OpenNet Africa Challenge Uncovers Gaps in Digital Safety Tools

By Ashnah Kalemera |
There are numerous tools which can secure online users’ communications, including through anonymising their identities and enabling them to circumvent online surveillance and censorship. In some cases, developers have gone on to localise such tools to suit various contexts. However, the tools’ relevance to certain populations and how best to improve them for a diverse range of users remains largely unknown.
During May 2015, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) in partnership with tech innovation hub OutBox challenged members of the Ugandan tech community to test five digital safety and security tools in order to gain an understanding, in a local context, of the tools’ strengths, weaknesses and opportunities for localisation. The challenge was in the context of CIPESA’s OpenNet Africa initiative which monitors and promotes internet freedom in east and southern Africa.
The tested tools were Cyrptocat, Mailvelope, Martus, TextSecure and Redphone. The scope of testing included how the tools enabled anonymisation, circumvention, and privacy of communications. The tests had to take into consideration different user communities, including women, bloggers, journalists, human rights defenders, and sexual minorities, and the nature of threats to internet freedom in the East African region.

A team presents to the panel during the OpenNet Africa Tools Testing Challnge
A team presents to the panel during the OpenNet Africa Tools Testing Challnge

These threats are often linked to the fight against terrorism, combating online hate speech, suppressing the views of opposition parties (mainly around election periods), and in crackdowns against particular groups, such as Lesbian, Gay, Bisexual, and Transgender (LGBT) community, critical media and human rights activists. The threats often come in the form of surveillance, blocking of websites and social media sites, and interception of communications.
Three teams participated in the challenge through trial exercises, user consultations and stakeholder interviews. In considering which tools were better suited to promote internet freedoms of the region’s citizens, the teams that conducted the tests also bore in mind the proliferation of technology, internet speeds and literacy levels in the region. Language, multiple device use and aesthetics such as the interface design including colours and icons, were also among the other features for testing.
The teams found a number of shortcomings on some tools, including the lack of protection from key loggers, poor or no consideration for low internet speed users and those with low ICT skills and literacy levels. Some tools were found to have limited cross platform/device operability, while others were not accessible to visually impaired persons.
Select test findings
 

Tool Safety and Security Features Key test finding limitation
Martus Allows for secure collection, transmission and storage of data. It is popularly used by human rights defenders.
  • There is no option for retrieving a lost encryption key

 

Cryptocat This app enables encrypted chat via a browser and mobile phone.
  • Lack of IP address anonymisation
  • There are no administrative privileges in group chats meaning there is free entry and exit of members in the conversations.
Mailvelope This is a browser extension that enables the exchange of encrypted emails
  • Lack of an attachment encryption function
Redphone An Android based mobile app that allows for encrypted voice calls over a Wi-Fi or data connection using a normal phone number.
  •  Unregistering a RedPhone number is not currently supported.
  • Very slow or no synchronisation with contacts that have RedPhone installed, meaning there is no possibility to upgrade calls to encrypted calls even when the user being called is running the RedPhone app.
TextSecure Secure messaging app
  • Recently dropped SMS support
  • Installation requires Google services

 

“Pious, a 25-year old IT student at Makerere said that he is now using Redphone with his girlfriend whenever they feel like phone sex in order to avoid the spying software announced by Fr. Simon Lukodo, Minister of Ethics and Integrity,” Tean Tech4Dev

The teams made recommendations for improvement and localisation, including translation of the tools into local languages, compatibility provisions across social media platforms, and feature phone support.
The teams also proposed numerous cases in which the tools can be used by marginalised and vulnerable user groups in East Africa. They cited youth mobilisation, gender-based violence and other human rights violations reporting, monitoring and victims support, facilitation of opposition groups’ activities, and protection from corporate espionage.
However, the teams also highlighted the potential of the tools promoting hate speech and radicalism in East Africa’s fragile socio-political environment through safeguarding the communications and activities of offenders.
“One of the primary uses of the Internet by terrorists is for the dissemination of propaganda. Through encrypted communications, terrorists can easily spread their propaganda and also plan their activities,” noted Team African Value. The team added that promotion of divisiveness and encouraging violent acts on ethnic grounds has become common on East African online platforms.
The teams also noted the need for increased awareness raising and capacity building among users to promote an understanding of cyber threats and online safety. Among the possible ways to achieve this was through working with academia to develop cyber security curriculums for education institutions.
The findings of the teams were showcased at a pitching event held on June 2, 2015 where a panel of judges determined the team with the best reports and localisation recommendations. The judges were Wilson Abigaba (Internet Society – Uganda Chapter), Richard Lusimbo (Sexual Minorities Uganda), Baldwin Okello (Uganda Telecom) and Neil Blazevic and Mark Kiggundu – both from East and Horn of Africa Human Rights Defenders Project.
The winning team was Tech4Dev, which was followed by Ghost In The Wires then African Values. See more on the event on  Storify

