Telecommunications Surveillance and Cryptography Regulatory Policy in Africa
This article examines regulatory policy of cryptography in Africa. Some consider public availability of strong cryptography to be a civil right. Whether used to protect sensitive information or verify identities, individuals and corporations alike benefit from cryptographic software in a world that is becoming increasingly networked. By the same token, users of cryptography might commit hostile acts towards nation-states: evasion of copyright law, commission of fraud, leaking confidential documents, tax evasion, money laundering, or participation in black markets. Given the relative lack of development within the realms of Internet connectivity and computational power in Africa, growth in the digital sector will inevitably bring about socio-political changes that will undoubtedly have far-reaching consequences for the world’s second largest continent.
“If privacy is outlawed, only outlaws will have privacy.”[i]
Historically, Africa has been viewed by many as an under-developed continent, bereft of sciences, medicine and technology, especially in the area of computer applications, inventions and software. Indeed, in this era of the super technological information highway, Africa is rarely the center of academic attention (especially in the West) when issues of computer science/technology are discussed or studied, except on those frequent occasions where Africa’s purported deficiencies are put on display at academic meetings under the guise of critical scholarly analysis. Perhaps one reason why Africa gets short shrift within those circles is because: while Africa makes up 14.1% of the world’s population, less than 8.0 percent of all Internet users in the world are in Africa compared to 44.8% of the world’s internet users who live in Asia, 21.5% who live in Europe and 11.4 percent who live in North America.[ii] Simply put, Africa is not viewed as a major player on the transatlantic super information highway. Consequently, the notion that Africa and science and technology are an anathema, may resonate with the uninformed, but to those who understand the importance of technology to Africa in a globalized world, also recognize that the history of science and technology in Africa is neither new nor inconsequential.
Africa has a long and storied history of science and technology. In ancient northeast Africa, places such as Egypt, Nubia and Aksum that had evolved large complex state systems supported a division of labor that spurred the creation of technologies involved with the engineering of public works. In other parts of Africa the applied sciences of agronomy, metallurgy, engineering and textile production, as well as medicine were featured prominently in the various city states, kingdoms, and empires that dominated the political landscape. Despite this robust history the musings and writings of some of the worlds’ most highly regarded intellectuals who for centuries maintained that Africa was an inferior civilization in every imaginable way convinced many otherwise. In the 1830s for example, Georg W. F. Hegel, the German philosopher said about Africa “for it is no historical part of the world; it has no movement or development to exhibit.”[iii] Over the years this line of reasoning became part of the Western world’s canon, inculcating classrooms, textbooks and a myriad of other venues. Indeed, this type of racial caste philosophy held a prominent place during Hitler’s reign of Germany 100 years later. Not all German intellectuals and rulers, however, were consumed with postulating their own racial superiority; some, like Gottfried Wilhelm Leibniz were concerned with contributing to the human condition by creating knowledge that would be of use to the world’s inhabitants.
Liebniz, co-inventor of the infinitesimal Calculus was consumed by the I Ching’s[iv] tendency toward binary thought while developing the binary notation utilized in every modern computer. I Ching is one of many oracles of a binary order, yet examples from antiquity abound in the annals of African cultures. In recent scholarship for instance, Ron Eglash shows the presence of error correcting codes common in modern digital technologies utilized by traditional diviners of West African country of Mali.[v] The field of Computation is not anomalous to Africa, yet erroneous associations with Africa being a backward and uncivilized continent, clouds one’s ability to make important and longstanding historical links.
The possession of nuclear weapons is often a metric used by the United Nations to evaluate whether or not a nation is a world power. Nuclear arms, and by extension, nuclear energy are but two manifestations of modern technology, however. The possession of raw computational power should also be viewed as a measure of socio-politico might, as well as a beacon for technological innovation. Supercomputers[vi] specifically have a wide variety of uses, from the provision of cloud computing services, simulations of protein folding, the search for extraterrestrial intelligence, simulation of nuclear fission, to breaking cryptography through brute mathematics.[vii] Given the compatibility of African cultures with digital culture, an unsettling development sets the tone for discourse regarding the much talked about digital divide: Africa’s absence from these important discussions is troubling. The omission of Africa is evident when one consults the TOP500 project. Created in 1993, the TOP500 project ranks the 500 most powerful commercially available [super] computer systems globally. Neither Africa nor any African country made the list of 500. The availability of digital technologies to the African masses is a key area of concern.
