Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: Uganda

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  Uganda
29Mar

Court Admits Expert Views from CIPESA, Access Now and Article 19 on Uganda’s Digital ID 

Author CIPESA Posted on

By CIPESA Writer |

On March 24, 2023, the High Court of Uganda at Kampala ruled to allow experts from Access Now, ARTICLE 19, and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) to offer their opinions on the human rights red flags around the country’s digital identification (ID) system. 

The ruling followed an application by the three organisations for admission as “Friends of Court” in a case which challenges the use of the National Identification Register as the sole data source and primary means of identification prior to accessing various social services. Uganda’s national digital ID, also known as Ndaga Muntu, is a mandatory scheme for accessing various socio-economic services.

The court admitted the amicus brief submission by the trio despite objections from the Attorney General and the National Identification Registration Authority (NIRA) on grounds that the application was facilitated by bias and partiality of the applicants. The respondents further argued that the applications introduced new, inadmissible evidence – an assertion the court did not agree with. The court, in fact, noted the significance of the arguments raised  by Access Now, ARTICLE 19 and CIPESA, particularly on data protection, digital inclusion, surveillance, and the sufficiency of protection measures and their impact on the right to privacy.

The admission means that the court will consider the opinions of the three organisations in determining the case challenging Uganda’s digital ID system. In his ruling, Justice  Boniface Wamala noted that the matters the three organisations raised did not constitute evidence. Rather, they “constitute legal concepts that are new, unfamiliar, unusual or unique. Such aspects constitute the quality of novelty.”

The organisations made the application as neutral parties and experts to assist the court to be better abreast with novel areas that potentially contribute to the development of the law. 

The joint brief seeks to help court fully grasp the potential impact of the national digital ID program on online and offline rights including the right to privacy, the right to freedom of expression, as well as intersecting economic, social, and cultural rights by providing expert evidence at national, sub regional, regional, and international levels. It also explains how the digital identity system might contribute to excluding citizens from basic access to services, thereby leaving them in a vulnerable state.  

The case challenging the ID system was filed by the Initiative for Social and Economic Rights,  Unwanted Witness, and Health Equity and Policy Initiative, against the Ugandan Attorney General and the NIRA. The NIRA is the body charged with creating and managing the National Identification Register by registering births, deaths, citizens and non-citizens. 

In its affidavit in support of the amicus application, CIPESA argued that as an expert in  advancing internet freedom and governance, civic participation, and data governance, it saw the need to intervene as a friend of court, in public interest and the interest of justice, to promote and protect human rights.

According to CIPESA’s Legal Officer, Edrine Wanyama, the ruling to hear the opinions of the expert organisations could help in shaping new and emerging areas of the law in Uganda on the need to respect privacy and other rights in the deployment of digital technologies in public digitalisation programmes, including initiatives like the Digital ID.

“This is a demonstration of the commitment of the courts to remain open to new and emerging knowledge and jurisprudence and to receive expert opinions on how to protect citizens from potential harms associated with the use of technology,” said Wanyama. 

CIPESA anticipates that the court will draw considerable knowledge from the amicus submissions and reach a decision that ensures that the roll-out of the digital ID system does not serve as a tool for exclusion but as an inclusion tool for all persons in accessing social and economic services.

Access Now, ARTICLE 19, and CIPESA aim to continue offering the court expert views that could help to ensure that the digital ID system is implemented in a manner that respects minimum human rights standards and promotes and protects rights and freedoms.

12Jan

A Section of Uganda’s Computer Misuse Act Outlawed! But, the Greater Part of the Law Remains Thorny

Author CIPESA Posted on

By Juliet Nanfuka |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) welcomes the ruling by Uganda’s Constitutional Court that section 25 of the Computer Misuse Act of 2011, which penalises “offensive communication”, is null and void. This section has severally been used by state authorities to silence dissent, and CIPESA has for long supported efforts to expunge it from the eastern African country’s key internet law.

On January 10, 2023, Uganda’s constitutional court ruled that section 25 of the Computer Misuse Act is inconsistent with the country’s constitution and called for an immediate halt to its enforcement, including for all cases being prosecuted or investigated. The court’s decision could bring to an end the utilisation of this problematic provision that has for a decade been weaponised to silence critics, political opponents and dissidents. The government can appeal the constitutional court’s decision to the Supreme Court within 14 days.

