March 25, 2014

III. Legal Context

International Law

Ethiopia is a party to major international and regional human rights conventions, including the International Covenant on Civil and Political Rights (ICCPR)[281] and the African Charter on Human and Peoples’ Rights (the African Charter).[282] These multinational treaties set out fundamental rights including rights to the security of the person; to liberty of movement; to be free from arbitrary arrest and detention; to privacy; and to freedom of opinion, expression, and association.

In 2011, the United Nations’ preeminent human rights body, the Human Rights Council, affirmed that “the same rights that people have offline must also be protected online.”[283] While these rights are not absolute, any limitations of these rights must meet specific criteria under international law.

Freedom of Expression

Article 19 of the ICCPR guarantees the “freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers,” in any medium, including through Internet or mobile networks.[284] The ICCPR provides that any limitation on the right to freedom of expression must be provided by law that is clear and accessible to the public; must be designed to protect public order, national security, or other legitimate purposes; and must be necessary, proportionate, and use the least restrictive means to achieve the legitimate aim.[285]

Article 9 of the African Charter guarantees that every individual shall have the “right to receive information” and “to express and disseminate his opinions within the law.”[286] The charter also provides for the right to freedom of association and assembly with others.[287]

The special rapporteur on the right to freedom of expression has specifically addressed the permissibility of Internet filtering under international law, expressing that he was:

[D]eeply concerned by increasingly sophisticated blocking or filtering mechanisms used by States for censorship. The lack of transparency surrounding these measures also makes it difficult to ascertain whether blocking or filtering is really necessary for the purported aims put forward by States.[288]

The special rapporteur called upon governments that currently block websites to:

[P]rovide lists of blocked websites and full details regarding the necessity and justification for blocking each individual website. An explanation should also be provided on the affected websites as to why they have been blocked. Any determination on what content should be blocked must be undertaken by a competent judicial authority or a body which is independent of any political, commercial, or other unwarranted influences.[289]

The special rapporteur has also stated that measures to cut off access to the Internet or mobile service entirely, regardless of the justification provided, are “disproportionate and thus a violation of article 19.”[290] The rapporteur has called on all states to ensure network access is maintained at all times, including during times of political unrest.[291] The special rapporteur on freedom of expression and access to information in Africa has also affirmed many of these principles in a 2011 joint declaration.[292]

Right to Privacy

Article 17 of the ICCPR provides that “[n]o one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence,” and “[e]veryone has the right to the protection of the law against such interference or attacks.” The special rapporteur on freedom of expression has interpreted “correspondence” to encompass all forms of communication, both online and offline.[293]

Limitations on the right to privacy similarly must be prescribed by law, necessary to achieve a legitimate aim, and proportional and narrowly tailored to achieving the aim.[294] The special rapporteur on freedom of expression has stated that:

Communications surveillance should be regarded as a highly intrusive act.… Legislation must stipulate that State surveillance of communications must only occur under the most exceptional circumstances and exclusively under the supervision of an independent judicial authority. Safeguards must be articulated in law relating to the nature, scope, and duration of the possible measures, the grounds required for ordering them, the authorities competent to authorize, carry out and supervise them, and the kind of remedy provided by the national law.[295]

To be prescribed by law, limitations on the right to privacy must meet “a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of and can foresee their applications.”[296] The principle of proportionality requires that any surveillance measure must not be employed when less invasive techniques are available, and must be proportionate to the interest to be protected.[297]

As the special rapporteur on human rights and counterterrorism explains, these principles apply even where the stated aim of surveillance is countering terrorism: “there must be no secret surveillance that is not under the review of an effective oversight body and all interferences must be authorized through an independent body.”[298]

Finally, the special rapporteur on freedom of expression has addressed the legality of real-name registration policies and offensive intrusion tactics (that is, secretly infiltrating a computer to steal files or monitor activity). The special rapporteur has called on governments to ensure individuals can “express themselves anonymously online and to refrain from adopting real-name registration systems.”[299] Governments should “refrain from compelling the identification of users as a precondition for access to communications, including online services, cybercafés, or mobile telephony.”[300] In addition, offensive intrusion tactics—methods that involve hacking into computers or networks—threaten “the right to privacy and procedural fairness rights with respect to the use of such evidence in legal proceedings.”[301]

Responsibilities of Companies

Companies have a responsibility to respect human rights. This principle is reflected in the United Nations “Protect, Respect, and Remedy” Framework[302] and the UN Guiding Principles on Business and Human Rights,[303] which are widely accepted by companies and governments. This principle is also incorporated into industry-specific human rights initiatives such as the Global Network Initiative, a global multi-stakeholder initiative that aims to ensure technology companies respect the rights to freedom of expression and privacy online.[304]

