To app or not to app? How migrants can best benefit from the use of digital tech

This post was first published on the OECD’s Development Matters site on 7th February 2022, and is reproduced here with permission and under a slightly different title

Introductory

UN agencies, donors, and civil society organisations have invested considerable time, money and effort in finding novel ways through which migrants, and especially refugees, can benefit from the use of digital technologies. Frequently this has been through the development of apps specifically designed to provide them with information, advice and support, both during the migration journey and in their destination countries. All too often, though, these initiatives have been short-lived or have failed to gain much traction. The InfoAid app, for example, launched by Migration Aid in Hungary amid considerable publicity in 2015 to make life easier for migrants travelling to Europe, posted a poignant last entry on its Facebook page in 2017: “InfoAid app for refugees is being rehauled, so no posting at the moment. Hopefully we will be back soon in a new and improved form! Thank you all for your support!”

However, new apps continue to be developed, drawing on some lessons from past experience. Among the most interesting are MigApp (followed by 93 668 people on Facebook) developed by the International Organization for Migration (IOM) as a one-stop-shop for the most up-to-date information. Another is RedSafe developed by the International Committee of the Red Cross (ICRC), which enables those affected by conflict, migration and other humanitarian crises to access the services offered by the ICRC and its partners. Other apps seek to be more local and focused, such as Shuvayatra (followed by 114 026 on Facebook), which was developed by the Asia Foundation and its partners to provide Nepali migrant labourers with the tools they need to plan a safer period of travel and work abroad.

Our work with migrants nevertheless suggests that in practice very few migrants in the 12 countries where we are active in Africa, Asia, and Latin America and the Caribbean, ever use apps specifically designed for migrants. Moreover, most of those who claim to use such apps name them as Facebook, Imo, or WhatsApp, which were never originally intended as “migrant apps”. A fine balance therefore needs to be made when developing relevant interventions in combining the professional knowledge (often top-down) of international agencies with the more bottom-up approaches that focus on the digital tech already used by migrants.

Our wider research goes on to highlight four broad areas for action to complement the plethora of activities around app development:

1. Information sharing and collaboration

First, there needs to be much more information sharing and collaboration between international organisations working in this field. While an element of competition between agencies may be seen as positive in encouraging innovation, there remains far too much overlap, duplication and reinventing the wheel. The creation of a global knowledge-sharing platform on digital tech and migration could provide a first port of call that any organisation considering developing a new initiative could go to for ideas or potential collaborative opportunities.

2. No one-size-fits-all: diversity in the use of digital tech by migrants

Second, our research has shown very clearly that use of digital tech by migrants varies considerably in different areas of the world and between different groups of migrants. There is no one-size-fits-all, and context matters. Hence, practitioners should be careful when making generalisations about how “migrants and refugees” use, or want to use, digital tech.

3. Developing digital tech with migrants not for them

Third, it is important to remember that actions and policies are much more likely to succeed if they are developed with rather than for migrants. This fundamental principle is too frequently ignored, with well-meaning “outsiders” too often seeking to develop digital interventions for migrants without fully understanding their needs and aspirations. As our own research has shown, though, it is far from easy to appreciate and understand the underlying needs that different groups of migrants prioritise and how best they can be delivered.

4. Assisting migrants to help each other in using digital tech wisely and safely

Fourth, it sadly remains as true today as it was twenty years ago that many of the poorest and most marginalised still do not know how to use digital technologies effectively, appropriately, securely and safely. Many migrants contributing to our research own a smartphone or have access to one, but frequently they only have a rudimentary knowledge of how to use it optimally. Some aspire to use digital tech to learn and acquire skills, while others wish to enhance their business opportunities; in both cases, many do not know how best to do so. Few also sufficiently appreciate the very significant security, privacy and surveillance issues associated with using digital tech. The development of basic training courses – preferably face-to-face – may be one of the best investments that can be made in assisting migrants to help themselves when using digital tech.

Looking to the future

Looking to the future, the power relationships involved in the migration process mean it is likely that migrants will become increasingly controlled and subject to surveillance through the use of digital tech. In some circumstances, it might even be wiser for migrants to avoid using any form of digital tech at all. However, there are exciting opportunities to develop novel ways through which migrants might benefit further from digital tech. One of the challenges faced by many migrants is the sadness associated with being away from family and friends. While video calls can go some way to mitigate this, new developments in haptics may soon enable us to feel someone’s touch or hug.

Likewise, inserting microchips into our bodies is becoming increasingly widespread, and in the future this practice could offer real potential for migrants for example to have their qualifications and other documents actually within their bodies, or for their families to be able to track them on the often dangerous journey to their destination. Countering this, of course, is the likelihood that most authorities would use such technologies for surveillance purposes that would threaten migrants’ privacy.

