Concepts to Know: Crowdmapping

04/09/2011 / / 3 Comments

What is Crowdmapping?

Screen shot of Libyan Crisis Map from http://libyacrisismap.net/

Crowdmapping is the aggregation of crowd-generated inputs such as text messages and social media feeds with geographic data to provide real-time, interactive information on events such as wars, humanitarian crises, crime, elections, or natural disasters (the results are sometimes referred to as crisis maps). If properly implemented, crowdmapping can bring a level of transparency to fast-moving events that are difficult for traditional media to adequately cover in real-time, or to longer-term trends that may be difficult to identify through the reporting of individual events.

Who can create crowdmaps?

Anyone can create crowdmaps using tools such as Crowdmap.com, which runs on the open source Ushahidi platform.

Ushahidi is a Kenyan technology initiative developed in response to the 2008 post-election violence:

Potential benefits of crowdmapping

Although the benefits depend on effective organization, public awareness and accurate information (no small feat to coordinate all three), the use of interactive, real-time mapping to track fires, floods, crime, political violence, the spread of disease, or instances of government corruption are just a few of the ways crowdmapping promises to enhance knowledge and transparency about a range of public health and safety issues.

For public security organizations such as police forces, crowdmapping could be used to build stronger connections to the communities they serve. If an effective, widely known crowdmap had existed for London during the recent rioting, perhaps more time could have been spent coordinating an effective police response and less time wasted following in the footsteps of Hosni Mubarak by trying to figure out how to shut down Twitter.

The challenges of effective crowdmapping

The deployment of crisis mapping technology is on its way to becoming a standard tool to collect and track ground truth from crisis zones, but very little work has been done to evaluate and mitigate the threat posed by adversaries with offensive infosec capabilities.

George Chamales

Aside from questions of building effective public awareness, the scope of usage, and the reliability of user information, the flip side of the optimistic public service vision of crowdmapping is that of a repressive regime using the technology to more effectively track and quash dissent, or adversarial groups engaging in disinformation campaigns.

The more that individuals learn how to effectively self-organize using social media tools, the more authoritarian governments or adversarial groups will learn about how to effectively use these same tools for their own ends. Crowdmapping was used in the recent Egyptian revolution, and this blog briefly explores the exchange between Egyptian activists using Ushahidi and the government authorities who tried to disrupt them.

For an interesting exploration of these issues, see veteran crowdmapping organizer George Chamales’ presentation notes and slides on defending crisis maps from the 2011 Black Hat security conference. Although I didn’t have the chance to attend, it sounded like an interesting exploration of just these sorts of issues:

In this session we’ll setup, operate, attack and defend an online crisis map. Bring your laptop and toolsets because you will have the opportunity to play the bad actor (a technical member of the secret police or terrorist organization) as well as the defender (the response agency, citizen on the ground, and sysadmin trying to keep the server online).

The experience will bring together everything we know and love and hate about defending online systems including buggy code, naive users, and security vs. usability tradeoffs and do so in a situation where people are dying and the adversary controls the network. We’ll also introduce some not-so-typical concepts like building trust on the fly, crowdsourced verification, and maintaining situational awareness from halfway around the globe.

See also this piece from the MIT Technology Review on Chamales’ presentation: Why Crisis Maps Can Be Risky When There’s Political Unrest

My introduction to crowdmapping came through researching Kenya’s tech scene, and talking with Ushahidi team members Erik Hersman (Director of Operations & Strategy) and Heather Leson (Director of Community Engagement) at a recent community development meeting at iHub Nairobi. I can tell you from personal experience, they’re an exceptionally talented, energetic and helpful group of people, who are serious about the expanding the reach and utility of their platform. Expect interesting things from them.

Security Issues in Social Media

07/06/2011 / / 3 Comments

The following is an Executive Summary from a keynote I gave recently to an international business group focused on security issues. The major themes will be explored in detail here soon.

Traditional approaches to the security implications of social media tend to focus on social networks as vehicles for software virus transmission, and potential risks such as stalking and identity theft. Further attention should be placed on the data contained within emerging social graphs, which through sites such as Facebook can reveal both objects (e.g., people, photos, events, and pages) and the connections between them (e.g., friend relationships, shared content, and photo tags). Criminal networks are learning to exploit such information, allowing much more sophisticated forms of social engineering to be used in identity-based fraud. However, criminals may also be vulnerable to exposure through the information contained in social graphs, and the use of such data should be understood by investigators.

The spread of social networking services also has important implications for privacy, transparency and security through the convergence of social media and mobile devices with Internet access, location awareness and digital imaging capabilities. Social media adoption enables a wide range of self-organizing behaviors, which is shifting power away from traditional institutions, and into the hands of interconnected users. While the range of novel social services incorporating these capabilities is difficult to predict, future erosions to privacy and threats to security are just as likely to come from the sharing activities and security practices of other users as they are from governments or service providers. Significant divides over appropriate levels of sharing, transparency, privacy and connectivity will continue to emerge on both inter-cultural and inter-generational levels. Bridging these gaps will present ongoing challenges to global businesses with multi-generational workforces.

For organizations that resist the temptation to block access to these services at work, social media offers enormous opportunities for learning and information sharing. Social media can also lend unprecedented speed and scale to customer education and relationship building. Organizations seeking to benefit from a shift in economic activities based on knowledge stocks to knowledge flows should understand both the network structure and psychological drives behind the recent burst of social media activity. One important element in adapting to competitive and criminal pressures should be sustained efforts to harness social media based knowledge flows, and proactive efforts to define best practices and norms of participation within these digital environments.