ICT for Peacebuilding

https://www.google.com launches: Encrypted searching gets a boost

Though it doesn’t guarantee confidentiality from prying eyes if one’s computer is compromised through a trojan, virus, keystroke logger or other localised means, the launch of Google’s SSL search page comes as very good news. It’s not yet available for Google Sri Lanka, but I expect it will soon. As Google notes,

With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.

Google also goes on to note that “Your Google experience using SSL search might be slighly slower than you’re used to because your computer needs to first establish a secure connection with Google.” This I did not find to be true. Searching for ‘Groundviews‘ on https://www.google.com took exactly the same time as the normal http://www.google.com – 0.29 seconds for about 285,000 results.

There are however some visual differences.

https Google
http Google
http Google

It’s not immediately apparent from the low-resolution screen shots above, but the date formatting, search result features (e.g. the Wonder wheel) and search results slightly differ between the two versions.

Google notes that https://www.google.com is still in beta, but it’s already my default search engine. Can’t be too careful in a country that recently wanted Chinese help in censoring the web and Internet.

ICTs in general

Apple iPhone: From the really dangerous to the ridiculous

504x_iphonedestroy
Photo from Gizmodo

First, the dangerous. A new security vulnerability on the iPhone that uses a simple SMS “to get near complete control of the iPhone’s functionality which includes dialing the phone, visiting Web sites, turning on the device’s camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking.”

I am almost nostalgic for the days when mobile phones were precisely that, not mini computers that ran the risk of the same infections and security vulnerability as PCs.

Continue reading

ICTs in general

Information (in)security at the United Nations, New York

In June this year, I was appalled to realise that colleagues in Sri Lanka mindlessly wrote sensitive information on public information boards

At a meeting today on the 21st level of the UN Secretariat in New York, ironically discussing ways to break down firewalls – technical, processual, managerial etc – that prevent information sharing within and between UN agencies, I was very surprised to discover computers and shared folders on hard disk drives, accessible freely over the UN’s open wifi network, that contained highly confidential personal and institutional information.

un3

 

This screenshot, with sensitive and personal identity markers blocked out, shows bank records, agency audit reports, internal documents and other confidential information belonging to a well known UN figure and a UN agency. The drive in the screenshot above is an Apple Time Capsule, clearly used as a backup hard drive. 

You can also see the range of other computers and hard drives available over the open wifi network that one could browse at will. Frighteningly, this particular Time Capsule even allowed Guests to delete files. 

Given that anyone who enters or in fact is close to the Secretariat (e.g. from 1st Avenue) can access the UN’s powerful public and unsecured wifi signal, this is a significant problem and speaks that even institutions that only know too well the risks associated with information leaks unable to address the fact key members of staff have little or no understanding of information security.

As I noted in my earlier post,

InfoShare’s significant experience in the design and deployment of highly secure ICT solutions for peacebuilding / human rights protection suggests that network intrusions and data leaks are often the result of the monumental carelessness and oversight of end users rather than any sophisticating remote hacking by a third party. Sustained user education on security is vital and the design of information systems with multiple safeguards against this sort of bad practice.

ICTs in general

Skype not secure?

Particularly in light of the fact that Skype is used by human rights defenders, including in Sri Lanka, as a means of secure communications is the speculation that it has a back-door entry that allows third parties, such as repressive government and intelligence agencies, gain access to conversations. 

According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations.

This has been confirmed to heise online by a number of the parties present at the meeting. Skype declined to give a detailed response to specific enquiries from heise online as to whether Skype contains a back door and whether specific clients allowing access to a system or a specific key for decrypting data streams exist. The response from the eBay subsidiary’s press spokesman was brief, “Skype does not comment on media speculation. Skype has no further comment at this time.” There have been rumours of the existence of a special listening device which Skype is reported to offer for sale to interested states.

Emphasis mine.

I first read about this on Heise Online and it’s generated significant interest on Slashdot. As TomatoMan notes on Slashdot,

Assume all communication that uses any kind of monitorable infrastructure is bugged. The capacity is there, and the desire is there. It is the way of things.