As with all digital tech, it is important to remember that it can be used to do good or to harm. Many migrants are especially vulnerable, and it is incumbent on those seeking to support them that migrants are able to make their own informed decisions on how they choose to use digital tech. Often, the best interventions might well be built around improving existing ways through which migrants use apps and other digital technologies, rather than developing entirely new solutions that may never be widely used.

---

I am particularly grateful to G. Hari Harindranath and Maria Rosa Lorini, as well as the many other people and migrants with whom we are working, for their contributions to the ongoing research practice on which this post is based.

“Reclaiming ICT4D” – in the beginning

It is always exciting submitting a book manuscript to a publisher, and today is no exception!  I have at last finished with my editing and revisions, and sent the manuscript of Reclaiming ICT4D off to Oxford University Press.  I just hope that they like it as much as I do!  It is by no means perfect, but it is what I have been wanting to write for almost a decade now.

This is how it begins – I hope you like it:

“Chapter 1

A critical reflection on ICTs and ‘Development’

This book is about the ways through which Information and Communication Technologies (ICTs) have become entwined with both the theory and the practice of ‘development’.  Its central argument is that although the design and introduction of such technologies has immense potential to do good, all too often this potential has had negative outcomes for poor and marginalized people, sometime intended but more often than not unintended.  Over the last twenty years, rather than reducing poverty, ICTs have actually increased inequality, and if ‘development’ is seen as being about the relative differences between people and between communities, then it has had an overwhelming negative impact on development.  Despite the evidence to the contrary, I nevertheless retain a deep belief in the potential for ICTs to be used to transform the lives of the world’s poorest and most marginalized for the better.  The challenge is that this requires a fundamental change in the ways that all stakeholders think about and implement ICT policies and practices.  This book is intended to convince these stakeholders of the need to change their approaches.

It has its origins in the mid-1970s, when I learnt to program in Fortran, and also had the privilege of undertaking field research in rural India.  The conjuncture of these two experiences laid the foundations for my later career, which over the last twenty years has become increasingly focused on the interface between Information and Communication Technologies (ICTs) on the one hand, and the idea of ‘development’ on the other.  The book tells personal stories and anecdotes (shown in a separate font).  It draws on large empirical data sets, but also on the personal qualitative accounts of others.  It tries to make the complex theoretical arguments upon which it is based easy to understand.  Above all, it has a practical intent in reversing the inequalities that the transformative impacts of ICTs have led to across the world.

I still remember the enjoyment, but also the frustrations, of using punch cards, with 80 columns, each of which had 12 punch locations, to write my simple programs in Fortran.  The frustration was obvious.  If you made just one tiny mistake in punching a card, the program would not run, and you would have to take your deck of cards away, make the changes, and then submit the revised deck for processing the next day.  However, there was also something exciting about doing this.  We were using machines to generate new knowledge.  They were modern.  They were the future, and we dreamt that they might be able to change the world, to make it a better place.  Furthermore, there was something very pleasing in the purity and accuracy that they required.  It was my fault if I made a mistake; the machine would always be precise and correct.  These self-same comments also apply to the use of ICTs today.  Yes, they can be frustrating, as when one’s immensely powerful laptop or mobile ‘phone crashes, or the tedium of receiving unwanted e-mails extends the working day far into time better spent doing other things, but at the same time the interface between machines and modernity conjures up a belief that we can use them to do great things – such as reducing poverty.

Figure 1.1 Modernity and the machine: Cambridge University Computer Laboratory in the early 1970s.

Source: University of Cambridge Computer Laboratory (1999)

In 1976 and 1977 I had the immense privilege of undertaking field research in the Singbhum District of what was then South Bihar, now Jharkhand, with an amazing Indian scholar, Sudhir Wanmali, who was undertaking his PhD about the ‘hats’, or periodic markets, where rural trade and exchange occurred in different places on each day of the week (Figure 1.2).  Being ‘in the field’ with him taught me so much: the haze and smell of the woodsmoke in the evenings; the intense colours of rural India; the rice beer served in leaf cups at the edges of the markets towards the end of the day; the palpable tensions caused by the ongoing Naxalite rising (Singh, 1995); the profits made by mainly Muslim traders from the labour of Adivasi, tribal villagers, in the beautiful forests and fields of Singbhum; the creaking oxcarts; and the wonderful names of the towns and villages such as Hat Gamharia, Chakradharpur, Jagannathpur, and Sonua.  Most of all, though, it taught me that ‘development’ had something powerful to do with inequality.  I still vividly recall seeing rich people picnicking in the lush green gardens of the steel town of Jamshedpur nearby, coming in their smart cars from their plush houses, and then a short distance away watching and smelling blind beggars shuffling along the streets in the hope of receiving some pittance to appease their hunger.  The ever so smart, neatly pressed, clothes of the urban elite at the weekends contrasted markedly with the mainly white saris, trimmed with bright colours, that scarcely covered the frail bodies of the old rural women in the villages where we worked during the week.  Any development that would take place here had to be about reducing the inequalities that existed between these two different worlds within the world of South Bihar.  This made me look at my own country, at the rich countries of Europe, and it made me all the more aware of two things: not only that inequality and poverty were also in the midst of our rich societies; but also that the connections between different countries in the world had something to do with the depth of poverty, however defined, in places such as the village of Sonua, or the town of Ranchi in South Bihar.