This week’s ruling is the result of a 2016 petition in which the litigants argued that section 25 was vague, violated civil liberties, and contravened constitutional guarantees. 

The law on computer misuse defines offensive communication as the “willful and repeated use of electronic communication to disturb or attempt to disturb the peace, quiet or right of privacy of any person with no purpose of legitimate communication whether or not a conversation ensues.” The offence is punishable by a fine not exceeding USD 130 or imprisonment not exceeding one year, or both. 

However, opponents of the law have argued that this provision is vague, overly broad and ambiguous. Further, they contended that the provision does not give a fair warning regarding what conduct is deemed illegal under the right and freedom of speech and expression pursuant to article 29(1)(a) of Uganda’s constitution.

In this week’s ruling, Justice Kenneth Kakuru, who wrote the lead judgement, stated that he  had determined that the words used under section 25 were “vague, overly broad and ambiguous.” According to the judge, what constitutes an offence is “unpredictable” and this gives the law enforcer the discretion to choose what qualifies as offensive. Justice Kakuru added that the provision “gives law enforcement unfettered discretion to punish unpopular or critical protected expression.” 

Section 25 of the Computer Misuse Act has severally been invoked to issue threats, effect arrests, detention, and prosecution of individuals over their online communications. 

The Computer Misuse Act has been previously used to suppress digital rights including free expression and access to information. For instance, academic and social critic Dr. Stella Nyanzi was arrested for insulting the president in a social media post. In 2019, she was convicted of cyber harassment contrary to section 24 of the Act but acquitted of offensive communications, which is proscribed under section 25. Other individuals who have suffered the wrath of the same law include former presidential aspirant Henry Tumukunde who was arrested over alleged treasonable utterances in radio and television interviews, the Bizonto comedy group who were arrested over alleged offensive and sectarian posts, and author Kakwenza Rukirabashaija who was arrested, detained and prosecuted over offensive communication against the president and his son. (Source: CIPESA Submits Comments on the Computer Misuse (Amendment) Bill, 2022 to Parliament )

Despite this progressive decision by the Constitutional court, the Computer Misuse Act will remain a key impediment to free expression and the enjoyment of digital rights, notably because of amendments made to the law in late 2022. Those amendments ambiguously prohibit the “misuse of social media,” sending or sharing of unsolicited information through a computer, and sending, sharing or transmission of malicious information about or relating to any person. These prohibitions, whose introduction was condemned by wide sections of Ugandan civil society, human rights defenders and some government officials, present a key curtailment of freedom of expression and access to information. 

Promoters of the amendments argued that existing laws did not “specifically address the regulation of information sharing on social media” or were “not adequate to deter the vice”. However, critics argued that efforts should instead have focused on addressing the existing retrogressive provisions in the law, notably those on “cyber harassment” and “offensive communication”. 

Accordingly, CIPESA alongside 13 civil society organisations and individuals filed a petition challenging those amendments. This followed CIPESA’s submission of comments and presentation of concerns before the Parliamentary Committee on Information and Communication Technology ahead of the enactment of the amendments. In those submissions, CIPESA argued that since its enactment, the Computer Misuse Act had been used to suppress digital rights including free expression and access to information and the proposed amendment would present a further blow to online civil liberties.

In its ruling, the constitutional court noted that, “In a democratic and free society, prosecuting people for the content of their communication is a violation of what falls within guarantees of freedom of expression in a democratic society.” The ruling is a step in the right direction in combating wanton limitations to digital rights in Uganda, where a flurry of technology-related laws were enacted in the wake of the 2010 Arab Spring during which users leveraged digital platforms and social media to build movements and mobilise public protests against their autocratic governments.

Besides the Computer Misuse Act, other laws enacted in Uganda during this time include the Regulation of Interception of Communications Act, 2010, the Electronic Signatures Act, 2011, and the Electronic Transactions Act, 2011, all of which variously interfere with digital rights including data privacy, access to information, and freedom of expression.

12Sep

Uganda Passes Regressive Law on “Misuse of Social Media” and Hate Speech

Author CIPESA Writer Posted on

By Edrine Wanyama |

Uganda’s parliament on September 8, 2022 passed a draconian law that criminalises various uses of computers and digital technologies and largely curtails digital rights.

