Sep 2007
Social Networking Tools Part 2 - Twitter and Tsunamis
On 12 and 13 September there were a series of
earthquakes near Indonesia spawning fears of another
Asian Tsunami. It proved to be a good test of our
Twitter based NGO security tree.
I was in Mannar, Sri Lanka at the time and I didn’t have a useable Internet connection. My first warning of the situation came when a concerned staff member called wanting to know “when is the Tsunami going to hit!” As the fear of a Tsunami spread I started to receive more and more calls from staff. Soon the mobile system was completely overburdened in many parts of the country and creaking under the strain in others. The very slow, single line dial-up Internet connection continued to work but proved to be all but useless for gathering timely information.
Fortunately I quickly started to get SMS’s. Some came from feeds I was following on Twitter: BBC, Reuters, CNN, EQTW, etc. Others came directly or were forwarded from UNOCHA, the Sri Lankan Disaster Management Centre, the Met office, the police and assorted individuals. Twitter allowed me to quickly forward the useful ones to all my followers while limiting the strain on the overburdened mobile system.
There were some glitches however. I continued to receive forwarded text message warnings long after credible sources had given the all clear. In some instances it seems that text messages became trapped in the telephone companies’ SMS system and were released as the queue began to clear. In some cases staff, confused by contradictory information, continued to forward outdated information.
Unfortunately the biggest problem with the Twitter based NGO security tree was one of buy in. Only a fraction of the staff who were intended to be served by the tree had bothered to sign up. The manual SMS security tree, which had been left in place as a backup, failed for much the same reason.
Lesson Learned: While emergency communications tools continue to improve, and become easier to use, buy in remains the number one problem. NGO staff members, especially office staff, often prove reluctant to dedicate even minimal effort to their own personal security until it proves too late.
For some background, check out “Social Networking tools for NGO Security – Part 1”.
To see a live feed of the NGO Security stream check out the demo page here. There is a Jaiku based stream as well.
I was in Mannar, Sri Lanka at the time and I didn’t have a useable Internet connection. My first warning of the situation came when a concerned staff member called wanting to know “when is the Tsunami going to hit!” As the fear of a Tsunami spread I started to receive more and more calls from staff. Soon the mobile system was completely overburdened in many parts of the country and creaking under the strain in others. The very slow, single line dial-up Internet connection continued to work but proved to be all but useless for gathering timely information.
Fortunately I quickly started to get SMS’s. Some came from feeds I was following on Twitter: BBC, Reuters, CNN, EQTW, etc. Others came directly or were forwarded from UNOCHA, the Sri Lankan Disaster Management Centre, the Met office, the police and assorted individuals. Twitter allowed me to quickly forward the useful ones to all my followers while limiting the strain on the overburdened mobile system.
There were some glitches however. I continued to receive forwarded text message warnings long after credible sources had given the all clear. In some instances it seems that text messages became trapped in the telephone companies’ SMS system and were released as the queue began to clear. In some cases staff, confused by contradictory information, continued to forward outdated information.
Unfortunately the biggest problem with the Twitter based NGO security tree was one of buy in. Only a fraction of the staff who were intended to be served by the tree had bothered to sign up. The manual SMS security tree, which had been left in place as a backup, failed for much the same reason.
Lesson Learned: While emergency communications tools continue to improve, and become easier to use, buy in remains the number one problem. NGO staff members, especially office staff, often prove reluctant to dedicate even minimal effort to their own personal security until it proves too late.
For some background, check out “Social Networking tools for NGO Security – Part 1”.
To see a live feed of the NGO Security stream check out the demo page here. There is a Jaiku based stream as well.
|
IT Security and NGOs - A Little Knowledge?
16/09/07 12:42 Filed in: NGO Security
| Technology
The other night I was having dinner with some NGO
friends when the subject of government eavesdropping
on NGOs came up. One of the people at the table said
that in the past they had used an email trick to
allow sharing sensitive information amongst team
members. Essentially the premise was that one could
sign up for a free web mail account and share the
account password amongst team members. Members would
draft emails as usual but rather than sending them
they would simply leave them as drafts. Other team
members would then read them by going to the account.
The idea was that as long as the email wasn’t sent it couldn’t be monitored. Unfortunately it is just not true as Nart Villeneuve points out here.
I recalled the conversation a few days later and wondered what the problem was. It is not that my friends weren’t aware of the potential risks, and they are certainly not unintelligent. I think the issue is that most aid workers already have more than enough work to do without trying to keep up with the latest developments in IT security. So the problem becomes one of learning about IT security in small, manageable, easily absorbed bits.
Fortunately there are resources that can help. Thanks to Bruce Schneier at Schneier on Security for pointing out securitycartoon.com. I don’t think it is meant to be funny but it does present IT security in a straightforward and comprehensible manner. Subscribe to the RSS feed to make it even easier.
Privaterra is a good resource that covers data privacy, secure communications, and information security for Human Rights NGOs.
Over course you shouldn’t miss Nart’s blog. It isn’t NGO specific but it covers Internet privacy, freedom of expression, censor-ware, security, surveillance and anonymity. Whether you are interested in "Cyber-Cafe Monitoring in India" or need to know how to avoid internet filtering Nart’s blog is a good place to start.
The idea was that as long as the email wasn’t sent it couldn’t be monitored. Unfortunately it is just not true as Nart Villeneuve points out here.
I recalled the conversation a few days later and wondered what the problem was. It is not that my friends weren’t aware of the potential risks, and they are certainly not unintelligent. I think the issue is that most aid workers already have more than enough work to do without trying to keep up with the latest developments in IT security. So the problem becomes one of learning about IT security in small, manageable, easily absorbed bits.
