The Rise of Chinese Surveillance Technology in Africa (part 5 of 6)

Personal Data Vulnerabilities in Africa

Digital initiatives have widened the range of personal data collected by African states. In 2011, the Nairobi government employed a French company, Imprimerie Nationale, to create a biometric data system for their national identity card program. This digitization initiative was justified as a way to bolster tax recovery, streamline administrative processes, and strengthen national security priorities.

Disagreements

From the very beginning, the development of the system stalled due to disagreements between Safaricom, the leading communication company in Kenya, and formal banks over how to structure the system. On the one hand, the formal banks aimed to build a credit reporting system and new government registration program that would allow customers to formalize non-fixed assets like cattle. These assets would then act as a new form of collateral that would allow more citizens to borrow from the banks. The banks, and their advocates, justified their position by appealing to the need for secure identification, stronger national security, and better tax coverage and recovery. Safaricom, however, advocated for a simpler digital biometric registrar system for delivering high-interest micro-loans that did not require collateral. This disagreement was never resolved since the ambitious plan for a panoptic biometric registration, announced by the government in the early 2010s, ultimately never came to pass. Following this outcome, Safaricom launched their micro-loan program, M-Shwari.

Huduma Namba

In 2019, the Kenyan government announced an even more ambitious plan: the National Integrated Identity Management System, popularly known as Huduma Namba, which means service number in Swahili. The database contains information, including biometric information, on Kenyan citizens and foreign residents in the country. It crucially collected the fingerprints and facial photographs of almost 40 million Kenyans. Broadly, the state initiative aimed to consolidate a citizen’s passport, national identification, driver’s license, and social-security card into a single credential. This change would appear not only to engender administrative ease for the government, but also streamline access to public services and participation.

High Court’s Decision

This later initiative also stalled. Kenya’s High Court found that the digital ID initiative did not have sufficient safeguards. Kenya had established a Data Protection Act in 2019 which aimed to manage and protect data once it is acquired, processed, and stored. Yet, as it stands, there are no clear regulations as to how Kenya’s biometric databases or facial-recognition technologies will be used or how the data in these systems will be appropriately vetted. Accordingly, the court ruled to pause the rollout of Huduma Namba because (i) there was no practical legislation in place to guarantee the security and safety of the biometric data processed by the state and its corporate partners and (ii) there were no means to ensure that the systems would not deprive access to historically marginalized groups in Kenya.

The court also ordered the government to conduct a data protection impact assessment. Since then, the government has appealed this decision, calling for a clearer outline of what a robust regulatory framework would look like that would allow implementation of these systems.

Boon of Data Collection

As stated before, the Public Safety Communication and Surveillance System (IPSCSS) has almost 2000 CCTV cameras that are fully operational in Kenya and include facial recognition capacity. Huawei and Safaricom were charged with establishing and operating the surveillance system. These cameras rely on integrated biometric data from multiple sources. This biometric data then feeds databases run by public security. However, with the collection and use of biometric data, there are no means to audit the data and algorithms that empower administrative and security initiatives, creating a cyclical problem where a system is implemented whose benefit cannot be proven without data processed by the system.

Kenya is not a singular example. These trends in the application of administrative and surveillance tools are particularly prevalent in a handful of African countries. For instance, in South Africa, the increase in the procurement and use of Chinese digital surveillance cameras comes in tandem with police-to-police cooperation and training. In 2018, a delegation of South African parliamentarians traveled to Shanghai to tour Shanghai’s Public Security Bureaus and learn how to improve digital policing techniques. Similarly, the Botswana government signed a law enforcement cooperation agreement with Beijing last year. This initiative also followed the procurement of Huawei safe city technology.

The Kenyan government in 2020 appointed a Data Protection Commissioner as a regulatory office to realize the ambitions of the Data Protection Act, but also the necessary regulatory framework to pursue a digital ID program. Yet, because the office falls under the Information, Communication and Telecommunication ministry, the public does not completely trust that it will hold the government accountable for misuse of administrative and surveillance tools. The regulation cannot build public trust and support without a plan in place that guarantees accountability and secure data infrastructure. This includes data auditing, grading, access control, and privacy protection.

Scholarly Attention

From my perspective, researchers and officials should acknowledge both the risks involved in implementing these systems and the need for the collection, deployment, and storage of data to be regulated. Crucially, researchers need to examine how resources are leveraged by local African actors to establish surveillance and administrative tools. Given the diversity of African governments, answers will be derivative of local contingencies.

Secondly, researchers should also widen their attention beyond arguments that suppose Chinese intention to promote the proliferation of surveillance technology, and, thus, the rise of digital authoritarianism in Africa. To be clear, this point does not mean that China does not have an overall strategy in Africa. Nonetheless, ascribing nefarious purposes automatically and making China into a uniquely bad-faith actor does not serve to correctly identify and address the problems of the proliferation of surveillance tools. It also very easily slips into arguments that efface African volition in utilizing these technologies for domestic purposes. This position also removes incentives to analyze African motivations and the drive behind the growth in procuring these systems.

China’s active engagement in Africa needs more examination. But local volition and context must also be carefully studied; after all, these surveillance systems are being installed at the request of local African actors. As the example of Kenya shows, many public and corporate entities are complicit in these emerging development initiatives and privacy threats. Researchers need to ask how local and global factors play into each other and how they influence practical political outcomes on the ground.

AUTHOR

Bulelani Jili is a Ph.D. candidate at Harvard University, where he is a Meta Research Ph.D. Fellow. He is also a Visiting Fellow at Yale Law School, a Cybersecurity Fellow at the Harvard Kennedy School, a Fellow at the Atlantic Council, Research Associate at Oxford University, and Scholar-in-residence at the Electronic Privacy Information Center. He will be writing a series of blogs on Chinese surveillance tools in Africa.