Figure 1.2: hat, or rural periodic market at Hat Gamharia, in what was then South Bihar, 1977 Source: Author

            Between the mid-1970s and the mid-2010s my interests in ICTs, on the one hand, and ‘development’ on the other, have increasingly fascinated and preoccupied me.  This book is about that fascination.  It shares stories about how they are connected, how they impinge on and shape each other.  I have been fortunate to have been involved in many initiatives that have sought to involve ICTs in various aspects of ‘development’.  In the first instance, my love of computing and engineering, even though I am a geographer, has always led me to explore the latest technological developments, from electronic typewriters that could store a limited number of words, through the first Apple computers, to the Acorn BBC micro school and home computer launched in 1981, using its Basic BASIC programming language, and now more recently to the use of mobile ‘phones for development.  I was fascinated by the potential for computers to be used in schools and universities, and I learnt much from being involved with the innovative Computers in Teaching initiative Centre for Geography in the 1990s (see Unwin and Maguire, 1990).  During the 2000s, I then had the privilege of leading two challenging international initiatives that built on these experiences.  First, between 2001 and 2004 I led the UK Prime Minister’s Imfundo: Partnership for IT in Education initiative, based within the Department for International Development (UK Government Web Archive 2007), which created a partnership of some 40 governments, private sector and civil society organisations committed to using ICTs to enhance the quality and quantity of education in Africa, particularly in Kenya, South Africa and Ghana.  Then in the latter 2000s, I led the World Economic Forum’s Partnerships for Education initiative with UNESCO, which sought to draw out and extend the experiences gained through the Forum’s Global Education Initiative’s work on creating ICT-based educational partnerships in Jordan, Egypt, Rajasthan and Palestine (Unwin and Wong, 2012).  Meanwhile, between these I created the ICT4D (ICT for Development) Collective, based primarily at Royal Holloway, University of London, which was specifically designed to encourage the highest possible quality of research in support of the poorest and most marginalized.  Typical of the work we encouraged was another partnership-based initiative, this time to develop collaborative research and teaching in European and African universities both on and through the use of ICTs.  More recently, between 2011 and 2015 I had the privilege of being Secretary General of the Commonwealth Telecommunications Organisation, which is the membership organisation of governments and people in the 53 countries of the Commonwealth, enhancing the use of ICTs for development.

Two things have been central to all of these initiatives: first a passionate belief in the practical role of academics and universities in the societies of which they are a part, at all scales from the local to the international; and second, recognition of the need for governments, the private sector and civil society to work collaboratively together in partnerships to help deliver effective development impacts.  The first of these builds fundamentally on the notion of Critical Theory developed by the Frankfurt School (Held, 1980), and particularly the work of Jürgen Habermas (1974, 1978) concerning the notion of knowledge constitutive interests and the complex inter-relationships between theory and practice.  The next section therefore explores why this book explicitly draws on Critical Theory in seeking to understand the complex role and potential of ICTs in and for development.  Section 1.2 thereafter then draws on the account above about rural life in India in the 1970s to explore in further detail some of the many ways in which the term ‘development’ has been, and indeed still is, used in association with technology.”

ICTs and ecosystems

As a young geographer, I had the privilege of learning from the extraordinary David Stoddart, and can never forget reading the numerous books and papers on small island ecosystems that he recommended to us in the mid-1970s – and being jealous that he was able to be doing research on beautiful far-away places such as Aldabra!  Likewise, Richard Chorley and Barbara Kennedy’s Physical Geography: a Systems Approach was required reading on several courses.  Although not quite as inspirational as David Stoddart’s physical presence,  I recall being enthused by this book to go back and read some of Ludwig von Bertalanffy’s work on General Systems Theory, and struggling to balance this with my own increasing interest in structuralism and Marxist theory.

