Archive for March, 2010

The arrival of broadband Internet in Africa via the undersea cables is widely hailed as an opportunity for economic advancement due to the power of ICT-enabled businesses. The hopeful look at India’s success in software and services as a model for African growth, but a new meme is emerging that see the interconnections of Africans as a threat to global security. While it is an interesting, and perhaps fruitful, exercise to think through the potential downsides of the Internet in Africa, the way the issue is being framed, largely by Westerners promoting cybersecurity services, strikes me as overwrought and misplaced.

The argument has two versions:

In one, detailed by cybersecurity consultant and author Jeffrey Carr, there is a dangerous fusion of anti-American forces who do, or will soon have, the means, motive and opportunity to unleash cyberwarfare upon American critical infrastructure and commerce. Looking at Somalia, where piracy and terrorism seem to be mixing, Carr argues that the arrival of the EASSy cable will present a dangerous new challenge to international security:

Once Somalia goes digital, it will create a never-before-seen opportunity for local gangs to move their strategic alliances with Al Shabaab onto the Internet. Their twin exports – extortion and terrorism will have unlimited opportunities for profit and mayhem, particularly if they are directed against critical infrastructure such as energy, water, and transportation facilities.

The second version, which is probably a more likely one, is that the combination of broadband connectivity and poor virus protections in Africa will make African computers prime targets for botnet herders who will use them to “paralyze the network infrastructure of a major western nation.” Writing in Foreign Policy, an organizer of a major cybersecurity summit, Franz-Stefan Gady, argues

“[T]he continent is home to the world’s most vulnerable computers. About 80 percent of the African population lacks even rudimentary knowledge of information technologies, according to a recent World Bank survey. Though Internet cafes are widespread, providers often cannot afford proper antivirus software, making computers very easy targets for skilled botnet operators and hackers.”

Moreover, he says, African countries, by and large, lack the legal wherewithal to prosecute cyber-criminals.

As a final datapoint, consider a recent report by the cybersecurity firm Symantec which says South Africa is in the “unenviable” position of receiving better connectivity right when it is hosting the World Cup; this, they say, is a recipe for accelerated cybercrime.

It should be noted at the outset that the people we are not hearing from on this are Africans. Cybersecurity demands international cooperation, but the views of African regulators, businessmen and civil society – who likely have a more nuanced views of the upsides of connectivity – are missing.

I suspect this voice would add context to the above worries. For example, in countries where basic literacy is a challenge yet to be overcome, worrying about the next Kevin Mitnick rising from Mogadishu seems a little silly. Recall that the most sophisticated cyber attacks come from Russia, a country with a long history of technological prowess, and China, where top-notch technical schools are likely the source of the recent Google hacks. In addition to infrastructure, you need computer skills, and as anyone who works to promote ICTs in Africa knows, this is a tough job.

The obvious response to this is that the Somali terrorist-pirates could purchase hacking services. This are widely available and, as I understand it, fairly affordable (though likely much more than a few AK-47s and a boat). But this is also nothing new. Al-Qaeda, an organization which is far more anti-American, far more well-funded, and has far more access to broadband Internet, does not seem to be a fan of cyberattacks. As far as I know, there is no evidence that Al-Qaeda has established offensive cyber capabilities, despite having operatives in broadband-saturated locations.

There are some hints that affiliated people have considered hacking as a means to their end – manuals, for example – but terrorists rely on shock factor to, umm, terrorize. When effective cyberwar is as theoretical as it, risk-averse groups are likely to stick to IEDs and suicide bombers.

Furthermore, the view of the Somali pirates and “terrorists” is ahistorical. It misses the reprehensible waste dumping and illegal fishing that have decimated the Somali economy (of course enabled by the absence of a functioning government). Writing frantic articles about cyber WMDs arising from this position is reckless. Somalia instead needs state-building, legal protection of its sovereignty and job opportunities.

ICTs are a great opportunity and although they do have potential downsides, the whole framing of these African cyberwar (!!!!) pieces leaves a bad taste in my mouth.

Update: For a hilarious and spot-on treatment of this subject, see this:

I think that Africans have more to fear from older technology outside their continent than the rest of the world fearing Africa. It would be ironic if at some point in the near future, Nigeria had to block IP addresses from the United States.

He’s right. When Franz-Stefan writes that “skillful cybercriminals operating out of an unregulated Internet café in the slums of Addis Ababa, Lagos, or Maputo” will create the world’s biggest botnets, he shows that he has little understanding of those “slums” – for starters, electricity is a little intermittent to power a cyberwar.

