On June 5, 2013, two acclaimed newspapers, The Guardian and the Washington Post, revealed massive secret surveillance documents of the US government. The revelations have continued to surface to this day in these newspapers, as well as other publications, including France’s Le Monde and Germany’s Der Spiegel.
Initially anonymous, Edward Snowden – a former US National Intelligence Agency (NSA) analyst – was later announced to be the source of the intelligence documents. According to the leaked documents, a top secret program called “PRISM” enabled the NSA to directly access the servers and databases of internet giants, such as Microsoft, Google, Facebook and Apple. NSA analysts, through this program, were able to access users’ search history, content of e-mails, file transfers and live online chats.
Another related surveillance program, called “XkeyScore”, enabled analysts to search, with no prior authorisation, through vast databases containing e-mails and online, as well as browsing the history of millions of individuals. On a video posted on 10 June 2013, Snowden ominously described the magnitude and capabilities of the surveillance programs as follows:
“I, sitting on my desk, could wire tape anyone, from you, your accountant, to a federal judge or even the president, if I had a personal e-mail.”
The surveillance apparently concerned any internet user, irrespective of geographic location. More interestingly, it also covered foreign heads of state and government and embassies of various countries.
The news that the surveillance targeted presidents of Brazil and Mexico, as well as the German Chancellor Angela Merkel caused controversies between the countries. This has perhaps emerged as a serious foreign policy setback for the United States. The European Union (EU), known for its robust data protection regime, is currently on a serious collision course with the US authorities.
It is currently threatening to suspend data sharing pacts that it has with the US. Brazil has even seized the occasion – in collusion with countries, such as Russia and China – to put pressure on limiting the decades-long US control over the global internet. Her resounding opening speech at the 68th United Nations General Assembly, and the later call for an urgent global legal system on the internet, as opposed to one shadowed by the US, have turned into an unprecedented attack on the US’s role in the global internet.
Defending the surveillance, President Obama said: “It was a modest encroachment on privacy necessary to protect the US from terrorist attacks”. The US spy chief, James Clapper, further defended the data scooping, stating that all the information gathered under PRISM was obtained with the approval of the FISA court – a secret surveillance court established under the Foreign Intelligence Surveillance Act of 2008 (as amended) to entertain requests for surveillance.
Obama’s remarks that the “the monitoring of internet communications doesn’t apply to American citizens and those who live within the US” fanned the fire, as he made it crystal clear that non-Americans are targets of the surveillance programs. There is little doubt that US surveillance law is entirely clear in that non-US persons (Ethiopians included) are with no constitutional protections.
While the world was worried this whole summer about the privacy invasions by the NSA, little is heard from Africa in general, and Ethiopia in particular. Given that only a few million Ethiopians are connected to the internet (about 2.5 million by the end of 2012), the lack of concern from Ethiopian internet users is not unexpected. In fact, it is doubtful if an average Ethiopian internet user has ever considered what the revelations meant to their privacy.
On top of this lack of concern or public indifference is the fact that Ethiopia doesn’t even have a legal framework through which internet content providers, such as Google and Facebook, who both played a role in the above mentioned surveillance, could be held liable for a breach of user data. Like many internet users in other countries, we have little interest or patience in thoroughly reading through the terms of use of internet services of those companies which often are set out in a rather complex and lofty manner.
Most of us reluctantly and grudgingly accept those terms. Of course, there barely exists any other option. Not accepting results only in not being able to access the services, which most of us would prefer not to be the case.
What is peculiar about these terms of use is that they are mere self-regulatory policies; not laws in the stricter sense of the expression. And it is in response to this that many countries have enacted data protection laws to regulate the acquisition, storage and processing of users’ personal data by data controllers, like Facebook, Google and Yahoo.
Whilst close to 90 countries have so far issued data protection laws, Ethiopia has not. The Information & Communication Technology Policy of 2009, however, clearly recognises the need, among other cyber-oriented laws, to issue a data protection law.
As the number of internet users increases overtime (the government plans to increase it to 3.69 million by the end of the Growth & Transformation Plan (GTP) period), the data privacy of Ethiopian internet users will undoubtedly become more vulnerable to abuses and breaches. It is, therefore, timely to promulgate laws that protect citizens from data privacy breaches by internet companies and foreign intelligence agencies.
Though belated in symphonising the legal framework with changing circumstances, such as the ubiquity of the internet, the Ethiopian government is recently picking up on these issues. Laws that regulate online behaviour are in the pipeline in Ethiopia. A cybercrime law (drafted by the Information Network Security Agency) and an e-commerce law (reportedly drafted by the Ministry of Communication & Information Technology, in collaboration with United Nations Economic Commission for Africa) are examples.
Yet, as much as establishing the requisite legal framework, raising public awareness about human rights and fundamental freedoms is very crucial. The Ethiopian Human Rights Commission is one such stakeholder in Ethiopia, established by law with the objective of ‘educating the public with the view to enhance its tradition of respect for and demand for the enforcement of human rights upon acquiring sufficient awareness regarding human rights’. The Commission needs to scale up its awareness creation efforts in an era where the human right to privacy is being pronounced dead.
In the ultimate analysis, the awareness and the urge to challenge intrusions of privacy follow the existence of a robust and institutionalised legal framework.
Leave a Reply