Hence, I have always adopted a principled and historical understanding of the origins and development of the systems approach in academic discourse.  This has made me ever more infuriated by the irritating, and quite simply inappropriate, usage of the word “ecosystem” by so many people, particularly in the business sector, who persist in using the word ecosystem to describe the system of digital technologies, ICTs and telecommunications.  Better argued than most is the use of the word “ecosystem”, for example, in Martin Fransman’s The New ICT Ecosystem (Cambridge University Press, 2010), but it remains fundamentally misguided, and little is gained by adding the “eco” to the “system”!  Despite my constant pleading that such usage is quite simply wrong, and corrupts the meaning of the word “ecosystem”, I have never made headway on this, and so want to try to capture here the basis for my critique.

There are two main reasons why I am so offended by the usage of the word “ecosystem” to refer to digital ICT systems:

• First, the word “ecosystem” is fundamentally a biological concept, and refers to the interaction between organisms and the physical environment in which they live.  The term originated in the early 1930s in the work of Arthur Roy Clapham and was made popular through the writings of the ecologist Arthur Tansley, who particularly emphasised the flows of materials between organisms and the environment.  As an ecological term, it is the “eco” that differentiates “ecosystems” from any other kind of system (the notion of “eco” being derived from the ancient Greek οἶκος meaning “house” or “dwelling”).  I absolutely agree that the context of ICTs is complex and that a systems approach can be of help in understanding and describing it, but I simply cannot see what value there is in adding the fundamentally “biological” attribute implied by the addition of “eco”.  Moreover, the physical, technical character of most ICTs is so fundamentally non-biological, that it seems even more inappropriate to keep using this term.  To be sure there is  exciting work going on at the interface between biological humans and non-biological machines, but this is rather different from the ways in which the word “ecosystem” is traditionally used in the ICT sector.
• Second, and linked to the above, the advent of ICTs has itself actually had huge, and often very negative, implications for the environment, and thus for the very essence of  the “eco” that lies at the heart of the meaning of “ecosystem”. It is great that certain technology companies and organisations are now beginning to take a more environmentally responsible attitude to the environmental implications of their work.  The GSMA for example has placed great emphasis on trying to ensure that its annual Mobile World Congress in Barcelona is carbon neutral.  Likewise, since 2009 Apple has placed considerable emphasis on environmental agendas, including environmental footprint, renewable energy and product reports.  However, many of the reports on the benefits of ICTs and telecommunications in terms of reducing human impacts on the environment are only partial, and vastly overstate the beneficial aspects of ICT use for the environment.  Again, there are interesting initiatives in this area, as for example with Ericsson’s environmental programme, or the ITU’s environment and climate change work.  However, insufficient research of rigorous quality has yet been done in this area, and the impact of ICTs is such that it seems fundamentally inappropriate to use any word that seeks to impute some kind of positive biological linkage.

So, can people please stop using the word ecosystem to refer to the field of ICTs and telecommunications.  The word “system” alone seems just fine to describe the complex interrelationships and flows of energy between components in whatever integral whole those working in the ICT field want to talk about!

ICT4D Collective and Centre recognised as world’s 10th top science and technology think tank

I am deeply humbled that the ICT4D Collective and Research Centre that we tentatively created at Royal Holloway, University of London, back in 2004 has just been recognised as the world’s 10th top Science and Technology Think Tank in the 2012 Global GoTo Think Tank Report launched at the World Bank and the United Nations in New York last week.  This accolade is all the more special because the ranking is based very largely on peer review, and therefore reflects the opinions of many people in the field who I respect enormously.  More than 1950 experts and peer institutions participated in the ranking process for the report which was produced by the Think Tanks and Civil Societies Program at the University of Pennsylvania.

The Collective was established above all else to bring together colleagues who are committed to undertaking the highest possible quality of research in the interests primarily of poor people and marginalised communities.  Its work is premised on the assumption that ICTs can indeed be used to support poor people, but that we need to work tirelessly to overcome the obstacles that prevent this happening.

In 2007, we were delighted that the Collective and Centre was given the status of the UNESCO Chair in ICT4D, and although I am now only an Emeritus Professor at Royal Holloway, I am very privileged that for the time being I retain this title while also serving as Secretary General of the Commonwealth Telecommunications Organisation.  It is great to be able to draw on my past research and teaching experience in this new role, to help governments across the Commonwealth use ICTs effectively and appropriately for their development agendas.

Then, in 2009 Royal Holloway, University of London, formalised the position of the ICT4D Collective by creating a new multidisciplinary research centre on ICT4D, that brought together expertise primarily from the schools and departments of Geography, Computer Science, Management and Mathematics (Information Security), with contributions also from colleagues in Earth Sciences, Politics and International Relations, and Information Services.  This provides really excellent opportunities to develop new research at the exciting boundaries between disciplines.