The corporate responsibility to respect contemplates that companies should undertake credible human rights due diligence and mitigate human rights risks so that their operations do not facilitate or exacerbate human rights problems. Specifically, the Global Network Initiative Principles and Guidelines and UN Guiding Principles call on companies to:

  • Conduct rigorous due diligence and put in place procedures to identify, prevent, mitigate, and account for how they address their impacts on human rights.
  • Employ human rights impact assessments to identify circumstances when freedom of expression and privacy may be jeopardized or advanced, and develop appropriate risk mitigation strategies. Such assessments should occur in relation to designing and introducing new technologies, entering a new market, taking on business partners, or committing to business contracts or license agreements.
  • Seek clarification or modification from authorized officials when government restrictions appear overbroad, not required by domestic law or appear inconsistent with international human rights standards on freedom of expression and privacy. With respect to sales of technology or services, this principle contemplates an inquiry as to the end use and end user of the technology or service, and procedures to prevent misuse of a company's technology or services to facilitate human rights abuses.
  • Aggressively challenge or push back when asked to assist with government censorship or illegal surveillance practices inconsistent with international human rights obligations.
  • Engage government officials to promote rule of law and the reform of practices that infringe on the rights to freedom of expression and privacy.
  • Put in place processes to enable remediation of any adverse human rights impacts they cause or to which they contribute.

These standards are relevant to companies who may be asked to assist with censorship or illegal surveillance, or who sell technology and services to countries where there is a serious risk that they will be used to violate rights.

These standards were published in 2008. While many of the telecommunications equipment contracts at issue in this report were signed or completed prior to 2008, telecommunications equipment companies should have been adopting and implementing these principles in their operations since 2008, and should address and mitigate any adverse impacts flowing from engagements that began prior to 2008.

Ethiopian Law

The Ethiopian constitution of 1995 formally guarantees the rights to freedom of expression, freedom of the press, access to information, and to privacy.[305] However, in practice, the Ethiopian government maintains strict control over print, broadcast, and online media, as well as access to Internet and mobile services.

Freedom of Expression and Access to Information

Article 29 of the constitution expressly guarantees that everyone has the “right to freedom of expression without any interference ... through any media of his or her choice.”[306] It also provides legal protections for freedom of the press and other mass media, guaranteeing access to “information of public interest.” Finally, the constitution expressly prohibits “any form of censorship.” A number of laws govern freedom of expression, freedom of the media, and access to information.

The Mass Media and Freedom of Information Proclamation of 2008, also known as the press law, appears to reaffirm constitutional protections for mass media, access to publicly held information, and prohibitions on censorship. However, the law in practice grants broad government power to initiate defamation suits (regardless of the defamed official’s interest), imposes crippling financial penalties, and preserves power to arbitrarily deny licenses and registration.[307] Although the press law makes some positive changes such as barring the pre-trial detention of journalists, since 2008 the threat and application of the use of this and other laws has had the effect of decimating what independent media existed in Ethiopia.[308] It is unclear whether the broad terms of the press law also apply to online media, bloggers, or print or broadcast media that also publish online.

The Telecom Fraud Offence Proclamation addresses use of Internet and mobile technologies specifically.[309] Enacted in 2012, the telecom fraud law criminalizes a range of services and activities related to telecommunications services, defined broadly to include mobile telephone, satellite telephone, and Internet services, while also entrenching the monopoly of the government-owned telecommunications operator. The stated goal of the new law is to address telecom fraud, which purportedly prevents the telecom industry from playing “an essential role in … peace, democratization, and development” and poses “a serious threat to the national security beyond economic losses.”[310]

In part, the telecom fraud law restates existing offenses from the Telecom Proclamation of 1996 (as amended in 2002) and increases sanctions for their violation.[311] However, the law also extends the anti-terrorism proclamation and criminal code to online activity. For instance, using a telecom network to disseminate a “terrorizing” or obscene message, or for any other undefined “illegal purpose,” is punishable with up to eight years’ imprisonment and a fine.[312]

The phrase “terrorizing message” is not defined in the law, but the provision allows punishment of any electronic message “connected with” a crime punishable under the anti-terrorism law. The deeply flawed Anti-Terrorism Proclamation contains an overly broad definition of terrorism that can encompass even peaceful expressions of dissent and political protest that pose no threat to national security. The law is particularly worrying for online and offline media because it provides discretion to authorities to prosecute those who “promote” or encourage terrorism. Under the law’s broad definition, this could include bloggers, editors, and journalists who publish articles referring to armed opposition movements, such as the Oromo Liberation Front or the Ogaden National Liberation Front, or any other individuals or groups deemed as terrorists, “anti-people,” or “anti-peace” by the government.

