Andrew Hallak (lead author), Hinako Sugiyama
The International Justice Clinic (IJC) of UC Irvine School of Law actively participated in the Forum on Internet Freedom in Africa (FIFAfrica) held in Dar es Salaam, Tanzania, from September 27th to 29th, 2023. As one of the most prominent digital rights conferences in the region, IJC had the opportunity to assess the effects of spyware on civil society in Sub-Saharan Africa. To achieve this, IJC co-organized a session titled “Unpacking mass surveillance and targeted surveillance in Africa: Exploring trends, impact, and strategies for resistance” in collaboration with the international NGO, Access Now. Additionally, we conducted outreach interviews with 12 digital rights activists and academics both during and after the event. The following is a brief description of our project and experience in the region.
—
In 2019, the UN Special Rapporteur on Freedom of Expression David Kaye, also the instructor of the IJC, issued a seminal call for the moratorium on the sale, transfer, and use of spyware. This spyware is exceptionally potent, capable of infecting your phone without any action on your part—transforming it into an incredibly powerful surveillance device. The spyware can breach encrypted communications and enable your camera and microphone, making it one of the most advanced surveillance tools known to humankind. While spyware vendors, such as Israel’s NSO Group, assert that they only sell spyware for preventing and investigating terrorism and serious crimes, the reality is that once a government acquires this technology, journalists, human rights activists, and government critics often fall victim to targeted surveillance. This has been revealed by the extensive reporting and research from Citizen Lab, Amnesty International, and Forbidden Stories’ Pegasus Project.
Prominent figures, including Jamal Khashoggi, and independence movements in regions like Catalonia highlight that the global spread of spyware constitutes a significant problem. This phenomenon has led to an extreme chilling effect on freedom of expression and, ultimately, poses a threat to democracy. As multiple human rights experts claim, there is serious concern that the use of spyware would fail to meet the international human rights standards such as those stipulated in the International Covenant on Civil and Political Rights, which requires states to respect and protect individuals’ rights to freedom of expression and privacy.
After consulting with advocates focusing on spyware issues, our clinic has identified Sub-Saharan Africa as a region with minimal participation in the global discussion on spyware, despite being highly vulnerable to such attacks. Factors contributing to this vulnerability include a lack of government accountability, limited cybersecurity funding, and fragile democratic institutions. The concern of spyware misuse in Africa is compounded by the fact that many governments in the region are spending billions of dollars to purchase surveillance technologies. As if replacing historic systems of oppression, countries like Israel and China are steadily selling spyware to African governments. Yet, global discussions on the sale and use of spyware technologies largely fail to include African voices.
IJC identified an opportunity to establish the foundation for amplifying the voices of African NGOs at the 10th summit of the Forum on Internet Freedom in Africa (FIFAfrica), hosted in Tanzania. This conference, organized by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), stands out as one of the continent’s most prominent digital rights events. Our specific goal was to understand both the actual and perceived threats posed by technology in Sub-Saharan Africa, aiming to identify gaps in the implementation of effective regulatory and remedial measures. These findings could then inform the efforts of our clinic and other international organizations in providing assistance.
Throughout the implementation of our project, we followed the tenets of participatory action research (PAR) method to ensure we inclusively and ethically interacted with NGOs in Africa. PAR is a research method often used in social science and humanities research. The method acknowledges the experiences of individuals and seeks to blur the line between researchers and the researched. Through iterative data collection, reflection, and informed action, PAR allows for the creation of knowledge through experiential learning. The researched become part of the research team. This occurs through empowering research participants to help guide the research process itself and focuses on creating actual change with the knowledge generated.
To do this, we (1) co-organized a session with Access Now on targeted and mass surveillance at the Forum on Internet Freedom in Africa (FIFA) to understand the general landscape of surveillance awareness and remedies, and (2) interviewed NGOs engaged in work to fight back against state surveillance. We sought to understand the general landscape of surveillance awareness, especially those enabled by spyware, among NGOs, with particular attention to the mechanisms used to combat spyware, the remedies NGOs were pushing for, and the gaps between the two.
Prepared with a semi-structured interview guide, we spoke with NGOs and academics to learn more about their experiences and desires for actionable change regarding civil society vulnerabilities to spyware. Prior to the conference, we worked with global and regional partners, such as Access Now and CIPESA, to identify relevant stakeholders. Given that the NGOs operate halfway around the world, we also engaged in a snowball sampling technique, a common practice in qualitative research. This technique is the process of asking interviewees to identify other stakeholders. We deliberately asked the NGOs we interviewed to identify other organizations from their communities, particularly those not in attendance, that would be pertinent to our research.
We learned about how pervasive spyware was and its impacts on an individual, collective, and societal level in Africa. The covert and comprehensive nature of spyware created both real and perceived fears that journalists, human rights defenders, and political opposition groups directly bore. This translates to both state-sponsored surveillance as well as self-imposed censorship that limits the space for civil society to critically discuss and challenge societal issues.
We now begin the process of analyzing the data collected to understand the harms spyware poses to NGOs and the barriers to achieving redress in Africa. Based on a preliminary assessment of this pilot study, we found that to further invigorate civil society actions against spyware, both policy advocacy and litigation at domestic and international level seem essential. This includes: (i) Evidence Securing—raising awareness on risk of spyware attack among human rights defenders, journalists, and government critics and motivate to inspect their phones; (ii) Raising Public Awareness—bolstering investigative journalism on spyware issues; and (iii) Capacity Building—strengthening the holistic collaboration among digital rights advocates, lawyers, and security experts. These measures may be the most effective tools to combat the negative effects of spyware. This assessment is not conclusive, and we look forward to sharing our full findings shortly.
With the data and international law frameworks in mind, we plan to host a summit in East Africa to further explore the needs and potential remedies. Central to this plan is the invitation of spyware victims and civil society actors with various expertise, including law, technology, activism, and investigative journalism. ICJ plans to financially assist travelers through a grant from The Ford Foundation Dignity and Justice Fund at New Venture Fund that was recently decided to be awarded. This initiative will ultimately contribute to the global discussion on the regulation of spyware by ensuring that African voices are taken into account.
—
Andrew Hallak, a student of the IJC, had this to say about the project:
From the moment we stepped off our 33-hour plane ride, we were immediately greeted with smiles and countless expressions of “hello” in Swahili, the official language of Tanzania and much of East Africa. As we clutched our bags close to our swaying bodies, our taxi driver, Musa, assured us that lanes on the highway were simple guides that could be ignored. Seeing our concerned looks, Musa smirked: “Don’t worry; welcome to Africa.” Simultaneously, he pointed out and recited Tanzanian history sprinkled throughout the city center of Dar es Salaam; “This monument was erected after the Germans left, this watchtower after the British.” Despite its violent colonial past, we, as Western law students, were constantly greeted with, “You are welcome here.” Little did we know that our short, 5-day experience would lead to deep connections with everyone we encountered and contemplation of what coalition-building and global advocacy can look like.
This research was only made possible through the conversations and experiences we shared with countless NGOs, journalists, lawyers, technicians, and academics heavily involved in spyware matters affecting Sub-Saharan Africa. Continuing the discussion with people on the ground, constantly reflecting on the clinic’s role in the process, and ensuring proposals are led by the voices of civil society groups is our attempt to balance power dynamics and serve a role in restoring justice to African communities most impacted by this type of spyware.
—
You can find more information on the Clinic’s work on spyware here.