Over the eight years of the existence of the ICT4D Collective, we have focused on a wide range of activities, but have particularly sought to serve the wider interests of all researchers and practitioners working in the field of ICT4D.  We were thus delighted to host the 2010 ICTD conference, which brought more than 500 colleagues to our campus, and we were immensely grateful to the generous sponsorship from global institutions that enabled us to provide scholarships for people to attend from across the world (pictured above).  We have also focused much attention on supporting doctoral researchers, and it is excellent to see them now flourishing in their subsequent careers.

Most recently, under new leadership, the Centre is continuing to thrive, and has launched an exciting ICT4D strand within its established Master’s programme on Practising Sustainable Development.  In 2012, a Branch of the UNESCO Chair in ICT4D was also established at Lanzhou University in China, reflecting the growing collaboration between our two institutions, and recognising the huge importance that China is increasingly playing not only in terms of the practical implementation of ICT initiatives, but also into research in this area.

A huge thank you to all who suggested that the ICT4D Collective and Centre should be recognised in this way.  It is a massive spur to us all to keep up the work that we have been doing, and to share it more effectively with all those interested in, and committed to, using ICTs to support poor people and marginalised communities.

The top 20 ranking of Think Tanks in Science and Technology from the 2012 Global GoTo Think Tank Report is given below:

1. MIT Science, Technology, and Society Program (STS) (United States)
2. Max Planck Institute (Germany)
3. RAND Corporation (United States)
4. Center for Development Research (ZEF) (Germany )
5. Information and Technology and Innovation Foundation (ITIF) (United States)
6. Battelle Memorial Institute (United States)
7. Technology, Entertainment, Design (TED) (United States)
8. Institute for Future Technology (IFTECH) (Japan)
9. Consortium for Science, Policy, and Outcomes (CSPO) (United States)
10. Information and Communication Technologies for Development (ICT4D) (United Kingdom)
11. Science and Technology Policy Research (SPRU) (United Kingdom)
12. Institute for Basic Research (IBR) (United States)
13. Council for Scientific and Industrial Research (CSIR) (South Africa)
14. African Technology Policy Studies Network (ATPS) (Kenya)
15. Bertelsmann Foundation (Germany)
16. International Institute for Applied Systems Analysis (IIASA) (Austria)
17. Energy and Resources Institute (India)
18. The Energy and Resources Institute (TERI) (India)
19. Santa Fe Institute (SFI) (United States)
20. African Center for Technology Studies (ACTS) (Kenya)

Passwords, PIN numbers and cybersecurity

Ever since one of my websites was hacked a few months ago, I have taken a much more personal interest in issues of cybersecurity.  Whilst I have spoken and written many times on the subject, it is only when things really affect you in a personal way that you begin to gain different understandings of the issues.  It represents a shift from a theoretical understanding to a practical one!

I thought I knew most of the various recommendations concerning password and PIN security, and that I had indeed followed them.  However, no digital system is ever completely secure, and the level of sophistication now being used by those intent on stealing identity data, particularly with respect to banking information, is becoming very much more sophisticated.

There are many well known organisations providing advice and recommendations, such as Sophos, Symantec and Kaspersky Lab, but there are rather few places where all of this information is brought together in a single place.  The level of insecurity, and the apparent disinterest among vast numbers of people in doing much about their digital security is not only surprising, but is also deeply concerning.  So, in this posting, I have tried to bring together some of the more interesting observations that have recently been made about passwords and PIN numbers, in order to try to persuade people to take action on this really rather important topic!

Most popular PIN codes and iPhone passcodes
There are numerous articles on the most popular PIN codes – in other words the ones that no-one should actually use! One of the best is Daniel Amitay‘s experiment, where he used Big Brother’s passcode set up screen as a surrogate to estimate iPhone passcode usage, and discovered that the top ten codes listed below represented 15% of all passcodes used:

1. 1234
2. 0000
3. 2580
4. 1111
5. 5555
6. 5683
7. 0852
8. 2222
9. 1212
10. 1998

None of these are surprising, given that they represent easily remembered structures around the keypad. The passcode 1998 features because it is a year of birth and as Amitay goes on to point out other birth years also feature highly among passwords.

What is perhaps even more worrying is that research by Sophos in 2011 suggested that 67% of consumers do not even use any passcode on their ‘phones, so that a passer-by can access all of the information on the ‘phone without even having to bother to hack the code.

