Skilling Distributed Digital Security Trainers Amidst Growing Digital Rights Attacks

By Neil Blazevic, Andrew Gole and Ashnah Kalemera |

Amidst increased attacks on digital rights activists, journalists, and human rights defenders (HRDs) during the Covid-19 pandemic, it has become crucial to grow the capacity of these actors to operate securely. A key concern is that, in many African countries, skills in digital security and safety are lacking among some of the most at-risk groups, yet trainers and support networks are in short supply.

Without adequate digital security capacity, activists and HRDs are not able to meaningfully continue advocacy and engagements around human rights, transparent and accountable governance, during and in the aftermath of Covid-19. Accordingly, through the Level-Up programme, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has provided security support to 16 HRD organisations in Kenya, Ethiopia, Tanzania, South Sudan and Uganda. 

The initiative helped to strengthen the participating entities’ organisational and information systems security capacity, entailed a Training of Trainers (ToT) component – which benefitted 19 individuals – to grow the network of individuals and organisations that offer digital security training and support to journalists, activists, and HRDs, and organisational security assessments. The training and support were delivered through innovative approaches to geographically distributed individuals that could not meet physically due to Covid-19 social distancing and travel restrictions.

Covid-19 and Digital Attacks

In the wake of the global outbreak of the Covid-19 pandemic and government measures to curb its spread, digital technologies have played a vital role in enhancing disease surveillance, coordinating response mechanisms, and promoting public awareness in Africa. The potential of technology to facilitate containment of the spread of the coronavirus on the continent notwithstanding, concerns over surveillance, violation of rights to privacy, freedom of expression, access to information, and freedom of association and assembly were prevalent. 

Scores of journalists and bloggers in Kenya, Guinea, Uganda, Egypt, among others, were assaulted, detained, and/or prosecuted over their reporting on Covid-19; while some countries such as Kenya, Uganda and South Africa were reported to be conducting cell phone tracking of Covid-19 suspected patients and their contacts. Some others passed regulations and/or invoked laws that criminalised the spreading of false Covid-19 information. Accordingly, there have been fears that in the aftermath of the pandemic, some governments could shift the Covid-19 surveillance apparatus and lessons learnt to undermine digital rights, by surveilling and silencing critics and opponents. 

Meanwhile, hackers and adversaries are capitalising on the increased time spent online and remote working by a large portion of the population by designing new attacks through phishing and hijacking of virtual meetings, among others. Worryingly, despite a large gender disparity in digital access, more women face various forms of online violence than their male counterparts, which continues to undermine their participation online. With Covid-19 resulting in increased incidents of gender-based violence, it is imperative to continue activism and equip activists with digital security and safety skills.

Organisations supported Technologists supported 
Countries: Uganda (8) | Tanzania (4) | South Sudan (2) | Kenya (1) | Ethiopia (1)

Sectors: Sexual minorities (4), Environmental/resource extraction (1) Feminist/women’s rights organisations (3), Information access (1), Journalists/media (1), Human rights, democracy, human rights defenders (6)

Gender: Female (7) |Male (12)

Nationality: Uganda (8) | Ethiopia (3) | South Sudan (1) | Tanzania (4) | Kenya (3)

Assessing Organisational Security

Following an initial training on conducting organisational security assessments, the technologists led assessments to determine the status, challenges, past and potential future threats, and attacks on organisations, as well as the capacity of the organisations. The results of the assessments provided insight into the needs and vulnerabilities of the organisations and served as an opportunity to provide feedback to organisational IT staff on quick fixes and strategies to address some of the challenges or incidents identified. Technology solutions explored included the use of Umbrella for DNS server protection, Automox for patch management, and Microsoft 365 hosted tenants for an organisational management and security suite.

The findings of the assessments indicated a need to bolster capacity, organisational practices, and implementation of security and safety measures related to social media platforms usage by the organisations and staff. Several organisations reported losing access to their brand assets, experiencing hacking, and harassment on social media platforms. To this end, a Social Media Asset Continuity and Security Tool was designed and another  training for technologists conducted focused on 1) Continuity of organisation control of organisational Facebook/Twitter/Whatsapp for Business accounts; 2) Security of individual staff accounts; and 3) Staff ability to deal with harassment and unwanted messaging on platforms. The technologists went on to conduct safety and security on social media training sessions which  benefitted 120 staff of the participating organisations. Other skill-up sessions conducted included on organisational management suites and website security. 

