When President Samia Suluhu Hassan's X account was hijacked in mid-2025 and used to post fabricated content — including a false announcement of her own death — Tanzania's response was extraordinary even by the standards of African internet shutdowns. Rather than work with the platform to remediate the breach, the Tanzania Communications Regulatory Authority (TCRA) blocked X nationwide. Nearly a year later, that block is still in force. The October 29, 2025 general election has come and gone. Samia won decisively, in a contest where the main opposition party Chadema was disqualified and its leader Tundu Lissu sat in jail on treason charges. And yet the X blackout remains — quietly extended, never formally explained, and increasingly difficult to justify as anything other than political censorship dressed up as cybersecurity.
A Shutdown Without a Paper Trail
What makes Tanzania's case particularly troubling is the absence of due process. According to digital rights groups including Access Now and the Collaboration on International ICT Policy for East and Southern Africa (CIPESA), TCRA has not published a formal blocking order, named a legal basis, or set a sunset date. ISPs were reportedly instructed to throttle or null-route X traffic, leaving users to rely on VPNs — themselves a legal grey zone under Tanzanian law. Citizens cannot challenge a directive they cannot read. Platforms cannot appeal a takedown they have not formally received. This is the worst of both worlds: the chilling effect of a ban combined with the deniability of an unwritten one.
The hack itself was real and serious. But every major democracy has dealt with compromised official accounts — including the United States, India, and Brazil — without resorting to nationwide platform bans. The standard remediation playbook is well-established: lock the account, rotate credentials, coordinate with the platform's trust and safety team, publish a clarifying statement, and prosecute the perpetrators under existing computer-misuse laws. Tanzania chose the maximalist option, and then kept it in place for reasons that have nothing to do with the original breach.
The Cybercrimes Act as a Catch-All
The legal scaffolding underwriting Tanzania's approach is the Cybercrimes Act, 2015, amended in 2022 to broaden offences around "false information," "insulting" content, and material deemed harmful to "public order." These provisions are notoriously vague. They have been used to arrest social media users for posts criticising government performance, for sharing satirical content, and — during the run-up to the 2025 election — for circulating images and commentary about Lissu's trial. The law's elastic definitions mean that almost any politically inconvenient speech can be reframed as a criminal cyber-offence.
This is the textbook problem with overbroad cyber-legislation: a statute written to address genuine harms like fraud, child exploitation, and critical-infrastructure attacks becomes, in practice, a tool for policing dissent. The African Commission on Human and Peoples' Rights has previously warned member states that internet restrictions must meet the tests of legality, necessity, and proportionality under Article 9 of the African Charter. Tanzania's open-ended X block fails all three.
The Regional Cost: Foreign Observers Detained
The clampdown extended beyond Tanzanian citizens. In May 2025, around Lissu's trial, Kenyan activist Boniface Mwangi and Ugandan activist Agather Atuhaire were detained after travelling to observe proceedings. Both later described abusive treatment in custody, drawing protests from the Kenyan and Ugandan governments and from regional civil society. The episode underscored a worrying trend across the East African Community: governments increasingly treat cross-border solidarity among journalists, lawyers, and activists as a threat to be neutralised rather than a feature of a healthy regional public sphere.
Why This Matters Beyond Tanzania
Tanzania is not an outlier. According to Access Now's annual #KeepItOn reporting, sub-Saharan Africa has seen a steady rise in election-period and protest-related shutdowns over the last five years, with several countries imposing multi-month or indefinite restrictions on specific platforms. Each prolonged block normalises the next. Each unwritten directive lowers the bar for the regulator that follows.
The economic costs are real. The NetBlocks Cost of Shutdown Tool has consistently estimated that platform-specific blocks in mid-sized African economies cost tens of millions of dollars per month in lost commerce, advertising, and remittances — disproportionately borne by small businesses, independent creators, and the informal sector. For a country actively courting tech investment and trying to grow a digital services economy, an open-ended X block is a self-inflicted wound.
A Better Path
A proportionate response would look very different. It would involve:
- A published, time-limited regulatory order with a defined factual basis, subject to judicial review.
- Cooperation with the platform under existing mutual legal assistance frameworks to investigate the original account compromise.
- Narrow Cybercrimes Act amendments to remove vague "false information" offences and align with the African Commission's Declaration of Principles on Freedom of Expression and Access to Information in Africa (2019).
- Independent oversight of any future blocking decisions — ideally through a multi-stakeholder body that includes civil society, ISPs, and the judiciary.
An account hack should not become the founding myth of a permanent censorship regime. Tanzania's leadership has an opportunity, post-election, to reset: lift the X block, publish the legal basis for any future restrictions, and reform the Cybercrimes Act so it targets genuine cyber-harm rather than political speech. The cost of the current path — to Tanzania's economy, to its standing in the African Union, and to the rights of its citizens — is rising every month the blackout continues.