02 April 2014

Ethiopia and beyond

Human Rights Watch has released a detailed report titled “They Know Everything We Do”: Telecom and Internet Surveillance in Ethiopia.

It features the following recommendations -  
To the Government of Ethiopia
  • Enact protections for the right to privacy to prevent abuse and arbitrary use of surveillance, national security, and law enforcement powers as guaranteed under international law applicable to Ethiopia. Surveillance should occur only as provided in law, be necessary and proportionate to achieve a legitimate aim, and be subject to both judicial and parliamentary oversight. 
  • Legal safeguards should limit the nature, scope, and duration of possible surveillance, the grounds required for ordering them, and the authorities competent to authorize, carry out, and supervise them. 
  • Ensure that information obtained through email or telephone interception or access to call records is inadmissible in courts unless a court warrant has been obtained. All laws enabling the admissibility of intercepted information in court should be amended to require a court warrant, including the Criminal Code, the Telecom Fraud Proclamation, and the Prevention and Suppression of Money Laundering and the Financing of Terrorism Proclamation. 
  • Enact protections for call records and other “metadata” so that such information may not be collected or accessed by police, security, or intelligence agencies without a court order and oversight to prevent abuse, unauthorized use or disclosure of that information. 
  • Enforce the requirements for a court warrant prior to interception/surveillance under the Anti-Terrorism Proclamation and the NISS Proclamation. Ethio Telecom should not provide access to metadata or recorded phone calls without a warrant from a competent, independent and impartial court in line with international standards. Any data collection or surveillance conducted by the Information Network Security Agency (INSA) or National Intelligence and Security Services (NISS) should require prior court approval. 
  • Immediately unblock all websites of political parties, media, and bloggers and commit to not block such websites in the future. • Immediately cease all jamming of radio and television stations and commit to not jam radio and television stations in the future. 
  • Cease harassing individuals for exercising their right to freedom of expression online through social media and blogs. 
  • Appropriately discipline or prosecute officials, regardless of rank or position, who arbitrarily arrest or detain or ill-treat individuals on the basis of unlawfully intercepted or acquired information. Impose criminal penalties for illegal surveillance by public or private actors. 
  • Report annually on the government’s use of surveillance powers. This reporting should include: the number of data requests made to Ethio Telecom, cybercafés, or other mobile and Internet service providers; the number of requests for real-time interception or recording of phone calls; and the number of individuals or accounts that were implicated by such requests. 
  • Provide protections for the rights to freedom of expression and privacy to prevent abuse of emergency powers to shut down networks or intercept communications. 
  • Repeal or amend all laws that infringe upon privacy rights, the right to information, and the rights to freedom of expression, association, movement, and peaceful assembly, including the Anti-Terrorism Proclamation, the NISS Proclamation, the Telecom Fraud Proclamation, and the Prevention and Suppression of Money Laundering and the Financing of Terrorism, to bring them in line with international standards. Amendments should include the following articles:
- Anti-Terrorism Proclamation, article 23(1) and (2) (permitting non-disclosure of information sources and hearsay) and the NISS Proclamation, article 27 (requiring cooperation with NISS information requests). Ethio Telecom and INSA officials should cooperate with NISS only when a court warrant is granted facilitating access to user information.
- Telecom Fraud Proclamation, articles 6(1) (criminalizes dissemination of messages about activities punishable under the anti-terrorism law) and 10(3) (criminalizes commercial use of VoIP). To International Technology and Telecom Companies Serving Ethiopia
  • Assess human rights risks raised by potential business activity, including risk posed to the rights of freedom of expression, access to information, association, and privacy. Assessments should address risk of misuse of non-customized, “off-the-shelf” equipment sold to governments that may be used to facilitate illegal surveillance or censorship. Assessments should also address the risk of customizing products and services for law enforcement, intelligence, and security agency customers. 
  • As part of a tender or contract negotiation process, inquire about the end use and end users of the products or services being provided, especially for “dual use” products, including “lawful intercept” surveillance software and equipment. 
  • Develop strategies to mitigate the risk of abuses linked to business operations and new contracts, including by incorporating human rights safeguards into business agreements. Such strategies should be consistent with the Global Network Initiative (GNI) principles and the United Nations “Protect, Respect, and Remedy” Framework for business and human rights. 
