African governments are using the pretext of security to restrict digital communications and citizens’ rights. In the process, they are inadvertently contributing to economic losses and greater instability.
Digital repression is on the rise in many parts of Africa. Over a dozen African countries have recently experienced politically motivated internet shutdowns. Roughly the same number have been identified as operators of military-grade spyware (such as Pegasus, RCS, and FinFisher), which they use to track domestic political opponents and activists with the same vigor as criminals and terrorists. Governments employ automated tools to subject social media platforms to expansive surveillance. Increasingly, leaders are taking advantage of vague elements of recently passed cybercrime laws to expand executive powers to arrest activists and debilitate the free press. African leaders frequently portray digitally repressive tactics as necessary to combat threats from terrorism, organized crime, and secessionist violence. In fact, their main impact is to undermine the fundamental freedoms that make it possible for governments to be transparent, legitimate, and accountable to citizens.
Tanzania’s 2015 Cybercrimes Act is a case in point. The law was ostensibly passed to fight rising digital crime. In practice, it bans “insulting” speech, empowers law enforcement officials to respond to violations without judicial checks, and allows authorities to crack down on whistleblowers who use government data to report wrongdoing. The Cybercrimes Act was followed by the 2018 Electronic and Postal Communications Regulations, which requires bloggers to register with the government and internet cafes to keep surveillance videos of people using their services.
These regulations have had a chilling effect on citizen security in Tanzania. Broad definitions of offenses, as well as disproportionate penalties for them, have stifled political debate by enabling the unjustified detention, arrest, and intimidation of opposition figures, independent journalists, and activists. Along with social media outages and the suspension of text messaging services, Tanzania’s cybersecurity laws were the government’s main tools of digital repression in the run-up to the fraudulent October 2020 elections.
Paradoxically, while often justified as necessary to enhance security, the embrace of digital repression has failed to improve African security. Instead, digitally repressive tactics, technologies, and policies are proving to be damaging to national security and harmful to citizens.
The Rise of Digital Repression
As more Africans get their information from the internet, some governments have embraced digital forms of repression to exert more control over the information environment. Digital repression encompasses a variety of increasingly common tactics and tools, all of which involve the use or manipulation of digital technology to censor or restrict communications, invade privacy, limit free speech, stifle political opposition, and undermine democratic checks and balances.
The most visible face of digital repression in Africa is the limitation of people’s use and access to the internet and telecommunications. Over the past decade, the African continent has become awash in internet shutdowns and restrictions. In 2021, at least 10 African countries experienced a major internet shutdown, the most of any region in the world. Internet shutdowns have been deployed in the run-up to or aftermath of contested elections in Uganda, the Republic of the Congo, and Guinea. Similar tactics were applied to citizens protesting in favor of democracy and civilian governance in Togo, Eswatini, and Sudan. At times, shutdowns have even happened in freer countries. Leaders shut off the internet during a high-stakes election in Niger, and during popular protests in Senegal and Burkina Faso. These interventions strain the balance between liberties and security that is a core tenet of open and democratic governance.
Another tactic of digital repression involves the use of malware or social media to conduct surveillance of political opponents, journalists, and activists. Information gathered during surveillance is then used for blackmail, harassment, or targeted arrests and detention. For example, authorities in Uganda worked closely with officials from the Chinese telecom firm Huawei to hack into the WhatsApp and Skype accounts of opposition leader and presidential candidate Bobi Wine during a rally he attended in 2018. This led to his detention and torture, and cost Wine’s driver his life. More broadly, cheap and sophisticated malware, which is widely available from numerous private sector firms and sold as a means for authorities to surveil terrorists, has created a booming surveillance market across Africa.
Finally, authoritarian-minded leaders across Africa are applying new laws on cybersecurity, online speech, and data sharing in ways that expand executive powers to crack down on protected speech or attempts at whistleblowing. Benin’s 2018 Digital Code—which criminalizes online press offenses, including the publication of false information—was used to arrest journalists reporting on public statements made by officials that were embarrassing to the government.