Four digit codes are also commonly used by banks to enable customers to access money through cashpoint machines (ATMs).  Research summarised by Chris Taylor (on Mashable) notes that 27% of people use one of the top 20 PINs for their banking, with the most popular number (1234) being used by a massive 11%.  The top 20 PIN codes he lists are as follows:

1. 1234 (10.7%)
2. 1111 (6.0%)
3. 0000 (1.9%)
4. 1212 (1.2%)
5. 7777 (0.7%)
6. 1004 (0.6%)
7. 2000 (0.6%)
8. 4444 (0.5%)
9. 2222 (0.5%)
10. 6969 (0.5%)
11. 9999 (o.5%)
12. 3333 (0.4%)
13. 5555 (0.4%)
14. 6666 (0.4%)
15. 1122 (0.4%)
16. 1313 (0.3%)
17. 8888 (0.3%)
18. 4321 (0.3%)
19. 2001 (0.3%)
20. 1010 (0.3%)

Chris Taylor goes on to comment that although there are 10,000 possible combinations of four digits, 50% of people use the most popular 426 codes!  As he says, “Pick up an ATM card on the street, and you have a 1 in 5 chance of unlocking its cash by entering just five PINs. That’s the kind of Russian Roulette that’s going to be attractive to any casual thief”.

There is therefore  really quite a high probability that even without watching someone enter their PIN number and then stealing the card, or using sophisticated technology to ‘crack’ someone’s PIN code, criminals would have a pretty good chance of accessing someone’s bank account just by using the most popular codes above.  The implication for users is clear: use a PIN code that is not among the most common!

Passwords
The situation is scarcely better with passwords that people use for their online digital activities. Numerous surveys have all pointed to the same conclusion, that a very small number of passwords continue to be used by large numbers of people.  These change a bit over time, and vary depending on cultural context and country, but the message is clear.  Even without sophisticated programmes to crack passwords, those wishing to access personal information can achieve remarkable success just by trying to use the most common passwords!  The most common passwords, in other words those to be avoided, are listed below:

	Splashdata 2012	Sophos Naked Security 2010, based on leaked Gawker Media passwords
1	password	123456
2	123456	Password
3	12345678	12345678
4	abc123	lifehack
5	qwerty	qwerty
6	monkey	abc123
7	letmein	111111
8	dragon	monkey
9	111111	consumer
10	baseball	12345
11	iloveyou	0
12	trustno1	letmein
13	1234567	trustno1
14	sunshine	Dragon
15	master	1234567
16	123123	baseball
17	welcome	superman
18	shadow	iloveyou
19	ashley	gizmodo
20	football	sunshine
21	jesus	1234
22	michael	princess
23	ninja	starwars
24	mustang	whatever
25	password1	shadow

A slightly more sophisticated approach is that adopted by those wishing to break into networks by testing them automatically against a much larger number of different passwords.  One of the best publicised accounts of this was the Conficker worm, which used the passwords in the chart below to try to access accounts (Sophos, 2009):

Again, this clearly indicates that considerable care needs to be taken in choosing passwords, and ensuring that they are at the very least more complex than those listed above.

Tips to reduce the risk of fraud through mobile devices and digital technologies
Much has been written about sensible advice for reducing the risk of fraud through mobile passcodes, banking PINs and online login passwords.  Such tips will never eliminate really determined people from hacking into your identity, but a few simple steps can at least make it more difficult for the less determined.  These include:

• Always secure your ‘phone with a PIN code, or better still a password (iPhone users can do this simply in Settings>General>Passcode Lock).  This will help to prevent all of your contacts, photos, e-mails and other personal information being accessed immediately by anyone who picks up your ‘phone.
• Reduce the time before your ‘phone automatically locks so that it is as short as possible, preferably no more than a minute
• Always use complex passwords, that preferably include lower case and upper case letters, numbers and special characters
• Use passwords that are at least 8 characters and preferably more than 12 characters in length
• Frequently change your passwords at random intervals, so that possible hackers are unaware when to expect changes
• Use different passwords for different accounts, so that if one password is ‘broken’ this will not permit access to your other accounts
• Think about using a service that tests the strength of a proposed password (such as The Password Meter, Microsoft’s password checker, or Rumkin’s strength test) – for the hyper-security-conscious person, it is probably best to do this from a computer other than your own!
• Never, under any circumstances give your passwords or PIN codes to other people

Ultimately, passwords and PIN numbers are just part of a wider defence needed against digital theft.  Human action, be it using the ‘phone in an unsafe public place or unfortunately responding to a phishing attack, is still the cause of much digital grief.  As I write, Sophos has just for example reported a phishing attack through a security breach on the Ethiopian Red Cross Society’s website purporting to be a Google Docs login page.

