The Forthcoming Cybersecurity Problem in Africa

Artificial intelligence is showing enormous promise for improving peoples’ daily life. AI systems are being developed and deployed in countless applications in many sectors of the economy and much more are expected over the long term. In this respect, the African context makes no exceptions.

Globally, the ability of AI-driven technologies of providing unchallenged wealth and power to the country gaining advantages over its competitors is progressively leading to an international technological race. Nations and big tech platforms are entering into open competition for the extraction and control of users’ data, of utmost importance for AI technologies’ development. Forms of cyber-colonization of the data-rich African continent are, in this respect, increasingly occurring. Digital colonialism is usually defined as the “decentralized extraction and control of data from citizens, with or without their explicit consent, through communication networks developed and owned by foreign powers operating in Africa.” Unlike traditional forms of colonialism, the control of core communication infrastructures is mostly driven and spearheaded by corporate tech monopolies. Foreign tech companies are laying critical connectivity infrastructure to extract and control unstrapped user data while imposing privatized forms of governance. Similarly to traditional colonialism, however, these companies tend to brand long-term profit motive as efforts to “liberate the bottom billion,” or connecting the “unconnected”. Both US and Chinese tech companies massively export solutions, technologies, standards, and the model of company that goes with these to Africa. For example, the massive project “2Africa” aims at deploying transformative subsea cables across the whole African continent, bringing together a consortium of major foreign telecommunications and social network firms (such as Facebook, China Mobile International, MTN Global Connect).

Exceptional challenges relate to these massive investments in AI implementation in Africa, especially in terms of cybersecurity. The AI characteristics of being unbounded by human capabilities could allow actors to execute attacks, using for instance DeepFakes (video, voice or text manipulation), that would otherwise be infeasible. In Africa, DeepFakes might be (and already are) used to emphasize existing ethnic and religious divisions and to attack nascent democratic institutions. Such tactics are particularly difficult to manage especially during contentious elections in transitioning democracies, and when combined with popular social media platforms. Negative AI applications may also help to lower the cost associated with violence by both non-state and state entities alike.

Overall, several elements contribute to the exacerbation of cybersecurity risks in Africa. Firstly, the lack of normative guarantees. Cybersecurity laws and regulations are being extensively adopted by Western powers, particularly but not exclusively by Europe, which has just released its “Regulation on a European Approach for Artificial Intelligence” fostering ad-hoc protection for high-risk AI systems. However, the same protections do not exist uniformly in Africa. Hence, unlike other world’s regions, in Africa, the AI race is not countered by appropriate governmental interventions aiming at assuring an affordable level of robustness of these AI systems. While external coercive pressure (such as market pressures) exists, the continent is overall characterized by a diffuse lack of normative and mimetic institutional pressure on companies. For example, while the African Union (AU) adopted the AU Convention on Cybersecurity and Data Protection in June 2014, it was ratified by only four of the fifty-four AU member jurisdictions and needs to be ratified by fifteen member jurisdictions to take effect.

This factor couples also with a more limited cybersecurity awareness among users. Africa is among the regions with the highest rates of cybercrime. Inter alia, estimated costs of cybercrime have soared up to $550 million for Nigeria and $175 million for Kenya. One of the main factors creating a permissive environment for cybercrime is the lack of awareness in the African public regarding cyber risks.

Finally, the high socio-political polarization also further the risks in terms of cybersecurity. Great powers’ deployment of AI technologies in Africa is purposeful to the achievement, among others, of desired political outcomes in a highly polarized context. African governments themselves in concert with external actors use AI and artificial misinformation to suppress and monitor political opposition or marginalized groups. Additionally, Africa’s canvas of fragile and failed states has resulted in the presence of numerous non-State actors in conflicts, many of which also act in cyberspace. According to a Wall Street Journal reportage, for example, Huawei has been selling security tools that Uganda’s governments used for digital surveillance and censorship of its political opponents. “Technicians from the Chinese powerhouse have,” the authors state “in at least two cases, personally helped African governments spy on their political opponents, including intercepting their encrypted communications and social media, and using cell data to track their whereabouts.”

Digital colonialism is just as oppressive as the early colonialism from the nineteenth century. Large tech companies, are extracting data from uninformed users, controlling that data to profit via predictive analytics, and creating unprecedented risks for the cybersecurity of African countries. While cybersecurity laws may constitute a step in the right direction, further reflection is required to understand how the increasingly digitally-dependent societies in Africa could face these forthcoming challenges.

Written by Carolina Polito

Carolina Polito is a Research Assistant at the Centre for European Policy Studies (CEPS), in the Global Governance, Regulation, Innovation, Digital Economy Unit, more specifically in the Cybersecurity@CEPS Program.