Zambia’s cybercrimes law was passed under former President Edgar Lungu at a time of closing civic space. The law’s vague definitions made it susceptible to a politically selective application, which led current President Hakainde Hichilema to campaign on repealing it. In other instances, governments use existing laws on speech and expression to crack down on opponents and activists for their comments in the digital sphere. Authorities in Côte d’Ivoire have used the country’s antidefamation laws to hold journalists criminally liable for publishing online stories exposing inadequate prison conditions and possible cases of corruption.
Political leaders commonly justify the use of digitally repressive tactics in the name of cybersecurity. In virtually all the examples cited above, legislation enabling digital repression was passed as part of broader efforts to give governments the legal tools to respond to cyber-enabled crime such as fraud, theft, hacking, espionage, disinformation, and hate speech. Often, however, digitally repressive tactics are used opportunistically by self-serving political elites, in line with the authoritarian tendencies of their executives and ruling parties.
These trends underscore a fundamental gap between leaders, who have often embraced digital repression, and citizens, who generally exhibit a high demand for democracy and support for good governance, rule of law, and digital media freedom, even if they also desire some degree of government regulation of false news and hate speech.
Cyber Dimensions of African Security
While justified by some African leaders on security grounds, digital repression has proved ineffective, if not downright harmful, in addressing the continent’s security challenges.
In the first place, digital repression has proven to be a costly way for leaders to respond to cybersecurity threats. Internet shutdowns have caused billions of dollars in economic losses in recent years. Sudan’s 2019 internet shutdown reportedly cost its economy $1.9 billion—around $1.2 million for each of the 1,560 hours it lasted. Internet blackouts in Algeria and Chad that year were estimated to have cost each country over $100 million. Even in more open political systems like Nigeria, the 2021 shutdown of Twitter cost an estimated $367 million in just 2 months. Heightened economic strain in already challenged environments is a driver of increased volatility.
Digital repression also does not create lasting benefits to national security. There is limited, if any, evidence that punitive measures criminalizing various forms of speech are effective at reining in violent threats. In Nairobi, digital surveillance technology installed as part of a Huawei-sponsored “safe-city” project appears to have had little measurable effect on crime.
Digital repression may not only be undermining democracy but also fueling political instability. Three-quarters of the 16 African countries facing armed conflict are authoritarian or semi-authoritarian, underscoring the centrality of political exclusion to Africa’s internal conflicts. Digital repression serves as an amplifier rather than mitigator of these tensions. Heavy use of digitally repressive techniques by governments in Zimbabwe (Mugabe), Sudan (Bashir), and Algeria (Bouteflika) did not prevent their removal in the face of widespread protest and popular unrest. Ethiopia possesses one of most draconian and sophisticated systems of digital surveillance in Africa. Yet this system failed to prevent the Ethiopian People’s Revolutionary Democratic Front (EPRDF) regime from losing power in 2018.
In contrast to more punitive measures, there is evidence that deplatforming by social media companies and fact-checking by independent news organizations can reduce support for and recruitment into extremist groups. The private sector plays a more significant role in countering violent extremism online than is often appreciated by national security actors. One potentially promising approach involves regulating or tweaking algorithms to ensure that violent or extremist content does not go viral. Such an approach would require less direct government involvement and avoid the punitive criminalization of certain kinds of content. This would guarantee “freedom of speech,” which is a core component of constitutional democracy, by limiting “freedom of reach,” which is not.
While helpful in limiting the reach of extremist content, these measures are no substitute for adequate checks and balances that can prevent authorities from using information and content laws as instruments of repression. And it is these checks and balances that distinguish how democracies approach good cyber governance while enhancing security.
