Africa is experiencing an internet revolution. It is estimated that 50 percent of Africans will be online by 2025 – up from 16 percent in 2013. The current and expected growth in both utilisation and the relevance of the internet to African lives highlights the importance of legal and policy measures to regulate its use.
African internet censorship: countries were given a score out of a 100 based on the limits placed on online content, obstacles to internet access, and violations of user rights (lower scores equal greater internet freedom). Image: freedomhouse.org, @Ivanisawesome
The internet is a new frontier that can provide greater access to information for more people than ever before, but in doing so, it constructs a massive web of information that makes personal data vulnerable to interception and misuse. Unsurprisingly, therefore, the need to balance privacy with access to information dominates the debate.
This particular tension shows that the internet affects a variety of rights in a variety of ways, exposing the artificiality of talking of the internet as a right without also acknowledging it as a context in which access to a variety of rights is contested. What begins to emerge is a plethora of rights areas that could be impacted through policy and law to enhance or inhibit the online environment.
The adoption of internet-related regulation has been piecemeal, resulting from ad hoc responses to the rapid emergence and relevance of new information and communication technologies (ICTs). Importantly, it has occurred in a context of increasing emphasis on national security, much of it born from the focus on international terrorism following the September 11 attacks in the United States and the subsequent wave of repressive anti-terrorist laws, such as the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, 2011 (“USA Patriot Act”). In Africa, the rising impact of Islamic fundamentalism (in many senses, a reaction to the United States’ post-9/11 policies) ensured that national security has remained at the forefront of policy discussions.
Although the online space undeniably presents real threats – such as new opportunities for the propagation of criminal acts ranging from hacking into personal and government systems to phishing and fraud syndicates (also known as 419 scams) – the “national security” discourse is often exploited by states to introduce interventions of considerable breadth and retrogressive laws. The “rise of the securocrat”, as this phenomenon has become known, can be understood as resulting from the prioritisation of national security principles throughout all administrative functions. This has promoted increased secrecy across the board, affecting both online and offline liberties and access to information.
In South Africa, for example, the emphasis on national security led to the introduction of the Protection of State Information Bill – legislation that would severely threaten access to information by the public and the media through the broad classification of records, with stiff criminal sanctions for release.
National security discourse can be abused to directly threaten internet freedom through ICT regulation. Ethiopia’s Anti-Terrorism Law of 2002 broadly authorises the interception of communications under the guise of national security and has actively been used to both monitor and charge journalists and human rights activists. This follows a regional trend that includes the Regulation of Interception of Communications and Provision of Communication-Related Information Act, 2002 in South Africa and Zimbabwe’s Interception of Communications Bill, 2007, where the breadth of law and opaque oversight remain causes for concern.
The emphasis on national security thus clearly begins to impinge on citizen privacy. The issue of mass online surveillance by state agencies was brought to the fore through the revelations of Edward Snowden in 2013. Snowden leaked classified information that the United States government, through the National Security Agency’s PRISM programme, was engaged in mass non-consensual surveillance of citizens. However, the domestic regulation of communications interception has also been abused in practical cases. For instance, an American citizen of Ethiopian dissent sued the Ethiopian government in 2014 for infecting his computer with spyware and monitoring his computer usage. In terms of mass surveillance, African governments have also been guilty of such violations, procuring surveillance technologies from popular German producer Trovicor. The Egyptian government has frequently been outed for mass surveillance of social media through its Social Networks Security Hazard Monitoring Operation.
Mass surveillance may also detect and uproot journalistic sources, as well as allow for the storage of data that may be used to threaten them, posing a risk for both the sources and the journalist themselves. Even the specially protected communication portals that exist online may be infiltrated by those with enough know-how. This is why threats to online security have begun to be seen as threats to freedom of expression.
The Snowden revelations also brought attention to the lack of adequate legal protection for whistleblowers in many countries. The internet presents opportunities both for anonymous disclosures and for tracking those who make them, as well as making it difficult to ascertain the authenticity of information and its sources. Recognising this threat on our continent, activists in 2015 launched Afrileaks (www.afrileaks. org), an African-specific portal to facilitate anonymous disclosures between journalists and sources.
Because of the profound intersection of privacy and access to information concerns, the regulation of these areas must be considered together. One good example is the Office of the Australian Information Commission (www.oaic.gov.au), which oversees both access to information and privacy.
Opportunities for Advocacy
Several regional and international legislative initiatives present particular opportunities for advocating openness and freedom online. In many ways, this is due to the internet’s peculiar relationship to jurisdictional boundaries: effective regulation requires international collaboration.
The African Union’s (AU) recent adoption of the Convention on Cyber Security and Personal Data Protection presents a unique opportunity to address citizens’ privacy concerns. The Convention provides a framework through which all African states can attempt to regulate cyber crime and enhance the protection of citizen’s personal data. This guidance is vital: as explained above, the patchwork character of Africa’s laws is a key weakness, making harmonisation difficult. Yet, given the cross-jurisdictional nature of cyber crime, consistency is imperative for practical interventions.
A further development is the African Declaration on Internet Rights and Freedoms, a regional initiative drafted by a wide array of African civil society organisations. Much like other human rights instruments that preceded it, such as the African Charter on Human and Peoples’ Rights of 1981 or the Windhoek Declaration on Promoting an Independent and Pluralistic African Press of 1991, the Declaration formulates a comprehensive rights-based framework that contextualises the various concerns arising from the fluid internet landscape. Critically, it asserts that the foundation of internet regulation is openness and freedom, as opposed to prioritising national security, secrecy or even privacy.
The Global Principles of National Security and the Right to Access to Information (2013) is another powerful instrument with the potential to counter some of the legislative threats to online openness and freedom. Drafted by an international alliance of academics and civil society, the Principles’ central message is that the public interest should override national security concerns that would otherwise result in the withholding of information.
These instruments for positive change now need domestic implementation: activists should focus on challenging anti-progressive legislative developments through championing compliance with them.
On the national front, there is a notable increase in the drafting and adoption of access to information laws. These could be greatly strengthened by concurrent passage of laws that provide adequate protection of personal privacy. For instance, South Africa’s Protection of Personal Information Act, 2013 created an information regulator with oversight of both personal privacy and access to information. The Malawian Draft Bill on Access to Information demonstrates that newer legislative iterations can specifically consider the proactive disclosure of information through online-access and open-government data initiatives.
Because the internet intersects with all aspects of our lives and across all human rights, threats to freedom of expression and access to information online can occur through a variety of legislative and practical interventions. The broad array of threats is made more difficult to counter by the piecemeal regulation of the internet and the obvious complications of jurisdiction. It is a new frontier – and a new frontier of profound importance for the African continent. Activists must stay abreast of legal developments in the area, not only to act against threats but, perhaps more importantly, to exploit the radical and disruptive new ways the internet can be used to advance social justice.