Overall, the programme found that skills and protections (software and hardware) were low and inadequate among many HRD organisations and individuals. Also, there were variable levels of technology integration within the organisations. 

The various gaps identified were rising during the pandemic when many entities could not readily access support networks and training skills due to restrictions on gatherings arising from Covid-19, making the intervention particularly timely. Indeed, the ToT model helped to transfer skills and knowledge among distributed beneficiaries and build support networks in-country.

How the Covid-19 Fight Has Hurt Digital Rights in East Africa

By Paul Kimumwe |

The fight against the coronavirus (Covid-19) pandemic in Kenya, Tanzania, and Uganda has dealt a blow to the promotion and preservation of human rights in the region. The outbreak of Covid-19 could not have come at a worse time, as the countries were preparing for their respective general elections (October 2020 for Tanzania, January 2021 for  Uganda, and a potential referendum in 2021 and the August 2022 elections in Kenya).

Even before confirmation of Covid-19 cases in the region, the three East African countries had instituted Covid-19 mitigation measures, including the adoption of statutory instruments which quickly suspended constitutional guarantees without reasonable justification or meaningful stakeholder consultation. The measures were accompanied with a problematic onslaught on the media, the political opposition and ordinary citizens, which undermined the enjoyment of the rights to freedom of expression, assembly and association, and the right to access a variety of news and information, which was critical to informed decision-making particularly during electoral processes.

On March 18, 2020, Uganda instituted its first set of measures that included the closure of schools and a ban on all political, religious, and social gatherings. A week after the March 22, 2020 confirmation of the first case in the country, the Ministry of Health issued the Public Health (Control of Covid-19) (No. 2) Rules, 2020 that introduced further restrictions including a dusk-to-dawn curfew, the closure of institutions of learning and places of worship, the suspension of public gatherings, a ban on public transport and the closure of the country’s borders and the international airport to passenger traffic.

In Kenya, the government introduced several measures to curb the spread of Covid-19 that included the suspension of public gatherings and other social distancing requirements; limitation of travel into and outside the country; imposition of a dusk-to-dawn curfew under the Public Order Act, 2003; as well as inter-county travel bans between the capital, Nairobi, and three other high-risk counties of Mombasa, Kilifi and Kwale.

A day after the government confirmed its first coronavirus case, Tanzania introduced a series of measures that included the closure of schools and the suspension of sports events on March 17, 2020. Additional directives, including quarantining travelers from countries with confirmed cases of COVID-19 at the travelers’ own cost, were announced by President Pombe Magufuli.

While many of the restrictions such as the closure of international borders, schools and churches and prohibitions on public gatherings have since been relaxed, the long-term impact of these and other restrictions persist.

In this brief, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) researched Covid-19 related censorship and surveillance practices and related regulatory responses in Kenya, Tanzania and Uganda that affected people’s’ digital rights, including the right to freedom of expression, access to information, and privacy. It shows that the different measures adopted by the three countries, including enactment and enforcement of repressive laws on misinformation/fake news, as well as intimidation, arrests, detentions, and suspension of media operations, have led to an erosion of civil liberties online and offline.

The brief recommends the amendment of all the Covid-19 legislation that restricts freedoms to bring it into conformity with international standards on the right to privacy, data collection and processing as well as freedom of expression and access to information. Further, it urges governments to improve the affordability of the internet by more citizens, ensure the respect of citizens’ rights; and be transparent, and accountable in the conduct of Covid-19 related data collection and surveillance.

Africa in the Crosshairs of New Disinformation and Surveillance Schemes That Undermine Democracy

By Daniel Mwesigwa |

A range of spyware vendors including Italian Hacking Team, the Anglo-German Gamma Group, and Israeli’s NSO Group, have found a ready market in authoritarian and repressive governments in Africa and elsewhere. Similarly, systematic propaganda campaigns designed by meddlesome actors – including government agents and ambitious data analytics companies such as Cambridge Analytica working on behalf of state and non-state actors – are becoming conspicuous in Africa, especially during electoral periods. 

The tools and tactics of these operators, who are mostly non-African, are increasingly undermining democracy and respect for human rights in Africa, as they enable mass surveillance and disinformation that manipulates and undermines political discourse. 

