1corona digital threats

Digital Security Risks Human Rights NGOs were Exposed to during COVID-19 Pandemic Lockdowns

A week after the World Health Organisation (WHO) declared COVID 19 a global pandemic, Uganda registered its first case. A month later, the disease was widespread across the country, prompting the operationalization of WHO-recommended and Government-imposed emergency measures to contain the spread of the virus. These included partial and eventually total lockdowns, a ban on social gatherings of more than five people, the shutdown of public transport, air travel, and the closure of businesses except for vital sectors like food and health.

To ensure continuity of operations, NGOs, much like other businesses/organizations across the globe, had to heavily depend on digital tools to continue operations which led to the “Zoom-Era.” The era of working from home/remotely aided by digital applications like conferencing platforms like Zoom, which allows for up to 500 participants, voice, and video, messaging apps, and digital collaborative workspaces in the absence of offices and physical engagement.

For the highly tech-driven economies from the developed world, this transition was undoubtedly an inconvenient adjustment; unfortunately for developing countries like Uganda, with substantial deficiencies in ICT infrastructure, where only a sixth (1/6) of the population has access to the internet, and 36% of the non-internet users are digitally illiterate, it was nothing short of a catastrophe.

The Not-for-profit sector was one of those hardest hit by this transformation since the bulk of their work entails awareness and capacity building engagements, socio-civic advocacy/activism, community meetings, and outreach. 

The Digital Security Alliance (DSA), a coordinated digital security support mechanism for human rights defenders, activists, and journalists in Uganda, that is led by Defenders Protection Initiative, with funding from the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) under the African Digital Rights Fund, undertook the study, to Assessing the Levels of digital security risk to which Human Rights NGOs were Exposed to after the adoption of technology tools for business continuity during the COVID-19 Pandemic Lockdowns in Uganda. 

This study, therefore, sought to investigate the digital security risks associated with the adoption of technological tools given the human rights landscape in Uganda and against the backdrop of the COVID pandemic.

The main objective of the research was; To identify gaps and vulnerabilities that are exposing human rights organizations to digital security risks to develop strategies to build capacity to mitigate any future threats of cyber-attacks, privacy & data breaches.

The study targeted 50 NGOs across Uganda. To obtain comprehensive data sets, it necessitated the selection of respondents from both frontline officers involved in implementing day-to-day activities of human rights NGOs and critical decision-makers such as Executive Directors, Program Managers, Department Heads and Advocacy Officers.

Guided by the research questions; “Did the adoption of digital platforms expose NGO to any cybersecurity-related challenges? Was the adoption of digital platforms effective in NGOs’ business continuity?” we were able to obtain the following evidence.

Level of Exposure to Digital Tools Prior COVID 19

The research revealed that 50% of the respondents were moderately exposed to digital security tools before the COVID 19 lockdown. Frontline offices pointed out that their work primarily constituted physical engagements with their partners and beneficiaries, which limited the number of tech tools and frequency. The most commonly used digital tools were voice conferencing call facilities, voice over internet services like Skype, digital collaboration tools like Google Suite, Gmail, Google Drive, Google Meet, and Google Docs. Social media platforms including Facebook, Twitter, and YouTube. However, with the outbreak of COVID 19 and subsequent lockdown, NGOs had to adopt “new” ICT tools and depend on the ones already in use more heavily to ensure

business continuity. Respondents reported to have adopted video conferencing and collaboration platforms; Zoom, BlueJeans, Google Meet, Jitsi, KumoSpace, Microsoft Teams, and GoTo Meetings. These are mainly used to facilitate internal communication/conducting staff meetings (19%), communicate with participants (18%), conducting workshops (15%), communicating and liaising with donors (14%), and providing support to beneficiaries (14%).

Challenges Faced During and as a Result of Adopting ICT Tools

Facilitating business continuity, increasing efficiency, improving time management, and other benefits of information and communication technology (ICT) mainstreaming notwithstanding, the adoption of tech tools was not without challenges. NGO heads reported internet interruptions as their biggest challenge. Interruptions were either unstable or, for the case of rural areas, non-existent networks—slow internet connections due to the minimal broadband coverage. 3G covers only 65% of the population, and LTE/4G covers only 17%.

NGO staff in urban areas with access to 4G speeds that could support data-intensive apps like video conferencing tools were affected by the high cost of data. Individuals reported having spent on average 127,500 UGX per month purchasing internet data packages—a stretch for most middle seized NGOs without an internet budget big enough to cover 127,000 worth of data for each staff.
The above interferences are compounded by frequent power cuts, which affect enabling ICT hardware and infrastructure such as the cell towers, desktops, MiFis, and modems.

Exposure to Digital Security Risks

Much like the COVID 19 pandemic, the adoption of tech tools and mainstreaming of ICT were novel. The timing and abrupt nature of the circumstances also did not allow for adequate preparation and training on using the digital tools and digital security concerns. These, therefore, paused unprecedented risks. 98% of the respondents reported having been exposed to some sort of digital security risk. Of the reported cases, we deduced that 52% of these were exposed to digital threats while using personal computers as opposed to the 48% who faced threats while using organization-provided computers.

It was inferred from the findings that the organizations whose works centres on social development, justice, law and order, health, education, ICT, and accountability reported digital threats more frequently. However, this comes as no surprise, especially in the Ugandan context, whose civic environment is marred by intimidation, torture, and killing of social justice leaders, illegal detentions and evictions, and a restrictive legal framework, among others. However, the research findings highlighted the varying degree in threat level exposure as experienced by different genders and reaffirmed the disproportionate impact of COVID 19 on women and children. This is evidenced by NGOs operating in the thematic area of Women’s rights and reporting the most frequent (26%) exposure to digital security risks from using technology tools adopted during COVID-19 lockdown.

Cybersecurity, secure passwords and site registration. Computer and smartphone protection by antivirus software. People with a lock, key, gear. Devices screens.  Vector flat. (Cybersecurity, secure passwords and site registration. Computer and smartph

Safeguarding Human Rights Defenders during COVID-19

A Strategic Emergency Response Initiative seeking to establish and coordinate a joint mechanism that offers effective emergency response solutions to the dynamic and complex HRDs security needs associated with the working environment in Uganda, especially during this COVID-19 Pandemic.

Cognizant that Uganda has registered some progress in managing the situation and infection rate, these achievements have not gone without a challenge. The majority of non-governmental organizations have had to adapt to the new normal of working from home according to the respective guidelines. Therefore, our civic effort to push back against human rights violations has been curtailed since all attempts to support affected HRDs, activists, and non-governmental organizations have been stifled by the hostile civic space’s attendant elements.

HRDs and individual activists who speak truth to power during this Pandemic are highly susceptible to physical and digital security attacks. These attacks include but are not limited to intimidation, arrest, torture, killings, withdrawal of operation license, defamation, freezing of bank accounts, office closure, computer and network surveillance, office break-ins, theft and confiscation of digital equipment, loss of information, denial of service attacks and internet censorship.

Despite such hostilities, there is a lack of an inclusive, well-coordinated, sustainable and effective emergency response system geared at security, safety, and protection of the HRDs/groups and the allies during this period. Albeit the availability of the several organizations and entities that support HRDs in such instances, a reasonable number of democracy activists within and out of the capital city have on various forums referred to the available emergence response system as ineffective, unsustainable, inaccessible, individualistic, to mention but a few.

We strongly believe that the current and post-pandemic period will require response through concerted effort. Thus, it is imperative to take stock of partner organizations’ possible roles as strategies for responding to any emerging issues.