Mugabe regime must respect Zimbabweans’ right to strong encryption

Encryption is essential to the preservation of freedom of opinion, expression, dissent, and democratic engagement.

Data Security Breach. Photo credit: Blogtrepreneur / Flickr (CC BY 2.0)

By Obert Madondo |  | Published Jul 10, 2017, by The Zimbabwean Progressive

Does it even make any sense to expect Robert Mugabe to respect Zimbabweans’ right to strong encryption,  a cornerstone of security in the digital age? In recent years, his regime has deepened and expanded its surveillance capabilities in ways that test our faith in secure encrypted messaging apps such as Signal and WhatsApp. These apps are Zimbabweans’ first line of defence against the regime’s burgeoning digital authoritarianism.

Encryption protects data and communications from unintended eyes, including those of criminals and unaccountable surveillance agencies in authoritarian and democratic countries. It ensures that the communication you sent across the internet is turned into pure gobbledygook, almost impossible for unintended recipients to unscramble. Only you and the intended recipient, who must have a “decryption key” or password, can make sense of the communication. According to New Scientist, anyone who intercepts encrypted communication “would require a nearly impossible amount of computing power and time to work out the contents of the message.”

Strong encryption is needed in Zimbabwe now more than ever before.

Zimbabwean activists have overcome the organizational weaknesses that have repeatedly crippling the political opposition – by harnessing the power of the internet, digital activism, social media platforms, and modern communication technologies to plan and coordinate high-impact collective actions. The Internet, Facebook and YouTube turned Pastor Evan Mawarire’s April 2016 #ThisFlag video lament into an enduring social media movement. Without Internet-enabled mobile phones, social media platforms and encrypted communication apps such as WhatsApp, the youth-led Tajamuka/Sesijukile grassroots movement’s ongoing protests against Zimbabwe’s continuing economic meltdown and government repression would probably not be as effective as they are.

The internet, social media and modern communications technologies will improve political participation during Zimbabwe’s much-anticipated 2018 elections. They may even provide the firepower needed to nuke the Mugabe dictatorship. These technologies will certainly strengthen democracy in post-Mugabe Zimbabwe.

But Zimbabweans are increasingly harnessing the enriching power of the internet in the face of the Mugabe regime’s increasing digital authoritarianism. The article, “Authoritarianism Goes Global: Cyberspace Under Siege,” published by the Journal of Democracy in 2015, argues:

Far from being made obsolete by the Internet, authoritarian regimes are now actively shaping cyberspace to their own strategic advantage.

The article, written by Ron Deibert, the director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs in Canada, further argues that authoritarians like Mugabe “have developed an arsenal that extends from technical measures, laws, policies, and regulations, to more covert and offensive techniques, such as targeted malware attacks and campaigns to coopt social media.”

Zimbabwe’s Post and Telecommunications Act, enacted in 2000,  and the Interception of Communications Act (ICA) of 2007 allow government interception of communications.  The ICA established a Monitoring of Interception of Communications Center, the “sole facility through which authorised interceptions shall be effected.” In the name of national security, the MICC is empowered to intercept all telecommunications, including emails and phone calls. The so-called Computer Crime and Cyber Crime Bill, introduced in 2016, would authorize the interception communications and seizure of cellphones and computers. The proposed legislation would also facilitate the creation of a Computer Crime and Cybercrime Management Centre dedicated to the interception of Zimbabweans’ communications.

RELATED: How to process WikiLeaks’ Vault 7 dump if you are Zimbabwean

The Mugabe regime responded to Tajamuka/Sesijukile’s mid-2016 #ShutDownZim protests by further boosting its surveillance capabilities. In August 2016, it added the Computer Crime and Cyber Crime Bill to its suite of existing information control legislation. The Bill threatens the open Internet, democracy, human rights, free flow of information, and Zimbabweans’ privacy rights, which are guaranteed by section 57 of Zimbabwe’s 2013 constitution. It proposes “up to 5 years in prison for cybercrime”. Since the Bill’s introduction, government and military officials have repeatedly warned against “abusing” social media platforms, and against colluding with so-called “diaspora cyber terrorists”.