If the worst happens, and you do lose a ‘phone there are at least two important things to do:

• Ensure you have software on the ‘phone that can enable you to track it (as with the Find My iPhone app, or for Android ‘phones there are apps such as Sophos’ Mobile Security app)
• If there is no chance of getting the ‘phone back, then remotely delete all of its content as swiftly as possible, remembering that if it has been backed up on a laptop or cloud facility, then all of the data can be restored at a later date.

Working together, and sharing good practices in personal digital security we can do much to help reduce digital identity theft.

Google admits that its Street View cars collected WiFi information

The Guardian newspaper reported yesterday that “Google has been accidentally gathering extracts of personal web activity from domestic wifi networks through the Street View cars it has used since 2007”.

Can anyone really believe that Google did this by accident? The ‘discovery’ was made because Germany’s data protection authority demanded an audit of Google’s data. As the Guardian report continued “As well as systematically photographing streets and gathering 3D images of cities and towns around the world, Google’s Street View cars are fitted with antennas that scan local wifi networks and use the data for its location services”.

This is a clear invasion of privacy, and is absolutely typical of Google’s cavalier attitude towards the ways in which ICTs have transformed our approaches to what can be deemed ‘public’ and ‘private’ information.

Google’s blog on the 14th May, included a statement by Alan Eustace, Senior VP, Engineering & Research who commented that “Nine days ago the data protection authority (DPA) in Hamburg, Germany asked to audit the WiFi data that our Street View cars collect for use in location-based products like Google Maps for mobile, which enables people to find local restaurants or get directions. His request prompted us to re-examine everything we have been collecting, and during our review we discovered that a statement made in a blog post on April 27 was incorrect. In that blog post, and in a technical note sent to data protection authorities the same day, we said that while Google did collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars, we did not collect payload data (information sent over the network). But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products”.

Google went on to say that this was quite simply a mistake: “So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data”.

The point is that mistakes do happen; no digital system is entirely secure.  This is one of the reasons why they should not be collecting such data in the first place!  If they make mistakes such as this, how can anyone believe them when they say that they are not using the data?  They use all other data that they collect, such as information from searches on Google, and the e-mails people send using Google mail!

Eustace concluded by saying what Google would do about this incident: “Maintaining people’s trust is crucial to everything we do, and in this case we fell short. So we will be:

• Asking a third party to review the software at issue, how it worked and what data it gathered, as well as to confirm that we deleted the data appropriately; and
• Internally reviewing our procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future…

The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake”.

Google have not had my trust for a very long time.  Yes, they have a great search engine – but they should stick to that, and stop “ogling” at us in other ways!

It is also a timely reminder for those who do not protect their WiFi networks, that they should indeed do so with robust passwords!

Other reports on this announcement include:

• Times online
• v3.co.uk

OLPC and the East African Community

A report today by the BBC highlights that a new partnership has been established between One Laptop per Child (OLPC) and the East African Community (EAC) to deliver 30 million laptops in the region by 2015.  As the report goes on to say, the EAC first needs to raise cash for the laptops!  It also comments that “OLPC has had difficulty selling its computers and its alternative vision of education around the world”.

I find such announcements hugely worrying. There have been sufficient critiques published on the OLPC model for governments, donors, and all those involved in education to be aware of the fundamental difficulties associated with its roll out (see for example Bob Kozma‘s comments in 2007, David Hollow‘s 2009 account of their introduction in Ethiopia, Scott Kipp‘s comments in 2009, and Ivan Krstic’s devastating critique of the concept and its implementation at the UOC UNESCO Chair in e-Learning Fifth International Seminar in 2008).

Let me here highlight what I see as being some of the most important issues:

