Monday, December 18, 2017

Digital Commerce by Diplo Foundation

I am thankful to DiploFoundation CUTS International Geneva, Geneva Internet Platform, and United Nations Conference on Trade and Development (UNCTAD) for giving me the opportunity to participate in this very important course on digital commerce helping me gain the practical skills and information required to discuss emerging digital policy issues such as cross-border data flows, data localisation, cybersecurity, consumer protection and the implications of emerging technologies for digital trade.

Sunday, December 17, 2017

Startups in Pakistan May Not Reach Customers in U.S without Net Neutrality

Federal Communications Commission (FCC) of U.S has repealed Net neutrality by a 3-2 vote. Net Neutrality prevented Internet Service Providers (ISPs) from blocking and throttling traffic and offering paid fast lanes.

Balochistan Voices talked to Arzak Khan, Founder and Director of Internet Policy Observatory Pakistan (IPOP), about the implications of Net Neutrality for Pakistan.

He explained that Net Neutrality is the basic principle which ensures that internet service providers or telecoms treat all data on the internet in same without any discrimination on the basis of speed, pricing or platform.

“The best way to explain net neutrality in Pakistani context is that ISP should not be able to block or throttle speeds of websites or platforms like Facebook, Daraz or Whatsapp in return for charging consumers or content providers for more money. This way, startups in Pakistan and other countries can compete with big Internet giants like Facebook, Twitter, and Google,” added Mr. Khan.

The issue of net neutrality is very important for internet uses in Pakistan, as existing telecommunications law in the country, while prohibiting “unjust discrimination” by ISPs, does not effectively enforce Net Neutrality.

Criticizing the Internet regulation laws in Pakistan he said that the existing laws do not sufficiently prevent the possibility of ISPs offering tiered services to content providers, there by turning the internet into a two-tiered network on which corporate content is prioritized over other content.

He believes that the dismantling of net neutrality rules in the US will bring big changes for how customers access the internet not just only in the US but globally as well. “Local startups in Pakistan that have the potential to become the next Facebook or Google may not be able to reach customers in the US, if an ISP decides to block them or charge them extra.”

One of the more worrying scenarios in the post net neutrality arena is the desire for paid prioritization by broadband service providers. Broadband companies will have the legalized advantage to ask IOT service providers to pay big bucks to ensure that their content reaches customers without any interferences.

Founder of IPOP said that In Pakistan telecom providers like Telenor, Ufone, Zong are already violating net neutrality rules by providing limited access to selected platforms like Whatsapp and Facebook to people with scarcer economic resources. “We need to understand that internet’s success is due to its openness, equality of opportunity and innovation.”

Mr. Khan claimed that IPOP has been urging the government and Pakistan Telecommunication Authority (PTA) to create news laws that address the issues of net neutrality as existing telecom law do not have the necessary basic protection for internet users in Pakistan. Delaying legislation on Net Neutrality in Pakistan will greatly risk the development of internet in Pakistan.

Thursday, November 9, 2017

Saipov, ISIS and Growing Violent Online Extremism in Pakistan

ISIS and similar terrorist organizations have been using social media for spreading radical propaganda online. The trove of ISIS images and videos found on the cell phone of New York City terror suspect Sayfullo Saipov once again demonstrated the ubiquity of online radicalizing materials and the ongoing unwillingness of governments and tech companies to take necessary steps to address the alarming issue. 

According to forensic evidence obtained from Saipov's cell phone by law enforcement officials it contained more than 4,000 extremists images and around 90 terror related videos, many of which contained propoganda material such as ISIS fighters killing innocent prisoners and running over them with a tank or making kids slaughter foreign spies. 

The murders in New York are the continuation of a sad series of tragedies fueled by the presence of violent extremist content online that has been radicalizing youth in countries like Syria, Iraq, Afghanistan and Pakistan. 

The government believes that in the interest of public safety, it is important that tech companies like Whatsapp, Telegram, Facebook, YouTube, Google and many others should be held accountable of misuse of their platforms and should be blocked as they are siding with terror organizations by facilitating them in spreading propoganda under the guise of freedom of expression. They are also of the view that Tech companies soaring profits should be utilized to address the issue and they need to do more to counter the menace. Facebook’s profits climbed 79 percent year-over-year to $4.7 billion and they should be spending some of the millions to counter the negative use of its platform.

On the other hand tech companies are of the view that they are doing everything in their power to counter the meance from deploying AI monitoring system for detecting violent content towards manually documenting and sharing information with law enforcement agencies for surging the presence of extremist and terrorist materials online. 

