights legal developments related to internet freedom in each of the focus countries such as the May 2015 ruling by the East African Court of Justice (EACJ) against the Burundi Press Law of 2013, on the grounds that some sections went against the principles of press freedom. This marked a victory for the Burundi Journalists Union who had petitioned the court over the repressive law. In Kenya, the Security Laws (Amendment) Act was signed into law despite concerns over its expansion of the surveillance capabilities of the Kenyan intelligence and law enforcement agencies.
In Tanzania, the controversial Cybercrimes Act and the Statistics Act were both passed in 2015 notwithstanding protests due to the restrictions they place on advancing transparency and access to information.
Progressive public access developments are also reported such as the Smart Kigali initiative which provides wireless internet service on select public transport buses. The Ministry of ICT in Rwanda also launched the “Stay Safe Online” campaign aimed at promoting awareness on cyber security.
The report also presents some of the violations of internet freedom that were registered in East Africa over the last year.
Knowledge, Attitudes and Perceptions on Internet Freedom
The report found that understanding of what constitutes internet freedom among the region’s citizens is varied. The majority associated internet freedom with the ability to utilise the internet free of unwarranted state regulations or commercial restrictions.
Online safety practice was low with only 48% of the respondents using digital safety and security tools to safeguard themselves online. A lack of awareness of security risks on digital platforms and shortage of skills to secure communications were among  the reasons for not actively utilising online safety tools.
The report further found widespread perception among East Africans of government surveillance even where there was limited  evidence remain prevalent of actual surveillance. Respondents cited national security, countering terrorism, and combating hate speech as key reasons for government surveillance.
Discussion Echoes Report Findings
Discussions in the 13 sessions at the forum repeatedly pointed out contradictory or non-existent laws to protect users especially in instances where critical content in writing, or creative and performing arts have led to arrests. This in turn has contributed to self-censorship by independent content producers and media.
Further, victims of online violence against women (VAW) do not have any legal structures to ensure their rights are upheld; instead, many are castigated more than the perpetrators of the violence. Limited legal provisions on the vice have thus led to a culture of silence and misinformation which in turn impacts upon reporting of cases to indicate the extent and actual statistics of VAW in African countries.
Discussions at the forum echoed insights gathered in the report, including the friction between control of content which impacts upon freedom of expression and regulation of the internet so as to combat hate speech and terrorism, and to maintain national security and public order.
“Ignorance of the law is not an excuse,” said Irene Kaggwa, Head of Research and Development at the Uganda Communication Commission on the need for responsible use of the internet. Jimmy Haguma, Acting Commissioner with Uganda Police’s Cybercrimes unit, , added that “freedom without control” would contradict certain needs, such as ensuring child online safety and protection from theft and fraud.
The challenges involved with ensuring that the internet is a safe space for genuine interaction were summarised by Facebook’s head of Public Policy for Africa, Ebele Okobi, who noted that “If Facebook were a country, it would be the biggest country in the world.” She added that the global platform faces a challenge of how to apply the laws of every country in which it has users in its policy on online content.
Underpinning all discussions at the forum was the use of social media and the need for users to build their digital security capacities as the online arena increasingly becomes the key avenue for social interaction. However, legislation in many countries has not moved fast enough to ensure the protection of users who fall victim to online abuse and violence.
In his closing remarks, Vincent Bagiire, Chair of the ICT Committee, Parliament of Uganda, emphasised the necessity for further engagement on internet freedom not only by civil society but with a more inclusive multi-stakeholder approach which works towards ensuring a free and open internet. He stated that this responsibility exists first at the national level, “but given the borderless, global nature of the internet”, it is also very much a global issue. “Internet freedom is both a domestic and a foreign policy subject,” he said.
The Forum had representation from 19 countries including Burundi, Cameroon, Democratic Republic of Congo, Ethiopia, Germany, Italy, Kenya, Nigeria, Rwanda, Tanzania, South Africa, South Sudan, Sudan, Somalia, Uganda, United Kingdom, United States of America, Zambia, Zimbabwe
For more details, visit the Forum on Internet Freedom in East Africa 2015 page, See the full programme and the speaker biographies.