ChatGPT Image Jun 16, 2025, 12_24_36 PM

Travel Smart: Protecting Your Digital Privacy in East Africa’s Changing Political Landscape

by Digital SecurityUncategorized

By Helen Namyalo Kimbugwe and Noelyn Tracy Nassuuna

In today’s world, where our entire lives are condensed into handheld devices, the smartphone has become both an incredible tool and a significant vulnerability. For human rights defenders, journalists, and civil society actors in East Africa, the risks associated with carrying sensitive data are rapidly growing. With increasing surveillance, political repression, and data harvesting by authorities, especially across borders, your phone could expose you to threats you never imagined.

Recent developments in East Africa, particularly in Uganda, Kenya, Rwanda, and Tanzania, reflect an alarming pattern. Border officials are more frequently requesting travellers to unlock their phones. In some cases, they take the devices into another room, copy data, and return them 15 to 30 minutes later. This includes access to your photos, messages, apps, call logs, contacts, emails, and even deleted files. For many travelers, especially those involved in activism or advocacy, this kind of intrusion can lead to harassment, arrest, or worse.

Thankfully, there are digital privacy measures you can take to stay ahead. For example, if you’re using GrapheneOS on a Google Pixel device, there’s an advanced feature called “duress mode.” This allows you to set up a special PIN code that, when entered under pressure, instantly wipes your phone. On iPhones, while you don’t get the same feature, you can enable the “Erase Data” option after 10 failed attempts. It’s not as powerful, but it still adds a layer of defence.

A simple yet effective tip: Always use a six-digit passcode instead of four. If you’re worried about forgetting it, you can repeat your four-digit PIN twice—it’s still significantly more secure. Biometrics like fingerprints and face unlock should be avoided while traveling, as authorities can forcibly use them to unlock your device without your consent.

One of the most critical steps you can take is to carry a clean “travel phone.” This is a secondary device that contains only the most essential apps and information—no personal messages, photos, or documents that could be used against you or your networks. Log out of all your email, banking, and social media apps before reaching a border checkpoint. Better yet, delete them temporarily and reinstall later when safe. If you must travel with your primary phone, ensure that it is encrypted. While most modern smartphones are encrypted by default, verifying this in your device settings is important. Although disabling automatic cloud backups (e.g., Google Drive, iCloud, WhatsApp) can be inconvenient, it is a critical step for maintaining data security. Where feasible, back up your data in advance, securely wipe your device before departure, and only restore the information once you are in a trusted and secure environment.

Secure messaging apps like Signal or Briar are highly recommended. Signal offers end-to-end encrypted messages with disappearing message options. At the same time, Briar works without internet access, connecting devices over Bluetooth, a useful tool when networks are shut down or compromised. For browsing, Tor Browser and Brave can help mask your digital footprint, and VPNs like Proton VPN protect your IP and data from being intercepted.

Another lesser-known threat while travelling is using other people’s laptops, power banks, or public USB charging stations to charge your phone. A cybersecurity expert, @MG, recently shared on his X platform that it’s possible to embed malicious hardware in seemingly ordinary charging cables, allowing attackers to silently install spyware or steal data, all through a simple act of charging.

“Every time I travel, I let people charge their devices. Totally harmless. They never know who I am or what I normally do with USB cables, but maybe one day. This lady’s phone died a few minutes into a 5-hour flight. I just wanted her to enjoy her time.”

While this risk is more prevalent in high-surveillance environments or with targeted individuals, East Africa’s tightening political environment means these kinds of attacks are no longer theoretical. Always carry your own power bank and wall plug, and avoid plugging into unknown USB ports or borrowed devices.

In East Africa, it’s not just border crossings where your phone is vulnerable. Internal roadblocks, especially in Uganda, are notorious for phone checks and random inspections. Renaming your contacts with neutral identifiers (e.g., changing “Lawyer” to “Uncle Ben”) can reduce suspicion if your contact list is scrutinized. Documenting human rights violations or organizing protests should be done with tools like ObscuraCam, which can anonymize people in images and secure your data.

All of these precautions may seem extreme, but they reflect the reality of an increasingly hostile digital environment. In the wake of laws such as the Computer Misuse Act and during times of election unrest or crackdowns on civil society, having activist materials or politically sensitive content on your phone can lead to detention or deportation. Even if you’re not the direct target, your phone may contain information that puts others at risk.

This isn’t about paranoia, it’s about preparedness. Just as you wouldn’t hand your passport to a stranger, you shouldn’t let your phone become an open book to authorities or unknown devices. Your smartphone is a window into your work, identity, and community. In the wrong hands, it becomes a weapon.

As you plan your next cross-border trip, whether for a workshop, a conference, vacation, a protest, or a field visit, take these precautions seriously. Train your team, update your digital safety practices, and always assume your device may be searched.

In the end, digital security is not a luxury. It is survival. Protect your data like your passport. Because in East Africa’s shifting political terrain, your privacy may just be your best defense.