Pakistan has been at the forefront of war against extremists and has resorted to the policy of blocking URLs for the permanent removal of violent and dangerous extremist content. The success of the approach is itself questionable given it has hardly been able to control the spreading of propaganda online. Further this approach has also faced criticism from rights advocates and human rights organization as a tool to crack hard on dissent in Balochistan and KPK. 

Given the complex nature of cyber propaganda the government needs to change its approach and involve tech companies and rights organizations in adopting 21cn strategies to counter radical extremists content online. Killing the messenger has been an ineffective strategy to counter the growing menace. Unless, a long term strategy is not adopted online extremism and radicalization of youth on the internet is set to grow in Pakistan at an alarming rate. 

Wednesday, November 1, 2017

Tips for Protecting Critical Infrastructure

Most of our Nation’s critical infrastructure now runs on the Internet. The systems that enable us to live our daily lives starting from the information systems, financial institutions, transportation systems, and more are all dependent upon a digital ecosystem. As cyber breaches continue to rise in frequency and scale, it is critical for all Pakistanis to understand their role and take steps to protect our critical national infrastructures.

Every day people connect to critical infrastructures without even realizing it from their smart phones, tablets, and computers. Here are three ways to do your part in helping secure our critical infrastructure by protecting your devices that connect to critical infrastructure systems and practicing safe online habits. 

Keep a clean machine. 
Keep the security software, operating system, and web browser on your devices updated. Keeping the software on your devices up to date will prevent attackers from being able to take advantage of known vulnerabilities.

Enable stronger authentication. 
Always enable stronger authentication for an extra layer of security beyond the password that is available on most major email, social media and financial accounts. Stronger authentication (e.g., multi-factor authentication that can use a one-time code texted to a mobile device) helps verify that a user has authorized access to an online account. 

When in doubt, throw it out. 
Links in email and online posts are often the way cyber criminals compromise your mobile devices. If it looks suspicious even if you know the source it’s best to delete or, if appropriate, mark it as ”junk email.” 

Make your passwords long & strong. Use complex passwords with a combination of numbers, symbols, and letters. Use unique passwords for different accounts. 

Secure your Wi-Fi network. Your home’s wireless router is the gateway entrance for cybercriminals to access all of your connected devices. Secure your Wi-Fi network, and your digital devices, by changing the factory-set default password and username.

Friday, October 27, 2017

Contribution to the IGF Best Practice Forum on Cyber Security

On 15 August 2017, the BPF on Cybersecurity issued a public call for inputs through the IGF‘s mailing lists and through invitations to organizations and individuals with cybersecurity expertise.

Below is my Contribution to the IGF Best Practice Forum on Cyber Security.

How does good cybersecurity contribute to the growth of and trust in ICTs and Internet Technologies, and their ability to support the Sustainable Development Goals (SDGs)?

Cybersecurity is one of the corner stones of modern information communication technologies and their ability to contribute economic and social development is unmatched. A culture of good cybersecurity helps to build trust in the digital environment, enabling economic growth, social inclusion, and innovation. As ICTs and internet technologies increasingly become essential to everyday life in developing countries, its security is becoming more of an international development issue. Effective use of technology is critical to realization of many of the Sustainable Development Goals. Recent research at the observatory has shown that lack of trust in internet technologies has resulted in reduction of adoption of ICTs. Following are some examples where good cybersecurity can help building trust and further SDGs.

Develop industry, innovation, and infrastructure (SDG 9): Good cybersecurity can increase the availability and management of internet infrastructure, leading to the increase in agricultural and business productivity, innovation and development.

Achieve gender equality and empower all women and girls (SDG 5): Cybersecurity capacity building on staying safe online for women and girls can boost technology adoption and empower women to achieve SDGs.

How does poor cybersecurity hinder the growth of and trust in ICTs and Internet Technologies, and their ability to support the Sustainable Development Goals (SDGs)?

The role of Information and Communication Technologies as a key driver of sustainable development is evident from the fact that 95 per cent of the global population is now covered by a mobile cellular signal. However, poor cybersecurity and vulnerability of infrastructure can thwart the growth and trust in ICTs and internet technologies for Sustainable Development. The recent breaches and hacks at global level has again highlighted the critical importance of the issue and the role global community needs to play in ensuring that trust is reinforced in this wonderful technology by adopting mutual frameworks and agreements that can curb poor cybersecurity. Cyber hacks and breaches break the trust of businesses online which has a direct impact on productivity and economic growth in developing countries where more and more enterprises are adopting this technology for delivery of goods and services.

