March 25, 2014

Recommendations

To the Government of Ethiopia

  • Enact protections for the right to privacy to prevent abuse and arbitrary use of surveillance, national security, and law enforcement powers as guaranteed under international law applicable to Ethiopia. Surveillance should occur only as provided in law, be necessary and proportionate to achieve a legitimate aim, and be subject to both judicial and parliamentary oversight.
  • Legal safeguards should limit the nature, scope, and duration of possible surveillance, the grounds required for ordering them, and the authorities competent to authorize, carry out, and supervise them.
  • Ensure that information obtained through email or telephone interception or access to call records is inadmissible in courts unless a court warrant has been obtained. All laws enabling the admissibility of intercepted information in court should be amended to require a court warrant, including the Criminal Code, the Telecom Fraud Proclamation, and the Prevention and Suppression of Money Laundering and the Financing of Terrorism Proclamation.
  • Enact protections for call records and other “metadata” so that such information may not be collected or accessed by police, security, or intelligence agencies without a court order and oversight to prevent abuse, unauthorized use or disclosure of that information.
  • Enforce the requirements for a court warrant prior to interception/surveillance under the Anti-Terrorism Proclamation and the NISS Proclamation. Ethio Telecom should not provide access to metadata or recorded phone calls without a warrant from a competent, independent and impartial court in line with international standards. Any data collection or surveillance conducted by the Information Network Security Agency (INSA) or National Intelligence and Security Services (NISS) should require prior court approval.
  • Immediately unblock all websites of political parties, media, and bloggers and commit to not block such websites in the future.
  • Immediately cease all jamming of radio and television stations and commit to not jam radio and television stations in the future.
  • Cease harassing individuals for exercising their right to freedom of expression online through social media and blogs.
  • Appropriately discipline or prosecute officials, regardless of rank or position, who arbitrarily arrest or detain or ill-treat individuals on the basis of unlawfully intercepted or acquired information. Impose criminal penalties for illegal surveillance by public or private actors.
  • Report annually on the government’s use of surveillance powers. This reporting should include: the number of data requests made to Ethio Telecom, cybercafés, or other mobile and Internet service providers; the number of requests for real-time interception or recording of phone calls; and the number of individuals or accounts that were implicated by such requests.
  • Provide protections for the rights to freedom of expression and privacy to prevent abuse of emergency powers to shut down networks or intercept communications.
  • Repeal or amend all laws that infringe upon privacy rights, the right to information, and the rights to freedom of expression, association, movement, and peaceful assembly, including the Anti-Terrorism Proclamation, the NISS Proclamation, the Telecom Fraud Proclamation, and the Prevention and Suppression of Money Laundering and the Financing of Terrorism, to bring them in line with international standards. Amendments should include the following articles:
    • Anti-Terrorism Proclamation, article 23(1) and (2) (permitting non-disclosure of information sources and hearsay) and the NISS Proclamation, article 27 (requiring cooperation with NISS information requests). Ethio Telecom and INSA officials should cooperate with NISS only when a court warrant is granted facilitating access to user information.
    • Telecom Fraud Proclamation, articles 6(1) (criminalizes dissemination of messages about activities punishable under the anti-terrorism law) and 10(3) (criminalizes commercial use of VoIP).

To International Technology and Telecom Companies Serving Ethiopia

  • Assess human rights risks raised by potential business activity, including risk posed to the rights of freedom of expression, access to information, association, and privacy. Assessments should address risk of misuse of non-customized, “off-the-shelf” equipment sold to governments that may be used to facilitate illegal surveillance or censorship. Assessments should also address the risk of customizing products and services for law enforcement, intelligence, and security agency customers.
  • As part of a tender or contract negotiation process, inquire about the end use and end users of the products or services being provided, especially for “dual use” products, including “lawful intercept” surveillance software and equipment.
  • Develop strategies to mitigate the risk of abuses linked to business operations and new contracts, including by incorporating human rights safeguards into business agreements. Such strategies should be consistent with the Global Network Initiative (GNI) principles and the United Nations “Protect, Respect, and Remedy” Framework for business and human rights.
  • Adopt policies and procedures to stop or address misuse of products and services, including contractual provisions that designate end use and end users, the violation of which would allow the company to withdraw services or cease technical support or upgrades. Promptly investigate any misuse of products or services and take concrete steps to address human rights abuses linked to business operations.
  • Adopt human rights policies outlining how the company will resist government requests for censorship, illegal surveillance, or network shutdowns, including procedures for narrowing requests that may be disproportionate or challenge requests not supported by law.
  • Extend human rights policies and procedures to address the actions of resellers, distributors, and other business partners.
  • Commit to independent and transparent third-party monitoring to ensure compliance with human rights standards, including by joining a multi-stakeholder initiative like the GNI.
  • Advocate for reform of surveillance or censorship laws to bring them in line with international human rights standards.
  • Review any contracts or engagements initiated before 2008 and craft strategies to address and mitigate any adverse harm that may flow from operations that currently continue under these contracts, consistent with guidance provided by the GNI and UN principles, both launched in 2008. As contracts come up for renewal, incorporate human rights safeguards into newly negotiated contracts.

To the Governments of China, Germany, Italy, the United Kingdom, and Others

  • Regulate the export and trade of “dual use” surveillance and censorship technologies such as deep packet inspection equipment and intrusion software. Require such companies subject to national jurisdiction operating abroad to report on any human rights policies and due diligence activity to prevent rights abuses and remedy them if they arise.
  • Introduce or implement legal frameworks, such as an independent ombudsperson, that allow government institutions to monitor the human rights performance of companies selling surveillance software, technology, or services subject to national jurisdiction when they operate abroad in areas that carry serious human rights risks. Frameworks should include an effective complaints mechanism accessible to individuals and communities in Ethiopia, and those representing them, who allege harmful conduct or impact by companies subject to national jurisdiction doing business in Ethiopia, with findings and decisions binding on companies.
  • Communicate an expectation to the government of Ethiopia that companies operating in Ethiopia should be able to implement the recommendations outlined above.

To the World Bank, African Development Bank, and other Donors

  • Undertake human rights due diligence on telecommunication projects in Ethiopia, to prevent directly or indirectly supporting violations of the rights to privacy or freedom of expression, association, or movement; or access to information including through censorship, illegal surveillance, or network shutdowns. This should include assessing the human rights risks of each activity prior to project approval and throughout the life of the project, identifying measures to avoid or mitigate risks, and comprehensively supervising the projects including through third parties. This due diligence should extend to any government or private sector partners to ensure that they are not implicated in violations.
  • Publicly and privately raise with government officials concerns about censorship, illegal surveillance, and network shutdowns and that human rights violations may undermine development priorities.