The proliferation of high speed Internet access throughout Africa is essential to the continent’s overall economy and to the material wealth of its citizens. However, to view the future of Africa’s online presence as bleak in comparison to other continents and nations is to ignore recent trends in connectivity. Contrary to what many may believe Africa and Asia (has in the past two years) shown a greater proliferation of wireless Internet access than Europe.[viii] Furthermore, broadband connectivity will be greatly improved throughout Africa as a result of the Africa Coast to Europe submarine fibre-optic cable system, which was launched in Gambia in late 2012. The project connects Africa coastal networks from Cape Town in South Africa to Brittany in France with the purposing of reducing the digital divide and sparking social and economic development.[ix] The Africa coast to Europe fibre-optic submarine cable purports to serve 18 African countries, 7 of which have never had access to high bandwidth connectivity.[x]
As the Internet is often glorified among Western nations as a beacon of freedom, any discussion of a digital divide should also include an analysis of both human and civil rights in this era of the super information highway. The Internet, particularly social networking platforms, has been used in recent years as a tool for political leverage. Twitter and Facebook have been hailed as platforms for peace in the face of tyranny, as evidenced by activism in both Tunisia and Egypt. Considered a part of the “Arab Spring,” these North African uprisings resulted in the ouster of longtime leaders Ben Ali and Mubarak under the banner of democracy. These largely non-violent campaigns of regime change were greatly aided by activists’ use of social media much the same way that members of the Black Consciousness Movement utilized television and the print media to dismantle apartheid in South Africa. Such mass protests demonstrate that even in the face of intense state repression, injustices can be eradicated by exposing the oppressor’s actions to the entire world via various forms of media. Some proponents of the super information highway age suggest that what we conceive as the Internet “radically undermines the relationship between legally significant (online) phenomena and physical location,”[xi] the rise of which is “destroying the link between geographical location and (1) the power of local governments to assert control over online behavior, (2) the effects of online behavior on individuals or things, (3) the legitimacy of the efforts of a local sovereign to enforce rules applicable to global phenomena, and (4) the ability of physical location to give notice of which sets of rules apply.”[xii] Needless to say, such a position seems idealistic at best, and misguided at worst. As with the case of the Africa coast to Europe fibre-optic submarine cable, the penetration of Internet access is inextricably linked to geo-politics. Nation states alongside corporations acting within the confines of national and international law are inevitable actors in building an Internet that can and will regulate the transmission of data.
Cryptography in Africa: An Overview
The concurrent economic and social developments that is likely to emerge in Africa as a result of an increase in Internet penetration presents a quandary with respect to cryptography for African governments. Cryptography offers online commerce and wireless communication, yet as a form of munitions cryptography, it is also accessible to criminals and potential terrorists. Considering this, governments must choose a direction for crypto-law that both preserves the rights of individuals and corporations while at the same time leaving the door open for state mandated decryption of private data. ARPANET,[xiii] the precursor to the Internet, was created in 1969. The popularity of the Internet as we know it today, however, can be traced to the High Performance Computing Act of 1991.[xiv] Given the Internet’s youth and widely available strong cryptography, litigation involving the interception of encrypted data is relatively uncommon. Within Africa, laws specifically pertaining to encryption seem to be limited to the North African states of Egypt, Algeria, Morocco, and Tunisia, along with Nigeria and South Africa. In Africa, South Africa is at the forefront of cryptography law, yet the ethics of key disclosure law is contested by some enthusiasts on the grounds of human rights. The prevalence of 419 scams and other fraud combined with a high level of Internet penetration would undoubtedly prompt the Nigerian government to address the prospect of crypto- anarchy with similar key disclosure terms. Heavy surveillance and censorship throughout Saharan Africa and Ethiopia has fomented international support of dissidents by cypherpunks,[xv] evidenced by hacktivist collective Anonymous’ participation in the Egyptian and Tunisian uprisings alongside other privacy advocates.
In November of 2012, “Spy Files,” a set of confidential and controversial documents were posted on Wiki Leaks, a watchdog website. The documents implicated the French company AMISYS[xvi] in supplying an ‘interception system’ to Colonel Gaddafi’s Libya in 2009. The author of the website viewed the threat of such systems to be personal, as he suggested that the names of lawyers connected to Wiki Leaks and the Bureau of Investigative Journalism were included in the manual that AMISYS shipped to Gaddafi as an example of how the interception system worked.[xvii] This seemingly peculiar development may not be altogether uncommon for a dictator type of government, yet even in other nations that have no restrictions on cryptography other than exports to terrorist countries,[xviii] surveillance is a growing concern that is being vigorously challenged by The Electronic Frontier Foundation.[xix] With exponential increases in computational power and data storage capacity, it is relatively simple for a well-endowed government to monitor all traffic entering and leaving a country. With regards to data surveillance, the EFF has been a strong proponent of protecting 4th Amendment rights against warrantless searches. With regards to data encryption, the EFF has likewise been a strong advocate of 1st and 5th Amendment liberties.
