Tag Archives: executive director

The Real, Sad Lesson of Burma 2007

Reuters

I fear another myth is in the offing: that Burma’s brief uprising last month was a tipping point in citizen journalism. Take this from Seth Mydans’ (an excellent journalist, by the way; I’m just choosing his piece because it’s in front of me) article in today’s IHT:

“For those of us who study the history of communication technology, this is of equal importance to the telegraph, which was the first medium that separated communications and transportation,” said Frank Moretti, executive director of the Center for New Media Teaching and Learning at Columbia University.

or this, from Xiao Qiang, director of the China Internet Project and an adjunct professor at the Graduate School of Journalism at the University of California at Berkeley, quoted in the same piece:

“By shutting down the Internet they show themselves to be in the wrong, that they have something to hide,” he said. “On this front, even a closed-down blog is a powerful blog. Even silence on the Internet is a powerful message.”

There are a couple of things here. None convinces me either of the above is true.

First off, the first Burma uprising, back in 1988, was not conducted or repressed in a media blackout. Journalists were able to get in, and get out extraordinary, iconic images. One still sticks in my mind, and I wish I could find it: a photo splashed across the cover of Newsweek of an impossibly beautiful female demonstrator, blood soaking her longyi and her face a mask, as she was carried by comrades through the wet streets of Rangoon. The junta took its time in closing down the media, but 1988 was no different to 2007: when they did pull down the shutters, they did it completely.

It’s true that there have been a lot of images, videos and information finding its way out via both the Internet and sympathetic agencies and embassies. This is not greatly different to 1988. People had cameras back then, and were extremely inventive in how they got information out. I would get calls all the time in Bangkok from people smuggling out cassettes, photos and other material. When I visited Rangoon in 1990 the NLD headquarters was a mine of printed and other information of strikingly high quality.

Burma’s generals are cleverer than the image they portray. Back in 1988 they bided their time, allowing all those who opposed them to show themselves, from students and monks to government departments and even soldiers. Their parading in the streets, watched by spies and plain clothes officers, made it easy for them to purged later. The same thing, it seems, is happening today: As another story in the IHT on the same day by Thomas Fuller wrote, loudspeakers on trucks and helicopters are telling terrified citizens

“We have your pictures. We’re going to come and get you.”

They may lack the sophistication of a more civilized form of repression, but Burmese leaders understand the importance of photographs and videos as evidence, and I fear all those pictures posted on blogs, on YouTube, on television, in emails sent out of the country, will all resurface in show trials in months to come.

Xiao Qiang’s point about the blackout showing the world who these generals really are is to me naive. No one, I believe, was under any illusion about what these people were like, or the lengths they were prepared to go to preserve their position. The ‘democratic’ process that was underway was a fig-leaf as old as 1990, when the NLD won the election I witnessed. In other words, 17 years old.

More importantly, as far as technology is concerned, I don’t think that silence on the Internet is any different to a news blackout. It’s the most effective way for people to stop paying attention. Initially there’s outrage, then people shrug and move on. Soon Burma will be back to what it has been for the past 19 years — a peripheral story, a sad but forgotten piece of living history. Soon the Facebook groups and red-shirt days will fade.

I would love to think it was and will be different. I would love to think that technology could somehow pry open a regime whether it pulls the plug or not. But Burma has, in recent weeks and in recent years, actually shown the opposite: that it’s quite possible to seal a country off and to commit whatever atrocities you like and no amount of technology can prevent it.

By holding the recent uprising as an example of citizen journalism and a turning point in the age of telecommunications we not only risk misunderstanding its true lesson, but we also risk playing down the real story here: the individual bravery and longtime suffering of the Burmese people who had, for a few heady days, a flickering of hope that their nightmare was over.

How To Infect An Airport

Could it be possible to use Radio Frequency ID tags, or RFID, to transmit viruses? Some researchers reckon so. Unstrung reports that a paper presented at the Pervasive Computing and Communications Conference in Pisa, Italy, the researchers from Vrije Universiteit in Amsterdam, led by Andrew Tanenbaum, show just how susceptible radio-frequency tags may be to malware. “Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify backend software, and certainly not in a malicious way,” the paper’s authors write. “Unfortunately, they are wrong.”

According to The New Scientist the Vrije Universiteit team found that compact malicious code could be written to RFID tags by replacing a tag’s normal identification code with a carefully written message. This could in turn exploit bugs in a computer connected to an RFID reader. This made it possible, the magazine says, to spread a self-replicating computer worm capable of infecting other compatible, and rewritable, RFID tags.

