Have human rights featured prominently in cybersecurity policy-making in these countries?
First, it’s important to interrogate the major drivers of cybersecurity policy making in Uganda, Tanzania, and DR Congo before proceeding to establish if Human Rights have featured in cybersecurity policy making. Three points surfaces quickly in mind. First the fast-paced nature and developments in the field of Information and Communications Technologies (ICTs) greatly shaped perceptions and risks associated with threats and fears of insecurities in the digital space and of course, the need to fight cybercrime. These were significant factors that influenced cybersecurity policy making in the region. Consequently, most of the cybersecurity laws and policies were crafted while relying on other models such as the International Telecommunication Union’s (ITU) frameworks but also, of other country’s laws. There is a lot of linkages and similarities in some of the legal texts and provisions used within and across the region.
Nevertheless, cybercrime (prevention) which was the chief cornerstone for enactment of cyber laws continue to rise each year in this region. In most cases, the nature of threats is largely internal but also external. This increase in cybercrime rate comes despite heavy investments in cyber security laws and the institutional frameworks established in all these countries. This means, there is still a lot that needs to be done beyond policy making and regulations that require all stakeholder contributions. For example, there is need for more cybersecurity capacity building at institutional level but also, deepening the robustness of capacity at country level (through policies, standards and skills, ethics and culture in society and technology developments etc), awareness raising, building an efficient emergency response teams, strengthening internal and external cybersecurity coordination mechanisms, and enhancing cooperation between and among countries just to mention, but a few.
So, have human rights featured prominently in cybersecurity policy-making in these countries?
Cybersecurity laws and policies in these countries have provisions and certain safeguards that can and are in principle; meant to uphold and protect human rights. However, these are often not implemented and enforced. For instance, a close look at the Data Protection and Privacy Laws in Uganda, Kenya, DR Congo and even Tanzania (using the Electronic Postal Communications Act) do have provisions for oversight mechanisms to ensure compliance with people’s privacy, safety, and security. However, the institutional effectiveness of these mechanism is very limited. Partly, due to limited resources and prioritization, interference from actors of security and weak bureaucratic capacity of the state that operates under the strong whims of the Executive and security agencies.
It therefore follows that, having human rights feature in cybersecurity policy making is a necessary but not sufficient condition for the observance and adherence to fundamental human rights in the cyberspace. It goes beyond mere insertion of certain human rights principles in legal texts to more concrete efforts geared towards galvanizing political and bureaucratic will and strengthening the institutional capacity of state institutions. The capacity of the state should be strong enough to deal independently with issues of human rights and freedoms of individuals without shocks and external pressures from political leaders.
There are instances where laws on lawful interception of communications that allegedly threatens national security is invoked by the state or security agencies. Normally, lawful interception is permissible if intended to achieve a legitimate aim and granted by a competent legal jurisdiction, is conducted through a warrant by an authorized lawful officer. However, in most cases, these safeguards are not followed and often, blatantly abused by the State and actors of security.
Some provisions of laws such as the Regulations on Interception of Communications Act of 2009 in Uganda, require disclosure of encrypted materials where security believes certain information could endanger national security. These undermine human rights in several ways. Yet, what is even more worrisome trend are increasing allegations of how security agencies in connivance with telecom companies have attempted to crack on social media (WhatsApp) communication of leading opposition political leaders within the region. This blatantly undermines their human rights, but also sets very bad precedent, not only of the state of human rights; but also, against legitimate speech organizing.
Then, there are broad and vague definitions in terms of the laws e.g., within the region on terms such as, ‘hate speech’, ‘national security’ and ‘defamation’ just to mention but a few. These definitions if they are very broad, have the tendency to be misused (like targeting journalists, activists, opposition or dissenting views and opinions) and, hence undermining human rights.
What lessons can be learned and how can civil society in this region meaningfully contribute to policy making process?
Civil Society should deliberately pursue and proactively participate in policy making processes, offering insights and suggestions on alternative policy options available and engaging governments in the region more constructively. Even where sustained and protracted engagement do not necessarily lead to immediate results in the short run, the processes and opportunity for engagement should be continuously explored. Afterall, success can be measured along several chains of meaningful policy engagement.
Governments should ensure the process of consultations of all stakeholder groups is broad and diversed and different inputs and suggested areas for changes in the text of policy documents are carefully negotiated, and compromises reached to ensure human rights are not undermined in these policies. There should be deliberate strategies to implement and enforce human rights standards in laws and policies.
Capacity building by governments of its bureaucrats and security bodies is crucial. Civil Society organizations should deepen sensistisation and awareness raising among the populace. These steps are key to ensuring meaningful engagement and participation in cyber security policy making and processes that contributes to observance and protection of human rights.
By
Moses Owiny