African Approaches to Citizen-Centric Cyber Governance
Rapidly changing technologies do pose legal and policy challenges, even to countries with longstanding models of democratic governance in Africa and across the world. The solution, however, lies in adaptation rather than in a new model altogether. Despite gloomy overall trends, promising initiatives emerging across the continent illustrate that digital security does not have to come at the expense of citizen security.
At the continental level, multiple efforts are underway to give governments tools to combat cybercrime and protect digital freedom. The African Commission on Human and People’s Rights focused on digital rights at its 68th session in 2021, building on the Declaration of Principles on Freedom of Expression and Access to Information in Africa that was adopted in 2019. The United Nations International Telecommunication Union, in partnership with the Computer Emergency Response Team of Mauritius, recently established a Centre of Excellence for Cybersecurity in Africa. Given Mauritius’ status as a leader in both democratic governance and information technology policy, the Centre of Excellence could be a promising venue for exchange about how to apply cybercrime laws in ways that enable independent oversight, transparency, and accountability.
At the national level, some African governments are making commendable efforts to adopt citizen-centric cyber security policies. For example, after years of back and forth between civil society stakeholders and authorities, South Africa’s recent cybercrimes and personal data protection legislation makes purposeful attempts to clearly define cybercrime as well as establish rights-respecting standards for combating it. In Senegal, the government’s national strategic studies center, the Centre des Hautes Etudes en Défense et de Sécurité (CHEDS), has convened a series of dialogues with media professionals and civil society to build bridges between these actors and the security sector. One such exchange touched upon the cybersecurity dimensions of media reporting and information dissemination, including through social media and the blogosphere.
At a local level, civil society, media, and private sector actors across the continent are pushing African governments to ensure that efforts to secure cyberspace do not infringe on the rights of citizens. One such model is the Kenya ICT Action Network, a network of experts and civil society activists that hosts dialogues with government and security sector officials, conducts research, and engages in activism around information and communications technology (ICT) policy issues. Their efforts have helped to build trust between the government and its citizens and influenced Kenya’s main cybersecurity laws and policies.
Likewise, AfricTivistes is a network of bloggers, digital influencers, journalists, programmers, open data experts, and activists who seek to promote democratic rights in the digital age. Recently, AfricTivistes partnered with the South African consultancy, ENDCODE, to analyze the content of national cybercrime and data protection laws. These analyses have helped identify areas of the law that warrant more specificity and led to concrete proposals to reform and apply cybersecurity laws so that they preserve fundamental freedoms.
Independent fact-checkers and researchers are popping up across the continent to monitor, verify, and limit the virality of disinformation. By partnering with these organizations, governments and social media companies can gain credibility and ensure civil political discourse without trampling on political liberties.
If they wish to govern sustainably and effectively, African governments must place citizen security at the heart of efforts to confront cybersecurity challenges. There is a clear and compelling case for leaders to refrain from digital repression in service of more sustainable cybersecurity reforms to promote a vibrant digital economy and shore up popular support. This includes strengthening the accountability of executive oversight mechanisms, developing more precisely defined and targeted cybersecurity laws, and reducing the use of blunt tools of shutdowns and restrictions that cut off internet services or deter online speech and communications for large groups of people.
“Leaders may be tempted to impose restrictions to serve short-term political interests. However, this comes at the expense of longer term political stability and the confidence of investors.”
In some cases, leaders may be tempted to impose restrictions to serve short-term political interests. However, this comes at the expense of longer term political stability and the confidence of investors. In these cases, governments will have to be pressured into reforms by civil society, as well as regional and international stakeholders. This is particularly the case when it comes to increasing independent oversight of the executive by other branches of government, the media, and civil society.
Democracy and cybersecurity are not only compatible but can be synergistic. African leaders must ensure that cybersecurity strategies and laws are developed inclusively, implemented proportionately, and applied apolitically. By adopting citizen-centric cybersecurity policies, African governments have an opportunity to safeguard democracy, further peace, and rebuild trust in what is often an increasingly frayed social contract.