Assessment of the CENB Phase II policy recommendations identified a few clear threats. Do you see particular policy options to help address, with particular attention to the multistakeholder environment, the following cybersecurity challenges:

Denial of Service attacks and other cybersecurity issues that impact the reliability and access to Internet services

The coming of new age IOT devices with internet access, massive adoption of pirated/cracked software’s and underestimation of the importance of anti-malware protections are contributing to the spread of bots and increasing the risks of DDoS attacks. The cyber gangs involved in developing DDoS botnets are increasingly investing heavily in creating botnets of network devices such as routers and dsl modems in developing countries. These impact the reliability and access to internet services in developing communities which directly impact on achieving Sustainable Development Goals. Developing countries need to play their role and ensure that networks are monitored for such attacks on critical national infrastructure and setup a global rapid response team to mitigate such attacks.

Security of mobile devices, which are the vehicle of Internet growth in many countries, and fulfill critical goals such as payments.

Mobile device have seen an explosive proliferation in the last decade and are always connected even when roaming in our pockets making them susceptible to the growing security problems. Mobile devices are a high value target because they are always online, store massive amounts of some personal data, and equipped with small cameras, microphones, and positioning devices. Mobile devices security model is very simple and making it more vulnerable to security threats unless the weakness in the models are removed using a multistakeholder strategy that involves all stakeholders.

Potential abuse by authorities, including surveillance of Internet usage, or the use of user-provided data for different purposes than intended
The main challenge for developing countries is the transition of all human rights to the digital sphere. Many governments have upgraded their capacity to use more advanced digital tools for censorship and surveillance. Highly intrusive biometric identity systems supported by international development organizations like the World Bank and United Nations for achieving Sustainable Development Goals (SGDs) have sprung up for profiling every citizen in the country with the potential to interferes with the individual’s right to privacy. Surveillance on the internet is on the rise at an alarming rate many countries are looking up to the efforts of CIA and other counterparts in west on surveillance on the internet. Unless the globalized world is able to address the issue of mass surveillance of five eyes countries and openly debate about cyber weapons surveillance and abuse on the internet will remain part of the cyber strategy being adopted by most countries.

Confidentiality and availability of sensitive information, in particular in medical and health services

Most of the modern health systems are using digital technology for saving very private and sensitive information. These systems are further connected to the internet which makes them very susceptible to cyber threats and sophisticated cyber weapons. The international community need to work on a legal binding framework that provides amnesty to such systems from cyber threats to ensure its data remains confidential and available. Furthermore, developing countries should be supported on designing and implementing cyber security frameworks and standards by development organizations that are pushing the rollout of these systems.

Online abuse and gender-based violence

Women and children are most affected by online abuse in the developing countries. Government’s needs to take the lead to tackle the issue and join hands with all stakeholders to mitigate and educate about online abuse and gender based violence if it seriously want to address the issue. Further, international rapid response units need to be setup to provide immediate support and relief to the victims of such abuse at a global level.

Security risks of shared critical services that support Internet access, such as the Domain Name System (DNS), and Internet Exchange Point (IXP) communities

Internet is a shared resource that has become an engine of economic growth for all countries. Any security threat or risk to services that support internet access can directly impact all fabric of modern society. As more and more countries connect to the internet business, industries, government with critical infrastructures protecting the shared resources has become of vital importance. Also, multistakeholder approach needs to be adopted in managing these resources with equal representation of all stakeholders. This will ensure that critical resources are protected for a global interest.

Vulnerabilities in the technologies supporting industrial control systems

Industrial control systems (ICS) are used across a wide range of critical infrastructure sectors, including energy, manufacturing, transport, water, waste and healthcare. Traditionally these systems were isolated and operated independent from the internet. However, due to the revolution in the industrial sector many of these systems have converged making them vulnerable to cyber threats. The state of cyber security of such systems in developing countries is extremely poor making them more vulnerable in case of a cyber-attack. It is recommended to enable a common security language across all industry sectors and support industry associations to implement sound security practices in current standards.

The lack of Secure Development Processes combined with an immense growth in the technologies being created and used on a daily basis

Secure development processes needs to be embedded in the development platforms and all stakeholders including governments, academia, civil society and most importantly key industry players need to raise awareness on best secure coding practices and available frameworks for security. Industry giants along with governments can sponsor national initiatives that can create national standards for secure development processes embedded in the digitalization process.

Unauthorized access to devices that take an increasing role in people’s daily lives

Most countries have drafted laws and implemented legislations to criminalize “unauthorized access”. Access to unauthorized devices can result in disclosure of confidential, sensitive or embarrassing information that can result in loss of credibility, reputation, market share, and competitive edge impacting Sustainable Development Goals 8 (decent work and economic growth) Goal 1 (no poverty) and Goal 5 (Gender equality).