An RFID tag is small — roughly the size of a grain of rice, the New Scientist says, and contains a tiny chip and radio transmitter capable of sending a unique identification code over a short distance to a receiver and a connected computer. They are widely used in supermarkets, warehouses, pet tracking and toll collection. But it’s still in the early stages of development. Which leaves it vulnerable. Until now, however, it was thought the small internal memory would make it impossible to infect. Not so, say the researchers.

So what would happen, exactly? RFID virus would then find its way into the backend databases used by the RFID software. The paper, Unstrung says, outlines three scenarios: a prankster who replaces an RFID tag on a jar of peanut butter with an infected tag to infect a supermarket chain’s database; a subdermal (i.e., under-the-skin) RFID tag on a pet used to upload a virus into a veterinarian or ASPCA computer system; and, most alarmingly, a radio-frequency bag tag used to infect an airport baggage-handling system. A virus in an airport database could re-infect other bags as they are scanned, which in turn could spread the virus to hub airports as the traveler changes planes.

So how likely is this? Not very, Unstrung quotes Dan Mullen, executive director of AIM Global, a trade association for the barcode and RFID industries, as saying. “If you’re looking at an airport baggage system, for instance, you have to know what sort of tag’s being used, the structure of the data being collected, and what the scanners are set up to gather,” he explains. Red Herring quotes Kevin Ashton, vice president of marketing for ThingMagic, a Cambridge, Massachusetts-based designer of reading devices for RFID systems, as saying the paper was highly theoretical and the theoretical RFID viruses could be damaging only to an “incredibly badly designed system.” Hey, that sounds a bit like a PC.

But he does make a good point: because RFID systems are custom designed, a hacker would have to know a lot about the system to be able to infect it. But that doesn’t mean it can’t be done, and it doesn’t mean it won’t get easier to infect. As RFID becomes more widespread, off-the-shelf solutions are going to become more common. And besides, what will stop a disgruntled worker from infecting a system he is using? Or an attacker obtaining some tags and stealing a reader, say, and then reverse engineering the RFID target?

My instinct would be to take these guys seriously. As with Bluetooth security issues such as Bluesnarfing, the tendency is for the industry itself not to take security seriously until someone smarter than them comes along and shows them why they should do.

What Katie.com Did Next

Can someone be turfed off their domain by someone bigger?

The experience of Katie Jones, recent mother and owner of an online chat site in the UK, has been well documented elsewhere. (Katie.com is the name of a book about the ordeal of a teenager sexually molested by a man she met in an Internet chatroom. Katie Jones is nothing to do with the book, but has been the owner of the address katie.com since 1996.) Jones’ latest report on her website suggests that she is being unfairly pressured by the publishers of the book that carries her website’s name to donate the website to them. (It is not entirely clear in the posting as to whether the lawyer who contacted her was working on behalf of the author or the publisher, or both.) Anyway, if true, this does seem to take things too far.

I’m no lawyer, but one can’t help wondered how things would look were the roles reversed. If a big player owned the website address, would there not be large amounts of money changing hands by now? Or at least, would not the publishers have changed the name of the book, and not been trying to browbeat her into handing over the domain name?

For Jones herself, I can well imagine the discomfort caused by receiving hundreds of emails, either from individuals detailing their traumas in the mistaken belief they are talking to a fellow victim, or from folks abusing her. It’s nothing compared to what the Katie of the book endured, but that is not the point. It’s easy enough to say, ‘why don’t you just change your email address and drop the domain name?’ but why should she? Why should an individual be hounded from her sentimental slice of online real estate if she doesn’t want to?

I sought a comment from the lawyer linked to in Ms Jones’ latest posting, Parry Aftab, who is described in her online bio as ‘is one of the leading experts, worldwide, on cybercrime, Internet privacy and cyber-abuse issues’ as well as ‘being called “The Angel of the Internet” for her extensive work in Internet safety and cybercrime and abuse prevention around the world’.

Aftab had posted a message to her blog on Thursday saying she was working with Katie Tarbox, the author of the original book, and an organisation called WiredSafety to “help create a place where children who have been victimized by Internet sexual predators can go for help and support”. The program will be called Katie’s Place. A logo of the new, as yet unlaunched site, is prominently displayed at the top of the WiredSafety homepage. Aftab is executive director of WiredSafety, ‘the world’s largest Internet safety, help & education organization’.

Aftab declined to respond in detail to Jones’ account of the telephone conversation or the case, writing: “Katie Jones’ statements are either false or misleading. She obviously has an agenda. And I frankly don’t have the time or energy to be part of it.”