Ugandans under State surveillance ahead of 2026 elections

Uganda’s state security agencies are constantly prying into the private lives of citizens, giving them no room for privacy, a new report reveals.

The report describes Uganda as becoming increasingly an authoritarian state, where civil society is vibrant but constrained, with regular crackdown on dissent, protests, and online expression.

The report by the Unwanted Witness, titled: Surveillance/spyware: An impediment to civil society, human rights defenders and journalists in East and Southern Africa, highlights pressures on digital rights, continuous shrinking of the civic space, and the clampdown on digital expression as the country draws closer to the 2026 General Elections.

The report was compiled between June 2024 and June 2025, and covers the period dating back to the 2020 political campaigns and thereafter.

The report points to a worsening situation, which it says exposes the citizens to illegal surveillance and tracking using spyware. The report paints similar pictures of surveillance, intimidation and arrests in Kenya, Ethiopia, and Rwanda, and farther afield in Zimbabwe, Malawi and South Africa.

Back in Uganda, the report cites a wave of arrests, warnings and regulatory threats targeting online critics, raising concerns over the shrinking space for free expression and political dissent in the digital sphere.

21-year-old Tik Toker Emmanuel Nabugodi raises his hand during sentencing on November 18, 2024 at Entebbe Chief Magistrates Court. He was handed a 2-year-jail term for 'demeaning' President Museveni. Photo | Paul Adude

Ms Dorothy Mukasa, the executive director of Unwanted Witness, says: “The right to communicate freely and privately is fundamental to democracy and protected under international law. Yet this right is under siege as states and non-state actors deploy increasingly sophisticated tools to monitor, intimidate, and silence dissent.”

Restrictive laws

“Uganda’s legal framework enables extensive surveillance through a combination of laws that, while framed around national security and public safety, raise significant concerns regarding human rights,” the report says. Uganda has some of the most draconian cyber laws, including the Regulation of Interception of Communications Act (RICA), 2010, which permits security agencies to monitor communications with judicial authorisation. But the report says the oversight is limited to a select group of designated judges, making the process opaque and raising accountability concerns.

Also of concern is the Anti-Terrorism Act, 2002, as amended, which grants sweeping surveillance powers under the broadly defined notion of “terrorism,” which has been used to target Opposition voices, human rights defenders, journalists and protesters.

“Similarly, the Uganda Communications Act, 2013, gives the Uganda Communications Commission expansive control over communications infrastructure, including surveillance capabilities, while mandating SIM card registration that facilitates State monitoring,” the report says.

National security versus privacy

Mr Omara warns the government against selectively using the legal provisions to target the voices that disagree with it, but work to protect all Ugandans.

The report also says the Computer Misuse Act, 2011, amended in 2022, criminalises a range of online behaviours under vaguely worded offences like “offensive communication” and “cyber harassment,” which are frequently used against journalists and activists.

Freehand to spying

“Lastly, while the Data Protection and Privacy Act, 2019, establishes principles of data protection and sets up a regulatory authority under NITA-U, it explicitly excludes national security-related data processing from its scope, effectively allowing surveillance activities by security agencies to operate without the Act’s safeguards,” the report says.

Together, these laws, the report says, create an enabling environment for surveillance with limited oversight, posing serious risks to privacy, free expression, and civic participation.

“Equally, the Anti-Terrorism Act, 2002 (Amended 2017), grants the security agencies the power to conduct surveillance, intercept communications, and monitor financial transactions without adequate judicial oversight. These provisions have disproportionately targeted civil society organisations and political activists under the guise of national security, leading to increased restrictions on freedoms of expression, assembly, and association,” it adds.

The 2025 cyber surveillance report says the broad and vague nature of these laws enables Ugandan authorities to arbitrarily arrest and prosecute individuals, effectively criminalisng dissent. It says human rights defenders, journalists, and Opposition figures face heightened risks of surveillance, harassment, and imprisonment for their activism and that a lack of judicial oversight further exacerbates the situation, allowing security agencies to intercept private communications and track financial activities without accountability.

“This creates a climate of fear, discouraging civic engagement and limiting the ability of CSOs to operate freely. Ultimately, these legal frameworks restrict freedom of expression, shrink civic space, and undermine democracy, making it increasingly difficult for human rights defenders and civil society actors to hold the government accountable,” the report says.

Spyware infiltration

Parallel to general surveillance, the report faults Uganda for employing sophisticated spyware for targeted attacks on individuals, amplifying repression with manifestations in the form of “[…] assisted hacking (2018) that enabled authorities to access Bobi Wine’s WhatsApp and Skype accounts, leading to his detention and torture”.