Cryptography: A Human Right?
The Preamble to the Universal Declaration of Human Rights states “disregard and contempt for human rights have resulted in barbarous acts, which have outraged the conscience of mankind, and the advent of a world in which human beings shall enjoy freedom of speech and belief and freedom from fear and want has been proclaimed as the highest aspiration of the common people.”[xx] Similarly, Article 9 of the African Charter on Human and Peoples’ Rights, or Banjul Charter, states that every individual shall have the “right to receive information” along with the “right to express and disseminate his opinions within the law.”[xxi] While African states such as Egypt and Ethiopia may have ratified the Banjul Charter, recent policies regarding Internet traffic have not been consistent with the Charter’s demands. In the digital age, information can be considered anything from digital currency, copyrighted film, vacation photographs, confidential state secrets or the human genome itself. In his 1969 book Calculating Space Konrad Zuse, the inventor of the first modern computer, suggested that reality might be the result of various computer programs running on a universal computer (i.e. the Universe).[xxii] In this sense, everything known to humankind could be ‘digitized’ or reduced to zeroes and ones. As technology rapidly evolves, and world consumers place their trust in cloud computing and social networking services, some of which claim intellectual property rights on consumer data, some groups will inevitably seek privacy. Timothy May, a prominent cypherpunk suggests that “strong crypto provides a technological means of ensuring the practical freedom to read and write what one wishes to.”[xxiii] For some, cryptography seems to be the only solution to threats of privacy, as human society adapts to the digitalization of world networks.
OpenPGP is one such strong-cryptography product believed by some law enforcement agencies worldwide to be unbreakable. OpenPGP[xxiv] uses symmetric-key cryptography to provide military grade identity authentication and ciphering to anyone with access to a computer who does not reside in a United States defined terrorist supporting state. Phil Zimmermann, creator of PGP or Pretty Good Privacy, points toward a lack of respect for civil liberties on the part of the U.S. Government, as his impetus for creating said software. Zimmerman recounts the story of COINTELPRO, an initiative launched by FBI Director J. Edgar Hoover that spied on Communists, war protestors and civil rights activists, including Dr. Martin Luther King Jr. whose telephone was routinely wiretapped.Zimmerman contends that King might have benefitted from cryptography. Alluding to government scandals and corruption, Zimmerman suggests that “some overzealous prosecutors have shown a willingness to go to the ends of the Earth in pursuit of exposing sexual indiscretions of political enemies.” Perhaps Zimmerman might suffer from personal bias, due to his anti-nuclear activism,[xxv] leading the reader to decide for him or herself whether or not such a distrust of authority is warranted. While early critics of the software questioned the safety of providing military grade encryption to civilians, proponents of strong- cryptography have continued to use the software. In the words of Zimmermann himself, these proponents believed that “when use of strong cryptography becomes popular, it’s harder for the government to criminalize it.”[xxvi]
Key escrow laws were discussed in the early days of cryptography as a way to avoid the possibility of crypto-anarchy. Cypherpunk Eric Hughes strongly suggests that “laws against cryptography reach only so far as a nation’s border and the arm of its violence,” speculating that “Cryptography will ineluctably spread over the whole globe and with it the anonymous transactions systems that it makes possible.”[xxvii] Dorothy Dennings, a Professor in the Naval Postgraduate School’s Department of Defense Analysis wonders whether or not “(cryptography) controls are needed,” or whether “voluntary key escrow, combined with weak encryption and link encryption where appropriate, be sufficient to avoid crypto anarchy?”[xxviii] Voluntary key escrow is achieved by providing copies of all secret keys directly to a government agency or third party acting on behalf of the government. In this scenario copies of secret keys would be held behind layers of security in a dormant state, to be accessed only if proper warrants and decryption directions are granted. A further level of security could be achieved by splitting the keys into fragments and storing each fragment in different locations (possibly managed by several third parties); so as to avoid readily available access to said keys. While secret keys might still be protected by passwords or passphrases, the process of trying all possible passwords might take less timeand be hardware intensive rather than attempting to factor large numbers into primes. Those who use cryptography to avoid government surveillance would likely object to key escrow however, and would likewise object to the use of weak (breakable) cryptography. In Africa’s case, discourse around cypherpunk culture would be most readily found in South Africa. Indeed, the precision of South African cryptography legislation sets the precedent for the entire continent.
South African law sets regulations on cryptography in various ways. Chapter V of the Electronic Communications and Transaction Act deals with cryptography providers, defined as “any person who provides or who proposes to provide cryptography services or products in the Republic.” The ECT Act regulates cryptography seemingly with regard to e-commerce and software production as it states:
(1) The Director-General must establish and maintain a register of cryptography providers.
