news in depth:BY DUMISANI NDLELA
Zimbabwe is planning to link its proposed National Data Centre with databases and information from the country’s key economic players and state institutions as the country prepares for the creation of smart cities equipped with surveillance technologies, The Standard has learnt.
This is part of an ambitious Smart Zimbabwe blueprint expected to transform urban areas into smart cities that use information and communication technologies (ICT) to increase efficiency and drive economic growth, according to a government master plan seen by this newspaper.
But there are concerns over issues of privacy, particularly given that the National Data Centre will have a large cache of citizens’ private, personal data.
“All data and information from government and sectors of the economy should be stored in databases that are networked and linked to the National Data Centre facilities,” the government master plan, expected to run from January 2020 to the end of 2030, said.
Consultants from Huawei Technologies, one of the companies helping with the building of the critical infrastructure for the smart cities project, have advised government on digitalising the national registration system for birth and identity documents, according to a source.
This would ensure that citizens’ details, such as their names, gender, date of birth, identification number and photos, are linked with the National Data Centre.
Linking this to the surveillance system will ensure easy identification of criminals once they come within range of the surveillance cameras.
This suggests that Zimbabwe is likely to follow the Chinese model, which has completely transformed the Asian country through artificial intelligence (AI) systems that have also been used to create a massive surveillance state.
There are fears that due to weak data laws in the country, there may be breach of personal data privacy, and abuse of personal data by the State to monitor citizens.
Stored personal data, which can include sensitive personal information, can be analysed without the authority of the courts, or even without reasonable suspicion of affected individuals, critics argue.
The recent disclosure of telecommunication details of three MDC-A activists — MP Joana Mamombe, and party youths Cecilia Chimbiri and Netsai Marova — who claimed to have been abducted and tortured by alleged state security agents, has reinforced fears that surveillance systems could also be used to monitor activists and political opponents.
Home Affairs minister Kazembe Kazembe recently disclosed alleged telecommunication details and locations of the three activists during the period they allege to have been abducted as he sought to dismiss their claims that they were abducted by the state.
The disclosure triggered a furore from human rights activists, who argued that this infringed on privacy as well as illegal surveillance of citizens.
Among the economic players that will link their databases to the National Data Centre are financial institutions.
A source said banks are already benefiting from personal data from the national registry for risk control.
Any collaboration with government and its institutions would, therefore, be a quid pro quo (a favour or advantage granted in return for something) arrangement, the source said.
Moreover, banks appear to be in better stead to help in the drive to create smart cities because of their financial wherewithal and their interaction with other economic agencies, a banker said.
They have extensive data from transactions, risk control and customer photographs that are critical to the surveillance system.
Many of the domestic banks are moving away from the brick-and-mortar model to digital banking platforms.
A few of them have started investing in AI software to enhance their products.
Over the past few weeks, many banks issued notices that they had gone paperless, with paper-based transactions no longer accepted at banking halls for bank-to-bank transfers and internal transfers.
Customers, the banks said, were to sign up for Internet banking and mobile payment platforms, which now form part of a cocktail of digital payment platforms offered to customers.
While the move by the banks was part of measures to combat the spread of Covid-19, a disease caused by a novel coronavirus that broke out in China in December last year and has spread globally mainly through person-to-person contact, sources said the banks were in fact following a broader plan by government to develop smart cities equipped with modern technologies.
At the centre of this ambitious government project will be collection of large amounts of personal data, the centrepiece of smart cities.
In his 2020 national budget presentation, Finance minister Mthuli Ncube said construction of the National Data Centre was nearing completion.
He said the centre would consolidate “services, applications and infrastructure to provide efficient electronic services among government departments, between government and citizens as well as between businesses and government”.
The government blueprint said it expected the Smart Zimbabwe project to deliver a digital government, economy and society, with a promise to ensure that “digitalised content (is) accessed by all through the National Data Centre”.
To achieve these goals, government intends to ensure adequate infrastructure is put in place, such as reliable electricity provision, good road networks, water and sanitation, equipping government with ICT equipment and improving the telecommunications network.
The country’s key electricity generation plants are being renovated and expanded, thanks to Chinese funding, which has also supported massive investment in telecommunications and ICT infrastructure over the past decade.
Although work on the upgrade of Harare’s waterworks has been stalled, the Chinese had extended a US$144 million loan to enable the capital to revamp its water supply and sanitation system.
The project was expected to cascade into several others in various other towns and cities.
Huawei, the Chinese telecoms giant that has helped build the backbone infrastructure for the surveillance system, last year completed a US$98 million fibre optic project for the state-owned TelOne linking Harare and Bulawayo, the country’s two major cities, with South Africa.
The project was funded by China Exim Bank, currently bankrolling a network expansion project also being undertaken by Huawei for mobile telecommunications network, NetOne.
The Chinese telecoms giant also helped construct two data centres for TelOne, as part of the US$98 million facility.
The two centres — one in the capital and another in Mazowe just outside the capital — will be linked to the National Data Centre.
At the launch of the TelOne data centres, former ICT minister Supa Mandiwanzira said these were “in sync with the big data era that the country has entered into, making such facilities indispensable”.