World Press Freedom: Ugandan Journalists Convened for Digital Security Training

By Juliet Nanfuka |
On May 2, a total of 27 Ugandan journalists were trained in digital security procedures. The training was held in commemoration of World Press Freedom Day (May 3), which this year was celebrated under the theme “Let Journalism Thrive! Towards Better Reporting, Gender Equality, and Media Safety in the Digital Age”.
The training, which was organised by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) in partnership with Uganda Journalists Union (UJU) and the East and Horn of Africa Human Rights Defenders Project (EHARDP), explored the status of journalism in Uganda as well as the legal and regulatory frameworks affecting freedom of expression in the country. Participants at the training workshop represented print, online and broadcast media houses from across Uganda.
During the training, it emerged that some journalists are not cautious about their online security, similar to those in a previous training hosted by CIPESA. The reuse of one password across different websites and platforms, and overexposure of personal information online were common among the training participants. Email encryption, the use of Virtual private networks (VPNs) and Multi Factor Authentication for passwords, were taught as skills that can aid journalists when investigating sensitive stories that may be prone to surveillance.
Norman Katende, an international award winning journalist, shared his experiences of being threatened while reporting on controversial stories and encouraged journalists to practice caution both online and offline. He questioned how journalism can thrive in the face of police attacks on the media, noting that journalists should not compromise on their security when covering sensitive stories just to earn a living.
According to the Committee to Protect Journalists (CPJ), an international organisation that defends the rights of journalists, over the past two decades, 1125 journalists across the world lost their lives while reporting or investigating stories. The medium increasingly used by journalists to source and disseminate information is the internet.
Last month, Somalia journalist Daud Ali Omar and his wife were murdered. The same month, Kenyan journalist Johan Kituyi, proprietor of the newspaper Mirror Weekly, which has covered controversial national issues, was also murdered.
Increasingly, online publishers and bloggers are also coming under attack in Africa. For instance, a year after their arrest, the Ethiopian Zone9 bloggers remain behind bars and in Burundi, civil unrest related to upcoming elections has led to government restrictions of information flow through various media houses – and radio stations.
Such attacks necessitate digital safety skills for journalists. “When you look at the level of knowledge on ICT that a journalist has – it’s really basic. We have several unsecured email accounts and we visit any website without [considering] security,” noted a journalist at the training in Kampala.
Journalists noted that they do not always exercise their rights and do not request security from their media houses when pursuing sensitive stories. They also indicated a lack of awareness of the laws in place that can aid them in developing stories, such as the Access to Information Act (2005), which compels Ministries, Departments and Agencies to release information.
Following a CIPESA presentation on the legal and regulatory frameworks affecting internet freedom, especially freedom of expression online in Uganda, a Soroti-based journalist said the training had made him re-evaluate how he used his mobile phone and the internet, saying that he had been using these tools “without considering their implications.”
Further to the commemoration of World Press Freedom day, CIPESA participated in the “Digital safety for journalists” plenary session of the global event hosted by UNESCO.  CIPESA and its partners in various countries were also involved in a series of Twitter engagements which explored press freedom, including in the digital world, particularly for African journalists.
The training was conducted in the context of CIPESA’s OpenNet Africa initiative that promotes internet freedom in Africa and is supported by the Open Technology Fund, Hivos and the Association for Progressive Communications (APC).