Fortunately there are resources that can help. Thanks to Bruce Schneier at Schneier on Security for pointing out securitycartoon.com. I don’t think it is meant to be funny but it does present IT security in a straightforward and comprehensible manner. Subscribe to the RSS feed to make it even easier.
Privaterra is a good resource that covers data privacy, secure communications, and information security for Human Rights NGOs.
Over course you shouldn’t miss Nart’s blog. It isn’t NGO specific but it covers Internet privacy, freedom of expression, censor-ware, security, surveillance and anonymity. Whether you are interested in "Cyber-Cafe Monitoring in India" or need to know how to avoid internet filtering Nart’s blog is a good place to start.
Geographic Distribution Analysis Tools - Old School
You don’t need the latest and greatest GIS program to
do Geographic Distribution Analysis. While working in
the Allai valley after the Kashmir earthquake we
initially used a hand drawn map to plot community
sizes and locations, IDP movements, NFRI distribution
data, helicopter landing zone locations, and security
incidents. The original map was reproduced by the
simple expedient of tracing it on to new paper. For
several weeks it was the most accurate and most used
map of the valley.
How to make an all-weather, no power, low failure, Geographic Distribution Analysis system.
Step 1 - Assemble the following items:
• A map of the appropriate area
• Clear transparent self-adhesive laminate – Sometimes it is sold as shelf paper in the house wares section of department stores. Con-Tact or any similar brand will work.
• Chinagraph pencils – Also known as grease markers, Chinagraph pencils can be used on almost any surface, including Con-Tact paper.
• Paper – Ruled paper makes creating sketch maps easier.
• Toilet paper
• A large re-sealable plastic freezer bag.
Step 2 - Cover the map with the laminate. Its easier if you work with a partner. Cut a piece of laminate slightly larger than the map. Separate the laminate from its backing and slowly lower the laminate onto the printed side of the map. You’ll need to let it sag slightly in the middle so that your partner can press the laminate to the map starting at the centre and working slowly to the edges. If you practice a couple of times on a large sheet of paper you should be able to do it without trapping any air bubbles or making a lot of wrinkles.
You’ll now be able to use the Chinagraph pencils to mark the covered map. The annotations are waterproof but they can easily be removed by rubbing them with a bit of the toilet paper.
Step 3 - Fold the map.
Step 4 - Place everything inside the re-sealable bag.
That's all there is to it. Put the whole thing in your field bag or cargo pant pocket and it'll be ready whenever you need it. You can plot security incidents, checkpoints, IDP locations, damaged infrastructure, photo locations or any other location based data.
Tip: You might be tempted to use permanent markers on your Con-Tact covered map. Don't. The marker will slowly bleed into the soft plastic eventually leaving a permanent stain that even rubbing alcohol will not be able to remove.
How to make an all-weather, no power, low failure, Geographic Distribution Analysis system.
Step 1 - Assemble the following items:
• A map of the appropriate area
• Clear transparent self-adhesive laminate – Sometimes it is sold as shelf paper in the house wares section of department stores. Con-Tact or any similar brand will work.
• Chinagraph pencils – Also known as grease markers, Chinagraph pencils can be used on almost any surface, including Con-Tact paper.
• Paper – Ruled paper makes creating sketch maps easier.
• Toilet paper
• A large re-sealable plastic freezer bag.
Step 2 - Cover the map with the laminate. Its easier if you work with a partner. Cut a piece of laminate slightly larger than the map. Separate the laminate from its backing and slowly lower the laminate onto the printed side of the map. You’ll need to let it sag slightly in the middle so that your partner can press the laminate to the map starting at the centre and working slowly to the edges. If you practice a couple of times on a large sheet of paper you should be able to do it without trapping any air bubbles or making a lot of wrinkles.
You’ll now be able to use the Chinagraph pencils to mark the covered map. The annotations are waterproof but they can easily be removed by rubbing them with a bit of the toilet paper.
Step 3 - Fold the map.
Step 4 - Place everything inside the re-sealable bag.
That's all there is to it. Put the whole thing in your field bag or cargo pant pocket and it'll be ready whenever you need it. You can plot security incidents, checkpoints, IDP locations, damaged infrastructure, photo locations or any other location based data.
Tip: You might be tempted to use permanent markers on your Con-Tact covered map. Don't. The marker will slowly bleed into the soft plastic eventually leaving a permanent stain that even rubbing alcohol will not be able to remove.
Odds and Ends
01/09/07 13:24 Filed in: NGO Security
Myths |
Maps
A couple of weeks ago I emailed Paul Currion and
happened to mention that I wanted to plot RSS
news feeds on an easily accessible map. Paul
passed my question onwards and it mushroomed
into an interesting conversation
between some very clever people. Numerous hat
tips and thanks to you all. I’m still
experimenting with some of the ideas that were
shared and I’ll update everyone at some time in
the future.
So far I’ve run into some stumbling blocks:
Common sense update
No sooner did I post my common sense rant then I came across this picture.
My common sense tells me that aircraft getting struck by lightning would be an extremely rare and very dangerous event. Apparently my common sense has let me down as this article and the reader comments explain.
So far I’ve run into some stumbling blocks:
- In Google Maps Sri Lanka is
a big empty space. The only thing missing is a
‘here be dragons’ label
• RSS to GeoRSS utilities tend to encode the first place name encountered. This means that a story about Trincomalee will be plotted to Colombo if Colombo is in the by-line
• Some utilities don’t work well on some platform/browser combinations
• It seems the IT section’s web filters are causing some problems as well
• Popfly seems to work pretty well but so far the Geonames database they use only covers the US
Common sense update
No sooner did I post my common sense rant then I came across this picture.
My common sense tells me that aircraft getting struck by lightning would be an extremely rare and very dangerous event. Apparently my common sense has let me down as this article and the reader comments explain.