The book “Digital Activism Decoded: The New Mechanics of Change” is one of the first on the topic of digital activism. It discusses how digital technologies as diverse as the Internet, USB thumb-drives, and mobile phones, are changing the nature of contemporary activism.
Each of the chapters offers a different perspective on the field. For example, Brannon Cullum investigates the use of mobile phones (e.g. SMS, voice and photo messaging) in activism, a technology often overlooked but increasingly important in countries with low ratios of personal computer ownership and poor Internet connectivity. Dave Karpf considers how to measure the success of digital activism campaigns, given the huge variety of (potentially misleading) metrics available such as page impression and number of followers on Twitter. The editor, Mary Joyce, then ties each of these threads together, identifying the common factors between the disparate techniques for digital activism, and discussing future directions.
My chapter “Destructive Activism: The Double-Edged Sword of Digital Tactics” shows how the positive activism techniques promoted throughout the rest of the book can also be used for harm. Just as digital tools can facilitate communication and create information, they can also be used to block and destroy. I give some examples where these events have occurred, and how the technology to carry out these actions came to be created and deployed. Of course, activism is by its very nature controversial, and so is where to draw the line between positive and negative actions. So my chapter concludes with a discussion of the ethical frameworks used when considering the merits of activism tactics.
Digital Activism Decoded, published by iDebate Press, is now available for download, and can be pre-ordered from Amazon UK
or Amazon US
(available June 30th now).
Update (2010-06-17): Amazon now have the book in stock at both their UK and US stores.
June 1st, 2010 at 17:49 UTC
In the very first paper I wrote on ATM fraud, Why Cryptosystems Fail, the very first example I gave of a fraud came from the case R v Moon at Hastings Crown Court in February 1992. Mr Moon was a teller at the TSB who noticed that address changes weren’t audited. He found a customer with over £10,000 in her account, changed her address to his, issued a card and pin, and changed the address back. He looted her account and when she complained, she wasn’t believed.
It’s still happening, most recently to a customer of the Abbey. Bank insider issues extra card, steals money, customer blamed – after all, chip and pin is infallible, isn’t it? Expecting banks to keep decent logs might be too much; and I supppose it’s way too much to expect bank fraud staff to read the research literature on their subject.
May 25th, 2010 at 16:19 UTC
Steven Murdoch, Saar Drimer, Mike Bond and I have just won the IEEE Security and Privacy Symposium’s Best Practical Paper award for our paper Chip and PIN is Broken. This was an unexpected pleasure, given the very strong competition this year (especially from this paper). We won this award once before, in 2008, for a paper on a similar topic.
Update (2010-05-28): The photo now includes the full team (original version)
May 18th, 2010 at 20:05 UTC
Last night’s documentary Erasing David shows how private eyes tracked down a target by making false pretext telephone calls to the NHS. By pretending to be him they found out when he and his wife were due to attend an ante-natal clinic, and ambushed him as he came out.
The NHS has form on this. Back in 1995 the BMA got me to draw up guidelines for dealing with phone calls; they appeared in the BMJ on Jan 13 1996. When staff at the N Yorks Health Authority were trained to follow these guidelines, they found 30 false-pretext calls a week. When the BMA reported this to the Chief Medical Officer and asked him to implement the protocol throughout the NHS, he was furious at our interference in “his” admninistrative procedures. The NYHA was ordered to stop. I told the story in my book.
I have long considered it unacceptable for the NHS to continue to ignore operational security. The new electronic record systems at a number of hospitals give receptionists access not just to appointment details but to clinical data too. So things are significantly worse than in 1996, and new national systems such as the SCR will compound the problem. The next secretary of state needs to get his act together.
May 5th, 2010 at 10:10 UTC
A survey by the Consumers’ Association shows that 10% of cardholders write down or share their PIN. This high proportion surely raises serious doubt about whether it’s fair for banks to claim that such people are “grossly negligent” even if the PIN is well disguised (for example, as part of a phone number in an address book with hundreds of other numbers). And if banks don’t want disabled people to share PINs with carers, they ought to come up with an alternative, or be held to account under disability discrimination laws.
Interestingly, Mark Bowerman (PR for the banks) says in this article that customers should not use the same PIN for multiple cards. We heard him on radio saying exactly the opposite a few years ago. Now he tells people to change PINs to something easy to remember (and easier for criminals to guess).
