Empowerment and choice are essential for fair and free elections and digital rights protections. Unfortunately, ARTICLE 19 Eastern Africa (EA) continues to document significant restrictions across the region on numerous civil and political rights, including the right to free expression, access to information, assembly and association on online and offline platforms. Sometimes, we see and hear these restrictions. Other times, the restrictions are nuanced and submerged in alleged efforts to combat the ongoing pandemic, and other extraordinary circumstances, including unrest. The implications of these seen and unseen, heard and unheard restrictions, however, is the same.
Over the next three years, seven countries in Eastern Africa will either hold presidential, legislative or parliamentary elections. These include Tanzania, Seychelles, and Somalia between October – December 2020, Uganda and Ethiopia in 2021, Kenya in 2022 and Rwanda between 2023 – 2024. Even though countries across the region have committed to protect and promote human rights, ARTICLE 19 EA has already documented electoral challenges, such as digital surveillance.
Most of these countries have used the Coronavirus pandemic as an opportunity to deploy and use surveillance digital technologies, such as drones, robots, and contact tracing applications. While countries are within their mandate to introduce and use these technologies for purposes of addressing the pandemic, and other extraordinary situations they are obliged to adhere to international human rights obligations and enforce appropriate safeguards. Despite the breathtaking implications for individuals’ digital rights, the public is generally supportive of these pandemic surveillance technologies, and the related broad-brush ‘public health’ arguments, in part because of the ongoing pandemic.
In Rwanda, for example, public-private partnerships have heightened the deployment of drones and humanoid robots which rely on facial recognition technologies, phone data profiles and transmission towers. In Uganda, contact tracing applications are purportedly using overlapped GPS and Bluetooth (smartphone) technologies. In Ethiopia, the Ministry of Health developed a national COVID-19 surveillance and tracking system, with the support of USAID’s Digital Health Activity.
The governments continue to use these technologies without appropriate safeguards to protect individual’ right to privacy and data protection. This is despite calls by the former UN SR that public health surveillance must be conducted in line with human rights principles.
Moreover, numerous Eastern African countries have made such formal commitments as part of their Smart Africa Alliance membership. Out of 14 EA countries, only Uganda, Rwanda, South Sudan (committed to investing in ‘Africa Digital Literacy’), Djibouti (committed to investing in ‘data centres’) and Kenya (committed to investing in the ‘digital economy’) have made formal strides to solidify their membership. In contrast, the other countries continued to entrench their promotion of ICTs in their national development blueprints and ICT plans.
Regional Commitments and Pandemic Surveillance Technologies: Rwanda and Uganda
It is excellent that EA governments continue to embrace and use digital technologies. However, we note with concern that some governments are using GPS and facial recognition technologies without attendant legislative, regulatory or administrative safeguards. Worse still is the limited transparency regarding their use. This not only poses gargantuan risks for people’s civil and political rights but also raises concerns regarding the mass collection of their biometric data, which may amount to unlawful mass surveillance, where no oversight is exercised by an independent body.
Rwanda has committed to investing in the ‘smart cities’ agenda, as part of its Smart Africa Alliance membership. Generally, smart cities rely on the mass collection, processing, storage and transfer of personal data. In Rwanda, the smart cities drive was preceded by the digital identity (e-ID) and biometric SIM card registration processes. ARTICLE 19 and Access Now jointly magnified the challenges inherent with Rwanda’s centralised, and government-managed e-ID system, as well as the mandatory collection of biometric data during the SIM Card registration process. In 2019, Rwanda commendably ratified the African Union Convention on Cyber Security and Personal Data Protection, which provides a fantastic legislative layer for individuals’ data protection. Nonetheless, the recent use of facial recognition technologies continues prior to the establishment of a data protection authority, which should ideally be tasked with promoting and protecting individuals’ rights to privacy and data protection.
ARTICLE 19 totally rejects the adoption of facial recognition technologies which pose well-documented risks to individuals’ ability to exercise their numerous rights, namely the right to privacy, data protection, assembly, protest and digital anonymity. In addition, facial recognition technologies are problematic because, as ARTICLE 19’s report noted, ‘more accurate systems only become more powerful systems of control and surveillance.’
In recent years, big tech companies heavily invested into facial recognition solutions, and sold these to governments. Strikingly, in June 2020, IBM stopped its facial recognition technology research and development activities and Microsoft recalled its solutions from US law enforcement agencies. Further, Amazon announced that they have placed a one-year moratorium on the use of Amazon Rekognition by police until governments enact “stronger regulations to govern the ethical use of facial recognition technology.” It remains unclear whether these companies sold and/or continue to sell these technologies to law enforcement and intelligence agencies and the military, outside of the United States.
ARTICLE 19 EA calls on the government of Rwanda to recognise these human rights risks, and impose an immediate moratorium on the use of facial recognition technologies as part of its ICT (including telemedicine) expansion plans, in light of its upcoming elections in 2023 – 2024.
Uganda has committed to invest in the ‘big data and data measurements for development’ agenda, as part of its Smart Africa Alliance membership. As recently as August 2020, Uganda took commendable strides to expand its Data Protection and Privacy Act (2019) through draft regulations, which ARTICLE 19 EA commented on. Notably, private start-ups have ingeniously developed contact tracing applications in response to the coronavirus pandemic. These apps rely on GPS data which the developers claim will be blurred. However, the developers failed to demonstrate how they will blur this data, and how effective this will be. GPS data, which focuses on actual location tracking is inherently problematic for a vast host of stakeholders, and similar to facial recognition technology, acts as a powerful tool for surveillance, control and the disempowerment of individuals.
ARTICLE 19 EA calls on the government of Uganda to encourage private developers to refrain from using GPS technologies (including blurred location data) as part of their coronavirus pandemic ingenuity, in light of its upcoming elections in 2021.
The adoption of facial recognition technology and GPS location data risks spilling over into the electoral arena, where individuals will have a limited ability to exercise their right to privacy in both private and public spaces. Notably, the deployment and use of these technologies already cast a shadow over the ability of the Rwandan and Ugandan governments to comply with ‘data protection by design/default requirements, and data principles and rights, including the data minimisation and storage limitation principles.’
Sigi Waigumo Mwanzia (firstname.lastname@example.org) is a Digital Policy Consultant at ARTICLE 19 Eastern Africa.