But as caluml (551744) reminds us,

I read a good presentation by people that had tried to disassemble Skype, and basically, Skype do so much to make it very, very difficult. Here’s a PDF version [blackhat.com] of it.

What do you think?

ICT for Peacebuilding, ICTs in general, Links

IT Security: Planning for the lack of commonsense

Last week I captured through my mobile phone camera the user account, password and URL of a confidential human rights monitoring and advocacy database. The users had plastered these details on a public notice board for easy reference, in a manner that could be viewed by anyone who came into the office.

It hadn’t occurred to them that this wasn’t entirely the best thing to do. These are computer literate, committed and experienced human rights activists, who have no interest whatsoever in jeopardizing the information in the database and are acutely aware of the consequences of information in the database falling into the wrong hands. Yet, this sort of practice is common – in another Sri Lankan human rights advocacy organisation, users had actually posted up access details on Post-It notes that were stuck to the monitor!

InfoShare’s significant experience in the design and deployment of highly secure ICT solutions for peacebuilding / human rights protection suggests that network intrusions and data leaks are often the result of the monumental carelessness and oversight of end users rather than any sophisticating remote hacking by a third party. Sustained user education on security is vital and the design of information systems with multiple safeguards against this sort of bad practice.

As I told the colleague responsible for this particular oversight, good IT security hopes for commonsense but plans for the risk of disappointment.

ICTs in general

Facebook for humanitarian aid?

Eduardo Jezierski, the brilliant Director of Engineering from INSTEDD and I recently exchanged some emails about the usefulness and advisability of Facebook as a platform for humanitarian aid.

First some context. The conversation arose after I emailed him details of the BBC’s recent expose of Facebok’s flaws with its applications platform / framework, which is exactly a year old to date. 

INSTEDD’s official launch earlier this year had details of a Facebook application for humanitarian aid workers I had some concerns on and noted that:

Though the Directory application has a clear disclaimer that information on it will not be shared beyond that which is made possible by Facebook, it’s still the problem for me. Facebook is not a platform I trust with mission critical and highly confidential data and though I have begun a citizen journalism forum to complement Groundviews on it, I’m still to be convinced that it is a platform that demonstrates the potential for mission critical applications without compromising information security.

Eduardo then replied that it was the concept, not Facebook per se, that they were interested in. Fair enough. So here’s the text of our emails, published with Eduardo’s permission.

From: Sanjana Hattotuwa  
Sent: Monday, May 19, 2008 9:31

As the BBC’s technology programme Click recently uncovered, Facebook is outrageously open to applications harvesting information that you have classified private. What is more disturbing is that an application installed on a friend’s account can remotely harvest your private data without you even having to install the same application. 

See http://www.bbcworld.com/Pages/ProgrammeFeature.aspx?id=18&FeatureID=726

and read Click’s advice on how to minimise the risk of exposing your private information here – http://www.bbcworld.com/Pages/ProgrammeFeature.aspx?id=18&FeatureID=725 

Please pass this to all your Facebook friends. 

On May 19, 2008 Eduardo Jezierski wrote:
Thanks Sanjana. One of the issues is that the security works both ways –the same way an application is deployed in another server meaning facebook cant get any insight into it is a strength , imo. For example IF someone was crazy enough to do a ‘friends nearby’ app like we did, you would know its up to the app provider (and not facebook!) to secure that info (which given FB’s risks, is a pro if you know the app provider)
Thoughts?

From: Sanjana Hattotuwa
Sent: Monday, May 19, 2008

Hi Eduardo,

Not sure I follow you.

The BBC team has clearly demonstrated that an app, once accepted, can harvest information marked private. It has also demonstrated that this same app can harvest this information from one’s friends. The exercise also brought out clearly the fact that Facebook does not and cannot guarantee that all apps that run on the platform abide by its app design / development and privacy guidelines. Their response to the BBC to me seems very complacent of a very real risk brought about by (a) technical deficiencies, for which Facebook is 100% responsible (b) the psychology of social network which leans towards maximum disclosure in an essentially insecure environment, which of course is more linked to user education.