The telecom fraud law also criminalizes commercial provision and use of voice over Internet protocol (VoIP) services like Skype or Google Talk, or services that otherwise “bypass” Ethio Telecom infrastructure.[313] Several government officials have issued statements at the time of the law’s enactment affirming Skype’s legality, especially for personal use.[314]

As discussed in further detail in the Controlling the Internet section of this report, the state-controlled telecom operator Ethio Telecom engages in filtering and blocking of websites. However, the legal basis for this practice is unclear.

Right to Privacy

The Ethiopian constitution specifically guarantees the “inviolability of “notes and correspondence,” including “communications made by means of telephone, telecommunications and electronic devices.”[315] The constitution also provides that “public officials shall respect and protect these rights,” and “no restrictions may be placed on the enjoyment of such rights except in compelling circumstances and in accordance with specific laws” and specific purposes. The telecom fraud law punishes interception and illegal access to telecom systems without authorization, and the criminal code punishes a range of computer crimes, including hacking and unauthorized alteration of data.[316]

Surveillance of Internet and phone communications is allowed under several broadly drawn laws, with vague and superficial safeguards for the right to privacy. As a general rule, to issue a search warrant, the Criminal Procedure Code requires that a court must determine that the “purposes of justice or of any inquiry, trial, or other proceedings under this Code will be served,” a vague and broadly drawn standard that leaves much discretion to courts.[317]

Under the Anti-Terrorism Proclamation, upon obtaining a court warrant, the National Intelligence and Security Service (NISS) can conduct communications surveillance “to prevent and control a terrorist act,” as well as install or remove equipment to enable such surveillance.[318] The anti-terrorism law lists factors for the court to consider in granting a covert search warrant, including the extent to which measures would assist in preventing terrorism. However, the law does not impose any specific standards or rules to limit court discretion in granting a search warrant. In addition, there is no requirement to disclose any information about how evidence from intelligence reports presented in terrorism cases was gathered, which prevents the ability to challenge use of evidence gathered through illegal surveillance.[319]

Communications service providers are required to cooperate with requests from NISS for assistance.[320] The anti-terrorism law also imposes a duty on individuals and private organizations to produce information or evidence that the police “reasonably believes could assist to prevent or investigate terrorism cases.”[321]

These provisions are overly broad, and prone to misuse by a government that uses its legislation to target opposition politicians, journalists, and others who oppose government policies.

Under a newly-enacted law re-establishing the NISS, this ministerial-level agency has broad powers to conduct surveillance on any person suspected of a range of criminal activities in order to protect national security.[322] These powers are nominally subject to legislative and executive oversight, but the contours of such oversight are undefined. Surveillance requires a court warrant, but the law imposes no procedures or limitations on when courts may grant a search warrant.[323] Given the breadth of the agency’s mandate and the lack of specific safeguards that limit the nature, scope, and duration of the NISS’s surveillance powers, the law leaves undue discretion to the agency and raises concerns about abuse of these powers to target those who might criticize or oppose government policies.

Surveillance conducted under the money laundering and terrorist financing law is subject to a slightly more defined standard: courts can authorize “access to computer systems, networks, and servers” and surveillance of communications if there are “serious indications” that such computer systems and networks or telephone lines are or may be used by persons suspected of money laundering or financing of terrorism.[324] In practice, the law is broad enough to encompass the activities of nongovernmental organizations and other civil society groups, who could then become targets of such surveillance. [325]

Finally, under the telecom fraud law, police may apply for a covert search warrant from the Federal High Court where they have “reasonable ground” to believe that telecom fraud is “likely” to be committed, which allows collection of electronic evidence and evidence gathered through surveillance.[326]

In all, the broad surveillance powers articulated in these laws do not meet a level of clarity and precision required for such limitations to be prescribed by law. The lack of legal safeguards that limit the nature, scope, and duration of surveillance measures, and grounds for judicial approval, raises concerns that these powers are not adequately regulated to prevent arbitrary, unlawful, or disproportionate interference with the right to privacy.

Although court warrants are required for some forms of surveillance, the courts seem to play no ongoing oversight role to safeguard against abuses in carrying out the warrant or over how personal information collected through surveillance is used. Although Ethiopian law provides for an independent judiciary, criminal courts remain subject to political influence, raising concerns that even weak safeguards may be further undermined, especially in cases involving politically sensitive issues of national security.[327] In any case, there appears to be almost no ability to challenge the legality of surveillance and no rule to exclude illegally obtained evidence in criminal proceedings. In practice, it seems much surveillance may be conducted without a warrant.