Update 2: A new bill in the US Senate would require punishment for governments who do not control cybercrime allegedly occurring in their country. It would create a list of bad states and could cut aid to them if they don’t align their cyber-policies with American desires. Imagine, if you will, that this ends up like the USTR’s Special 301 list which coerces developing countries to enforce more draconian intellectual property regimes. If, as Jonathan Zittrain argues, innovative networks (“generative” in his parlance) are under threat from cybercrime, then it won’t be long until America is coercing African countries to lock down their networks, perhaps at the behest of the same security consultants who are arguing we need to re-engineer our networks to be more locked down. I don’t like where this is heading.

The Google/China back-and-forth that has played across the media for the past few months has raised the specter of a fragmenting Internet, catchily known as the “splinternet.” The fear, raised in various forms, is that proprietary networks and devices, in addition to censorship and corporate withdrawal from certain nations, are fracturing the unified, standardized Internet that made it such a promising medium for international communication. To add to these fears, exacerbated by the withdrawal of Google from China, GoDaddy has just announced that it will no longer register domains in China due to onerous regulations. This has many arguing that China’s Internet will be a separate entity from the rest of the world.

But was the Internet ever all that unified? Or was it merely a potential, a hope?

The potential to speak, or even the potential to link, does not mean that potential is met. This may seem like an obvious point, but it is often missed in the rhetoric surrounding the transformational effect of the Internet.

The barriers to a unified Internet are far more numerable – and long-standing – than proprietary code or government censorship (though these certainly do have an impact). For one, language is a significant barrier to communicating on an international medium. More fundamentally (and less cured by technological advancement), most people lack either the time or interest to meet the potential of a unified Internet. Even more, as UCT Professor Marion Walton notes, the billions of people excluded from the Internet due to poverty have never been connected to even the hope of a unified Internet.

It is important to be aware and attempt to counteract new divisions between the communicative capacity of humans – among which are censorship and technical incompatibility – but valuing interconnectedness requires a far broader view than most pundits have right now.

Sometime last century, previously qualitative subjects were injected with hearty doses of empiricism. The advances from these new approaches swept across disciplines as diverse as finance to media studies. Today, quantitative grounding is considered a requisite for academic acceptability.

But what are the implications of this empiricism?

In his great history of academic economics and finance, The Myth of the Rational Market, Justin Fox follows how those disciplines became enamored with quantifying everything. Formulas, models, data, math. These were the approaches and tools taken seriously. In the process, phenomenon that weren’t quantifiable got tossed out – humans became rational actors, and it took monumental efforts by the behavioral economists to begin to re-imagine man in a more accurate, nuanced light. Yet, the damage was done; unintentionally, and not without adding great insights, but nonetheless done.

I wonder if the current trend towards huge data sets and massive computational power will have similar unintended consequences. There’s no lack of pessimists who think the Internet is ruining human society, but people like Jaron Lanier rarely hit the target and tend to be sensationalists trying to sell books. Of course, they’re up against plenty of Pollyanna’s who are selling this all as the greatest thing since sliced bread.

I think that whatever is happening, and whatever negatives there may be, is far less exciting than cover stories for The Atlantic or new business opportunities for Silicon Valley.

In a new special report on the data deluge, The Economist generally misses this theme. This isn’t to say the report isn’t quite good (it is) or that I would expect them to cover this (I don’t). However, one of the articles does get close when examining how to handle the extraordinary amount of information and the infrastructure needed to deal with it:

The cornucopia of data now available is a resource, similar to other resources in the world and even to technology itself. On their own, resources and technologies are neither good nor bad; it depends on how they are used. In the age of big data, computers will be monitoring more things, making more decisions and even automatically improving their own processes—and man will be left with the same challenges he has always faced. As T.S. Eliot asked: “Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?”

Two months ago, I would have agreed that “technologies are neither good nor bad,” but a course on infrastructure studies has definitely made me question that. Eliot’s quote, though, is the right question to be asking.

Update: I forgot to include another relevant bit:

Processing data is another concern. Ian Ayres, an economist and lawyer at Yale University and the author of “Super-Crunchers”, a book about computer algorithms replacing human intuition, frets about the legal implications of using statistical correlations. Rebecca Goldin, a mathematician at George Mason University, goes further: she worries about the “ethics of super-crunching”. For example, racial discrimination against an applicant for a bank loan is illegal. But what if a computer model factors in the educational level of the applicant’s mother, which in America is strongly correlated with race? And what if computers, just as they can predict an individual’s susceptibility to a disease from other bits of information, can predict his predisposition to committing a crime?

Update 2: I have previously written a bit more extensively about my reservations about quantification here.