This incident, the report says, highlights the intersection of foreign tech vendors and state repression. Another spyware used, according to the report, is spyware linked to a Southeast Asian country, reportedly used and linked to attacks on Opposition figures and members of civil society, compromising devices and communications.

The report also cites a surveillance software developed by an Israeli technology firm, and is reportedly being used particularly by the police and security services, purportedly to fight serious crime and terror. But the report says “it has been used to extract data from cell phones, Dropbox, Google Drive, OneDrive, and Apple’s iCloud to track dissidents, lawyers, journalists and other members of civil society”.

A woman checks the website of Israel-made Pegasus spyware at an office in the Cypriot capital Nicosia on July 21, 2021. Reports that Israel-made Pegasus spyware has been used to monitor activists, journalists, and politicians around the world highlight the diplomatic risks of nurturing and exporting "oppressive technology", experts warned. PHOTO/AFP

The report further mentions phishing and malware attacks on CSOs, reporting a surge in phishing attempts and unauthorised access to internal communications, which often coincide with advocacy campaigns. “Encrypted messaging apps like WhatsApp and Signal are compromised, likely through malware or spyware, disrupting organising efforts and intimidating critical voices,” the report says.

Methodology

Unwanted Witness says the report was compiled through rigorous desk research, interviews with stakeholders, and analysis of legal and policy frameworks.

It aimed to uncover the realities on the ground and assess them against international human rights standards to evaluate the extent of governments’ compliance.

The report catalogues instances of government-led surveillance, including spyware, in East and Southern Africa, particularly in Kenya, Rwanda, Uganda, Ethiopia, Zimbabwe, South Africa and Malawi. Unwanted Witness also says it approached the subject with objectivity, impartiality, and a commitment to accuracy.

It analyses the impact and implications of surveillance in general and spyware in particular, on the operations of human rights defenders, journalists, human rights lawyers and activists.

Raids and physical surveillance

The report says there have been cases of physical surveillance that have also intensified, reinforcing state control. It points out the NUP offices that were raided and unlawfully entered, with surveillance equipment, hidden cameras, and GPS trackers reportedly installed and documents stolen.

Additionally, the report says cameras have been strategically placed at multiple locations associated with the Opposition’s activities, including all roads leading to the Bobi’s residence, the School of Leadership in Kamwokya, One Love Beach in Busabala, and various routes to the Kavule offices.

“In addition to the camera installations, the regime has deployed individuals to physically trail the Opposition leader, monitor their movements, and eavesdrop on phone conversations. These operatives track the leader’s visitors, meetings, and travel patterns. The Opposition leader interprets these actions as a sign of the regime’s weakness and fear, stemming from their awareness of widespread public discontent due to their alleged crimes,” the report says.

The report also says state actors have infiltrated and intimidated CSOs by demanding donor and beneficiary data, project activities, under pretexts like counter-terrorism, alongside suspected infiltration by informants, creating a climate of fear.

“The convergence of general surveillance and spyware creates a synergistic system of control. The safe city infrastructure amplifies spyware’s reach by providing real-time data for targeting, while spyware enables precise attacks on individuals identified through broader surveillance. For instance, CCTV footage can pinpoint one’s movements, followed by spyware-driven hacking of their communications, culminating in physical arrests or torture. Similarly, digital number plates and drones can track activists to rallies, where the surveillance tools compromise their devices, exposing networks and plans,” the report says.

This integrated approach, facilitated by actors such as UCC, the Internal Security Organisation (ISO), police, military intelligence, and foreign tech vendors (from China, Israel, and Europe), according to the report, intensifies during political contestation. The 2021 elections exemplified this, with internet shutdowns, phone tapping, and targeted arrests stifling dissent.

“Uganda’s surveillance and spyware ecosystem, while justified for security, primarily serves political control, undermining democratic freedoms. The lack of comprehensive data protection laws and judicial oversight enables unchecked abuse, with foreign tech amplifying state capacity. The chilling effect on Opposition, journalists, and CSOs shrinks civic space, as fear of surveillance (digital, physical, or both) deters free expression and organising,” it says.

The report says the growing fear of State infiltration has eroded trust, discouraged collective organising, and stifled peaceful protest.

“In several cases, NGOs have been suspended or forced to disclose sensitive operational and donor information, often under accusations of engaging in “anti-government activities.” Digital surveillance, intensified by restrictive legislation such as the Computer Misuse Act, has created a chilling effect, leading to widespread self-censorship among activists and media professionals who fear retaliation for expressing dissenting views,” the report says.