The following interview was conducted by Michael Ouma for CIO East Africa.
The African Union's Convention on the Establishment of a Credible Legal Framework for Cyber Security in Africa (AUCC) — which seeks to intensify the fight against cybercrime across Africa in light of rising incidences of cybercrime — has been the focus of debate recently.
In view of this and to further shed light on online security issues in Africa, CIO East Africa sought the views of Ms Sophia Bekele, an internet security expert and international policy advisor over internet and ICT. Below are excerpts.
* * *
1. As regards the state of online freedom in Africa, what are the major issues surrounding online freedom of expression in Africa? What is the best way to empower users to stay safe online while protecting their freedom of expression?
Technology-wise, Africa is still growing in the matters of online freedom. We can draw from several examples in recent past, most visibly in case of the Arab spring, where the national internet connectivity is cut off to suppress freedom of expression. Other governments have also put strict legislation and laws to minimize any activism. As use of online services increases in Africa which is definably the most promising technology destination globally, continued awareness, training and benchmarking by all players will be important.
2. In relation to internet security, data and privacy protection in Africa, what elements need to be put in place to ensure all Internet users (including citizens, companies, as well as governments) continue to have confidence in the Internet?
Existing legislations have to be understood and be coherent so that users are in touch with what they are exposed to when they use online services. Also technology has one constant, and that is exponential dynamism. In 2012 there was a great debate on changing the 1980's ITU International telecommunication regulations, this debate in Dubai changed how stakeholders ought to manage discussions.
Online privacy will continue to be a major factor of the internet resource, thus constant awareness and involvement of users in developing those clear cut legislations, do's and don'ts will be handy. The best way is to make sure users, service providers and government are aware of the acceptable boundaries that every stakeholder must respect.
3. How can African civil society organizations engage ICT policy processes to ensure that rights are not traded for security?
The best and winning formula is to just involve everybody in every step or development that is going on. Multistakeholder approach is very important so that everyone's contribution is factored in. The private sector is good at driving most of the development and governments remains as endorsers and facilitators. That way a thriving balance will be created. I just urge that inclusivity be that main ingredient.
4. What are your thoughts about the African Convention on Cybersecurity, what other proposals need to be included to improve the draft document?
The Africa Union Convention on cyber security is a developing case, thus definitely, it is going to the open space for further debate. I have had a chance to look at the draft and I think with further improvement, critique and careful analysis on clauses that touch especially on privacy and rights of users both offline and offline the legislation will be usable. Our organization DCA, perhaps an early pioneer in IG issues to Africa has put in its early comment recently directly to the AU, soon as it was available in public domain and we are happy that it was accepted well by the African civil society organizations who have embraced our views, and included it as part of a joint voices to the AU. Individual governments have to first off develop their own legislations so that this will be a complement of such legislations.
Africa is endowed with many cultures, economic regions that operate uniquely and therefore this is a debate that cannot be just concluded and accepted without involving all stake holders. Governments and especially the African Union have a chance to involve everybody in continental matters such as this convention development. Everyone has to be aware of the details of what they are signing to adopt.
5. What can African governments learn from the NSA surveillance and Snowden revelations?
2013 was indeed the year of many revelations and definitely the Snowden revelations surfaced and changed perceptions on internet governance. Data is big and the more you know the more powerful you are regarded. The NSA disclosure of classified information to private media organizations places dire implications for global Internet privacy. The United States of America was exposed as a country that practically spies on everybody in a most indiscriminate manner, including its own allies. I made a commentary for the 2013 Year End Review that DotConnectAfrica produces.
African governments are still a long way in accepting such technologies as open data. In my experience in the technology world and especially championing many efforts to bridge the digital divide, I have learned, there is still a need for proper awareness creations on data, use of ICT services to provide government services. African governments can prepare proper legislations and strategize on how to handle private data in a manner that is not intrusive to rights of its citizens. The backlash of the NSA revelations wouldn't be a good experience for any government.
All this emphasizes that internet governance should be a matter that is handled by many stakeholders to avoid giving the governments a monopoly of leadership in policy development.
6. What are the current technology trends and which cyber-security threats raise the greatest concern?
In the past networks and connectivity of stationary computers was the epitome of technology, then came laptops. Now we see the increased preference to powerful hand held devices, such as the tablets, phablets and smart phones have completely taken over. Currently, the trend is to provide services though Apps and mobile devices. Businesses and Individuals have to now concentrate on 'tech-on-the-go'. Social media seems to be increasingly driving these trends. In the coming future all these mobile services have to be synergized in a manner that supports advancement of entities. Some of the cyber security threats include rogue apps, phishing schemes and middleman attacks.
7. Your early career involved Internet Security and Audit. How are evolving Internet services and technologies, such as mobile and cloud computing services, affecting these security threats?
Internet and Cloud are broadening the range of devices and effectively points of weakness. This is balanced by more robust central services that have sufficient scale to justify investment in solutions to address these threats. The world of technology is always evolving, mobile devices are common place and definitely an increased use come with known security threats and those unprecedented threats as well. Cloud computing being a concept that involves an exponential number of computers connected through a real-time communication supports and complements the mobile technologies and other services.
Security threats are real, spanning from denial of service to exposure of private documents and contacts to the public have happened in the past year and are bound to increase, its only paramount that users and service providers are better prepared to mitigate these unavoidable risks. Therefore as one who spent a good years of my career in IS Security and Audit as you noted, and founding and spear-heading various technology start-ups that was the earliest champion of digital divide in Africa, I encourage that proactive approach will be the best method of combating threats, even as we strive and look forward to setting up the first domain registry in Africa.
|Data Center||Policy & Regulation|
|DNS Security||Regional Registries|
|Domain Names||Registry Services|
|Intellectual Property||Top-Level Domains|
|Internet of Things||Web|
|Internet Protocol||White Space|
Afilias - Mobile & Web Services