Safeguarding Civil Society - Assessing Internet Freedom and Digital Resilience of Civil Society in East Africa

This report sets out to assess internet freedom and the digital resilience of civil society organisations (CSOs) in the East and Horn of Africa, specifically in Burundi, Rwanda, South Sudan, Tanzania, and Uganda. The report, composed in partnership with Small Media, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), DefendDefenders, and Strathmore University’s Centre for Intellectual Property and Information Technology Law, used a policy analysis of current freedom of expression and internet-related legislation, 39 CSO interviews, and a series of network measurements to assess the state of internet freedom in the focus countries and to gauge civil society’s ability to protect itself from digital threats. It is hoped that this research "will prove instructive to regional policy makers to bring their policies into line with the African Declaration of Internet Rights and Freedoms (ADIRF), and to the CSOs and digital security providers who will need to work together to protect themselves from the growing threats in the region.”

As explained in the report, “Over the past decade, East Africa has seen a tremendous boom in connectivity and online participation that is beginning to transform how citizens across the region communicate, express themselves, and establish communities. In a similar manner, the growth of internet access in the region is beginning to empower civil society organisations (CSOs) to engage with the public, share information, and advocate for citizens’ rights in sometimes challenging and closed political environments. Although the internet offers opportunities to such advocates, it also offers the possibility for regional, state and non-state actors to interfere with their work, surveil them, and censor their voices.” For example, in Burundi, criticism of the government is not taken lightly, and although the country has introduced a number of protections for freedom of speech and the right to privacy, in reality they do not prevent violations from taking place. Ambiguously worded laws provide opportunities for governmental bodies to systematically restrict internet freedom in the country. This is evidenced by the temporary blocking of social media networks and the arrests of social media users that have taken place.

To measure the state of internet freedom in the region, the researchers have taken the African Declaration of Internet Rights and Freedoms (ADIRF) as a key point of reference. This declaration, drafted and signed by a large array of African CSOs in collaboration with international internet freedom organisations, establishes a set of rigorous principles by which governments and other relevant stakeholders must abide in order to guarantee the online rights and freedoms of citizens across Africa. The research is based on a three-pronged methodology and is consequently divided into three core segments: a policy and legal analysis; a CSO digital security assessment; and a technical analysis of states’ capacities to censor and surveil online content.

In the first section on policy and legal analysis, the report assesses the state of internet freedom across East Africa by undertaking an analysis of the levels of compliance between the legislation and policy implementation of regional governments, and the ADIRF. It takes stock of the ways that regional governments implement their policies in practice, illustrating any instances in which digital freedoms have been violated or threatened. It assesses each country in relation to some of the key principles outlined in the ADIRF, which are: openness of the media; internet access and affordability; freedom of expression; right to information; freedom of assembly and association and the internet; privacy and personal data protection; security, stability, and resilience of the internet; marginalised groups and groups at risk; and right to due process. In doing so, it exposes a number of areas in which governments should be pressed to adapt their existing regulatory and legislative frameworks to ensure that they are more conducive to the protection of citizens’ online rights.

The second section explores the results of the CSO digital security assessments based on interviews with local CSOs regarding three key topic areas: the digital threats that CSOs in the region perceive; any training and support networks that already exist; and the tools, practices, and knowledge of CSOs to combat the digital threats they face. In Rwanda, for example, the research found that there were low levels of awareness of what needs protecting, poor knowledge and skills in terms of tackling digital security problems, and limited digital security capacity within CSOs. Rwanda thus urgently requires capacity building programmes. Overall, this section demonstrates how the government policies and practices are having a negative impact upon the ability of CSOs to operate freely and openly, thereby limiting their capacity to engage in advocacy, to hold politicians and private organisations to account, and to support their intended communities.

The third section presents the results of network measurements on the extent to which regional governments interfere with online traffic, restrict internet access, and intercept online communications. Measurements employed ICLab’s Centinel tool and the Open Observatory of Network Interference (OONI) Probe to gather crucial data about the state of local networks in the focus countries. For example, results of network measurements showed that Burundi had no recorded website blockages, while Rwanda had the highest number of blocked websites, which were notable for their political nature.

Overall, the results demonstrate the necessity for civil society to mobilise itself in defence of internet freedom across East Africa. They show that in each of the countries assessed, government policy is out of alignment with the core values of the ADIRF - in some cases to such an extent that citizens’ human rights are at risk of being violated. “Human rights and internet freedom advocates should continue to press their governments to review and adjust their policies in such a manner as to come into compliance with the ADIRF, and to support the online rights of citizens across the region.” The report ends with with a list of recommendations for regional governments in general, the five focus countries in particular, as well as digital security organisations, internet freedom researchers, internet service providers, technology companies, and the international community. The following is just a selection:

Regional governments

• In order to safeguard freedom of expression, media pluralism, and cultural diversity, regional governments should take steps to ensure the protection of net neutrality and oppose discriminatory access to the internet.
• Regional governments should recognise their obligations to guarantee freedom of expression online under the provisions of their respective constitutions. Legislation requiring unduly strenuous regulation of the press should be repealed and should not be used to threaten or undermine the legitimate work of journalists - online or offline.
• Governments should take active steps to protect the online privacy and freedom of expression of: marginalised groups, including women; ethnolinguistic minorities; lesbian, gay, bisexual, transgender, queer or questioning, and intersex (LGBTI) people; the elderly; young people and children; and people with disabilities. Efforts should be made to involve stakeholders from marginalised communities in multi-stakeholder discussions about the development of the internet in the region.

Digital security organisations:

• Continue to raise awareness of, and train civil societies on, the digital threats they face and the best practices and tools needed to mitigate them.

Internet service providers (ISPs)

• Ensure that the services they provide adhere to regional and international standards for human rights and work to prevent services being blocked and websites being censored when such action represents a crackdown on internet freedom.

Technology companies

• Manufacturers and the support ecosystem around software and hardware tools that produce dual-use technologies that can be used for law enforcement should design their deployment in a transparent way, especially on how their products are used, and should also proactively verify if the purchase objectives are matched in practice. To the extent possible, the sale and utilisation of technologies that can be repurposed for mass surveillance and censorship should be vetted with wider public participation.

International community

• Ensure that companies based outside of the East Africa region are not contributing to the curtailing of internet freedom, by better regulating the sale of dual-use technologies, and making sure that digital tools that could be used against CSOs and citizens are not utilised in this way.