In 2019, Kampala police procured $126 million worth of closed circuit television camera (CCTV) surveillancetechnology from Chinese telecommunications giant Huawei to help control the city’s growing crime problem. Opposition and civil society leaders contend that the surveillance cameras, which rely on facial recognition technology, will be used instead to track and target government critics. This concern appears justified as an independent investigation has found that Ugandan intelligence officials are using the technology to crack the encrypted communications of popular singer and opposition leader Bobi Wine.
Similar concerns have emerged across the continent as over a dozen African countries have deployed surveillance devices in recent years. These countries represent a range of political systems, and the intended purposes of the surveillance systems vary. Nonetheless, these technologies present challenges to democratic norms and practices. Specifically, activists and digital rights organizations have raised concerns over privacy. The introduction of these technologies without institutional checks and balances renders citizens more vulnerable to political surveillance and suppression.
The growing accessibility of monitoring products in Africa has been made possible by the sales of foreign technology supported by soft loans, primarily from China. In addition to Huawei and other Chinese firms, which have built roughly 70 percent of the 4G network infrastructure on the continent, private cybersecurity and surveillance firms from Israel, the United Kingdom, Germany, and Italy, among others, have also been active in Africa.
“Remote-control hacking” is another form of surveillance technology that is spreading across the continent. These surveillance systems enable governments to access files on targeted laptops. They also log keystrokes and passwords as a means to turn on webcams and microphones.
Eavesdropping is another surveillance technique that allows governments to access calls, texts, and the locations of phones around the world. This technique, most closely linked to the Bulgarian-based surveillance firm Circles, an affiliate of the NSO Group, which developed the infamous Pegasus software, provides spyware technology to countries as a means to exploit faults in telecom systems. Several governments in African countries, such as Botswana, Equatorial Guinea, Kenya, Morocco, Nigeria, Zambia, and Zimbabwe, are reportedly using these systems to connect to their local telecommunications companies’ infrastructure to conduct surveillance.
The adoption of surveillance products in Africa is closely linked to Huawei’s Safe Cities projects. The Safe Cities concept makes use of a range of interconnected tracking devices, video cameras, software, and cloud storage systems to tap public and private platforms in a more cohesive manner to enhance public goals such as policing, managing traffic, and streamlining administrative services. Access to this web of systems ostensibly increases the visibility of police officers who can then agilely track and respond to crime in real time.
There is no robust evidence linking the adoption of surveillance technology and a decrease in crime in Africa. However, the spread of surveillance technologies in Africa does thrust the continent into a critical inflection point, torn between the increased capability to monitor citizens through widely available digital products and protections for democratic norms and practices. This is happening without much public debate due to an underappreciation of the implications.
What We Have Learned about the Use of Surveillance Technology in Africa
Ethiopia’s approach to ICT investment is informative. With the help of Beijing, Ethiopia has championed the use of ICT technologies as an instrument to strengthen its local administrative capacity. For example, the Woredanet project digitally connects ministers in Addis Ababa with the country’s 950 district administrations (woredas), nine regions, and two city administrations.
This growing ICT capacity for local governments is tempered by Ethiopia’s poor record of internet freedom. Its online environment remains encumbered by regular internet shutdowns, which are motivated by political objectives. This suggests that the implementation of surveillance technologies is vulnerable to being abused. This vulnerability is compounded by Ethiopia’s lack of a comprehensive legal instrument to regulate privacy and data protection measures.
Ethiopia is not an outlier. Half of the countries in Africa do not have laws on data protection. Promoting national cybersecurity policies for the expanding use of digital surveillance devices is therefore an essential step toward advancing digital rights.
Huawei’s 2018 annual report maintained that its Safe Cities project serves over 100 countries. Huawei’s first African Safe City system connected 1,800 high-definition cameras and 200 high-definition traffic surveillance infrastructures across Nairobi. Additionally, a national police command center was established to provide support to over 9,000 police officers and 195 police stations. These technologies aim to support crime prevention, as well as accelerate response and recovery.
The benefits of the Safe City project are hard to verify and appear exaggerated. According to Huawei, crime rates from 2014 to 2015 decreased by 46 percent in areas supported by their technologies in Kenya. Yet, Kenya’s National Police Service reports indicate smaller reductions in crime during those years. Nairobi and Mombasa, the two cities with the surveillance technologies, have also seen increases in reported crimes in 2017 and 2018.
While Huawei’s Safe Cities model may provide a template, it is important to recognize that these governance and surveillance systems are being installed at the request of African governments. The relevant question, then, is to determine in which contexts are these surveillance tools being utilized to enhance the public good versus primarily to advance the repressive capacity of those in power. Given the diversity of African governments that have adopted the surveillance technology, answering this question must be determined on a country-by-country basis. This, in turn, will support reform strategies and illustrate the viability of locally driven policy solutions.
Priorities for Addressing the Misuse of Surveillance Technology
The impulse for governments to control information in a society and surveil citizens has always existed. In fact, this has been the focus of many African intelligence services over the years. The adoption of new surveillance technology in Africa, however, has dramatically empowered governments to do so—and at a scale not previously seen. What may have taken a whole army of operatives to do in the past can now be accomplished by a few engineers.
Building on country-level reform strategies and best practices, African legislators and digital rights advocacy groups can strengthen norms and regulations surrounding surveillance technology by establishing AU advisory panels to lay out recommendations. The African Union Convention on Cyber Security and Personal Data Protectionwas established in 2014 to provide a framework for cybersecurity in Africa. As part of this, member states are asked to establish national cybersecurity policies as well as legal, regulatory, and institutional frameworks for cybersecurity governance. Yet, the Convention requires the ratification of 15 countries to take effect. Thus far, only five countries (Namibia, Senegal, Ghana, Guinea, and Mauritius) have done so.
The absence of a clear regulatory framework leaves many African countries vulnerable to misuse of surveillance technologies. While individual countries must continue to work toward domestically driven policy solutions, facilitating a shared understanding of regulatory approaches to these devices can accelerate the means to confront common concerns and illegitimate uses. By taking advantage of already established frameworks, these advisory panels can provide the necessary counsel on whether appropriate checks and balances are in place.
A common regulatory approach also has value given the increasing interconnectedness of information communication technology systems across nations. Additionally, many African countries lack the capacity in terms of expert personnel to facilitate the development and implementation of cybersecurity policy and regulatory frameworks. A common regulatory approach offers a collection of tools, policies, and guidelines that can enable local actors to more quickly protect their respective cyber environments.
Tapping available training content and programs consistent with domestic realities can support digital rights advocates and other stakeholders with essential facts and frameworks to engage constructively with the demands of digital rights and security concerns. Promoting cyber stability and increasing awareness of cybersecurity governance in Africa, moreover, helps support the establishment of enforcement mechanisms and the development of institutional capacities. International actors can also work with local African civil society organizations to strengthen checks and balances and address concerns over privacy. By supporting digital rights initiatives, international actors can empower and scale the work of local organizations.
African citizens are facing a digital inflection point. There is an urgent need to understand and strengthen the means of protecting digital rights as part of the broader array of civil liberties and political rights. To advance these goals, training, best practices, advisory panels, and conferences that include digital advocacy groups, policymakers, security professionals, and citizens can accelerate the learning curve on these issues and find policy solutions that ensure freedom while paying critical attention to security demands.
Bulelani Jili is a Ph.D. student at Harvard University’s Department of African and African American Studies and a former Yenching Scholar at Peking University.
This article was first published by the Africa Center for Strategic Studies.