(2) The Director-General must record the following particulars in respect of a cryptography provider in that register:
(a) The name and address of the cryptography provider;
(b) a description of the type of cryptography service[xxix] or cryptography product being provided; and
(c) such other particulars as may be prescribed to identify and locate the cryptography provider or its products or services adequately.
(3) A cryptography provider is not required to disclose confidential information or trade secrets in respect of its cryptography products or services.[xxx]
These edicts appear practical, and in the interests of national security if the designation “cryptography provider” is confined to software developers, still there may be objections if these edicts are placed upon cryptography users. Furthermore, such an effort would be impossible to carry out, and not in the interests of the South African government. Although South Africa has been home to many human rights violations in recent history, within the realm of digital freedoms, the country shines relative to other nations within the continent. Alongside Kenya, South Africa is one of two countries in Africa with an Internet score of “Free”[xxxi] in the Freedom House’s “Freedom on the Net[xxxii] 2012” report.
South Africa’s Regulation of Interception of Communications and Provision of Communication-Related Information Act of 2002 set the parameters for legal decryption mandates. The third chapter of this measure outlines the specifics of directions and entry warrants, while Section 21 deals with the issue of decryption directions[xxxiii] in particular:
(2) Subject to section 23(1), an application referred to in subsection (1) must be in writing and must—
(a) indicate the identity of the—
(ii) customer, if known, in respect of whom the decryption of encrypted information is required; and
(iii) decryption key holder to whom the decryption direction must be addressed;
(b) describe the encrypted information which is required to be decrypted;
(c) specify the—
(i) decryption key, if known, which must be disclosed; or
(ii) decryption assistance which must be provided, and the form and manner in which it must be provided;
(d) indicate the period for which the decryption direction is required to be issued;
(e) indicate whether any previous application has been made for the issuing of a decryption direction in respect of the same customer or encrypted information specified in the application and, if such previous application exists, must indicate the current status of that application…[xxxiv]
In light of these matters, at least two important questions emerge: How should one access the key holder for a piece of encrypted information? and How should one ascertain the existence of encrypted data? Thus South African cryptography law is sophisticated in its prerequisite of defining what encryption actually is. South African encryption law would seem to (solely) seek a framework by which individual data may be intercepted only when the situation was warranted:
(4) A decryption direction may only be issued—
(a) if the designated judge concerned is satisfied, on the facts alleged in the application concerned, that there are reasonable grounds to believe that—
(i) any indirect communication to which the interception direction concerned applies, or any part of such an indirect communication, consists of encrypted information;
(ii) the decryption key holder specified in the application is in possession of the encrypted information and the decryption key thereto;
(iii) the purpose for which the interception direction concerned was issued would be defeated, in whole or in part, if the decryption direction was not issued; and
(iv) it is not reasonably practicable for the authorised person who executes the interception direction concerned or assists with the execution thereof, to obtain possession of the encrypted information in an intelligible form without the issuing of a decryption direction; and
(b) after the designated judge concerned has considered—
(i) the extent and nature of any other encrypted information, in addition to the encrypted information in respect of which the decryption direction is to be issued, to which the decryption key concerned is also a decryption key; and
(ii) any adverse effect that the issuing of the decryption direction might have on the business carried on by the decryption key holder to whom the decryption direction is addressed.[xxxv]
To reiterate, the relevant legislation in South Africa is sophisticated in that it first demands that the requested information is actually encrypted. It is possible to confuse truly random data for encrypted data, and in such cases where the decryption key holder is unknown, cryptography law is ineffective. The use of stenography or plausibly deniable cryptography present an interesting sets of issues for law enforcement agencies. If a short yet incriminating statement is encrypted and hidden within an image file or audio file, how could law enforcement officials conclude that the incriminating evidence actually exists? Furthermore, the use of encryption techniques such as rubber-hose encryption allow for the deciphering of data by multiple private keys: one revealing incriminating evidence, the others revealing innocent plaintext. Given the sophistication of cryptography and its constant revisions, there is a point where one might ask whether or not a data storage device is an extension of one’s own imagination. In cases where law enforcement agencies are presented with ciphertext that is unbreakable, the ability to carry out justice will ultimately depend on the decryption key holder.