Lastly, individuals are asked to register with their real name in order to purchase a mobile SIM card or access the Internet at Internet cafés. For Internet cafes, reports emerged in 2006 that the ETA ordered café owners to register and maintain a log of Internet users, and the government has closed cafés in the past for various violations, in particular use of VoIP services.[328] In practice, today this requirement is not consistently enforced. However, in contrast, the requirement for SIM card registration is far more rigidly enforced.

The legal basis for both these practices is unclear and available laws and regulations do not address the requirement. The 2012 telecom fraud law punishes obtaining a telecom service through “fraudulent means,” including by “using the identity code of another person.”[329] Because the state retains a monopoly mobile telephony and cybercafés must be licensed by the MCIT, real-name registration requirements might be addressed in individual license agreements, but Human Rights Watch has been unable to confirm.[330] Such practices do not appear to be regulated in law.

[281]International Covenant on Civil and Political Rights (ICCPR), adopted December 16, 1966, G.A. Res. 2200A (XXI), 21 U.N. GAOR Supp. (No. 16) at 52, U.N. Doc. A/6316 (1966), 999 U.N.T.S. 171, entered into force March 23, 1976. Ethiopia ratified the ICCPR in 1993.

[282] African [Banjul] Charter on Human and Peoples’ Rights (the African Charter), adopted June 27, 1981, OAU Doc. CAB/LEG/67/3 rev. 5, 21 I.L.M. 58 (1982), entered into force Oct. 21, 1986. Ethiopia ratified the African Charter in 1998.

[283] UN Human Rights Council (UN HRC), “The promotion, protection and enjoyment of human rights on the Internet,” Resolution 20 (2012), U.N. Doc A/HRC/20/L.13, http://www.regeringen.se/content/1/c6/19/64/51/6999c512.pdf (accessed October 11, 2013).

[284] Report of the special rapporteur on the Internet, para. 20 (“the Internet has become a key means by which individuals can exercise their right to freedom of opinion and expression.)

[285] UN Human Rights Committee, General Comment No. 34, Article 19: Freedoms of opinion and expression, September 12, 2011, U.N. Doc. CCPR/C/GC/34, http://www2.ohchr.org/english/bodies/hrc/docs/GC34.pdf (accessed February 12, 2014). OHCHR, “Freedom of Opinion and Expression - Annual reports,” 2013, http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/Annual.aspx (accessed February 12, 2014).

[286] African Charter, art. 9.

[287] African Charter, arts. 10-11.

[288] Report of the special rapporteur on the Internet , para. 70.

[289] Ibid.

[290] Report of the special rapporteur on the Internet, para. 78.

[291] Ibid.

[292] OSCE, “International Mechanisms for Promoting Freedom of Expression, Joint Declaration on Freedom of Expression and the Internet,” June 1, 2011, http://www.osce.org/fom/78309 (accessed March 14, 2014).

[293] Report of the special rapporteur on surveillance, para. 24.

[294] See Report of the special rapporteur on surveillance. UN HRC, Report of the special rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, Martin Scheinin, (“Report of the special rapporteur on human rights and counterterrorism,”) December 28, 2009, U.N. Doc. A/HRC/13/37, paras. 17-18.

[295] Report of the special rapporteur on surveillance, para. 81.

[296] Report of the special rapporteur on surveillance, para. 83.

[297] Report of the special rapporteur on surveillance, para. 83.

[298] Report of the special rapporteur on human rights counterterrorism, para. 62.

[299] Report of the special rapporteur on the Internet, para. 84.

[300] Report of the special rapporteur on surveillance, para 88.

[301] Report of the special rapporteur on surveillance, paras. 62-63. Offensive intrusion tactics often involve hacking into computers and systems and copying, deleting, or altering electronic information or computer code.

[302] UN HRC, “Protect, Respect and Remedy: a Framework for Business and Human Rights,” U.N. Doc. A/HRC/8/5, April 7 2008, http://www.reports-and-materials.org/Ruggie-report-7-Apr-2008.pdf (accessed April 10, 2013).

[303] UN OHCHR, “Guiding Principles on Business and Human Rights: Implementing the United Nations ‘Protect, Respect, and

Remedy’ Framework,” U.N. Doc. HR/PUB/11/04, 2011,

http://www.ohchr.org/Documents/Publications/GuidingPrinciplesBusinessHR_EN.pdf (accessed April 10, 2013).