Indeed, smart cities are about big data. In its master plan, the government said data and information in the smart cities would be collected through an integrated set of sensors strategically located throughout the city and monitored through a network operating centre.
The data and information collected from citizens by city authorities “through specific and secure applications such as health, traffic management and waste management” would be stored in databases and city data centres, the master plan said.
ICT, Postal and Courier Services minister Jenfan Muswere said in an interview that government had rolled out surveillance cameras in the capital.
The cameras, which use facial recognition technology, use biometric software application capable of distinctively recognising individuals using data captured from people’s faces.
It can accurately and quickly identify target individuals once they come within range of the cameras.
“The ministry, working closely with TelOne and Harare City Council, has already embarked on a safe city project where camera technology is being used to monitor human and motor traffic,” Muswere said.
Muswere could neither confirm nor deny the involvement of Huawei in setting up infrastructure for surveillance system in Harare, saying “any progressive companies are welcome to do business in the country”.
“However, any engagements will be done following the stipulated government procedures and any agreed developments will be communicated in due time via the appropriate channels,” he said.
City council officials, speaking on condition they were not identified, suggested that Huawei could already be working on a surveillance project parallel to the one involving TelOne and the City of Harare.
It involved state security agencies being led by the military, one source said.
That the Zimbabwean government is working with Huawei to build the backbone infrastructure for the surveillance system in the country is not in doubt.
Government also signed a strategic agreement for cooperation on a mass facial recognition surveillance project with Chinese artificial intelligence firm Cloudwalk, and has been harvesting data at the country’s airports, State facilities and border points using facial recognition cameras with deep learning capacity supplied by Cloudwalk as well as another Chinese AI firm, HikVision.
The cameras were also deployed in the eastern border town of Mutare, where government launched the city’s Smart City project in January, according to reports.
The government master plan promises that data privacy and protection will be one of the cornerstones of the Smart Zimbabwe initiative.
The initiative will usher in smart cities, smart borders, smart education, smart agriculture, smart health, smart transport, smart mining, smart commerce, smart trade and commerce and smart government.
The master plan promises to deliver “smart government, (which) is also about improving democratic processes and transforming the ways that public services are delivered”.
“Smart government, therefore, is a new way of governance relying on information and communication technologies and it is citizen-centric, data-driven and performance-focused,” the document said.
Muswere said smart cities would be covered by a number of regulations under e-governance and the proposed Cyber Security and Data Protection Bill, which was gazetted recently and tabled before Parliament for debate, was “one of the laws”.
“The citizens’ rights to privacy are adequately covered bearing in mind that extensive consultations were conducted before gazetting and again the Bill will go for public hearing where citizens’ views will be taken into account,” he said.
Muswere said section 51 of the constitution, which guarantees the right to human dignity, had been taken into account in coming up with the Bill, whose objective is to increase cyber security and data protection.
In a review of the Cyber Security and Data Protection Bill, the Media Institute of Southern Africa (Misa) Zimbabwe said while the processing of sensitive information, genetic data, biometric data and health data would be prohibited under the Bill, there were exceptions where the processing was necessary to comply with national security laws and prevention of imminent danger or mitigation of specific criminal offences.
“It should be noted that Zimbabwe has a history of surveillance through its laws that seek to promote national security like the Official Secrets Act and the Interceptions of Communications Act,” Misa-Zimbabwe said.
“These laws are not aligned to the constitution and have provisions that continue to violate the exercise of rights.”
The organisation said in circumstances where national security was cited, there was often no disclosure of sufficient information under the auspices of national interests.
“This poses the danger of such provisions being abused and exposing citizens to over-surveillance by government and state security agents, thus, violating their right to privacy,” said Misa-Zimbabwe.
Apparently, some jurisdictions like the European Union (EU) have developed privacy laws that specifically punish any breaches of privacy by data centres.
For example, the EU’s General Data Protection Regulation (GDPR) gives people more control over their data, and any breach is punishable by up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher.
To comply with GDPR, many data centres have enshrined the rights of individuals in their systems, such as the right to be informed about how their data will be used, their access to the data and how it is processed, the right to rectification of the data, the right to restrict processing and the right to object to processing of their personal data.
Misa-Zimbabwe said the Cyber Security and Data Protection Bill had made provision for the processing of data, which included alterations.
But the media advocacy group noted: “More recently, Finance minister Mthuli Ncube, at a post-cabinet briefing on the economic relief for Covid-19, said government had used ‘a sophisticated algorithm’, which used bank accounts and also relied on mobile numbers to access the locations of individuals.
“In this regard, there was need to notify the data subjects prior to the collection of this information as well as clear information on how the data was processed.”
Muswere insisted that the Smart Zimbabwe blueprint was very clear about the need for privacy and security of data.
“The blueprint identifies the security of communications infrastructure and platforms as a key pillar.
“Security of data on these platforms is definitely a priority for us,” he said.
l Dumisani Ndlela is a journalist researching on digital surveillance with support from the Media Policy & Democracy Project jointly run by the University of Johannesburg and UNISA.