Government and businesses around the world now recognise the power and benefits of social networks for mass communications, news distribution, as well as promotion of products and services.
SUNDAY OPINION BY ROBERT NDLOVU
However, when combined with social engineering efforts, they also have a dark side and pose a tremendous risk to organisations in today’s interconnected world.
In the past, I have touched on social media and cyber security issues separately. In this brief article, I seek to make a follow up on the current developments in Zimbabwe, namely threats to ban or throttle social media access, arresting and prosecuting the offenders, cyber laws and opportunities and challenges that come with them.
Before going far, I must remind the reader that what is illegal in the physical world is naturally illegal in the virtual world. Because of the anonymous nature of the internet, some users would use “some” veil in order to push their agendas. My aim here is not to discuss the morality, legality or lack thereof of this, but the technical and practical side.
Can authorities monitor my online activities? It depends. For the average internet user, it’s a big yes. But for advanced users, no. The Postal Telecommunications Regulatory Authority of Zimbabwe (Potraz) has power to instruct your service provider to monitor your activity.
This is done via use of advanced gadgets for deep packet inspection (DPI). In short, whatever you do in your browser is “tunnelled” into the analysis system. This mode of monitoring requires a firm commitment by the service provider in question. An application has to be made at the High Court in order to intercept any kind of communication because should the government gather some data about what you have been doing online “illegally” without a court order, the evidence collected therein is not admissible in a court.
Advanced users can choose to use a virtual private network (VPN) for communication so as to keep the snooping eyes out. A VPN works like this. Consider Nomsa a banker with a laptop and connecting from a WiFi spot somewhere in town. She downloads and installs Open VPN software which is free. Should there be need to urgently send sensitive and confidential information to her client Dan, based in London, she will turn on VPN, connect and send.
- Chamisa under fire over US$120K donation
- Mavhunga puts DeMbare into Chibuku quarterfinals
- Pension funds bet on Cabora Bassa oilfields
- Councils defy govt fire tender directive
Keep Reading
Technically, what happens is that her VPN software connects to a VPN server somewhere on the internet. Once that connection is established, all communications between her laptop and her customer goes via the “private tunnel”.
The ISP might just see that there is some activity, but thanks to encryption, they cannot decode what is being sent. My name Robert comes out as “UlpZVp/0XwQX1qbgsEDZ/w==” after encryption using 128 bit encryption with a key 1234567890. Gibberish.
So do not let any one lie to you that people can read your private and encrypted communications.
Open VPN is available for Windows, Linux, Mac, iPhone and Android users. As I said, use of VPN is not a licence to commit a crime behind encryption. It is meant to protect and secure your privacy. Banks, corporates, NGOs, government, military, health and academia communities must make use of VPN so as to safeguard their information. Zimbabwe has been put on the spotlight thanks to some threadbare kind of thinking in some of our local media. Thus more and more cyber threats will emerge from local establishments; internal and external circles. That’s not an area of my interest.
Social media vector? This is a very interesting topic for most people. Social media is here to stay.
“Contrary to the gun battles we are accustomed to, we now have cyber-warfares fought from one’s comfort zone, be it bedroom, office, swimming pool, etc but with deadly effects,” said Olivia Muchena, the former Zanu PF secretary for science and technology.
Unfortunately most of us have either a short or volatile memory. In essence, the global trend to deal with the increased adoption of social media and other web-based technology is to conduct research, collect data then analyse it to make informed decisions.
Legislation can never catch up with technology in an environment where the concept of research and development still eludes many. Social media is just a platform, which can either be used for good or bad. But lack of foresight in powers that be is what has led to the present chaos and confusion. Someone somewhere has been sleeping on the wheel.
By now Zimbabwe, in line with International Telecommunications Union guidelines, should have set up a cyber incidence response centre. Besides manning roadblocks, I am not sure if our police know what an IP is. Social media can be a dangerous place for our kids, families and businesses.
As such, no rocket science is needed to figure out that a data-driven solution to accommodate the new modes of communication is long overdue. Coming up with dubious legislation overnight will not work. Social media is not something that is just passing by. It will be a norm before 2020. The best stakeholders can do is to come up with win-win ways of accepting it.
Can authorities take my phone and arrest me if I received a “bad” message on WhatsApp? Yes, they can take away your phone. What is a phone? I have seen police impound a vehicle. Is it legal? I do not know.
What I know, however, is that the digital evidence that they collect in such a manner must meet a certain minimum of handling standards if the evidence in your WhatsApp message has to be admissible in a court of law. What I mean is that digital data is very easy to manipulate.
The burden of proof lies with prosecution to prove that the data’s integrity and consistency has not been tempered with. Anything less and the case will be thrown out of court.
Yes, I can call you or text you from any number using spoofing techniques. My point is that digitally acquired evidence has problems in court, especially in a country with no more than five digital forensic analysts and probably no mobile forensic analyst.
There is no cyber security lab for crying out loud. On the other hand, if you deliberately send a “bad” message to cause chaos and chaos does happen and you are picked up and you lose a few front teeth, don’t blame anyone. Freedom of expression comes with responsibilities.
Way forward? From a technical perspective, the authorities must engage stakeholders so as to look at what the real issues are and how to handle them.
This starts with data collection so that decisions are based on facts. Secondly, it does not make sense to start crafting laws to arrest people for posting on social media and grab phones when you are not making any effort to educate the people and also build technical capacity to support those laws. In short, expand user awareness training, create a social media policy and develop local technical capacity to deal with this.
Free advise to ICT minister Supa Mandiwanzira: stick to ICT-related issues. Laws do not shape ICT, but technology shapes legislation.
You might need to review the competence levels of your ICT advisors. Do not make us the laughing stock in the ICT arena. We raised these issues years back, but I am certain every minister has different priorities. All along, some of us have been waiting to hear about the progress of the software and mobile application fund that you initiated sometime this year. What has happened to it?
How many organisations have accessed the funds, if any? How do we apply? This is what we are interested in. We want to leverage ICT use in all sectors of the economy to create opportunities, jobs and disseminate information. Let the media ministry deal with the media. Talk ICT.
Feedback: [email protected] Twitter: @robertndlovu
