This piece was originally published by APC member organisation EngageMedia.
This article is part of Pandemic of Control, a series of articles that aims to further public discourse on the rise of digital authoritarianism in the Asia-Pacific amid COVID-19. Pandemic of Control is an initiative by EngageMedia, in partnership with CommonEdge. Read more about the series here.
In Nepal, the COVID-19 pandemic sped up the process of bringing public and private services online: from food delivery and shopping to government transactions. These changes came with many downsides, with data and privacy rights often not respected.
Nepal does not yet have the technology and expertise to be globally competitive in the digital world. Instead, it has looked to its closest neighbours, China and India, for guidance. However, seeking ideas from countries that have largely failed to respect basic digital rights puts Nepal in a vulnerable position.
From questionable data collection practices to the curtailment of free speech, Nepal is leaning towards an authoritarian model of internet control, with COVID-19 accelerating this development.
Influence from China and India
China holds a poor digital rights record, with rights groups flagging its online censorship rules and deployment of mass surveillance against the Uyghur Muslims, among other rights violations. Similarly, India has been widely criticised for procuring spyware, imposing internet shutdowns, and passing IT laws that do not conform to global rights norms.
In 2019, Nepali media reported on government plans to mount over 21,000 CCTV cameras for street level surveillance. This is in addition to the thousands of surveillance cameras that are already installed in the Kathmandu Valley. Authorities say the cameras deter criminal activity, but they have also been used by police to monitor protests and other forms of expression. During the COVID-19 pandemic, police used these cameras as well as drones to monitor people’s movements and adherence to lockdown rules, publicly flaunting their use of this technology on their official YouTube channel.
In April 2022, a major Nepali daily reported that the government had purchased the Pegasus spyware system and handed it to the Nepal Army for trial use. While the government claims the system is to ensure citizen safety and security, there has been widespread criticism of the spyware and its misuse by governments around the world.
As these surveillance practices become entrenched in Nepal, there is a growing risk that these technologies will be used to curtail people’s digital rights, especially as COVID-19 has pushed so much of daily life in digital spaces.
Massive data collection, lack of data security
The government approach to COVID-19 vaccination built in a huge amount of personal data collection. To date, 70 percent of the total population has been vaccinated, requiring more than 20 million people to share their personal information with the government, including to obtain an official vaccine certificate. However, there are questions on whether this massive dataset of personal information is kept secure.
When the government announced booster shots for frontline workers in mid-January 2022, journalist Rajendra Rai (name changed) rushed to the vaccination centre. While waiting his turn, he filled out a vaccination form on the health ministry website via his phone. The form required personal information including his name, birthdate, and address, but also had questions on ethnicity and occupation. After registering online, Rajendra received a confirmation number with a QR code.
If critically reviewed, the personal information in these forms could be used as a weapon by political parties and the state, especially with the federal and provincial elections coming up in late 2022.
Who ensures the safety of the collected citizen data? There have been previous instances of potential data misuse that put into question the government’s ability to ensure data security. In the 2022 local elections, voters from particular areas received SMSs and emails from political parties; it is unclear how they obtained voters’ contact details and there are suspicions that these were sourced from public service forms submitted to the government.
Body and Data, a digital rights organisation in Nepal, flagged privacy issues related to election campaigns
The Election Commission of Nepal also came under fire for publicly releasing a list of the 17.7 million voters on its website, which included details of the voters’ names, age, gender, voting booth, voter ID number, and even their parents’ and spouses’ names. While civil society and rights groups criticised this privacy breach, authorities did not remove the list, arguing that “there should be no concern of a breach of privacy” because the data did not include voters’ photos, thumbprints, and phone numbers.
The government’s response suggests authorities do not sufficiently understand the risks associated with a lack of digital security safeguards. Officials appointed to oversee the vaccine registration process are often unaware of where the data is being stored, how long it will be stored, and how it will be used, according to an anonymous, personal source from the health ministry. How, then, can one be assured that their personal data is secure?
Although civil society, human rights defenders, and concerned individuals have nudged the government to be more responsible with data, Nepal has yet to enact comprehensive data protection and privacy laws. Citizens also lack sufficient awareness and understanding of the potential for data misuse.
Restrictions on free speech
In 2020, Nepal was ranked 112th out of 180 countries in Reporters Without Borders’ Press Freedom Index. The pandemic provided the government with an opportunity to undermine press freedom further, in an attempt to control public narratives on the health situation. Nepalese journalists were attacked, censored, and arrested over their critical reporting of the government’s COVID-19 response. Police detained Lok Karki, a reporter for Radio Dhangadhi, for filming a disagreement over the distribution of food and relief goods. Nagarik News bureau chief Nagendra Upadhyay received threatening messages from a regional government official over his report that the official’s wife had been driven in a government car at the height of the lockdown. In March 2020, a report on online news portal Kathmandu Press was taken down following pressure from the prime minister’s aide. This report alleged relatives of several high-ranking government officials were involved in the purchase of expensive medical equipment from China.
In April 2020, journalists reported about an exodus of workers from the Kathmandu Valley as a result of COVID-19 lockdowns. Reacting to the news, the prime minister told the editors of government newspapers that he found the reports “mysterious” – questioning their very basis. These comments were followed by a government-orchestrated online harassment campaign against journalist Binu Subedi using bogus Twitter accounts.
During this time, the government has continued to use the 2006 Electronic Transaction Act (ETA) to arbitrarily detain those criticising the government and leaders of the ruling party. The ETA, initially drafted to regulate financial scams, has become a convenient tool to criminalise speech online. Section 47 of the Act prohibits the electronic publication or display of material deemed illegal under existing laws, but is so broad to include those “which may be contrary to the public morality or decent behaviour” or materials which may spread hate, jealousy or jeopardise “harmonious relations” among the people. This law was used against Radio Nepal board member Deepak Pathak, who was arrested in April 2020 for defaming Nepal Communist Party leader Pushpa Kamal Dahal on social media.
There is a proposed law seeking to replace the ETA: the Information Technology (IT) Bill, which would give the state the power to censor online content it deems offensive. The bill also includes provisions for arrests and jail terms for anyone posting content deemed to be against “national unity, self-respect, national interest, relationship between federal units”. Similar to criticism of the ETA, however, this proposed law contains provisions that are vague and open to interpretation and possible misuse.
Worse than the IT Bill is the proposed Social Media Directive 2021, which would compel social media companies to register in Nepal and abide by the country’s laws. The proposed directive has been widely criticised for its intent to regulate content on social media, opening the door for further state censorship. By laying out only a vague idea of what constitutes illegal content, all those who criticise power structures, or use humour and sarcasm against the state, may face punishment. The directive also targets anonymity, threatening people’s free expression. The main purpose of the directive is to control online discourse, minimise public engagement in controversial state affairs, and neutralise voices critical of the government.
The government’s pandemic response has opened the door to a wide range of threats to human and digital rights in Nepal – from the crackdown on critical voices to the lack of safeguards for digital data, and laws curtailing free speech. With the influence of its neighbours with poor digital rights records, Nepal must decide on its own path if it envisions a free, egalitarian, and democratic digital ecosystem.
Samik Kharel is a freelance journalist who has previously reported for various national and international media, including Al Jazeera, Deutsche Presse-Agentur (DPA), The Canberra Times, The Kathmandu Post and The Record Nepal, among others. He also writes and researches on technology, ethics, access and internet culture, and AI.