For example, Chinese tech giant Huawei and its technicians were implicated in an August 15, 2019 exposé by The Wall Street Journal that detailed how the company’s staff had helped the Uganda Police to hack into the encrypted communications of an opposition figure. As a result, the security officers were able to thwart the opposition leader’s mobilisation plans. The article also stated that technicians from Huawei had helped Zambian authorities to access the phones and social media pages of a group of opposition bloggers who were tracked and arrested. 

Through security vulnerabilities, spyware tools and products give governments, notably intelligence and law enforcement authorities, super powers to surveil using covert intrusion systems across major mobile platforms and operating systems. In 2016, the Citizen Lab, an interdisciplinary lab working at the intersection of global affairs and technology at the University of Toronto, uncovered Pegasus – a sophisticated malware developed by the NSO Group that is injected into a target’s phone via text or WhatsApp, a popular messaging tool in Africa. The Citizen Lab has since identified Pegasus operations in over 45 countries including Algeria, Egypt, Ivory Coast, Kenya, Morocco, Rwanda, South Africa, Togo, Uganda, and Zambia. But NSO has reportedly bragged time and again how it can penetrate various operating systems and applications irrespective of the security patches.

According to the 2019 State of Internet Freedom in Africa Report, the “surveillance state” in Africa gained notoriety at the turn of the decade, after the infamous Arab Spring that swept across North Africa in 2011, allegedly amplified by dissident voices on social media. The report documents how repressive states such as Tanzania, Uganda, Ethiopia, Botswana, and Rwanda have since boosted their surveillance capabilities through procurement of advanced spyware. In 2015, it was revealed that Uganda and Tanzania had procured Hacking Team’s premium Remote Control System (RCS) for intrusion into systems across major mobile platforms and operating systems. 

More recently, the Financial Times reported that Rwanda paid up to USD 10 million to the NSO Group to spy on government critics and dissidents through WhatsApp – an allegation Rwanda president Paul Kagame denied in a presidential press briefing held on November 8, 2019, only acknowledging that they spy on “our enemies” using “human intelligence”. He added, “I wouldn’t spend my money over a nobody [Rwandan exiles] yet we have sectors like education to spend such money”. 

But Kagame’s denial is to be taken with a pinch of salt. In 2016, a Rwandan court sentenced a popular singer, Kizito Mihigo, to 10 years in prison on allegations of conspiracy to overthrow the government, based on hacked private WhatsApp and Skype messages exchanged with alleged dissidents in exile. 

The alleged Rwanda cases appear to be linked to others of NSO infiltrating the WhatsApp accounts of journalists, human rights activists, political dissidents, prominent female leaders, and other members of civil society in up to 20 countries, which prompted Facebook (the owners of WhatsApp) to sue NSO in October 2019. The lawsuit brought by Facebook in the U.S Federal Court accuses the spyware maker of hacking into the WhatsApp accounts of 1,400 users worldwide. While there are scanty details on the exact identities of the affected, it is reported that 174 are lawyers, journalists, human rights defenders and religious leaders.

According to the Financial Times, those targeted in Rwanda, six of whom it interviewed and they confirmed being alerted by WhatsApp about the possible NSO-enabled surveillance of their communications. These included a journalist living in exile in Uganda, who had petitioned the Uganda government “to help protect Rwandans in the country from assassination”; South Africa and UK-based senior members of the Rwanda National Congress (RNC), an opposition group in exile; an army officer who fled Rwanda  in 2008 and testified against members of the Rwandan government in a French court in 2017; and a Belgium-based member of the FDU-Inkingi opposition party.

Meanwhile, some foreign powers are purportedly testing, as New York Times recently reported, “New Disinformation Tactics in Africa to Expand Influence”. The report detailed how the Wagner Group founded by businessman Yevgeny Prigozhin, who allegedly has close ties to the Russian government, has over the last couple of years been running aggressive disinformation campaigns on Facebook. 

It is reported that Prigozhin’s campaign used locally-opened Facebook accounts to disguise behaviour and also used sham news networks that regularly reposted articles from Russia’s state-owned Sputnik news organisation to promote Russian policies while undermining US and French policies in Africa. On October 31, 2019, Facebook reportedly removed these accounts that were influencing operations “in the domestic politics” of eight African countries – Cameroon, the Central African Republic, Congo Brazzaville, Ivory Coast, Madagascar, Mozambique, and Sudan.