The point is that FB as a platform is essentially insecure – see http://www.theregister.co.uk/2008/03/25/facebook_exposes_private_pics/

To submit then that an essentially insecure platform, where privacy is a big question mark, is to be used as a platform for humanitarian action, where both of these are a sine qua non, is a stretch. What do you think?

From: Eduardo Jezierski
Sent: Monday, May 23, 2008

“The BBC team has clearly demonstrated that an app, once accepted, can harvest information marked private. It has also demonstrated that this same app can harvest this information from one’s friends. The exercise also brought out clearly the fact that Facebook does not and cannot guarantee that all apps that run on the platform abide by its app design / development and privacy guidelines.”

Agreed – the information they get access to is Facebook’s details information (eg your physical address, if you put it there!) NOT THE INFORMATION MANAGED BY OTHER APPS! Because that lives in another server.

“Their response to the BBC to me seems very complacent of a very real risk brought about by (a) technical deficiencies, for which Facebook is 100% responsible (b) the psychology of social network which leans towards maximum disclosure in an essentially insecure environment, which of course is more linked to user education.”

The issue is that FB doesn’t help with the education. They should have more education of users and more ‘consequential’ feeling in the UI to allowing an app access to my details! Does ‘super poke’ require access to personal details to throw you a flying sheep? No!

The point is that FB as a platform is essentially insecure – see http://www.theregister.co.uk/2008/03/25/facebook_exposes_private_pics/
Ughhh!That’s a terrible noobie security bug. They have parts which are quite smart but got bit by this – unbelievable. Security is tougher than most people think and most app devs don’t even know threat modeling or think of threats, assets, countermeasures, attack paths, or security patterns.

“To submit then that an essentially insecure platform, where privacy is a big question mark, is to be used as a platform for humanitarian action, where both of these are a sine qua non, is a stretch. What do you think?”

I think you can build apps – secure as hell, with threat models pouring out the creators’ ears – that use FB information e.g. to figure out contact networks.- and that are not built on the FB platform. This is why social network portability is so critical to Social graphs being of any use in humanitarian world. Today not one web host can be the platform of any reasonable solution – I see twitter fireeagle facebook younameit as building blocks (and very immature ones for humanitarian action still!) I would never store anything that is sensitive and isn’t already public in FB. I would not use FB as a platform to build a humanitarian app on. I would it as an information source to such applications, a plug-in, again with all the user education AND technical testing required to make sure you can’t expose information, elevate privileges etc because of that plugin.

Anecdotally that was one of the architectural experiments of our FNB app – can we keep data separate and secure and just query FB for contact graphs. Having the FB app expose the UI was just a shortcut. We could have done it off our own servers, violating FB’s TOS by the way…

To summarize we agree on not using FB as a platform, on top of that I think FB has information to be mined that could be useful for humanitarian action.

It didn’t occur to me when I wrote it, but Eduardo makes an important point. The BBC did not prove that applications can steal data from other applications, just the general FB profile of the person who installed it and her / his friends. So each application on the FB platform is, until such time it is proven otherwise, secure. 

I wholly agree with the other points that Eduardo makes about the design and engineering considerations of the Facebook platform.

In attempting to bring humanitarians together towards that Holy Grail of a coordinated and collaborative first response, I wonder whether we need to look at social networking platforms as they exist today and create a similar yet secure architecture anew or suggest that they, in the form they are, can be leveraged for such a purpose. Or perhaps neither. Perhaps the way forward is to not get us all into a single platform, but with technologies such as Mesh4x developed by INSTEDD itself allow us to use a range of platforms as we see fit and yet exchange vital information in a timely, seamless, sustainable, device and platform independent manner.

Mesh4X

Incidentally, as noted at the beginning, it’s exactly a year since Facebook introduced its application platform to the world. Jason Kincaid at Techcrunch has a very interesting article that looks at the launch hype and the reality a year hence

ICT for Peacebuilding

Complex Political Emergencies and humanitarian aid systems design

Missing entirely in the discussions I was part of at the UN OCHA +5 Symposium and also the draft statement current on the Symposium website for public review is the manner in which complex political emergencies  (CPEs, herein used to also cover violent ethno-political conflict) influence the design and deployment of ICT support architectures and systems for humanitarian aid.