Among the key regressive provisions is the prohibition of the “misuse of social media”, described in clause 6 as publishing, distributing or sharing information prohibited under Uganda’s laws. A highly punitive penalty has been prescribed for the offence: imprisonment of up to five years, a fine of up to UGX 10 million (USD 2,619), or both.

Other retrogressive provisions in the Computer Misuse (Amendment) Bill 2022 are prohibition of sending or sharing of unsolicited information through a computer, and prohibition of sending, sharing or transmitting of malicious information about or relating to any person.

Prior to the enactment of the law, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) presented its analysis of the Bill to parliament’s Committee on Information and Communications Technology (ICT), which indicated that the proposed amendments would be a blow to the enjoyment of online civil liberties. However, the committee has disregarded most of the feedback received from stakeholders listed in the Committee report, many of whom raised concerns on the digital rights gaps within the Bill..

In presentations to the parliamentary  committee, CIPESA argued that rather than introducing new, poorly defined offences, the amendments should have focussed on addressing existing retrogressive provisions in the law on computer misuse, such as section 24 on cyber harassment and section 25 on offensive communication, which have been used severally to criminalise freedom of expression, including through arrests and prosecution of journalists, activists and government opponents. Moreover, trolling, cyber harassment, unauthorised sharing of intimate images, and other forms of online violence against women and girls, are not addressed either.

Gorreth Namugga, the shadow minister for ICT and a member of parliament’s ICT Committee, said in a minority report that the issue of misuse of social media was not discussed in the committee and was not among the clauses the Computer Misuse (Amendment) Bill sought to amend. She added that the ICT Committee did not make a deep analysis of the issue, and none of the organisations and individuals consulted by the committee offered any input on the matter.

In introducing the offence of misuse of social media, the committee reasoned that, while considering the Bill, it observed that “the information technology evolution had created a new medium of communication called social media that is not fully regulated in the existing laws, yet it is “the commonest platform of Computer Misuse.” The committee therefore deemed it fit to define social media and to regulate it.

Accordingly, the Bill defines social media as a set of technologies, sites, and practices which are used to share opinions, experiences and perspectives. It cites as examples YouTube, WhatsApp, Facebook, Instagram, Twitter, WeChat, TikTok, Sina Weibo, QQ, Telegram, Snapchat, Kuaishou, Qzone, Reddit, Quora, Skype, Microsoft Team and Linkedin.

The new law will provide that “a person who uses social media to publish, distribute or share information, prohibited under the laws of Uganda or using disguised or false identity, commits an offence.” It adds that where “prohibited” information is published, shared or distributed on a social media account of an organisation, the person who manages the organisation’s social media account shall be held personally liable for the commission of the offence.

There remain questions as to how the committee introduced provisions on misuse of social media that were not in the Bill, not subjected to stakeholder consultation and, according to the minority report, not discussed by committee members. Moreover, the term, “under the laws of Uganda” with reference to prohibited information is very broad and ambiguous. This could be used by the government and its agencies to target critics and would largely curtail freedom of expression and access to information.

Uganda is not new to regressive control of digital technologies. In 2018, the east African country introduced a tax through the Excise Duty (Amendment) Act that required users to pay a daily tax in order to access social media services. The tax, which dismally failed to raise the anticipated revenues, was  replaced  with a 12% levy tax on internet data. The country’s digital taxation regime has become a key impediment to inclusive access and affordability, with millions of citizens still left out of the digital society. Uganda also routinely blocks access to the internet and social media. Since January 2021, Facebook has been blocked in Uganda on orders of the government.

While the new law attempts to define “unsolicited information” as meaning “information transmitted to a person using the internet without the person’s consent, but does not include an unsolicited commercial communication.” The guidance offered by the provision only extends to interpretation of the earlier blanket provision that had been proposed in the Bill. It does not provide any guarantees for the protection and enjoyment of freedom of expression and access to information.

In submissions to parliament, CIPESA stated that, besides undermining civil liberties, many provisions of the Bill duplicated existing laws such as the Regulation of Interception of Communications Act, 2010 and the Data Protection and Privacy Act, 2019, and would be difficult to implement

According to the minority report, all the clauses in the Bill are already catered for in existing legislation and in some instances offend Uganda’s constitution. The report states: “The fundamental rights to access information electronically and to express oneself over computer networks are utterly risked by this Bill. If passed into law it will stifle the acquisition of information. The penalties proposed in the Bill are overly harsh and disproportionate when compared to similar offences in other legislations. This Bill, if passed, will be a bad law and liable to constitutional petitions upon assent.”

