This article is part of UPROAR, a Small Media initiative that is urging governments to address digital rights challenges at the Universal Periodic Review (UPR).
The Rwandan state is built on two competing narratives.
On the one hand, Rwanda is the West’s “donor darling,” seen as a shining example of African development, especially when it comes to internet development and digital transformation. Rwanda has received global acclaim for its expansive mobile network coverage, impressive 4G network coverage, and local smartphone manufacturing.
On the other hand, it operates as an authoritarian state with hegemonic, tightly centralized power. The ruling Rwandan Patriotic Front (RPF) party has positioned itself as the only guarantor of peace, security and development after the country underwent a massive political transition in the wake of the 1994 genocide and civil war, when many politicians, journalists, and civil society actors were killed, displaced or discredited.
The state justifies its tight control over media freedoms, suppression of dissent, and hostility toward opposition as issues of national unity, safety and security, specifically targeting a politically active diaspora who fled Rwanda to live in exile after the war, including former members of armed rebel movements based in the eastern Democratic Republic of Congo, as well as former government figures who fled Rwanda to join political parties in Europe and the United States.
Given the country’s history of divisive ethnic violence, the government has developed a sophisticated strategy of actively monitoring and dismantling opposition voices through cyber-surveillance, threats and violence — not just within the Great Lakes region but across the world.
Over the past three years, the state has also broadened its local mass surveillance capacities with the recent implementation of closed-circuit TV cameras network (CCTV) throughout neighborhoods in Kigali, the capital.
There have been many examples of the state allegedly deploying technology against dissidents and opposition members, as evidenced in several court cases where the prosecution presented private communications sourced from mobile chats apps.
In September 2017, evidence surfaced that the national security and intelligence service was using technology and other spyware to monitor the online activities of dissidents and opposition members.
For example, just a few months after politician Diane Rwigara announced her presidential bid in 2017, she was arrested, along with her mother and sister, on trumped charges of tax evasion and incitement against the government. During the pre-trial hearing, the prosecution presented a WhatsApp audio message allegedly taken from the mobile phones of Rwigara and her mother as evidence against them. It is believed that the authorities got hold of the messages through the use of spyware.
In 2019, an investigative report by the Financial Times shed more light on the state’s tendency to closely monitor citizens’ social media usage. The report revealed the state’s possible use of Pegasus spyware, made by an Israeli tech company.
Through Pegasus spyware, security agencies can collect data from citizens’ smartphones without a trace, including phone calls, contacts, passwords and any data transmitted over applications like WhatsApp or Skype.
The right to privacy is enshrined in the constitution of the Republic of Rwanda as well as in the International Covenant on Civil and Political Rights (ICCPR) to which Rwanda is a signatory.
But law nº60/2013 regulating the interception of communications authorizes the prosecutor to issue a “verbal warrant” to national security and intelligence service to watch, intercept and decrypt any information generated, transmitted, received or stored in any computer resource for reasons of national security.
Further, the absence of specific legislation on personal data protection has given Rwandan security services unfettered discretion to collect data with impunity.
When the state abuses surveillance tools, it puts all citizens at risk. Rwanda currently lacks an appropriate legal framework to guide the usage of online technologies in the context of national security.
The state must consider how to regulate the usage and application of these new technologies. Authorization must rely on objective evidence that comes from a judge or another independent, legal body. Additionally, the state should prohibit the indiscriminate collection of personal data, making allowances only when absolutely necessary.