Recent media reports indicate that the Zimbabwean government is stepping up efforts to utilise surveillance technology in the country.
This comes after government engaged a Chinese company to provide traffic surveillance cameras. The rationale for this agreement is to make Zimbabwean roads safer. The traffic surveillance programme will pilot in Harare and most likely roll out to the rest of the country.
This development is in line with the smart cities initiative launched in Harare in March this year. The initiative also advocates for the use of closed-circuit cameras to monitor events in public spaces.
The use of closed-circuit cameras to promote safety in public spaces and roads is not new and would not be unique to Zimbabwe. South Africa makes extensive use of cameras along its highways to ensure that drivers stay within speed limits and observe traffic regulations.
In countries such as the United States and parts of the United Kingdom, cameras are used both on highways and to monitor most public spaces. This is a way to deter criminal activity in public spaces. The use of technology to maintain safety on Zimbabwe’s roads is in sync with global developments.
However, unlike South Africa, the United States, and the United Kingdom, Zimbabwe does not have an adequate data protection regime to ensure that the massive data collected by the proposed surveillance programme is not abused or misused.
China is an example of how surveillance technology can be used to suppress people’s fundamental rights. Such suppression is possible because China does not adhere to any human rights-based data protection principles. The Chinese government is, therefore, free to use the data it collects in any way.
Data protection refers to the use of laws to ensure that the State and other entities that collect people’s personal data do not abuse that data, for example by selling it to third parties who only want to send unsolicited marketing messages.
People’s data or personal information must be protected because people have an inherent right to privacy. Locally, Section 57 of the Constitution guarantees the right to privacy. The use of surveillance cameras and the processing of the data collected must, therefore, be within the confines of the constitutional right to privacy.
In Zimbabwe, the Access to Information and Protection of Privacy Act of 2002 (AIPPA), is meant to promote data protection. Unfortunately, technological advancements in data collection and data processing have been so rapid that AIPPA is now outdated.
At the very least, this law needs thorough revision to bring it to par with globally accepted standards of data protection such as the European Union’s General Data Protection Regulations.
The lack of adequate data protection laws is the first cause of concern in the wake of government’s efforts to promote the use of surveillance technology in Zimbabwe. The second cause of concern is the source of the surveillance technology.
Earlier this year, the Zimbabwe government engaged a Chinese company to supply facial recognition software to Zimbabwe. Similarly, another Chinese company has been engaged to supply the traffic surveillance cameras and accompanying technology.
The problem with Chinese sourced technology is the use of “backdoors.” In technology, a backdoor refers to an entry point intentionally built into a system or application that allows another party other than the user, to gain access to that system without the user’s knowledge or consent.
Chinese sourced equipment donated to the African Union for use in its Addis Ababa headquarters in Ethiopia had backdoors. China reportedly exploited these backdoors to clandestinely collect information thus effectively spying on the activities of the African Union.
Chinese manufactured brands such as ZTE and Huawei are also suspected of using backdoors. The research found that Xiaomi’s smartphones designed for overseas markets were automatically connecting to an Internet Protocol address in Beijing and that all documents, SMS and phone logs, and video files downloaded on their smartphones were sent to a Beijing server.
Data protection laws would curb such illicit spying activities. In the absence of an adequate data protection regime, the Zimbabwe government would do well to choose its Chinese technological partners wisely to avoid surreptitious leaking of Zimbabwean data to China.
MISA Zimbabwe commends government efforts to utilise technology to ensure public safety. However, MISA Zimbabwe respectfully submits that these efforts will be counterproductive and most likely infringe on people’s fundamental rights.
What is necessary is to ensure these initiatives are accompanied by a corresponding and necessary introduction of laws that protect people from excessive surveillance and excessive data processing.
To this end, the incoming Cabinet is encouraged to prioritise the finalisation and gazetting of the proposed data protection legislation that has been in the works since 2013.