  • Adopt policies and procedures to stop or address misuse of products and services, including contractual provisions that designate end use and end users, the violation of which would allow the company to withdraw services or cease technical support or upgrades. Promptly investigate any misuse of products or services and take concrete steps to address human rights abuses linked to business operations. 
  • Adopt human rights policies outlining how the company will resist government requests for censorship, illegal surveillance, or network shutdowns, including procedures for narrowing requests that may be disproportionate or challenge requests not supported by law. 
  • Extend human rights policies and procedures to address the actions of resellers, distributors, and other business partners. 
  • Commit to independent and transparent third-party monitoring to ensure compliance with human rights standards, including by joining a multi-stakeholder initiative like the GNI. 
  • Advocate for reform of surveillance or censorship laws to bring them in line with international human rights standards. 
  • Review any contracts or engagements initiated before 2008 and craft strategies to address and mitigate any adverse harm that may flow from operations that currently continue under these contracts, consistent with guidance provided by the GNI and UN principles, both launched in 2008. As contracts come up for renewal, incorporate human rights safeguards into newly negotiated contracts.
To the Governments of China, Germany, Italy, the United Kingdom, and Others
  • Regulate the export and trade of “dual use” surveillance and censorship technologies such as deep packet inspection equipment and intrusion software. Require such companies subject to national jurisdiction operating abroad to report on any human rights policies and due diligence activity to prevent rights abuses and remedy them if they arise. 
  • •Introduce or implement legal frameworks, such as an independent ombudsperson, that allow government institutions to monitor the human rights performance of companies selling surveillance software, technology, or services subject to national jurisdiction when they operate abroad in areas that carry serious human rights risks. Frameworks should include an effective complaints mechanism accessible to individuals and communities in Ethiopia, and those representing them, who allege harmful conduct or impact by companies subject to national jurisdiction doing business in Ethiopia, with findings and decisions binding on companies. 
  • Communicate an expectation to the government of Ethiopia that companies operating in Ethiopia should be able to implement the recommendations outlined above.
To the World Bank, African Development Bank, and other Donors 
  • Undertake human rights due diligence on telecommunication projects in Ethiopia, to prevent directly or indirectly supporting violations of the rights to privacy or freedom of expression, association, or movement; or access to information including through censorship, illegal surveillance, or network shutdowns. This should include assessing the human rights risks of each activity prior to project approval and throughout the life of the project, identifying measures to avoid or mitigate risks, and comprehensively supervising the projects including through third parties. This due diligence should extend to any government or private sector partners to ensure that they are not implicated in violations. 
  • Publicly and privately raise with government officials concerns about censorship, illegal surveillance, and network shutdowns and that human rights violations may undermine development priorities.
HRW comments that
the ruling Ethiopian People’s Revolutionary Democratic Front (EPRDF), a coalition of ethnically-based political parties in power for more than 20 years, continues to severely restrict the rights to freedom of expression, association, and peaceful assembly. It has used repressive laws to decimate civil society organizations and independent media and target individuals with politically-motivated prosecutions. The ethnic Oromo population has been particularly affected, with the ruling party using the fear of the ongoing but limited insurgency by the Oromo Liberation Front (OLF) in the Oromia region to justify widespread repression of the ethnic Oromo population. Associations with other banned groups, including Ginbot, are also used to justify repression.
As a result, the increasing technological ability of Ethiopians to communicate, express their views, and organize is viewed less as a social benefit and more as a political threat  for the ruling party, which depends upon invasive monitoring and surveillance to maintain control of its population.
The Ethiopian government has maintained strict control over Internet and mobile technologies so it can monitor their use and limit the type of information that is being communicated and accessed. Unlike most other African countries, Ethiopia has a complete monopoly over its rapidly growing telecommunications sector through the state-owned operator, Ethio Telecom. This monopoly ensures that Ethiopia can effectively limit access to information and curtail freedoms of expression and association without any oversight since independent legislative or judicial mechanisms that would ensure that surveillance capabilities are not misused do not exist in Ethiopia.
