Big brother

Zimbabwe: In build-up to elections, authorities breach data privacy for campaign agenda

in depth

This article is part of the dossier:

Zimbabwe votes

By Farai Shawn Matiashe

Premium badge Reserved for subscribers

Posted on July 5, 2023 08:21

 © A registered voter in Harare, Zimbabwe, received this text – even though they are not registered with the ruling party.  (Photo: LABagnetto)
A registered voter in Harare, Zimbabwe, received this text – even though they are not registered with the ruling party. (Photo: LABagnetto)

Zimbabwe African National Union-Patriotic Front (Zanu-PF) is sending campaign messages to registered voters, including those who are not their members, and identifying their constituencies. This shows that the ruling party mined the critical data gathered by the Zimbabwe Electoral Commission (ZEC), activists say.

During voter registration, the ZEC captures people’s national identification numbers, home addresses and cellphone numbers which they store in their database, along with what constituency and polling station the voter is registered at.

Mobile subscribers’ unsolicited political messages were personalised and highly targeted through local and constituency-based segmentation.

“This is my number, please save it. I will be updating you on all national development issues and matters that concern Mutare Central,” reads part of a message, before signing out with President Emmerson Mnangagwa’s name. This went out to one of six million registered voters as of May.

Threats to activists

Considering this is the second consecutive time that registered voters’ data has been leaked, it is critical for citizens to approach the courts through public interest litigation to assess the constitutionality of these developments, says Nompilo Simanje, an Africa advocacy and partnerships lead at the International Press Institute.

In 2018 registered voters received a number of text messages crafted as a way to solicit votes for Mnangagwa.

Digital rights activists fear that this voter registration data could be used to target political and democracy activists in the build-up to elections.

“In light of the political environment in Zimbabwe and the history of Zimbabwe with regards to the protection and promotion of fundamental rights, it is reasonable for citizens to be concerned about the potential abuse of the data and its use for purposes outside soliciting for votes,” Simanje tells The Africa Report.

“The nature of the personally identifying data that has been accessed and used in this instance are phone numbers and addresses, hence the reference to one’s location in the messages. Indeed, the safety and security of human rights defenders including journalists can be compromised.”

She says this is also because in Zimbabwe there is compulsory SIM card registration, thus enabling the government with access to one’s phone number to be able to equally access other details.

The leaked data can be manipulated by other actors before an election, says Admire Mare, an associate professor in the Department of Communication and Media at the University of Johannesburg.

“What is clear is that it can also be used to target activists and politicians,” he says, before adding that it compromises their safety and security.

Breach exposes citizens to state surveillance

This tramples on the country’s data and privacy laws, particularly the Cyber and Data Protection Act gazetted in December 2021 which governs the use of personal biometric data.

“That was clear evidence of a violation of the principles laid out in the Cyber and Data Protection Act,” Simanje says.

“When the data was collected from citizens, it was not for the purpose of receiving messages from the political party.”

The sharing of voter registration data exposes citizens to state surveillance, she says.

“This indicates that personally identifying information is being transmitted and used for purposes it was not collected for, which practice exposes citizens to potential surveillance,” she adds.

The Cyber and Data Protection Act stipulates that the use of personal biometric data in this way is prohibited unless the data subject gives consent in writing.

The southern African nation will hold its presidential, parliamentary and municipality elections on 23 August.

Mnangagwa, the leader of Zanu-PF, will be battling against Nelson Chamisa, a youthful and charismatic opposition party leader of the Citizens Coalition for Change (CCC) whom he narrowly beat in the disputed 2018 elections.

The date for a run-off poll has been set for 2 October if it is needed.

“Nobody gave Zanu-PF the consent to abuse our data in this way,” says CCC spokesperson Fadzayi Mahere.

“The illicit text messages raise serious concerns that Zanu-PF has a copy of the voters’ roll that other political parties have been denied. The ZEC has a legal and constitutional duty to explain to citizens how our personal voting data got into the hands of Zanu-PF, and what will be done to remedy this illegality,” she tells The Africa Report.

Collusion between Zanu-PF and ZEC

Given that this is not the first time that people are receiving messages from the ruling party, it shows that there is collusion between Zanu-PF and ZEC, Mare says.

“It is clear that the data in the hands of the ZEC must be protected and it must not be shared with third parties. But here we have a case where Zanu-PF has access to data which must actually be processed and be held in custody by the ZEC.”

The ZEC denied allegations that they shared voter registration data with third parties.

Postal and Telecommunications Regulatory Authority of Zimbabwe (Potraz) said they were conducting investigations into the saga.

Civil society groups have also been seeking answers on who leaked the voters’ data.

“We wrote to Potraz, the data protection authority and they investigated,” says Tabani Moyo, a director at the Media Institute of Southern Africa (Misa Zimbabwe).

Zimbabwe’s biggest mobile network operators Econet Wireless and Netone and the electoral management body ZEC immediately distanced themselves from sharing personal data with third parties.

The messages’ personalisation and targeted nature are closely related to the information in the voters’ roll, according to Misa Zimbabwe.

‘Big Brother’-style intimidation

The messages are intimidating, says Mercy Muzondo, a registered voter from Zimbabwe’s third-largest city of Mutare who received these campaign messages.

“I was surprised. I felt annoyed and irritated,” she says.

Voters feel unsafe because there seems to be a ‘big brother’ watching them, says Mbongeni Msimanga, a post-doctoral fellow at the Johannesburg Institute for Advanced Study and lecturer with the Department of Communication and Media, University of Johannesburg.

“All their information, where they stay, the constituencies they are based at, is available to Zanu-PF. This can be dire as the electorate will feel they would be intimidated if they do not vote for Zanu-PF,” Msimanga tells The Africa Report.

“I feel threatened,” says registered voter Joe Muriwo from Mutare.

There's more to this story

Get unlimited access to our exclusive journalism and features today. Our award-winning team of correspondents and editors report from over 54 African countries, from Cape Town to Cairo, from Abidjan to Abuja to Addis Ababa. Africa. Unlocked.

Subscribe Now

cancel anytime