Encryption under attack

Mugabe’s ICA co-opted Zimbabwe’s telecom companies and internet service providers (ISPs) into the government’s surveillance agenda. Under ICA, Zimbabwean service providers must “provide a telecommunications service which has the capacity to be intercepted.” They’re required to provide services “capable of rendering real time and full time monitoring facilities for the interception of communications” by the government. Telecom companies and ISPs who fail to advance the Mugabe regime’s surveillance agenda “shall be guilty of an offence and liable to a fine not exceeding level twelve or to imprisonment for a period not exceeding three years or to both such fine and such imprisonment.” The ICA basically declares total war against encryption.

But encryption is also under attack in democratic countries.

In recent years, the law enforcement and counterterrorism agencies of leading democracies have relentlessly pushed for encryption backdoors. As recently reported by Reuters, “Australia has made it clear it wants tech companies to do much more to give intelligence and law enforcement agencies access to encrypted communications.” In the aftermath of the Westminster terrorist attack, UK Home Home Secretary Amber Rudd characterized the end-to-end encryption now common in modern digital communications as “completely unacceptable”. During a March appearance on the BBC’s Andrew Marr Show, Rudd called for a situation where “our intelligence services have the ability to get into situations like encrypted WhatsApp,” according to the Independent.

In June, the French and British governments agreed to a joint plan of action that would sacrifice our right to online privacy in the name of fighting terrorism. Both democracies want the data and content of our communications to “be rapidly accessed for law enforcement across borders, wherever it is stored.”

“Five Eyes” hunger for encryption backdoors

Addressing a national security symposium at the University of Texas at Austin back in March, former FBI director James Comey pitched the idea of a global “framework” for encryption backdoors. At the end of June, the interior ministers, immigration ministers, and attorneys general of the “Five Eyes,” a surveillance partnership of secretive intelligence agencies from Canada, Australia, New Zealand, United Kingdom, and the United States, met in Ottawa and discussed terrorism, access to data, and encryption. The meetup’s final communiqué suggests what might turn out to be a made-in-Canada global encryption backdoor. While affirming a commitment to the rule of law and human human rights, the document claimed that “encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism.”

The Mugabe regime already has an encryption backdoor.  In addition to its growing arsenal of information control laws, the regime is also heavily invested in Zimbabwe’s information and communications technology (ICT) market. It owns the mobile network NetOne, which controls 36.4% of the share of mobile subscribers, according to a 2016 third quarter report issued by the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), the country’s telecoms regulator. Two of Zimbabwe’s five international internet gateways, NetOne and the fixed network TelOne, are state-owned. The other two,  Africom and Econet, are privately owned. The fifth, TeleCel, is partially government owned. The government also owns Zarnet, one of Zimbabwe’s dozen licensed ISPs.

Civil libertarians pushback

Soon after the Ottawa meeting, 83 organizations and individuals representing some of the world’s most well-known defenders of civil liberties urged the leaders of the Five Eyes agencies and their governments to defend strong encryption.

“In light of public reports about this week’s meeting between officials from your agencies, the undersigned individuals and organizations write to emphasize the importance of national policies that encourage and facilitate the development and use of strong encryption,” the rights defenders stated in a letter coordinated by the New York-based global digital rights defender Access Now. “We call on you to respect the right to use and develop strong encryption and commit to pursuing any additional dialogue in a transparent forum with meaningful public participation.” Read the signatories’ full letter here.