[304] Global Network Initiative, “Core Commitments,” undated,

http://www.globalnetworkinitiative.org/corecommitments/index.php (accessed April 10, 2013).

[305] Constitution of the Federal Democratic Republic of Ethiopia, (1995), arts. 26 and 29.

[306] Constitution of the Federal Democratic Republic of Ethiopia, (1995), art. 29.

[307] Freedom of the Mass Media and Access to Information Proclamation No. 590/2008, Federal Negarit Gazeta No. 64, December 4, 2008.

[308] For an overview of media issues in Ethiopia see: Committee to Protect Journalists, “Ethiopia,” 2014, http://www.cpj.org/africa/ethiopia/(accessed February 12, 2014); Article 19, “The Legal Framework for Freedom of Expression in Ethiopia,” http://www.article19.org/data/files/pdfs/publications/ethiopia-legal-framework-for-foe.pdf (accessed February 12, 2014); “Ethiopia: Terrorism Law Decimates Media,” Human Rights Watch news release, May 3, 2013, http://www.hrw.org/news/2013/05/03/ethiopia-terrorism-law-decimates-media.

[309] Telecom Fraud Offence Proclamation No. 761/2012.

[310] Telecom Fraud Offence Proclamation, Preamble.

[311] Telecommunications Proclamation No. 49/1996, November 28, 1996. http://www.eta.gov.et/Scan/Telecom%20Proc%2049_1996%20NG1.pdf (accessed February 12, 2014); Telecommunications (Amendment) Proclamation No. 281/2002, July 2, 2002, http://www.eta.gov.et/Scan/Telecom%20Proc%20281_2002%20(amendment)%20NG.pdf (accessed February 12, 2014).

[312] Telecom Fraud Offence Proclamation, Art. 6.

[313] Telecom Fraud Offence Proclamation, Arts. 9, 10(3)-(4). This prohibition has been in place since the Telecommunications Proclamation was amended in 2002. See Telecommunications (Amendment) Proclamation, art. 2(11). However, the new telecom fraud law increases the penalties available.

[314] See, for example, Ministry of Foreign Affairs, “Ethiopian Telecom law affirms Skype’s legality,” July 13, 2012, http://www.mfa.gov.et/news/more.php?newsid=862 (accessed March 14, 2014).

[315] Ethiopian Constitution, art. 26.

[316] Telecom Fraud Offence Proclamation, art. 5; Criminal Code, arts. 706-711.

[317] Criminal Procedure Code of Ethiopia, Proclamation No. 185/1961, art. 33.

[318] Anti-Terrorism Proclamation, art. 14.

[319] Anti-Terrorism Proclamation, art. 23.

[320] NISS Proclamation, art. 27.

[321] Anti-Terrorism Proclamation, art. 22. Breach of this duty is punishable with up to 10 years of rigorous imprisonment. Anti-Terrorism Proclamation art. 35.

[322] National Intelligence and Security Service Re-establishment Proclamation, No. 804/2013,

[323] National Intelligence and Security Service Re-establishment Proclamation, arts. 8, 22-24.

[324] Prevention and Suppression of Money Laundering and Financing of Terrorism Proclamation No. 780/2013, February 4, 2013, Federal Negarit Gazette, arts. 25 and 52. In addition, the anti-corruption law allows the head of the “appropriate organ” to approve searches and interceptions of electronic communications where “necessary for the investigation of corruption offence.” Revised Proclamation to Provide For Special Procedure and Rules of Evidence on Anti-Corruption, Proclamation No. 434/2005, February 2, 2005, Federal Negarit Gazeta, art. 46.

[325] Prevention and Suppression of Money Laundering and the Financing of Terrorism Proclamation 657/2009, s12.

[326] Telecom Fraud Offence Proclamation, arts. 14-16.

[327] See Human Rights Watch, “They Want a Confession.”

[328] See Groum Abate, “Ethiopia Internet cafes start registering users,” Capital, December 27, 2006, http://nazret.com/blog/index.php/2006/12/27/ethiopia_internet_cafes_start_registerin (accessed March 14, 2014).

[329] Telecom Fraud Offence Proclamation, art. 10(2).

[330] The 2002 Resale and Telecenter Directives does not include real name registration obligations for licensed Internet resellers (e.g., Internet cafés). Ethiopian Telecommunication Agency, “License Directive for Resale and Telecenter in Telecommunication Service,” November 8, 2002, http://www.eta.gov.et/Word/DRAFTRESALEDIRECTIVE(ENG).pdf (accessed March 14, 2014).