U.S. Ruling on NSO Sends Warning as Pegasus Targets Ugandan Journalists

by AdvocacyDigital SecurityDigital SecurityResearch

By Noelyn Nassuuna | 8 May 2025

In a historic decision on May 6, 2025, a U.S. jury in California ordered NSO Group to pay $168 million in damages for deploying its Pegasus spyware to hack WhatsApp’s infrastructure. This unprecedented verdict—$447,719 in compensatory damages and over $167 million in punitive damages—marks the first time the notorious Israeli spyware company is held financially accountable in court for its hacking operations.

This ruling is a major victory for global digital rights defenders and a critical warning to companies enabling unlawful surveillance. For years, NSO Group’s Pegasus spyware has been linked to grave human rights violations, including the targeting of journalists, activists, and dissidents worldwide. Meta, the parent company of WhatsApp, pursued a six-year legal battle to expose these abuses and protect its users. The judgment follows a landmark January 2025 summary ruling that found NSO guilty of violating U.S. and California hacking laws and breaching WhatsApp’s Terms of Service.

“This verdict sends a clear message to spyware companies that targeting people through U.S.-based platforms will come with a high price,” said Michael De Dora, U.S. Policy and Advocacy Manager at Access Now.

But while the courtroom victory occurred in the United States, its impact reverberates far beyond. Just days before the judgment, Ugandan investigative journalist Canary Mugume took to X (formerly Twitter) to reveal that Pegasus spyware had attempted to infiltrate his device. His post sent shockwaves through Uganda’s media and civil society sectors, especially as the nation edges closer to its 2026 general elections.

This is not the first time Pegasus has been used to target journalists globally. In Uganda, such incidents signal a chilling escalation in the digital threats facing the press. The implications are grave: surveillance software like Pegasus doesn’t just spy on individuals—it compromises entire newsrooms, sources, and the right to information.

“Apple sent this notification to me indicating that I am being targeted by a mercenary spyware. Most of these are used by Governments to hack into phones of journalists, high-profile figures and activists. They last sent this in 2021, there’s a pattern – electoral season.”

In past years, several journalists and human rights defenders in Uganda have reported suspicious digital intrusions, but rarely with hard evidence pointing to a tool as sophisticated and invasive as Pegasus. The spyware is known for its ability to silently infiltrate phones, access messages, camera, microphone, and more—all without the user’s knowledge.

At Defenders Protection Initiative (DPI), we continue to raise alarm and awareness over the growing use of surveillance technologies to intimidate, silence, or endanger the work of journalists, activists, and civil society organizations. The risks are particularly heightened during politically sensitive periods such as elections, where access to reliable information and protection of press freedom are critical for democratic integrity.

The recent U.S. court ruling is a reminder: accountability is possible. It is also a call to action for governments, tech companies, and civil society in Uganda and across Africa to:

  • Strengthen digital security protocols for journalists and human rights defenders
  • Demand transparency and oversight over surveillance technologies
  • Challenge spyware vendors through legal, policy, and public channels

We stand in solidarity with journalists like Canary Mugume and urge all media professionals to report digital threats and seek expert support. DPI remains committed to supporting journalists and human rights defenders through digital security trainings, emergency response, and legal support.

As elections approach, the protection of digital rights is not just a tech issue—it is a human rights imperative.

Uganda’s Move to Procure Social Media Tracking Tool: A New Threat to Digital Rights and Freedoms

by Uncategorized

By Helen Namyalo Kimbugwe and Noelyn Nassuuna

The Government of Uganda is in the process of acquiring a social media tracking tool, a development first reported by The Daily Monitor on April 8, 2025. While officials may justify this move on grounds of national security, the lack of transparency and Uganda’s history of digital repression raise urgent concerns about privacy, freedom of expression, and the civic space—especially as the country nears the 2026 general elections.

This article examines the implications of this tool, the risks it poses to activists, journalists, and civil society, and what can be done to resist digital surveillance and safeguard fundamental rights.

Read the full article here:

Uganda’s Move to Procure Social Media Tracking ToolDownload

The Guardians of Peace: The Crucial Role of Human Rights Defenders in Building a Peaceful World

by AdvocacyCivic SpaceProjects/Our Work SectionResearchSecurity

By Noelyn Tracy Nassuuna

International Peace Day has come and gone, but the mission of building and sustaining peace continues every single day, especially for human rights defenders (HRDs) around the world. These courageous individuals are often on the front lines, advocating for justice, equality, and human dignity in the face of adversity. Their work is crucial in addressing the root causes of conflict and promoting long-lasting peace.

Download Article

Holding Regulators Accountable for Data Privacy and Protection in Uganda’s NGO Sector -DPI

by AdvocacyAdvocacyCivic SpaceProjects/Our Work SectionResearchRisk AssessmentSecurity

By Helen Namyalo Kimbugwe and Noelyn Tracy Nassuuna

As Uganda heads toward a pivotal election season, the release of sensitive financial statements for Non-Governmental Organizations (NGOs) like Chapter Four Uganda has sparked intense debate. These disclosures carry significant implications for donors, NGOs, and the public, shaping trust, transparency, and operational stability.