Earlier in 2019, Facebook reportedly shut down a separate “fake news” operation targeting elections in African countries such as Nigeria, Senegal, Togo, Niger, Angola, and Tunisia, propagated by “inauthentic” accounts on Facebook and Instagram run by Israeli commercial firm, Archimedes Group.  Between 2013 to 2017, governments such as Kenya and Nigeria reportedly hired Cambridge Analytica to manipulate their electorate in a bid to win presidential elections for the incumbents.

Besides the disinformation campaigns linked to Russian actors, and the Israel-made spyware, there are also facial recognition surveillance programmes such as the Huawei’s “Smart Cities”, which has been deployed in 12 African countries. This phenomenon is referred to by some as an export of digital authoritarianism. 

It is now evident that governments and non-state actors face an uphill task of combatting the governance challenges caused by this phenomenon. Accordingly, governments, with the help of tech platforms, need to understand what legislation and policies, including oversight and enforcement mechanisms, are necessary to strengthen the protection of democracy and human rights in the rapidly changing digital world.

‘People With Disabilities Left Out in ICT Jamboree’

By Marc Nkwame |
As more Tanzanians join the digital world of Information Communication Technology (ICT), the majority of people living with disabilities have been left out, according to stakeholders.
It has been observed that in their quest to optimize profits, equipment suppliers, content producers and mobile communication service providers skip the needs and rights of persons with disabilities wishing to access such services.
Speaking during a special awareness workshop for Information Communication and Technology accessibility among persons with disabilities, the coordinator, Paul Kimumwe from the Collaboration on International ICT Policy for Eastern and Southern Africa (CIPESA) pointed out that it is high time countries formulated special laws to ensure that marginalized groups are also catered for when it comes to such services.
“And if countries have such policies in place, there is the need for legislators to push for their execution, as it seems mobile service providers cater only for a physically able clientele,” he specified.
His observation was also reflected in an assessment tool for measuring mobile communication accessibility for persons with physical disabilities deployed among participants during the just ended workshop on how ICT development side-lined people with special needs.
Dr Eliamani Laltaika, a lecturer from the School of Business Studies and Humanities at the Nelson Mandela African Institute of Science and Technology (NM-AIST), said the society’s mentality and personal stigma contribute in how ICT establishments view the needs of disabled persons.
“Unlike in the past, people should now realize that in the modern era, all is needed for a person to be useful is a healthy brain not peculiar appeal,” he cautioned.
According to the Don, it is usually the persons with physical disabilities that can prove to be extremely good intellectually and especially in Information Communication Technology (ICT), which means once empowered they can perform better than their physically fit counterparts.
Participants realized that mobile handsets are designed for people with hands and those with strong eye sights, while traders and phone service providers are yet to import gadgets that can cater for people without sight or hands.
Ndekirwa Pallangyo, representing the regional chapter for the Federation of Disabled Persons’ Associations in Tanzania (SHIVYAWATA), admitted that people with disabilities have been left out in ICT development.
“And the worst part of it is that even persons with disabilities themselves are unaware that they have been side-lined,” he said, underlining that when it comes to attending to the needs of the physically handicapped, it is important to consider individual requirements.
“There are those who are physically fit except for their sight. Others have impaired hearing, some can’t walk while there are those with no hands, etc. therefore each group need to be handled according to needs,” the activist added.
Originally published on IPP Media 

UN Human Rights Council Called to Address Deterioration of Freedoms in Tanzania

Open Letter |
In recent months, Tanzania has faced increased measures resulting in the shrinking of civic and democratic space in the country. Draconian legislation enacted since 2015 and legal and extra-judicial methods used to harass human rights defenders, threaten independent journalism, and to restrict freedoms of opinion and expression, peaceful assembly and association have been used to reduce the avenues for civic expression.
Recent legislative, policy and practical developments have led to increased international and regional attention on Tanzania. The surge in the number, and strengthening of the wording, of statements delivered by the UN High Commissioner for Human Rights indicate that global concern is growing over the situation in the country, which for decades demonstrated a commitment to improving the human rights of all people, both nationally and within East Africa.
Ahead of the 41st regular session of the UN Human Rights Council (“the Council”), which will
take place from 24 June-12 July 2019, 38 organisations have written to the Permanent Representatives of Member and Observer States of the United Nations Human Rights
Council to deliver statements, both jointly and individually, and to engage in bilateral démarches to address the ongoing deterioration of the human rights situation in the United Republic of Tanzania.
See the open letter here.

1 2 3 6