Using ICT to Promote the Right to Information: Perceptions of Ugandan Citizens and Public Officials

By Juliet Nanfuka |
Towards the end of 2014, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) conducted research into how public officials and citizens perceived the potential of Information and Communication Technology (ICT) to advance the right to information in Uganda.
The studies revealed that there is a keen interest by citizens and public officials to leverage digital tools for increased transparency, civic awareness and participation in democratic processes. However, a larger proportion of citizens was using ICT relative to the public officials to improve access to information.
One study involved the administration of a questionnaire to 62 public officers from more than 30 Ministries, Departments and Agencies (MDAs). A second study targeting citizens involved the administration of a separate questionnaire amongst 235 respondents drawn from 10 districts, mainly university students, journalists, and staff of civil society organisations.
Uganda enacted the Access to Information Act (ATIA) in 2005, becoming one of the first African countries to have such a law. The Act, however, remained unimplemented until 2011 when the enabling regulations were enacted.
Although the Access to Information Act has been in existence for the last nine years, only 18% of the public officials and 10% of citizens rated themselves as extremely knowledgeable about the law. While all public officials had some level of knowledge of the law, 9% of citizens indicated no knowledge at all of the law.
Whereas citizens indicated histories of having made information requests, only 39% of public officials indicated that they had ever received an information request made formally using the 2005 ATIA. Notably, 87% of the information requests were made informally without mention of the ATIA or completing the required request forms.
The research reveals that although ICT tools such as emails and telephone calls are being used to request for information, requested information remains in silos as it is given directly to the requester with no guarantee that it will be disseminated further.
Challenges noted by public officials for the low levels of information release included limited ICT skills, the Official Secrets Act (1964) which hampers release of information to the public, and limited resources to adequately implement the Act on a more regular basis.
Meanwhile, following the launch of the Ask Your Government (www.askyourgov.ug) initiative in August 2014, the research aimed to gauge respondents’ knowledge and use of the portal. The portal was launched by government in partnership with civil society to enable Ugandan citizens to make public information requests from MDAs.
In the research, 75% of public officials strongly agreed that the use of ICT would make it easier and simpler to respond to information requests. This was supported by 79% of the citizen respondents who believed that the use of ICT to make information requests was likely to enable public bodies become more responsive than use of manual, non-ICT means. This would alleviate the “long process” and “cumbersome bureaucracy” which citizens pointed out as key reasons for not using the law to request for information.
For journalists who participated in the research, the 21 days which the law gives public officials to respond to information requests was cited as a key challenge given the tight deadlines in media work.
See: Advancing the Right to Information Amongst Ugandan Journalists
However, both citizens and officials indicated some skepticism about the effective use of ICT to adequately support the right to information. Public officials pointed out technical challenges such as low bandwidth, outdated equipment and limited skills within the MDAs.
One official noted, “Although employed by government, many officials have no access to ICT and some lack knowledge of how to use the tools.” Safety and security concerns were raised with regard to citizens’ personal information.
Key report Findings:

  • 33% of the interviewed citizens had ever made an information request using the ATIA law. However, only 28% of these requests received positive outcomes.
  • SMS was ranked the ICT tool that citizens were most proficient in using, at 58%, followed by social media at 44%. However, respondents used Facebook more frequently than SMS.
  • Public officials ranked their proficiency highest in using SMS (63%) and email (60%), and they used email most frequently, followed by SMS. Social media use ranked low amongst public officials.

The research recommends that civil society should engage more proactively in advocacy for the right to information amongst citizens. Meanwhile, public officials should encourage citizens to make information requests. It also recommends that public officials adopt a combination of both ICT and non-ICT based channels to ensure that information requests by citizens are attended to promptly as a means of ensuring citizens’ motivation to increase their demand for information.
Public officials recognised that improvements can be made to better put more information in the public domain. They recommended the provision of more authority to information and communication officers to disclose information; increased use by MDAs of interactive websites and social media as these are channels that their audiences are using; and a repeal of the Official Secrets Act (1964).
See the full research reports below:
Ugandan Public Officials’ Perceptions of using ICT to Advance Right to Information
Citizen’s Perceptions of Using ICT to Make Right to Information Requests in Uganda