What does this mean for NGOs operating in Uganda, their donors, and the communities they serve? How can transparency be balanced with protection in such politically charged times?

To delve deeper into these issues, download the full article now and stay informed about the future of civil society in Uganda.

Holding Regulators Accountable for Data Privacy and Protection in Uganda’s NGO Sector -by DPIDownload
WhatsApp Image 2024-06-24 at 12.51.09

Protection of Environmental Defenders: Safeguarding Fundamental Rights and Environmental Sustainability 

by AdvocacyLEDs ProtectionProjects/Our Work Section

Land and environmental defenders are some of the most passionate and committed people who unfortunately experience significant reprisals, as reported through our Seek Support portal. Instances of arbitrary arrests, harassment, physical attacks, and threats have hampered their work and forced many to withdraw from advocacy.

The survival of our environment and the defence of fundamental rights are interlinked with the protection of environmental advocate. Prioritising these crucial areas of protection is necessary to achieve these interconnected goals:

  1. Legal Protection: Instituting robust legal frameworks that explicitly safeguard the rights of LED proponents against discrimination, harassment, and violence. 
  2. Access to Justice: Guaranteeing access to justice for LEDs. This involves providing adequate legal resources and support to ensure that perpetrators are brought to justice.
  3. Context-Specific Responses: Recognizing the dynamic challenges faced by environmental defenders, it is crucial to tailor responses to their specific contexts and provide specialised training, resources, and protection mechanisms to address evolving threats.
  4. Inclusion in Climate Policy Formulation: Incorporating environmental protectors into the formulation of climate policies ensures that their voices are heard and their expertise is utilised. This inclusion not only strengthens policy effectiveness but also enhances the legitimacy of environmental governance.
  5. Recognition of Cultural Leaders and Custodians: Acknowledging the rights of cultural leaders and customary landowners as custodians of the land is essential. Their traditional knowledge and stewardship play a vital role in sustainable land management and conservation efforts.

Explore the diverse channels and tools of protection available to LEDs from DPI:

  • Land and Environmental Task Force (LEDTAF): A coalition of diverse organisations providing collective leverage for coordinated response mechanisms for LEDs. Services include legal aid, relocation and rapid response among others.
  • Kyotos (Fireside Chats): Community fireside chats provide a relaxed setting for dialogue, bringing together communities and relevant stakeholders to share information, mediate issues, and address grievances.
  • Digital Security and Security Management Training: To individuals and organisations to enhance operational effectiveness and ensure safety during advocacy efforts.
  • Talk to Your Regulator: Closing the awareness gap on NGO legal frameworks to improve operational efficiency and regulatory compliance for defenders and organisations in the environmental rights landscape.
2-3-1024x576

Collaborative Innovation: The Dynamic Relationship Between NGOs and Regulators

by AdvocacyCivic Space

In today’s rapidly changing world, NGOs have emerged as powerful change agents, addressing social, environmental, and humanitarian issues. These organizations, driven by passion and purpose, often collaborate with regulators to navigate complex challenges and make a lasting impact. This article explores the unique angle of the collaborative relationship between NGOs and their regulators, highlighting the innovative approaches they employ to drive positive change.

1. Embracing Shared Goals:

NGOs and regulators often share common objectives, such as promoting human rights, environmental sustainability, or social justice. By aligning their goals, these entities can work hand in hand, leveraging their respective strengths to achieve meaningful outcomes. Through open dialogue and mutual understanding, NGOs and regulators can effectively create policies and frameworks that address societal needs.

2. Co-Creation of Solutions:

Innovation thrives when diverse perspectives come together. NGOs, with their grassroots knowledge and hands-on experience, bring valuable insights. Regulators, on the other hand, possess expertise in policy-making and governance. By collaborating, NGOs and regulators can co-create innovative solutions that are both practical and sustainable. This collaborative approach ensures that policies and regulations are not only effective but also rooted in real-world experiences.

3. Leveraging Technology:

Technology has become a powerful tool for NGOs and regulators in the digital age. From leveraging data analytics to enhance decision-making to utilizing social media platforms for advocacy, technology has revolutionized the way these entities operate. NGOs and regulators can harness the power of technology to streamline processes, amplify their impact, and engage with a wider audience. By embracing digital innovations, they can adapt to changing landscapes and address emerging challenges effectively.

4. Building Trust and Transparency:

Trust is the foundation of any successful collaboration. NGOs and regulators must foster an environment of trust and transparency to ensure a productive partnership. Open communication channels, regular consultations, and shared information contribute to building trust between these entities. By establishing strong relationships, NGOs and regulators can work together more effectively, creating a positive ecosystem for change.

The relationship between NGOs and regulators is a dynamic and evolving one. These entities can create a synergistic approach to address complex challenges by embracing collaboration and innovation. Through our Talk to Your Regulator program, DPI brings together NGOs and their regulators to build strategic relationships and foster a suitable and accommodating working environment.