W7y8w3

CONGO, republic ofCivil society and cyber surveillance in the Republic of CongoAZUR DéveloppementRomeo Mbengouwww.azurdev.orgIntroductionInformation and communications technologies(ICTs) now hold an important place in our daily lives.They are the source of many benefits, includingeasy and rapid exchanges and communication, datastorage, and the digitisation of administrative procedures.However, technologies must be respectfulof the privacy of users. This obligation applies to all,with few exceptions, and both to institutions and toindividuals.Yet, according to the revelations of EdwardSnowden on the work of the US National SecurityAgency (NSA), it has now been established thatwe are not protected from spying eyes. Everythingwe do is monitored and followed by others for onereason or another. This is cyber surveillance: thatis to say, the technical control of electronic communications.Some use it as a means to spy onwhat others are doing to prepare for any eventuality;others in order to do harm. Whether for onereason or another, cyber surveillance, except incases where it is permitted by law, is harmful forusers because it is a violation of fundamental humanrights, including the right to have your privacyrespected.As a world phenomenon, cyber surveillanceis ignored by some, its threat is minimised byothers, and it is even non-existent in some countries.So, what is the situation in the Republicof Congo? How does civil society consider cybersurveillance? Several Congolese civil society organisationsuse ICTs in their everyday work. Dothey feel monitored on the web? What about theCongolese legislation?These are the questions that this report willtry to answer. To do this, it is important to providean overview of the legal framework for ICTsin Congo, before analysing civil society awarenessof cyber surveillance in the country. This hasbeen done through interviews with civil societyorganisations.Overview of the legal framework for ICTsThe legal framework for ICTs in the Congo currentlyincludes:• The Congolese Constitution of 20 January 2002,which states in Article 19 that “everyone hasthe right to freely express and disseminate hisopinions in speech, writing, image, or any othermeans of communication...” Article 20 says that“the secrecy of correspondence, telecommunicationsor any other form of communicationcannot be violated except in the cases providedby law.”• Law No. 8-2001 of 12 November 2001 on thefreedom of information and communication.This law guarantees the freedom to access informationand communicate, including on theinternet.• Law No. 9-2009 of 25 November 2009 regulatingthe electronic communications sector. Thislaw describes the conditions for the installationand operation of networks and electroniccommunications services. In Article 6 it statesthat “electronic communications activities arepracticed freely in accordance with the terms ofthe legislation and regulations.” This law, whichalso deals with the protection of users’ privacy,prohibits cyber surveillance. Article 125 states:“It is unlawful for any person other than the usersto listen to, record, or store communicationsand traffic data related to them, or submit it toany other means of interception or surveillancewithout the consent of the users concerned, exceptwhen legally authorised to do so…” 1• Law No. 11-2009 of 25 November 2009 establishingthe regulatory agency of postal andelectronic communications. In Article 5 it statesthat the agency promotes and protects theinterests of users in the field of postal and electroniccommunications.Other laws are being drafted, including a law on theprotection of personal data, a law on cyber security,a law on the fight against cyber crime, a frameworklaw on the Congolese information society and1 Law No. 9-2009 of 25 November 2009 regulating the electroniccommunications sector.digital economy, and a plan for national broadbanddevelopment in the Congo.Use of ICTs by civil societyCongolese civil society organisations are workingin several areas, including the defence and promotionof human rights in general, the preservation ofthe environment, the fight against poverty, the fightagainst corruption, the fight against HIV/AIDS, andthe promotion of ICTs.These organisations, such as the CongoleseObservatory of Human Rights (OCDH), have workedand are working on sensitive issues concerning humanrights, and, in the course of their work, theyuse ICTs. Some organisations have computers onwhich they can store sensitive data resulting fromthe analysis or investigation of violations of humanrights. This data could include email addresses andphone numbers. The phone is the most frequentlyused way to contact a civil society organisation inthe Congo. Very few organisations maintain a website,a blog or a Facebook account.Analysis of cyber surveillance in the CongoInterviews with civil society organisations involvedin human rights and ICTs conducted for this reportsuggest that many are unaware of cyber surveillance.They also pointed to the lack of a governmentpolicy on cyber surveillance, and the lack of an independentbody securing personal data.Civil society’s understandingof cyber surveillanceAs suggested, it appears that a number of civilsociety organisations in the Congo have no clearunderstanding of cyber surveillance. This is largelydue to them not having, for the most part, extensiveknowledge of and experience in using computersand the internet. Given that they are seldom presentedwith circumstances that could draw theirattention to cyber surveillance, several organisationsdo not suspect any surveillance, interceptionor control over the internet.Loamba Moke, president of the Association forHuman and Prisoners’ Rights (ADHUC), commented,“The concept of cyber surveillance is unfamiliar tous. It is unclear whether our email communicationsare intercepted or stored, and we don’t know howto secure our data on the internet.” In other words,they do not have the expertise necessary to securetheir communications, but are also unable to detectthe interception or monitoring of their electroniccommunications. A similar point of view is held byWilfrid Ngoyi Nzamba, executive secretary of theCongolese Association of ICT Consumer Productsand Services, who argues that there is a clear lack ofevidence on the existence of cyber surveillance. Hestates that “there is no cyber surveillance in Congo”– but for him the reasons include the fact that thereare few people qualified to carry out surveillance ina country where there are still a lot of “computer illiterate”citizens among the population.However, other organisations are more aware ofdigital security. This is the case with the Organisationfor the Development of Human Rights in Congo(ODDHC), which conducted training on digital securityfor human rights defenders with the support ofthe Multi-Actor Joint Programme (PCPA) in March2013. According to Sylvie Mfoutou Banga, presidentof the ODDHC, “The risk of the piracy of informationfrom human rights advocates has led us to developthis training on human rights and digital security.”Several topics were discussed during the workshop:how to create safe passwords, how to download andinstall free antivirus protection off the internet, andhow to work on the internet without leaving digitaltraces. Regarding phones, Mfoutou does not knowif her phone is tapped.Another organisation, the Group of Journalistsfor Peace (GJP), has received training on the securecommunications software FrontlineSMS and FrontlineCloud.Tools like these “allow members of anNGO to communicate safely,” said Natalie ChristineFoundou, the president of GJP. In 2013, AZUR Développement,in collaboration with the Associationfor Progressive Communications (APC), organisedtraining on the protection of privacy in the managementof online data on women and girl victims ofviolence. 2Lack of a common national policyon data protectionIn the current institutional set-up, there is no commonpolicy on data management, protection andprivacy. Each institution or agency, both private andpublic, is obliged to manage its data in such a waythat no data theft can happen. However, the reasonwhy there is no common policy on data protection issimple: email services and websites are not hostedin Congo, but abroad, particularly in France and theUnited States. Only over the past three years havethere been efforts to set up the Congolese Agency forInternet Naming (ACNIC). This new organisation willnow manage the internet country code domain ‘’.cg’’.“If Congolese civil society or any other person issubject to control or cyber surveillance, this wouldnot be on the part of national authorities, but rather2 www.violencedomestique-congo.net114 / Global Information Society Watch CONGO, republic of / 115