1. Cost – 30 million laptops at $200 each amounts to $6,000 million.  Might this money not be more effectively spent in other ways, such as providing teachers in East Africa with better training, or even simply remunerating them better so that they do not have to do several jobs at once in order to support their families?
2. Pedagogic model – is there one? OLPC has claimed to be an educational initiative, but a fundamental problem with most OLPC roll outs has been that they have not been integrated into the existing educational structures.  In the worst instances, the laptops have been given to children but not to their teachers.  The tensions that this causes are immense.
3. Lack of Content – the OLPC vision is  “To create educational opportunities for the world’s poorest children by providing each child with a rugged, low-cost, low-power, connected laptop with content and software designed for collaborative, joyful, self-empowered learning”. The problem is that there is very little available learning content suitably designed and integrated with the curricula in the countries where the laptops are being introduced.  Simply expecting young people to be able to learn by connecting to the internet is like throwing someone into the sea and expecting them to swim.
4. Monitoring and Evaluation – there have been too few rigorous monitoring and evaluation studies to be able to say with any certainty what the impact of these computers might be in Africa.  Surely, we should undertake high quality studies of the educational impact before spending such huge amounts of money on rolling them out?
5. Who gets them? This is a real issue.  In many instances, the choice about where the computers are given reflects social, economic and political interests.  The sampling strategy for the roll outs needs to be thought through extremely carefully, and not just left to some enthusiastic youth volunteers (as in the OLPCorps programme – the selection of participants for which is itself highly problematic and controversial). If XO computers do have a beneficial effect, then why should only some young people (in most cases those who are already privileged in some way) benefit from them?  Will they go to the poorest and most marginalised, those who most need help in isolated rural areas?  Ethiopia alone has an estimated 9 million children out of school.  Will they receive laptops?
6. External technology-led initiatives – most of the evidence suggests that top-down, externally-driven and technology-led initiatives are much less successful than initiatives that are explicitly designed and tailored to the needs and aspirations of the people for whom they are intended.  It is crucial that we begin with the educational needs of people in East Africa, and then identify the most cost-effective way of delivering on them. As Bob Kozma says, “Is this an education project or merely a laptop project?”.
7. Sustainability – what happens when the first batch of computers breaks down, or becomes outdated?  Let’s be generous, and estimate that each might last five years.  Can East Africa afford another $6,000 million in five years time?  What will happen to the debris of the old computers?  How will their materials be recycled, or will they just be dumped?
8. The technology?  There are some great things about the technical achievements in creating the OLPC XO laptops – but anecdotal evidence suggests that actually it is not quite as good and effective as is often claimed.  In particular, there have been numerous issues with the mesh networking and connectivity when actually rolled out into the rural village conditions of Africa.

So, I ask again, why does there remain such euphoria about the OLPC initiative?  Surely, the East African Community has better things to spend its money on?  If only it could find the funds to support good education effectively, that would be a start! Nicholas Negroponte is a charismatic and enthusiastic champion of OLPC, but is it not time that he recognises that his vision is fundamentally flawed? African governments have better things to do than to be beguiled into spending their limited resources on such a delusional concept.

25 years of PowerPoint

For some excellent advice on how not to use PowerPoint, see Max Atkinson’s recent article ‘celebrating’ 25 years of PowerPoint in the BBC’s online magazine.  It contains some great tips!

The BBC magazine also has a  selection of amusing PowerPoint experiences – 10 good ones, and ten bad!

Born on the 14th if August 1984, PowerPoint is still going strong – quite a testimony to the way our lives have been transformed by computer technologies.

Freedom on the Net

For those who may not have read it yet, Freedom House’s publication entitled Freedom on the Net: a Global Assessment of Internet and Digital Media and published in April 2009, provides a very valuable assessment of the balance of interests in the spread of the Internet and mobile telephony across the world.

As Freedom House’s blurb says, “As internet and mobile phone use explodes worldwide, governments are adopting new and multiple means for controlling these technologies that go far beyond technical filtering. Freedom on the Net provides a comprehensive look at these emerging tactics, raising concern over trends such as the “outsourcing of censorship” to private companies, the use of surveillance and the manipulation of online conversations by undercover agents. The study covers both repressive countries such as China and Iran and democratic ones such as India and the United Kingdom, finding some degree of internet censorship and control in all 15 nations studied.”

The overview essay by Karin Deutsch Karlekar and Sarah G. Cook argues that there is a growing diversity of threats to internet freedom and that governments have responded to the spread of new media by introducing new measures to control, regulate and censor content.  As they conclude “In a fast-changing digital world, vigilance is required if we are to ensure continued freedom on the net.”

Is the UK becoming a police state?

The Sunday Times published a front page report today noting that: ‘THE government is building a secret database to track and hold the international travel records of all 60m Britons. The intelligence centre will store names, addresses, telephone numbers, seat reservations, travel itineraries and credit card details for all 250m passenger movements in and out of the UK each year. The computerised pattern of every individual’s travel history will be stored for up to 10 years, the Home Office admits. The government says the new database, to be housed in an industrial estate in Wythenshawe, near Manchester, is essential in the fight against crime, illegal immigration and terrorism. However, opposition MPs, privacy campaigners and some government officials fear it is a significant step towards a total surveillance society.’

This is yet another example of the ways in which the state is using technology to gain unprecedented information about its citizens.  What right does it have to do so?

Even those who believe that the state can legitimately gather such information should be careful –  given the dismal failure of the state so far to keep such information from being ‘lost’ or ‘falling into the wrong hands’, what reassurances do we have that these data will be secure?

We need to encourgae a vigorous and participatory debate about these issues.