Admiral James G. Stavridis of the United States European Command (USEUCOM)[xxxvi] sets the stage for cyber warfare in the information age when he suggests that the cyber domain is employed by terrorist organizations and organized crime syndicates as a means of facilitation: recruiting, fundraising, propaganda messaging, or cyber crime schemes to defraud unwitting victims.[xxxvii] While certainly problematic, one could argue that these specific uses of the internet do not rise to the level of ‘‘cyber threats,’’ as the relative lack of ‘‘cyber sophistication’’ generally demonstrated by these groups does not threaten EUCOM networks in the way that more tech-savvy adversaries might be capable of doing.[xxxviii]
Such a disposition towards criminal and terrorist use of the Internet points towards a sense of confidence relative to the capability of state surveillance. The factions exhibiting “cyber sophistication” seem to point toward the cypherpunks of today, those individuals facilitating the proliferation of confidential information while simultaneously combating hacktivist efforts. When asked whether or not the United States military is “adequately prepared” to defend against cyber-terrorism in Europe, Stavridis responded that,
EUCOM’s threat environment over the past year has seen an increase in hacker- activist (colloquially termed ‘‘hacktivist’’) threat activity from non-state actors. The expectation is that the hacktivist threat will continue to increase in the near term. Preparing for an evolving and changing threat such as hacktivism is a challenge, but the agile and flexible work force at EUCOM is the best defense for such a dynamic adversary.[xxxix]
While vague and diplomatic, Stavridis’ response points toward a global concern for crypto-anarchism. In light of the digital divide, one must wonder if nation states are as concerned about cyber warfare in Africa as they are in other places. General Carter Ham, who was the second Commander of the US AFRICOM[xl]shifts discourse from Europe to Africa, as he submits:
Events in Africa over the past year provide both opportunities and challenges. The Arab Spring gives us the opportunity to assist in the development of new governments and militaries while instability in East Africa and the Sahel region of North Africa requires greater vigilance to address threats posed by violent extremist organizations.
North Africa has received a fair amount of media attention in recent years due to political turbulence, and cryptography has been involved in each effort (something that is likely true in many cases of military engagement). Unlawful use of cryptography by activists in Egypt is alluded to in a Democracy Now! interview with Tor[xli] developer Jacob Appellate, as he suggests that “when Mubarak in Egypt wants to wiretap someone, they only see an activist talking to the Tor network; they don’t see that person connecting to Twitter,” something possible for “everybody everywhere to resist so-called lawful interception.”[xlii]
While the definition of what a cryptography provider is, might strike some South African skeptics as ambiguous, Article 64 of the Egyptian Telecommunication Regulation Law No. 10 of 2003 states rather straightforwardly that:
Telecommunication Services Operators, Providers, their employees and Users of such services shall not use any Telecommunication Services encryption equipment except after obtaining a written consent from each of the NTRA, the Armed Forces and National Security Entities, and this shall not apply to encryption equipment of radio and television broadcasting.[xliii]
This suggests that Egyptian law requires all civilians to register with the state in order to legally use cryptography. The use of cryptographic platforms such as Tor to evade government surveillance and censorship during the Egyptian uprising demonstrates that citizens are not afraid to break with policies that undermine freedom. Those who may have legitimately registered for the use of cryptograph would have no protection of privacy against their government as the Telecommunication Regulation Law states:
With due consideration to inviolability of citizens private life as protected by law, each Operator and Provider shall, at his own expense, provide within the telecommunication networks licensed to him all technical potentials including equipment, systems, software and communication which enable the Armed Forces, and National Security Entities to exercise their powers within the law. The provision of the service shall synchronize in time with the availability of required technical potentials. Telecommunication Service Providers and Operators and their marketing agents shall have the right to collect accurate information and data concerning Users from individuals and various entities within the State.[xliv]
This passage is troublesome in that it acknowledges a right to privacy while “technical potentials” are left ambiguously defined. If private encryption keys were considered “technical potentials” for instance, there would be no legal way to withhold data from the state upon suspicion of terrorism. The right bestowed upon Telecommunication Service Providers and Operators to “collect accurate information and data” should be viewed as reason alone why citizens would want to have access to cryptographic products without government intervention.
