The Legal Justification of Sorts for Ethiopia's Internet Shutdowns

Jul 18 , 2020
By Kinfe Yilma (PhD)

---

The government rarely offers a clear legal justification for resorting to internet shutdowns. In the off chance that it does, it is either a vague defence or unable to hold up when the specific law is given a closer look, writes Kinfe Yilma (PhD) (kinfe.yilma@aau.edu.et), assistant professor of law at Addis Abeba University.

---

Ethiopia's attempt at regulating behaviour in cyberspace over the past decade conjures a mixed picture. While quite progressive policies and laws have been introduced, a number of regulatory practices with no clear legal basis have also run in parallel.

One case in point is the semi-common internet shutdown, which has emerged as a prime regulatory tool in Ethiopia. The government has imposed total and partial internet blackouts on several occasions in the past few years. Be it for purposes of preventing exam cheating, the spread of disinformation or to avert the circulation of conspiracy theories regarding certain political events, internet shutdowns have become recurring episodes.

Early this week, internet access has been partially restored after two weeks of blackout throughout the country. Of course, what is called 'gateway' regulation, like internet shutdown - a form of regulation meant to clog the flow of problematic content - has been part of the government's regulatory repertoire long before the internet became a source of problematic content.

Past practices of jamming foreign-based satellite television and radio stations, which were later followed by rampant practices of blocking access to websites, are still fresh in mind.

Yet the Ethiopian government rarely offered a clear legal justification for resorting to shutdowns. Under what legal basis the government restricted internet access for several days, and sometimes weeks, is unclear. Often, the government presents lumbering defences for its opaque shutdown practices. Internet is neither water nor air, it has been claimed before, and thus could be restricted when the government deems there is a threat to national security.

More recently, the Office of the Federal Attorney General incidentally offered a legal justification of sorts for internet shutdowns in its formal comments on an April 2020 report of the UN Special Rapporteur on Freedom of Opinion and Expression that lamented government shutdown practices. This casual legal justification has two prongs. First, the government noted that the 2013 law that re-established the Information Network Security Agency (INSA) empowers it to “keep the country safe from any threats against national security and it can take measures when the necessity arises."

This law provides a legal basis for internet shutdowns, according to the government.

But a closer look at this law does not support this claim. Nowhere in this law is the Agency's power of cutting internet access for national security purposes either explicitly stated or remotely implied.

The closest this law comes is when it empowers INSA to take "countermeasures" for cyber-attacks against the nation's critical infrastructure like power grids and "citizens' psychology." As the nation's cyber command, this proviso simply empowers INSA to take counter-measures - otherwise called "strike-backs" - against perpetrators of cyber-attacks.

Strike-backs, therefore, are sort of in-kind retaliation by resorting to proportionate cyber-attacks. If the attack was – for instance – in the form of distributed denial-of-services (DDoS) attacks, the Agency might retaliate with similar DDoS attacks or large-scale spreading of malware.

This means two things. First, when cutting internet access, INSA would not be engaging in lawful strike-backs envisioned in its establishment law. Instead, it simply is unlawfully restricting the individual right to free expression, including to access information off the web. Second, most trigger factors for internet shutdowns in Ethiopia, such as social media disinformation, do not really fall under the rubric of cyber-attacks imagined in the law.

Disinformation is a form of hybrid cyber threat but not quite a cyber-attack warranting lawful strike-backs.

Even if it were, how would a state hit back proportionately against coordinated disinformation campaigns by non-state actors?

INSA had previously invoked a similar line of reasoning to justify the brief internet blackout in December 2019. Then, INSA claimed the brief shutdown was needed to fight off active cyber-attacks against the nation. But this justification lacked any legal basis.

The second part of the government's legal justification to the UN Special Rapporteur is that internet shutdowns are taken "seldom with maximum restraint," and in line with international human rights and national constitutional standards of "legality, legitimacy, necessity and proportionality."

But not only are internet shutdowns often occurring - and at times, for an extended period of time - but they also lack clear legal basis thus failing to meet the requirements of 'legality'. This makes it immaterial to consider whether the other requirements of necessity and proportionality are fulfilled.

Recurrent episodes of arbitrary internet shutdowns in Ethiopia suggest that the government saw value in internet shutdowns as a useful regulatory measure. But its reticence to offer any clear legal justification implies its apathy to the rule of law.

If its rule of law and human rights rhetoric were sincere, it would have found a sound legal basis for its human rights infringing practices of internet shutdown. And this would not have required introducing a new piece of legislation but only a closer look at the existing catalogue of internet laws.

Of these, the more recent cybercrime law arguably offers a defensible legal basis for internet shutdown, as well as the blocking of problematic websites. Thus, it is Article 32(5) of the Computer Crime proclamation where the government must turn to with a view to credibly justify gateway measures such as internet shutdowns.

This provision empowers cybercrime investigators to have a given "computer system" or "computer data" rendered inaccessible or blocked based on a court order where its functioning violates the cybercrime law or other relevant laws.

A computer system is defined broadly to include computer networks like the internet, which simply is a network of computers meshed into a system with globally accepted protocols of computer communications. Likewise, the definition of "computer data" essentially captures web content, thereby allowing the blocking of specific websites found to disseminate problematic content.

A key point in this provision, though, is that it allows measures of blocking or blackout even when violations of, not just the cybercrime legislation, but also other Ethiopian laws occur. That means when the alleged infringement concerns the recent hate speech and disinformation legislation, investigators could seek a court order to have delinquent websites blocked and arguably have internet access restricted.

This would potentially meet the requirement of legality by providing some legal basis for internet shutdowns, among other modes of gateway regulation. But the virtue of this proviso is that it embodies an important safeguard against potential arbitrariness. Any measure of restricting internet access or blocking particular websites requires prior court warrant. Before deciding whether to grant the request, the relevant court should establish whether the sought measure is necessary and proportionate in light of international human rights standards and the Ethiopian Constitution.

In undertaking the balancing, the court would consider two issues: whether cutting internet access is necessary to fulfill a certain legitimate aim (for instance, maintaining public order) and whether taking that measure would be proportionate to the objective. This rigorous balancing exercise would not only help prevent arbitrary shutdowns but also keep the recurrence of the measures to the minimum.

Of course, the existence of a firm legal basis per se is not a guarantee against arbitrary practices. It all hinges on a number of factors, including the independence of the judiciary and the will to legally challenge arbitrary measures.

Indeed, part of the reason why the government never bothered to adequately justify its frequent shutdown measures is that there was little internal legal challenge. Apart from vocal reports of foreign rights organisations, no meaningful pressure came from local stakeholders, including civil society groups.

The other reason for the hitherto unlawful practices of internet blackout is the monopolisation of the telecom sector. With the government-owned Ethio telecom as the only internet access provider, it is tempting to shut off the internet without the pain of seeking a court order.

In this respect, recent measures toward the liberalisation of the telecom sector will factor in positively. As new private telecom operators with extensive global experience enter the market, days of warrantless internet shutdown may come to an end. But again, this will depend pretty much on the extent to which stakeholders such as civil society groups pursue legal action before courts.

Civil society-led legal actions are bearing fruit elsewhere in Africa. A more recent example is the decision of the ECOWAS Court of Justice, which found Togo's 2017 internet shutdown unlawful. With civil society groups working on digital rights in the offing, it is high time to challenge internet shutdowns before Ethiopian courts.

---

PUBLISHED ON Jul 18,2020 [ VOL 21 , NO 1055]

---