While there is a large existing corpus of literature that examine CPEs and the challenges it poses to humanitarian aid (also looking at the challenge of aid in response to the “natural” disaster in the midst of CPEs) , there is very little to my knowledge written on the manner in which ICT systems also need to respond to and be shaped by the realities of violent conflict on the ground in theatres of humanitarian aid. As I note in Humanitarian aid and peacebuilding:

In cases such as Sri Lanka and Banda Aceh, regions affected by the tsunami were also regions affected by years of violent ethno-political conflict. Without question, any humanitarian system designed to support aid work in such regions needs to be sensitive to the added complexity of ethno-political strife. This added layer of complexity cannot be ignored as it directly influences humanitarian aid decisions and actions.

and go on to note that:

One notes with interest the features in Sahana’s Missing Person’s Registry that are no doubt tremendously useful in aid deployment, but is cognisant that the same features may also be used by less savoury individuals and organisations to track information of people affected by the disaster – say for instance children who have been orphaned as easy fodder for guerilla movements. 

In another article that looks deeply at information security in humanitarian aid support systems, I aver that:

The emphasis on accountability, transparency, trust, right to information legislation, equity and holistic, inclusive frameworks I believe under gird any appreciation of information security in humanitarian aid systems. As I note in a monograph written a few weeks after the tsunami that captured InfoShare’s information architectures for the humanitarian response, the first days & weeks of the relief efforts brought to light the following information needs:

  1. Information on the type of the disaster – what a tsunami was, how it formed, the dangers of further tsunamis during the severe after shocks that continued for many days etc
  2. Information on missing persons, including foreign nationals. This included details of those internally displaced by the tsunami
  3. Information on immediate needs of survivors (shelter, food & medicine)
  4. Information of resources available to deliver aid – from 4WD vehicles, to trucks and helicopters
  5. Information of organisation to give money and donations in kind to – collection centres, bank account details, wire transfer instructions
  6. Information on contact numbers for emergency services, relief agencies, regional offices of large NGOs, country representatives of INGOs and donor agencies, number for key agencies in the UN
  7. Dissemination of requests for help, channelling aid to appropriate locations, mapping resources and taking inventories of aid received
  8. GIS data on Sri Lanka post tsunami and pre tsunami, including accurate and up-to-date maps of affected regions and satellite imagery to pin point where aid was needed in communities which had been isolated after the tsunami.
  9. Coordination of local and international volunteers involved in the relief efforts – what their skills were, where they were needed, what they were doing once assigned to a particular area
  10. News reports on key developments in the affected regions, including the details of money pledged for relief efforts and how to access this money
  11. Database of various NGOs operational after the tsunami across the affected regions who could be mobilised for aid and relief operations
  12. Information on the actual ground situation in the worst affected areas – with dysfunctional mobile communications, the national telecom provider’s PSTN infrastructure badly affected, transport infrastructure washed away, there was an urgent need to ascertain the status of survivors

As the reader will recognise, some of this information is extremely politically sensitive – that which was captured in the relief effort could be used to target communities and ethnic groups in a renewed war effort, and given the Sri Lankan’s state’s pathological inability to engage in a serious peace process, we were faced with the acute problem of having on the one hand the need to collect, store, analyse and disseminate sensitive information and on the other hand the need to maintain control of who and where this information was used.

The closest I came to discussing some of these issues was in a side meeting during the +5 Symposium with representatives from OCHA and the US State Department. In general however, the assumption seems to be that aid support systems, especially using ICT, are applicable irrespective of the timbre of social, cultural, political and religious relations present in the context of the humanitarian intervention.

This is a tremendously dangerous assumption and I hope that in the fullness of time, the larger community of humanitarian ICT systems developers take a page out of InfoShare’s experiences in this regard.

Also read: