The Rise of Chinese Surveillance Technology in Africa (Part 6 of 6)
October 21, 2022 |
Regulatory Responses to the Spread of Surveillance Tools in Africa
Digital surveillance technologies are often presented as a solution to longstanding structural problems like crime. However, there is no robust empirical evidence that the adoption of Chinese surveillance tools results in the reduction of crime. The continual procurement of these tools despite lack of evidence of efficacy raises a series of questions: why are local elites interested in procuring these tools? To what extent do these tools empower new forms of governmentality? What are the hidden costs of adopting digital surveillance tools for Kenya and other African states?
Procuring digital surveillance tools in Kenya, and across the continent, tends to be justified by governments as a means to deliver development and public security. The establishment of the National Security Surveillance, Communication and Control System, which utilizes CCTV surveillance to detect, prevent, and respond to crime in Nairobi and Mombasa, demonstrates the Kenyan state’s belief that facial recognition capabilities are the answer to public security goals. The system also includes a vehicle registration plate recognition platform that identifies the number plate of vehicles. Yet, there is no evidence that these systems actually achieve the stated goal of increasing public security.
This fetish for digital solutions arises when it is presumed that crime reduction simply relies on applying surveillance technologies. However, monitoring tools like AI CCTV cameras are not smooth-functioning systems that automatically provide efficacious public security. Rather, they are complex platforms that are embedded in a broader social context. Indeed, elites are often blinded by their parochial commitment to surveillance tools as de facto solutions, despite continued lack of evidence that these tools actually deliver better social conditions or solutions to crime. More to the point, the lacuna between the use of digital surveillance technologies and robust legal protections for those surveilled fuels concern. Adoption of surveillance technologies is rarely accompanied by robust regulatory measures.
Currently, there is no Kenyan national policy regulating the installment and use of CCTV cameras. Despite the assumed benefits of these digital tools, the worry is that the system was introduced without the necessary data protection laws in Kenya.
Data Protection Act
Only half of the countries on the continent of Africa have laws on data protection. About two years ago, the Kenyan state produced the Data Protection Act (DPA) of 2019. It gives effect to Article 31 (c) and (d) of the constitution, which speaks to the right to privacy. It also establishes the Office of the Data Protection Commissioner, which outlines the rights of data subjects and seeks to manage and protect data once it is acquired, processed, and stored. The DPA commissioner and the ICT Cabinet Secretary published three draft regulations under the DPA. Notwithstanding these changes, multiple advocates have identified inadequacies in the regulations. Thus far, the DPA has been insufficient in protecting the data of citizens and their right to privacy. Crucially, it also remains unclear how regulations or mandates manage biometric databases, meaning regulatory enforcement on AI surveillance devices remains unclear.
The Kenyan government has claimed that the existing data legislation is sufficient to promote civil liberties. Yet the High Court found that the state’s digital ID program, Huduma Namba, did not have adequate safeguards to protect privacy. Accordingly, the court ruled that the government needs to carry out an impact assessment before it moves forward with the biometric surveillance program. The Data Protection Act ideally should have provided the necessary oversight for these systems, but the High Court’s decision suggests that the courts will be the deciding arena for data protection enforcement. This example, and others like it, circumvent the complaint and administrative mechanisms established by the DPA, making this court-based strategy a more costly path for data controllers and processors.
First, at a regional level, governments must carry out impact assessments on the consequences of digital surveillance tools prior to implementation. Proactively identifying risks offers a way forward regarding plans to mitigate further threats.
What is more, cooperation and collaboration between private and state actors can help to promote good practices. Such an approach engages government, civil society, academia, and private actors in data protection. Public-private partnerships help accelerate capacity building by leveraging multiple actors and resources. For instance, legislators and local and international advocacy groups can establish intergovernmental panels to outline the necessary steps to improve current data protection practices. A shared approach does not only offer more resources and expertise, but it also engenders trust among all stakeholders.
Thirdly, technical experts are needed to staff data commissioner offices. For data protection measures to be realizable, African stakeholders need the expertise to execute them. As such, a premium must be placed on building cyber capability at all levels. This is obviously an arduous task and identifying current cybersecurity risks is a good starting point for concerned parties.
Finally, to promote data protection and best practices, conferences, training programs, and advisory panels are needed, along with engaging advocacy groups, security professionals, policymakers, scholars, and ordinary citizens in the advancement of civil liberties. Such a democratic and collective approach will accelerate the learning curve and promotional initiative, crucially engendering context-contingent solutions relevant to the digital development ambitions of individual African societies.
Bulelani Jili is a Ph.D. candidate at Harvard University, as a Meta Research Ph.D. Fellow. He is also a Visiting Fellow at Yale Law School, a Cybersecurity Fellow at the Harvard Kennedy School, a Fellow at the Atlantic Council, a Research Associate at Oxford University, and a Scholar-in-residence at the Electronic Privacy Information Center and will be writing a series of blog posts on Chinese surveillance products in Africa.