Continuing a trend of cryptography regulation in North Africa, Tunisian law also depicts a draconian outlook for personal rights. A Human Rights Watch report entitled “Tunisia’s Repressive Laws” details how Article 11 of the Internet Decree prohibits encryption without the proper approval. This aspect of Tunisia’s crypto-regulation is further disconcerting in that users of cryptography must provide the keys needed to decrypt their personal data. The report indicates that by “preventing individuals from taking steps to ensure the privacy of their communications, the law constitutes arbitrary interference with their right to privacy and privacy in communications.”[xlv]
Ethiopia: The Great Firewall of Africa
The trends of mandatory cryptography registration and key disclosure in Egypt and Tunisia tend to undermine the unfree. Ethiopia’s Draft “Offences Related to Unlawful Use of Telecommunication Service” however, presents the most draconian measures against Internet Freedom in Africa today. Ethiopia would seem to be an area where cypherpunk activity is warranted most, as censorship and wiretapping appear to be a state norm as delineated by law:
Whosoever (1) uses or causes the use of any telecommunications network or apparatus to disseminate any terrorizing message connected with a crime punishable under the Anti-terrorism Proclamation No. 652/2009 or obscene message punishable under the Criminal Code; or (2) uses or causes the use of the telecommunication service or infrastructure provided by the telecommunication service provider for any other illegal purpose; commits an offense and shall, without prejudice to the provisions of the Criminal Code relating to the determination of penalties in case of concurrent offences be punishable with rigorous imprisonment from 3 to 8 years and with fine from Birr 30,000 to Birr 80,000.[xlvi]
The reader is left to determine the real meaning of “rigorous imprisonment” while the Ethiopian State is left to determine what constitutes “terrorism,” punishable with “rigorous imprisonment” from 10 to 20 years.[xlvii]
Not surprisingly, Ethiopian legislation garnered significant international media attention in part due to fears that Skype usage might result in incarceration. The Ethiopian government might argue that the draft law aims to restrict unlicensed service providers who use Internet to provide telephone services from Internet to telephone lines, with no restrictions on IP and cyber activities, or computer to computer services.[xlviii] This regulation of Voice Over IP data would seem to be in support of Ethiopia’s state sponsored telecommunications monopoly, yet the legality of using crypto-tools such as Tor is questionable. To determine whether or not Ethiopian nationals are utilizing Skype for computer to phone communication would likely require data inspection, yet one more reason why cryptography is an important issue in today’s Africa.
Decryption Directions and United States Law
Philip Reitinger, an attorney with the Department of Justice Computer Crime Unit, studied the question of key-disclosure and 5th Amendment Rights, observing that faced with the choice of producing a key that unlocks incriminating evidence or risking contempt of court, many will choose the latter and claim loss of memory or destruction of the key.[xlix] Recent cases in the United States would involve compliance however, as seen in the 2012 decision rendered in United States v. Fricosu. The application seeking what would be considered a decryption direction in South Africa suggested that Ramona Fricosu enter the password to decrypt the contents of the hard-drive confiscated from her home without being observed by the government. The question of Fifth Amendment Rights was determined by ownership, and in conclusion Fricosu would provide the unencrypted contents of her hard-drive as the government:
…met its burden to show by a preponderance of the evidence that the Toshiba Satellite M305 laptop computer belongs to Ms. Fricosu, or, in the alternative, that she was its sole or primary user, who, in any event, can access the encrypted contents of that laptop computer. The uncontroverted evidence demonstrates that Ms. Fricosu acknowledged to Whatcott during their recorded phone conversation that she owned or had such a laptop computer, the contents of which were only accessible by entry of a password.[l]
Perhaps if Fricosu had not revealed during conversation that she had the ability to decrypt the data, this case might have been resolved in a different manner. In another case that same year (United States v. Doe)however, a precedent was set for individual rights in the information age. The court ruled that the “district court erred in limiting Doe’s immunity under 18 U.S.C. §§ 6002 and 6003 to the Government’s use of his act of decryption and production while allowing the Government derivative use of the evidence such act disclosed. Doe’s immunity was not coextensive with the protections the Fifth Amendment affords; consequently, he could not have been compelled to decrypt and produce the contents of the hard drives.”[li]
The leaking of sensitive information is likely one of the major concerns of the West with regards to cyber-law. WikiLeaks’ founder suggests that by using cryptography citizens are afforded the ability to “achieve some forms of independence for the intellectual record and for our communications with one another.” Here cryptography is providing authentic identification of an anonymous entity. Both a blessing and a curse, strong-cryptography will heavily influence the course of political actions globally in years to come.
Research shows that the global community is responding to attacks on Internet Freedom in Africa, and strong-cryptography is the means by which these attacks are being dealt with. Conversely, African governments prone to censorship and surveillance have enacted laws in preparation for strong-cryptography use. Given the United Nations Universal Declaration of Human Rights and the Banjul Charters’ insistence on the freedom to disseminate information, it is imperative that the international community consider digital technologies when referencing human rights. The Internet, while heralded as a beacon of freedom by mainstream media, is a dangerous frontier if its users are unaware of surveillance and censorship efforts. As social networking services are used in popular uprisings similar to those in Tunisia and Egypt, the masses will need to be educated on the proper uses of cryptography. Laws requiring mandatory registration and key escrow by strong-crypto users should be re-evaluated in the context of human rights, while users must assess the risks posed to protection against self-incrimination and freedom of speech by decryption directions. Furthermore, legislation regarding exportation of cryptographic software from the United States should be couched in the context of providing tools of liberation to citizens of terrorist states. In a war of words and deeds, surely secrecy matters.[lii
About the Authors
Cory Farmer is a native of Cleveland Ohio; he earned a B.A. degree at Morehouse College before coming to the Ohio State University where he is completing a master’s degree in African American and African Studies.