All governments around the world engage in surveillance, but in most countries at least some judicial and legislative mechanisms are in place to protect privacy and other rights. In Ethiopia these mechanisms are largely absent. The government’s actual control is exacerbated by the perception among Ethiopia’s population that government surveillance is omnipresent. This results in considerable self-censorship, with many Ethiopians refraining from openly communicating on a variety of topics across the telecom network. This report is based on research conducted between September 2012 and February 2014, including interviews with more than 100 people in 11 countries. It documents how the Ethiopian government uses its control over the telecommunications system to restrict the right to privacy and freedoms of expression and association, and access to information, among other rights. These rights are entrenched in international law and frequently touted by the government as part of Ethiopia’s constitution. In practice, they are undercut by problematic national laws and practices by the authorities that wholly disregard any legal protections.
Websites of opposition parties, independent media sites, blogs, and several international media outlets are routinely blocked by government censors. Radio and television stations are routinely jammed. Bloggers and Facebook users face harassment and the threat of arrest should they refuse to tone down their online writings. The message is simple: selfcensor to limit criticism of the government or you will be censored and subject to arrest.
Information gleaned from telecom and Internet sources is regularly used against Ethiopians arrested for alleged anti-government activities. During interrogations, police show suspects lists of phone calls and are questioned about the identity of callers, particularly foreign callers. They play recorded phone conversations with friends and family members. The information is routinely obtained without judicial warrants. While this electronic “evidence” appears to be used mostly to compel suspects to confess or to provide information, some recorded emails and phone calls have been submitted as evidence in trials under the repressive Anti-Terrorism Proclamation.
The government has also used its telecom and Internet monopoly to curtail lawful opposition activities. Phone networks have been shut down during peaceful protests. Some high-profile Ethiopians in the diaspora have been targeted with highly advanced surveillance tools designed to covertly monitor online activity and steal passwords and files.
In rural Ethiopia, where phone coverage and Internet access is very limited, the government maintains control through extensive networks of informants and a grassroots system of surveillance. This rural legacy means that ordinary Ethiopians commonly view mobile phones and other new communications technologies as just another tool to monitor them. As a result, self-censorship in phone and email communication is rampant as people extend their long-held fears of government interference in their private lives to their mobile phone use. These perceptions of phone surveillance are far more intrusive than the reality, at least at present.
Ethiopia has acquired some of the world’s most advanced surveillance technologies, but the scale of its actual telecom surveillance is limited by human capacity issues and a lack of trust among key government departments. But while use of these technologies has been limited to date, the historic fear of ordinary Ethiopians of questioning their government and the perception of pervasive surveillance serves the same purpose: it silences independent voices and limits freedom of speech and opinion. Human Rights Watch research suggests that this may just be the beginning: Ethiopians may increasingly experience far more prevalent unlawful use of phone and email surveillance should the government’s human capacity increase.
While monitoring of communications can legitimately be used to combat criminal activity, corruption, and terrorism, in Ethiopia there is little in the way of guidelines or directives on surveillance of communications or use of collected information to ensure such practices are not illegal. In different parts of the world, the rapid growth of information and communications technology has provided new opportunities for individuals to communicate in a manner and at a pace like never before, increasing the space for political discourse and facilitating access to information. However, many Ethiopians have not been able to enjoy these opportunities. Instead, information and communications technology is being used as yet another method through which the government seeks to exercise complete control over the population, stifling the rights to freedom of expression and association, eroding privacy, and limiting access to information—all of which limit opportunities for expressing contrary opinions and engaging in meaningful debate. Court warrants are required for surveillance or searches but in practice none are issued. Intercepted communications have become tools used to crack down on political dissenters and other critics of the ruling party. Opposition party members, journalists, and young, educated Oromos are among the key targets.
The infrastructure for surveillance was not created by the Ethiopian government alone, but with the support of investors in the Internet and telecom sector, including Chinese and European companies. These foreign companies have provided the products, services, and expertise to modernize the sector.
Ethiopia should not only ensure that an appropriate legal framework is in place to protect and respect privacy rights entrenched in international law, but also that this legal framework is applied in practice. Companies that provide surveillance technology, software, or services should adopt policies to ensure these products are being used for legitimate law enforcement purposes and not to repress opposition parties, journalists, bloggers, and others.