By giving customers contradictory and impractical advice, the banks are placing an unmeetable burden on them.
The banks also frequently give advice that is simply wrong. Look, for example, at this video by Barclays showing how to enter your PIN at a merchant terminal!
May 4th, 2010 at 07:52 UTC
I’ve written enough over the years about people who tried and failed to get money back from banks after seeing transactions on their accounts that they did not recognise. Now I’ve had to go through the process myself.
I got a refund from the NatWest after a dodgy debit appeared on the credit card my wife uses. The bank’s dispute resolution mechanism turned out to be unserviceable, but we got the money back promptly when we sued them in the small claims court. The story is, I believe, an instructive one for people interested in bank security or payment systems regulation.
Continue Reading
March 29th, 2010 at 15:12 UTC
As on two previous occasions, I’ve been acting as specialist adviser to a House of Lords Committee. This time it was the European Union Committee, who held an inquiry into “Protecting Europe against large-scale cyber-attacks”.
The report is published today and is available in PDF and in HTML. It’s been covered by The Telegraph, the BBC, the Washington Post, and on Parliament’s own TV channel. Interestingly, there’s not all that consensus on what the main story is, or quite what the recommendations were!
Continue Reading
March 18th, 2010 at 14:25 UTC
It used to be simple to explain how browsing works. You type a link into the browser, the browser asks a DNS server at your ISP to translate the human-friendly hostname into the IP address of the web server, and then the browser contacts the server with an HTTP request requesting the page that you want to view.
It’s not quite that simple any more — which is rather bad news for the National Enquirer, the US tabloid which decided, three years or so ago, following a brush with the UK libel laws, that it would not publish a UK edition, or allow visits to its website from the UK. Unfortunately, the Enquirer’s blocking is no longer working as effectively as it used to.
Continue Reading
March 17th, 2010 at 17:46 UTC
Last night’s Panorama looked at the issue of unlawful filesharing and the proposals within the Digital Economy Bill that the UK Government thinks will deal with it.
The Open Rights Group has criticised the programme for spending too long examing the differences of opinion among music makers, and too little time talking about rights — perhaps that’s an inevitable side effect for fronting the programme with Jo Whiley, a Radio One DJ. This probably increased the audience amongst the under-30s who do a great deal of the file sharing; and for whom this may be the first time that they’ve had the bill’s proposals explained to them. So lose some, win some!
The programme had a number of stunts : they slowed down the broadband of a student household (not only was their MP3 going to take 13 weeks to download, they found they couldn’t effectively look at their email). They got a digital forensics expert to look at a family’s computers, finding copies of LimeWire (tricky stuff forensics!) and portraying this as a smoking gun for unlawfulness. The same expert camped outside the student house and piggybacked on their WiFi (apparently by employing a default password on their broadband router to authorise themselves to have access).
You can also see yours truly:
demonstrating an anonymity network (it was in fact Tor, but I’d done a little tweaking to ensure that its standard discouragement of file sharing activity didn’t have any impact) : and showing that a Bit Torrent tracker stopped recording me as being in Cambridge, but placed me at the Tor exit node in Germany instead.
I argued that as soon as large numbers of people were getting in trouble for file sharing because they were traceable — then they wouldn’t stop file sharing, but they would stop being traceable.
All in all, within the limitations of a 30-minute prime-time main-channel show, I think the Panorama team provided a good introduction to a complex topic. You can judge for yourself (from within the UK) for the next 7 days on the BBC iPlayer, or in three parts on YouTube (I’m two minutes into part 3, at least until a web blocking injunction bars your access to what might well be an infringement of copyright).
March 16th, 2010 at 15:25 UTC
As I mentioned a few days ago, the security services have some concerns about the Digital Economy Bill:
If evading blocking systems becomes a mainstream activity (and there’s said to be 6-7 million illegal file sharers in the UK) then it will be used, almost automatically, by subversive groups — preventing the spooks from examining the traffic patterns and comprehending the threat.
There seems to be some confusion about quite what is worrying the security services. Last October, The Times reported that “both the security services and police are concerned about the plans, believing that threatening to cut off pirates will increase the likelihood that they will escape detection by turning to encryption”, and this meme that the concern is encryption has been repeated ever since.
However, I think that Patrick Foster, the Times media correspondent, got hold of the wrong end of the stick. The issue isn’t encryption but traffic analysis.
Continue Reading
March 13th, 2010 at 21:28 UTC