Despite the largely regressive law, there are some positives, such as defining and proscribing hate speech and i the law provides and if rightly employed they could potentially improve on certain aspects regarding the digital civic space. Thus;

  • The addition of the element of intent in clause 3 in the definition of the offence of unauthorised access is quite progressive. It potentially helps to exonerate innocent individuals from wanton prosecution of what would constitute criminal access over innocent and unintended access. The Bill did not have the element of intent which is core to determination of criminal liability to qualify the offence.
  • Clause 3 was initially overly broad to the extent of discouraging the public from sharing information to the best interests of the child such as their protection from danger and harmful practices. The amendment in clause 3 in as far as it provides for circumstances under which information about children may be shared will serve to ensure that while privacy of the child is paramount, their best interest should not be disregarded.
  • Clause 4 of the Bill defines hate speech which was not previously provided for. It goes milestones in addressing hate speech which has for decades posed challenges to public order, security and persons. Furthermore, section 41 of the Penal Code Act on sectarianism presented uncertainties having limited the definition of sectarianism to groups of religion, tribe, ethnic or regional origin.
  • The law recognizes other laws on disciplinary action against errant leaders. Thus, the deletion of clause 7 is commended. It is a progressive move against a potentially excessive and discriminatory provision as was initially presented in the Bill.

The newly passed Bill is a threat to digital rights and digital civic space and falls short of the key international minimum standards. As such, it is imperative for the law to be challenged in court and for the president to deny its assent and return it to parliament for reconsideration.

29Jul

Uganda: CIPESA Submits Comments on the Computer Misuse (Amendment) Bill, 2022 to Parliament

Author CIPESA Writer Posted on

By Edrine Wanyama |

The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) has made a submission on emerging concerns from the proposed Computer Misuse (Amendment) Bill, 2022 (the Bill) to the Parliamentary Committee on Information and Communications Technology. In its submission, CIPESA analyses the changes proposed by the Bill which are a blow to online civil liberties in Uganda.

The private members Bill is seeking to amend the Computer Misuse Act of 2011and  argues that existing laws “do not specifically address regulation of information sharing on social media” or are “not adequate to deter the vice”. The objectives of the amendment are: to enhance the provisions on unauthorised access to information or data; prohibit the sharing of any information relating to a child without authorisation from a parent or guardian; prohibit the sending or sharing of information that promotes hate speech; prohibit the sending or sharing of false, malicious and unsolicited information; and to restrict persons convicted of any offence under the Computer Misuse law from holding public office for a period of 10 years.

While the amendment could be justified by advancements in technology, upsurge in cybercrime, disinformation, and hate speech (clause 4), experience has shown that the law since enactment has been used to suppress digital rights including free expression and access to information.

The underlying provisions of the bill including clause 5 which seeks to prohibit the sending or sharing of unsolicited information through a computer, and clause 6 on prohibition of sharing malicious or misleading information, could be misused and abused by the government and its agencies to curtail sharing and dissemination of information, which would limit freedom of expression and access to information. Moreover, such restriction would counter the ruling by Supreme Court in Charles Onyango Obbo and Another v Attorney General that the penalisation of the publication of false news under Section 50 of the Penal Code is unconstitutional.

The Bill also duplicates existing laws including the Regulation of Interception of Communications Act, 2010 and Data Protection and Privacy Act in as far as it relates to unlawful interception of communications and unlawful access to and sharing of personal information under clause 2 and  prohibition of processing and sharing information about children under clause 2.

Similarly, the Bill proposes the adoption of very punitive and prohibitive penalties which could not only hinder expression and access to information but also transparency and accountability in governance. The penalties proposed stretch to UGX 15 million (USD 3,900), imprisonment not exceeding 10 years, or both for unauthorised access, interception, recording and sharing of information under clause 2. On the other hand, sharing information related to children (clause 3), hate speech (clause 4), unsolicited information (clause 5) and misleading or malicious information (clause 6) are punished with imprisonment not exceeding seven years.

While specifically targeting leaders, Clause 7 of the Bill seeks to bar persons convicted under the Computer Misuse Act from holding public office for a period of 10 years, and to further dismiss convicted personsfrom public offices that they were holding.  In addition to the restrictions under the  Official Secrets Act  it may discourage the disclosure of information by duty bearers where such disclosure would be necessary for enforcing transparency and accountability.