The following quotes from the representatives of some of the rights defenders who signed the letter to the Five Eyes governments explain why strong encryption matters for Zimbabwean activists and rights defenders:

“Encryption is used by governments, businesses, and citizens alike to secure communications, safeguard personal information, and conduct business online. Deliberately weakening encryption threatens the integrity of governance, the safety of online commerce, and the interpersonal relationships that compose our daily lives. We must not sacrifice our core values to the threat of terrorism: the solution to such threats must entail better protecting our basic rights and the technologies that advance them.” — Christopher Parsons, Research Associate and Managing Director of the Telecom Transparency Project at the Citizen Lab, Munk School of Global Affairs

“Massive surveillance operations conducted by the Five Eyes partnership inherently put the human rights of people around the world at risk. The joint communique commits to human rights and the rule of law, but provides no detail as to how these powerful, secretive spy agencies plan to live up to those commitments. We call for public participation and meaningful accountability now; otherwise, those commitments are empty.” – Amie Stepanovich, U.S. Policy Manager at Access Now

“The strength of the tools and techniques that our government and members of the public have and use to secure our nation and protect our privacy is of significant public interest. Transparency and accountability around a nation’s policy regarding the use of encryption is a bedrock importance in a democracy, particularly given the potential of backdoors to put billions of online users at greater risk for intrusion, compromise of personal data, and breaches of massive consumer or electoral databases. The democracies in the ‘Five Eyes’ should be open and accountable to their publics about not only the existence of these discussions but their content, removing any gap between what is being proposed and the consent of those governed by those policies.” – Alex Howard, Sunlight Foundation

“Encryption is a vital tool for journalists, activists, and everyone whose lives and work depend on using the internet securely. It allows reporters to protect their confidential sources from reprisal, and to fearlessly pursue stories that powerful actors don’t want told. It offers protection from mortal danger for dissidents trying to communicate under repressive regimes. Undermining the integrity of encryption puts lives at risk, and runs directly counter to the mandate of the Five Eyes Signals Intelligence agencies to keep their citizens safe.” – Tom Henheffer, Executive Director, Canadian Journalists for Free Expression

“Any attempt by the U.K. government to attack encrypted messengers would be nothing less than an attack on the right to a private conversation. Far from making the internet safer, by undermining the technology that protects everything from our bank accounts to our private conversations, governments around the world are putting us all at risk. Transparency is vital around any coordinated plans that could jeopardize both our security and our rights.” – Silkie Carlo, Policy Officer, Liberty

“We increasingly rely on a secure internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we don’t think we should be seriously weakening the security of the internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats it’s meant to be protecting us from.” – Thomas Beagle, Chairperson, NZ Council for Civil Liberties

“Attempting to undermine the free use and development of strong encryption technology is not only technologically misguided, it is politically irresponsible. Both law enforcement and intelligence agencies have access to more data—and more powerful analytical tools—than ever before in human history. Measures that undermine the efficacy or public availability of encryption will never be proportionate when weighed against their profound threat to global human rights: encryption is essential to the preservation of freedom of opinion, expression, dissent, and democratic engagement. Without it, meaningful privacy, trust, and safety in the digital sphere would not be possible.” — Lex Gill, Research Fellow, Citizen Lab, Munk School of Global Affairs

This article is part of The Zimbabwean Progressive‘s “Zimbabwe Surveillance Self-Defense” initiative, whose main pre-occupation is in-depth, comparative and evidence-based independent journalism on Mugabe’s ever-evolving surveillance and digital authoritarianism. The initiative unmasks Zimbabwe’s key surveillance organizations, practices and information control laws. It brings safe communication technologies, strategies and practices to the doorsteps of Zimbabwean activists, rights defenders, journalists/bloggers, and ordinary Zimbabweans who wish to defend themselves and their families, friends and communities against government surveillance.

Obert Madondo is an Ottawa-based blogger, activist, photographer, digital rights addict, and former international development administrator. He’s the founder and editor of these blogs: The Canadian ProgressiveZimbabwean Progressive, and Charity Files. Follow him on Twitter: @Obiemad

This article is published under a Creative Commons Attribution-NonCommercial 4.0 International licence. No permission is required for non-commercial reuse and distribution. However, you’re strictly required to cite the original source in accordance with the terms of the license.