Judson L. Jeffries is Professor of African American and African Studies at The Ohio State University. Jeffries earned his doctorate in political science at USC in 1997. Before arriving at OSU in 2006, Jeffries was an associate professor of political science, homeland security studies and American studies at Purdue University for eight years. In the past Jeffries has also held teaching appointments and fellowships at Harvard University, Morehouse College, Tufts University and Virginia Tech to name a few.
[i] Philip Zimmermann. “Why I Wrote PGP.” Accessed December 4, 2012. http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html.
[ii] Christian Fuchs and Eva Horak, African and the Digital Divide. Telematics and Informatics 25 (2008) 99-116; Internet World State www.internetworldstats.com/stats.htm
[iii] G. W. F. Hegel, The Philosophy of History (New York: Dover, 1956) 93.
[iv] I Ching, or the Book of Changes, is one of the most well known systems of divination, utilizing a set of 64 hexagrams which refer to various chapters of relevance to the situation at hand.
[v] See Eglash, Bamana Sand Divination: Recursion in Ethnomathematics (American Anthropologist New Series, Vol. 99, No. 1 (Mar., 1997), pp. 112-122).
[vi] Supercomputers are the biggest and fastest machines today and are used when billion or even trillions of calculations are required. These machines are applied in nuclear weapon development, accurate weather forecasting and as host processors for local computer and time sharing networks. Super computers have capabilities far beyond even the traditional large-scale systems. Their speed ranges from 100 million-instruction-per-second to well over three billion.
[vii] By brute mathematics we mean the automated calculation of large numbers with the aid of computers.
[viii] “Mobile Internet Penetration In Africa Increases By 155.59 Percent In Two Years.” Ventures Africa. Accessed December 4, 2012. http://www.ventures-africa.com/2012/05/mobile-internet-penetration-in- africa-increase-by-155-59-percent-in-two-years/.
[ix] “Press Release: Launching of The Africa Coast to Europe (ACE) Cable System.” ACE. Accessed December 04, 2012. http://www.moici.gov.gm/images/stories/ace/ACE-Launching-Press-Release.pdf.
[x] “Africa Coast to Europe Consortium and Alcatel-Lucent Further Strengthen Broadband Continuity in Africa with Maintenance Service Agreement.” Accessed May 10, 2013. http://www3.alcatel-lucent.com/wps/portal/!ut/p/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLd4x3tXDUL8h2VAQAURh_Yw!!?LMSG_CABINET=Docs_and_Resource_Ctr&LMSG_CONTENT_FILE=News_Releases_2013/News_Article_002836.xml.
[xi] Johnson, David R. & David G. Post. “Law and Borders: The Rise of Law in Cyberspace.” Crypto anarchy, cyberstates, and pirate utopias. Edited by Peter Ludlow. Cambridge, Mass.: MIT Press, 2001: 148.
[xiii] The Advanced Research Projects Agency Network was designed as a computer version of the nuclear bomb shelter; it protected the flow of information between military installations by creating a network of geographically separated computers that could exchange information via a newly developed protocol (rule for how computers interact) called NCP (Network Control Protocol).
[xiv] The High Performance Computing Act of 1991 was created and introduced by Senator Al Gore and led to the development of the National Information Infrastructure and the funding of the National Research and Education Network (NREN).
[xv] cypherpunk: a person who uses encryption when accessing a computer network in order to ensure privacy, especially from government authorities. (Oxford English Dictionary)
[xvi] AMISYS Technologies is an information technology services provider.
[xvii] “EXCLUSIVE: Julian Assange on WikiLeaks, Bradley Manning, Cypherpunks, Surveillance State.” Democracy Now! Accessed December 9, 2012. http://www.democracynow.org/2012/11/29/exclusive_julian_assange_on_wikileaks_bradley.
[xviii] Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria.
[xix] The Electronic Frontier Foundation was founded in 1990 in response to a basic threat to freedom of speech. The EFF takes on cases that set important precedents for the treatment of rights in cyberspace. From its inception, EFF has championed the public interest in every critical battle affecting digital rights.
[xx] Preamble, The Universal Declaration of Human Rights.
[xxi] “African Charter on Human and Peoples’ Rights / Legal Instruments / ACHPR.” Accessed December 10, 2012. http://www.achpr.org/instruments/achpr/.
[xxii] Mainzer, Klaus, and Leon O. Chua. 2012. The universe as automaton from simplicity and symmetry to complexity. Heidelberg: Springer. 6.