Promoting Community Dialogue on Service Delivery Failures in Northern Uganda

By Gladys Oroma |
In 2014, the Collaboration on International Policy in East and Southern Africa (CIPESA) in partnership with the Northern Uganda Media Centre (NUMEC) launched a project to make Public Sector Information (PSI) more accessible and reusable by stakeholders such as citizens, civil society and the media in Northern Uganda.
Focusing on the districts of Gulu, Nwoya and Amuru, which bore the brunt of the Lord’s Resistance Army (LRA) insurgency, the project sought to document the status of service delivery in the education, health and infrastructure sectors through the use of Information and Communication Technology (ICT).
In particular, the project set out to document service delivery failures as a result of donor aid cuts to the Peace, Recovery and Development Plan (PRDP), and to generate debate by citizens through community debates, radio talk shows and ICT-based engagements on improving service delivery needs of post-conflict communities.
Initiated by the Uganda government in 2009, the PRDP initiative aims to revitalise the economy and livelihoods of communities in the post-conflict region through efforts like construction of classroom blocks, rehabilitation of roads, constructions of bridges, supply of solar panels, and rehabilitation of health centres. However, the programme has been discredited following allegations of corruption, resulting in a general distrust of its activities by community members familiar with it.
Other activities by CIPESA and NUMEC included building ICT skills and knowledge for citizens and journalists to access and gainfully use open data and PSI to contribute to better service delivery; increasing interactions between citizens and leaders; and promoting greater access to PSI for citizens in Northern Uganda.
Community debates were conducted in the districts of Gulu and Nwoya, enabling local residents to engage directly with local leaders, PRDP officials and the media. During a community debate in October 2014, residents of Acet in Odek sub-county in Gulu reported that they were not informed about the PRDP activities in their locality.
David Latigo Odongo, Local Council chairman of the Acet village, said the majority of residents in the area were not familiar with PRDP. “Even the local leaders were not educated about PRDP activities so when officials from Kampala come and ask to be shown PRDP activities in the area, the local leaders get confused,” he said.
He added that it is such lack of sensitisation that makes the people not to monitor projects implemented in the area. “They do not know who will monitor and take care of PRDP projects, that is why when projects like water boreholes are constructed in the area, people look at it as freebies from either the government or NGOs,” he said.
Educating the community before implementing the projects would have enabled local leaders and the community to monitor the project, he said.
Proceedings of the community debates were recorded and broadcasted on Mega FM, a local radio station with an estimated reach of 1.6 million listeners. Also two video recordings of the community debates were produced, in addition to two 15 minute documentary videos capturing the service delivery challenges under PRDP. They were shared during the project dissemination meeting held in November 2014. The videos show shoddy works, lack of coordination among project implementers, incomplete projects and inadequate funds are some of the challenges affecting the success of the PRDP.
Furthermore, talk shows were conducted on Mega FM.  Through call-ins, listeners gave recommendations and opinions while others asked about the various stalled projects in their communities.
The first talk show held in July was attended by the Nwoya district Chairman, Patrick Oryema, the Chairman of Purongo Sub – Country, Francis Okumu, and the PRDP focal person for Nwoya Geoffrey Akena and members of the NUMEC team. The program focused on seeking further explanations on the failures on the PRDP from the officials.
The district officials pointed to the fact that some of the cases are currently before the Inspector General of Government (IGG) and that the district was trying to come up with a directive to allow them not to pay contractors until their work is completed.
The October talk show hosted the Sub-County Council Chairman of Odek, Adebe Wokorach, and the PRDP coordinator for Gulu district, Peter Enoch Ocen.
As a result of the community engagements, awareness of stalled projects under PRPD has increased and local people are now able to make follow ups on reported cases. For instance, the Gulu district Chairperson – Martin Mapenduzi was prompted to visit one of the documented schools, Awoonyim Primary School, to find out more about the stalled school project. However, at the time of this reporting, we were unable to establish the immediate outcome of the chairperson’s visit to the school.
The NUMEC-CIPESA partnership is in the context of the iParticipate Uganda initiative as part of the ICT4Democracy in East Africa network, supported by the Swedish International Development Cooperation Agency (Sida)

Reflections on Uganda’s Draft Data Protection and Privacy Bill, 2014

Towards the end of 2014, Uganda’s government through the National Information Technology Authority (NITA-U), Ministry of Information Communication and Technology (MoICT) and the Ministry of Justice and Constitutional Affairs (MOJCA) issued a draft Data Protection and Privacy Bill for public comment. The Bill seeks to protect the privacy of the individual and personal data by regulating the collection and processing of personal information. It provides for the rights of persons whose data is collected and the obligations of data collectors and data processors; and regulates the use or disclosure of personal information.
The Collaboration on International ICT Policy in East and Southern Africa (CIPESA) welcomes the move by the Uganda Government, however, following an analysis of the Bill, we identified some areas of concern and gaps that need to be addressed. We have assembled our comments as part of the CIPESA ICT briefing series and have also submitted official comments to the government as part of the public comments phase.
Read more on our Reflections on Uganda’s Draft Data Protection and Privacy Bill, 2014 in the CIPESA ICT Briefing series and see our Formal Comments Submitted for consideration.