A week after the World Health Organisation (WHO) declared COVID 19 a
global pandemic, Uganda registered its first case. A month later, the disease
was widespread across the country, prompting the operationalization of WHOrecommended and Government-imposed emergency measures to contain
the spread of the virus. These included partial and eventually total lockdowns,
a ban on social gatherings of more than five people, the shutdown of public
transport, air travel, and the closure of businesses except for vital sectors like
food and health.
To ensure continuity of operations, NGOs, much like other
businesses/organizations across the globe, had to heavily depend on digital
tools to continue operations which led to the “Zoom-Era.” The era of working
from home/remotely aided by digital applications like conferencing platforms
like Zoom, which allows for up to 500 participants, voice, and video, messaging
apps, and digital collaborative workspaces in the absence of offices and
physical engagement.
For the highly tech-driven economies from the developed world, this transition was undoubtedly an inconvenient adjustment; unfortunately for developing countries like Uganda, with substantial deficiencies in ICT infrastructure, where only a sixth (1/6) of the population has access to the internet, and 36% of the non-internet users are digitally illiterate1, it was nothing short of a catastrophe.
The Not-for-profit sector was one of those hardest hit by this transformation since the bulk of their work entails awareness and capacity building engagements, socio-civic advocacy/activism, community meetings, and outreach. This study, therefore, sought to investigate the digital security risks associated with the adoption of technological tools given the human rights landscape in Uganda and against the backdrop of the COVID pandemic.
The main objective of the research was; To identify gaps and vulnerabilities that are exposing human rights organizations to digital security risks to develop strategies to build capacity to mitigate any future threats of cyber-attacks, privacy & data breaches.
The study targeted 50 NGOs across the country. To obtain comprehensive
data sets, it necessitated the selection of respondents from both frontline
officers involved in implementing day-to-day activities of human rights NGOs and critical decision-makers such as Executive Directors, Program Managers,
Department Heads and Advocacy Officers.
Guided by the research questions; “Did the adoption of digital platforms expose NGO to any cybersecurity-related challenges? Was the adoption of digital platforms effective in NGOs’ business continuity?” we were able to obtain the following evidence.
Level of Exposure to Digital Tools Prior COVID 19
The research revealed that 50% of the respondents were moderately exposed
to digital security tools before the COVID 19 lockdown. Frontline offices pointed
out that their work primarily constituted physical engagements with their
partners and beneficiaries, which limited the number of tech tools and
frequency. The most commonly used digital tools were voice conferencing call
facilities, voice over internet services like Skype, digital collaboration tools like
Google Suite, Gmail, Google Drive, Google Meet, and Google Docs. Social
media platforms including Facebook, Twitter, and YouTube. However, with the
outbreak of COVID 19 and subsequent lockdown, NGOs had to adopt “new”
tech tools and depend on the ones already in use more heavily to ensure
business continuity. Respondents reported to have adopted video
conferencing and collaboration platforms; Zoom, BlueJeans, Google Meet,
Jitsi, KumoSpace, Microsoft Teams, and GoTo Meetings. These are mainly used
to facilitate internal communication/conducting staff meetings (19%),
communicate with participants (18%), conducting workshops (15%),
communicating and liaising with donors (14%), and providing support to
beneficiaries (14%)
Challenges Faced During and as a Result of Adopting Technological Tools
Facilitating business continuity, increasing efficiency, improving time
management, and other benefits of tech mainstreaming notwithstanding, the
adoption of tech tools was not without challenges. NGO heads reported
internet interruptions as their biggest challenge. Interruptions were either
unstable or, for the case of rural areas, non-existent networks—slow internet
connections due to the minimal broadband coverage. 3G covers only 65% of
the population, and LTE/4G covers only 17%.2
NGO staff in urban areas with access to 4G speeds that could support dataintensive apps like video conferencing tools were affected by the high cost of
data. Individuals reported having spent on average 127,500 UGX per month
purchasing internet data packages—a stretch for most middle seized NGOs
without an internet budget big enough to cover 127,000 worth of data for
each staff.