[xxiii] May, Timothy. “Crypto Anarchy and Virtual Communities.” Crypto anarchy, cyberstates, and pirate utopias. Edited by Peter Ludlow. Cambridge, Mass.: MIT Press, 2001: 77.
[xxiv] Founded in 1991, OpenPGP is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing encrypting and decrypting texts, emails, files, directories and whole disk partitions to increase the security of e-mail communications.
[xxv] Guisnel, Jean, and Gui Masai. 1997. Cyberwars: espionage on the Internet. Cambridge, Mass: Perseus Books. 85.
[xxvi] Philip Zimmermann.“Why I Wrote PGP.” Accessed December 4, 2012. http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html.
[xxvii] Hughes: 83.
[xxviii] Denning, Dorothy E. “The Future of Cryptography.” Crypto anarchy, cyberstates, and pirate utopias.
Edited by Peter Ludlow. Cambridge, Mass.: MIT Press, 2001: 95.
[xxix] “cryptography service” means any service which is provided to a sender or a recipient of a data messages or to anyone storing a data message, and which is designed to facilitate the use of cryptographic techniques for the purpose of ensuring:
(a) that such data or data message can be accessed or can be put into an intelligible form only by certain persons;
(b) that the authenticity or integrity of such data or data message is capable of being ascertained;
(c) the integrity of the data or data message; or
(d) that the source of the data or data message can be correctly ascertained;
[xxx] “Electronic Communications and Transactions Act, 2002.” Accessed December 9, 2012. http://www.internet.org.za/ect_act.html.
[xxxi] Freedom here is defined by the absence of Internet Obstacles to Access, Limits on Content, and Violations of User Rights on the part of nation states.
[xxxii] An annual report conducted by over 50 researchers, who contributed to the project by researching laws and practices relevant to the internet, testing the accessibility of select websites, and interviewing a wide range of sources.
[xxxiii] decryption direction” means a direction issued under section 21(3) in terms of which a decryption key holder is directed to— (a) disclose a decryption key; or (b) provide decryption assistance in respect of encrypted information, and includes an oral decryption direction issued under section 23(7);
[xxxiv] “Regulation Of Interception Of Communications And Provision Of Communication-Related Information Act.” Accessed December 11, 2012. http://www.internet.org.za/ricpci.html.
[xxxvi] EUCOM is one of nine unified combatant commands of the U.S. military, headquartered in Stuttgart, Germany. The commander of EUCOM simultaneously serves as the Supreme Allied Commander, Europe (SACEUR) within NATO. The commander is responsible for 51 countries and territories.
[xxxvii] “HASC Hearing on EUCOM / AFRICOM: Responses to Questions for the Record,” n.d. http://www.fas.org/irp/congress/2012_hr/eucom-qfr.pdf: 184.
[xl] AFRICOM is one of six of the U.S. Defense Department’s geographic combatant commands and is responsibility to the Secretary of Defense for military relations with African nations, the African Union and African regional security organizations.
[xli] TOR, or The Onion Router, is a decentralized network which provides a level of anonymity against surveillance.
[xlii] “’We Don’t Live in a Free Country’: Jacob Appellate on Being Target of Widespread Gov’t Surveillance.” Democracy Now! Accessed December 7, 2012. http://www.democracynow.org/2012/4/20/we_do_not_live_in_a.
[xliii] National Telecom Regulatory Authority, Arab Republic of Egypt. “Egypt Telecomunication Regulation Law No. 10 of 2003.” http://www.tra.gov.eg/uploads/law/law_en.pdf.
[xlv] “Tunisia’s Repressive Laws | Human Rights Watch.” Accessed December 10, 2012. http://www.hrw.org/node/102369/section/2.
[xlvi] “The Telecom Version of the ‘Anti-terrorism’ Law, Read the Full Text.” Accessed December 1 2012. https://www.facebook.com/notes/addis-neger/the-telecom-version-of-the-anti-terrorism-law-read-the- full-text/466219926722944.
[xlvii] “Anti-Terrorism Proclamation No 652/2009 – PART TWO TERRORISM AND RELATED CRIMES | Ethiopian Law Network.” Accessed December 1, 2012. http://www.ethiopian-law.com/federal- laws/procedural-law/criminal-procedure-law/special-procedures/318-anti-terrorism-proclamation-no- 6522009.html?start=2.
[xlviii] “Ethiopia: Govt Denies Banning Skype and Other Internet Communication Services.” Sudan Tribune, June 24, 2012. http://allafrica.com/stories/201206250202.html.
[xlix] Denning, Dorothy E. & William E. Baugh Jr.: 125.