Many Internet developments do not happen in a highly coordinated way – a technology may be developed in the technical community or private sector, and used by other communities and interact in unexpected ways. Stakeholders are managing complexity. This both shows the strength and opportunities of ICTs and Internet Technologies, but also the potential risks. New technologies may be insufficiently secure, resulting in harms when they are deployed: conversely we may adopt security requirements or measures that prevent the development, deployment, or widespread use of technologies that would generate unforeseen benefits. Where do you think lies the responsibility of each stakeholder community in helping ensure cybersecurity does not hinder future Internet development?

The strength and weakness of internet technology is that it’s autonomous and highly uncoordinated with the interplay between benefits and risks of newly deployed technologies unseen. This makes the responsibility of each stakeholder in the community critical for the continuous growth and development of this powerful technological revolution. Governments and international development organizations have a very influential role to play in the progress and growth of this technology ensuring that shared resources are secured, criminal states are sanctioned and cyber criminals living in safe heavens persecuted and brought to justice. Civil society, industry and academia need to play a greater role in increasing awareness about cybersecurity. Global civil society organization involved in protecting digital rights and freedom on the internet need to provide assistance and mentor local civil society organizations/advocacy groups to ensure that balance between privacy and security is achieved.

What is for you the most critical cybersecurity issue that needs solving and would benefit most from a multi-stakeholder approach within this BPF? Should any stakeholders be specifically invited in order for this issue to be addressed?

The future of cyber security is looking more complex and challenging as organizations develop and adopt technologies such as big data, cognitive computing and AI supported analytical/automated systems. Failure of AI system has the potential to damage human society on a global scale as already some of the world’s greatest minds including Stephen Hawking, Bill Gates, and Musk, have expressed concerns about the potential for super automated AI systems can evolve to a point where humans could no longer keep control of them.

United Nations as a globally accepted forum needs to provide leadership and define framework for behaviors and norms acceptable in the virtually connected world especially when countries having greater cyber capabilities can use them to damage critical infrastructures of least-friendly nations.

Thursday, October 26, 2017

Reading for Autumn

When I was a student at Strathclyde Business School my professors recommended reading reading and reading. In words of Professor Howard Williams our course director "you read for your degree here". The habit of reading picked up than is vaild till date.

If you are looking to pick a book for reading I would recommend the following ;

The Paranoid Style in American Politics by Richard Hofstadter

The book is everything you need to know about the root of Donald Trump's rhetoric and "fake news."

'Orfeo,' by Richard Powers

It is a story of music and genetics in our contemporary age of terror and surveillance. Amazing book and you'll learn a hell of a lot about music, science, politics and even about life.

'The Strategy of Conflict,' by Thomas Schelling

The Strategy of Conflict' is probably the best book ever written about conflict and still very useful and important for understanding strategic interaction among states (and individuals).

A Theory of the Drone,' by Gregoire Chamayou

A must read to understand how drones have revolutionized warfare and its implication for just war theory and notions of military valor.

The Soul of Inequality in American Life,' by Karen E. Fields and Barbara J. Fields.R

Given the resurgence of questions  around race in American society I think everyone should take a look at this book.

Saturday, September 30, 2017

Identification for Development (ID4D)

Biometric identification system in developing countries is becoming an indispensable governance tool for ensuring access to educational opportunities, financial services, health and social welfare benefits program, as well as allowing electoral participation for citizens in making transitioning democracies more transparent and strong. 

The recently launched Sustainable Development Goals (SDG) goals spearheaded by the United Nations through a deliberative process involving its 193 Member States, as well as global civil society, also highlights the role of robust identification systems and their importance to development specifically as one of the proposed SDG targets (#16.9), but also as a key enabler of the efficacy of many other SDG targets.

Last year the World Bank also launched its Identification for Development (ID4D) agenda highlighting the transformational potential of biometric ID systems for the delivery of basic services to the poor, with the goal of making “everyone count” by providing legal identity and delivering digital ID-enabled services to all. A person lacking a legally verifiable ID suffers legally, politically, socially, and economically. But in the developing world, enormous gains can be obtained from extending services and opportunities to all in new ways that can help developing countries improve electoral processes, political participation, functioning of governments and civil liberties. This all can help lead countries with poor democratic record transform in to a fully functional democracy.

In the next post I will be discussing the ways in which NADRA biometric ID system has improved the political participation in Pakistan and helping strengthen democracy.