The above interferences are compounded by frequent power cuts, which
affect enabling ICT hardware and infrastructure such as the cell towers,
desktops, MiFis, and modems.
Exposure to Digital Security Risks
Much like the COVID 19 pandemic, the adoption of tech tools and
mainstreaming of ICT were novel. The timing and abrupt nature of the
circumstances also did not allow for adequate preparation and training on
using the digital tools and digital security concerns. These, therefore, paused
unprecedented risks. 98% of the respondents reported having been exposed
to some sort of digital security risk. Of the reported cases, we deduced that
52% of these were exposed to digital threats while using personal computers
as opposed to the 48% who faced threats while using organization-provided
computers.
It was inferred from the findings that the organizations whose works centres on
social development, justice, law and order, health, education, ICT, and
accountability reported digital threats more frequently. However, this comes
as no surprise, especially in the Ugandan context, whose civic environment is
marred by intimidation, torture, and killing of social justice leaders, illegal
detentions and evictions, and a restrictive legal framework, among others.
However, the research findings highlighted the varying degree in threat level
exposure as experienced by different genders and reaffirmed the disproportionate impact of COVID 19 on women and children. This is
evidenced by NGOs operating in the thematic area of Women’s rights and
reporting the most frequent (26%) exposure to digital security risks from using
technology tools adopted during COVID-19 lockdown.
Forms of Digital Security Risks/ Threats
After service disruptions (41%), online harassment (13%) was the second most
frequent risk respondents reported to have been exposed to due to the
adoption of technology tools during COVID-19 lockdown. Others included;
online harassment (13%), lack of privacy (8%), malware (8%), loss of data (6%),
and unauthorized access to organizational documents. (3%).
Video Conferencing digital tools registered the highest incidences of exposure
to digital security risks. Respondents reported multiple “Zoom bombing”
incidents during which offensive or Not Safe For Work (NSFW) material was
displayed during organizational meetings, hacking into video conference
meetings by uninvited persons and impersonation.
Reporting and Resolution of Digital Security Incidents
The research also highlighted acute digital literacy levels and the urgent need
for increased digital security support for NGOs. Of the 98% of respondents who
reported exposure to digital risks, only 29% reported these exposures to their
corporate ICT team, service provider, platform owner, or digital security group,
the majority (70%) did not report these incidents primarily because they didn’t
know that they could or because they did not know where to report.
Conclusion and Recommendations
While the adoption of new tech tools and increased digital streamlining in
Human Rights Organisations was sparked by an emergency, the digital
revolution has been growing and evolving over three decades and is here to
stay. Pandemic or not, HROs, like other organizations, recognize the necessity
of leveraging and repurposing digital tools for their work advocacy, service
delivery, creative public demonstrations, and meeting emergent needs.
Additionally, it cannot be ignored that with the increased digitalisation are
more significant digital threats both in terms of incidence and sophistication.
With 98% of the respondents in this study indicating exposure to digital security
risks and over 70% of these not reporting the incidents due to ignorance and
absence of relevant digital security support, this demonstrates the
vulnerabilities, threats, and risks HROs are potentially exposed to within the
digital era
This study further exposes how the COVID-19 pandemic has exacerbated
digital inequalities and widened the digital divide between rich and poor,
urban and rural, and vulnerable and privileged—evidenced by limited access
to the internet, digital differentiation, participation gaps, and usage gaps
marking the challenges of digitally disadvantaged organizations or
communities who cannot take advantage the internet and who are at greater
risk of falling behind their digitally resourced counterparts.
Fill the service provision gap in digital security awareness and digital
literacy.
Advocacy on digital inequalities and the associated social inequalities.
Leverage/develop need-specific digital tools. Tailored to advancing
and supporting the work and needs of HRDs in Uganda
Nevertheless, however startling the findings, there-in lies opportunities for HRDs and social activists to;