The Computer Misuse Act has been previously used to suppress digital rights including free expression and access to information. For instance, academic and social critic Dr. Stella Nyanzi was arrested for insulting the president in a social media post. In 2019, she was convicted of cyber harassment contrary to section 24 of the Act but acquitted of offensive communications, which is proscribed under section 25. Other individuals who have suffered the wrath of the same law include former presidential aspirant Henry Tumukunde who was arrested over alleged treasonable utterances in radio and television interviews, the Bizonto comedy group who were arrested over alleged offensive and sectarian posts, and author Kakwenza Rukirabashaija who was arrested, detained and prosecuted over offensive communication against the president and his son.

While the need for amendment of the Computer Misuse Act might be eminent to address emerging technologies, the proposed provisions are unfounded and redundant, and stipulate highly punitive penalties. They fail to address existing retrogressive provisions including section 24 on cyber harassment and section 25 on offensive communication, which have been used to criminalise freedom of expression. Moreover, trolling, cyber harassment, unauthorised sharing of intimate images, and other forms of online violence against women and girls are not addressed.

Read CIPESA’s full submission!

How-the-Covid-19-Fight-Has-Hurt-Digital-Rights-in-East-Africa
19Feb

How the Covid-19 Fight Has Hurt Digital Rights in East Africa

Author CIPESA Writer Posted on

By Paul Kimumwe |

The fight against the coronavirus (Covid-19) pandemic in Kenya, Tanzania, and Uganda has dealt a blow to the promotion and preservation of human rights in the region. The outbreak of Covid-19 could not have come at a worse time, as the countries were preparing for their respective general elections (October 2020 for Tanzania, January 2021 for  Uganda, and a potential referendum in 2021 and the August 2022 elections in Kenya).

Even before confirmation of Covid-19 cases in the region, the three East African countries had instituted Covid-19 mitigation measures, including the adoption of statutory instruments which quickly suspended constitutional guarantees without reasonable justification or meaningful stakeholder consultation. The measures were accompanied with a problematic onslaught on the media, the political opposition and ordinary citizens, which undermined the enjoyment of the rights to freedom of expression, assembly and association, and the right to access a variety of news and information, which was critical to informed decision-making particularly during electoral processes.

On March 18, 2020, Uganda instituted its first set of measures that included the closure of schools and a ban on all political, religious, and social gatherings. A week after the March 22, 2020 confirmation of the first case in the country, the Ministry of Health issued the Public Health (Control of Covid-19) (No. 2) Rules, 2020 that introduced further restrictions including a dusk-to-dawn curfew, the closure of institutions of learning and places of worship, the suspension of public gatherings, a ban on public transport and the closure of the country’s borders and the international airport to passenger traffic.

In Kenya, the government introduced several measures to curb the spread of Covid-19 that included the suspension of public gatherings and other social distancing requirements; limitation of travel into and outside the country; imposition of a dusk-to-dawn curfew under the Public Order Act, 2003; as well as inter-county travel bans between the capital, Nairobi, and three other high-risk counties of Mombasa, Kilifi and Kwale.

A day after the government confirmed its first coronavirus case, Tanzania introduced a series of measures that included the closure of schools and the suspension of sports events on March 17, 2020. Additional directives, including quarantining travelers from countries with confirmed cases of COVID-19 at the travelers’ own cost, were announced by President Pombe Magufuli.

While many of the restrictions such as the closure of international borders, schools and churches and prohibitions on public gatherings have since been relaxed, the long-term impact of these and other restrictions persist.

In this brief, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) researched Covid-19 related censorship and surveillance practices and related regulatory responses in Kenya, Tanzania and Uganda that affected people’s’ digital rights, including the right to freedom of expression, access to information, and privacy. It shows that the different measures adopted by the three countries, including enactment and enforcement of repressive laws on misinformation/fake news, as well as intimidation, arrests, detentions, and suspension of media operations, have led to an erosion of civil liberties online and offline.

The brief recommends the amendment of all the Covid-19 legislation that restricts freedoms to bring it into conformity with international standards on the right to privacy, data collection and processing as well as freedom of expression and access to information. Further, it urges governments to improve the affordability of the internet by more citizens, ensure the respect of citizens’ rights; and be transparent, and accountable in the conduct of Covid-19 related data collection and surveillance.

1 2 3 11