Africa’s low level of cybersecurity has made it a prime target of cybercriminals. This raises the question as to how civil society, in particular, might guard against election manipulation and whether heightened cyber threats can best be countered through partnerships with commercial or state-centred agencies outside Africa.
Cybersecurity and crime are hardly unknown to Africa. None of us has likely been immune to a “419” scam, with the scammer professing to be the inheritor of a large fortune, or an astronaut lost in space, both requiring your bank details to assist them on their earthly passage. The 4-1-9 moniker comes from the section of Nigeria’s Criminal Code which outlaws the practice, though not all of them are sourced from Nigeria. Simply, if it’s too good to be true, it usually is, though thousands still appear to fall for these practices every year, presenting apparently too great a temptation.
But the format of African cyber insecurity is changing.
While African security issues tend to feed off the lack of institutional maturity and frailties in the economic and social landscape, and mobile subscriber penetration is just 45%, there have been rapid changes in telephony and broadband which have and will continue to change continental connectivity. In the mid-1990s, for example, Africa’s telephone density was at just 5%. Today one-third of African mobile users, some 250 million people, already have a smartphone, and this is projected to double by 2025, when over half of the continent will subscribe to mobile services, and when one-quarter will have access to 4 or 5G.
As is noted above, Russian military and political engagement with Africa suggests a likely increase in cybersecurity activities, commercial and otherwise. There is already much to guard against. Africa has been the site of widespread digital election manipulation in recent years, some of it crude (manipulation of voter rolls, old fashioned gerrymandering, intimidation, fake news and the switching off of the internet) and allegedly some more sophisticated electronic manipulation of votes cast.
Some are apparently foreign-led (including the media activities of Romania’s Majoritas company in Nigeria, Zambia and Zimbabwe), but increasingly much of it is locally run and generated, though foreigners inevitably (and conveniently) attract the most attention. In 2013 a new slang word had come to be popular in Zimbabwe: to be Nikuv’ed, as in to be done over or screwed. In Hebrew, the word means poking a hole or punching, as in a punched card, but Zimbabweans were referring to their country’s elections, when an Israeli IT company of the same name reportedly played a part in ensuring Robert Mugabe’s re-election and that of his successor Emmerson Mnangagwa five years later.
In 2019 alone, Zimbabwe blocked the web for six days, while Congo did the same for 20 and Sudan for an entire month. While India, the world’s largest democracy, is the country which has switched off the internet more than any other (mainly it would appear to do with issues around Kashmir) with 159 disruptions between 2016 and 2019 and more than 95 in 2019 alone according to The Washington Post, there is a correlation between African regime type and its prevalence to interfere with the internet.
A 2019 study by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) shows that the less democratic a country is, the higher the chances of state-initiated shutdowns. Of the 22 African states that have disrupted connectivity over the past five years, 77% are classified as dictatorships, while 23% are considered partial democracies. The study also finds that internet shutdowns are correlated with the longer a leader has stayed in power.
There are considerable economic as well as political costs to these actions, fuelling a vicious cycle of unaccountability, illegitimacy, weak governance, lack of investment and diversification, and poor economic performance. The Brookings Institution has for example estimated that shutdowns cost the global economy annually some $2.4 billion. A study by Deloitte suggests countries can lose up to $23.6 million every day in this way per 10 million inhabitants. As The Washington Post notes, “Nations jockeying for attention in the digital economy will have less success in the long term if their markets are open for business one day and closed the next.”
Brookings notes in a May 2018 report that the average cost of cybercrime for businesses throughout the world has increased 22.7% since 2016, and data leaks by 27%. “As cybercrimes are threatening companies all over the world, the risk is even higher for African businesses,” writes Brookings. Africa’s low level of cybersecurity has made it a prime target of cybercriminals, with one study suggesting nearly 60% of software installed in Africa and the Middle East was pirated, with as much as 80% of African computers being infected.
This raises the question as to how civil society, in particular, might guard against election manipulation, and whether heightened cyber threats, in general, can best be countered through partnerships with commercial or state-centred agencies outside of Africa. The answer appears to lie partly in toughened domestic legislation and focused institution-building, and also in strengthening commercial access and political co-operation. Mauritius, Kenya and Rwanda are cited as African countries that have made the most significant progress with regard to improving systems against cybercrime. DM
Greg-africaGreg Mills is Director of The Brenthurst Foundation. This is an excerpt from the discussion paper The African Security Intersection