Trinidad and Tobago

Some Things Are Not Technology Issues.

~ Taran ~ Leave a comment

Some years ago, I served on a Board for a residential community – something I haven’t put on my CV and don’t intend to – and everything was falling apart, largely because the lessor wasn’t doing their fair share, which is another story altogether.

While I was on the Board, I took interest in the office because information, which we didn’t have much of because of the lessor, needed to be stored. The phone the property manager used belonged to the old Chairman, the administrator (when we had one) didn’t have a phone, and no information of use was stored in the office – yet it was central to communicating with residents and shareholders. They were using Outlook, and subscribing to a service that didn’t allow them to email beyond a quota which is just… well, Microsoft being Microsoft.

So I created a Google Group for the Board, and wrestled people onto it after I volunteered to do it enough times that I just got sick of it. Residents weren’t getting emails, and it was obvious to even the dullest nail in the box that the problem was the Microsoft quota. The general response, it seems, is to just pay more for Outlook, but I suggested using a Google Group because that way we could split communications between residents and shareholders as needed, we could allow people to access old conversations easily and refer them back to things, and we could build a knowledge base based on these things. It was not rocket science. It was very late 1990s technology I was talking about: Send one email to the group, Google delivers it to everyone. Presto magico.

Being a volunteer Board, you never know who you’re going to get on it. I pressed on those things and then Covid-19 happened, and so nothing really happened. We did manage to get the administrator a phone and get the property manager his own phone, and frustrated with the way things were going I left the Board.

After leaving, I had an open invitation to assist the Boards that came after with everything, but stayed out of their way.

That was 2020 or so. It’s 2024 now. People are still sometimes not getting email because of the same issue, something I told every single Board about for the last 4 years.

It takes only a few minutes to set up a Google Group. There’s nothing complicated about it. I walked by the office as a local expert was explaining why emails were getting bounced back.

His response I overheard was that they needed to pay more for Outlook.

Sometimes, you can lead a horse to water and can’t make it drink – but there are times when you lead a rat to water and wish to drown it.

This is why I hate dealing with local companies in Trinidad and Tobago, and don’t offer any services here. It’s somehow stuck in time. I have loads of stories like this.

La Brea Syndrome.

~ Taran ~ Leave a comment

I haven’t really written about Trinidad and Tobago and technology that much except lately with the data breach because it’s more frustrating than interesting.

When I wrote about Trinidad and Tobago breaking out of the economic tidal pool, the press was for diversifying the Trinidad and Tobago economy with what people in my circles tend to think is patently obvious: The information economy.

It’s 2023, and Trinidad and Tobago hasn’t even finished up a Data Protection Act. The Copyright Organization of Trinidad and Tobago still doesn’t care about software and protecting local developer rights, or local writers and their rights. It’s pretty much about music, and it’s a very strange organization even in that regard.

Meanwhile there is now a Ministry of Digital Transformation, where the Minister is the former CTO of the state controlled telecommunications company that recently had a data breach that internationally should be very embarrassing. Locally, people are powerless to do anything because the government hasn’t made the Data Protection Act law.

This is probably with good reason, the government might be liable for a lot more than we know. We only know about the data breaches that were made public. Did they pay off any ransom attacks? Did they have breaches that nobody even knew about because people didn’t announce themselves?

As the world now has AI manipulating information, Trinidad and Tobago is digitizing the Dewey Decimal System which is a shame because there is the capacity to do so much more. The inertia is as heavy as the combined age of Parliament and multiplied by the number of civil servants in a nation where the largest employer is, one way or the other, the Government of the Republic of Trinidad and Tobago.

This leads to those with skills to leave the technologically impaired to drink their own bathwater. Credentialism is the name of the game, followed by those that simply have more connections that capability.

I’ve said all of this for decades. I’ve written it so much I’m sick of writing about it, so unless something new develops locally I’ll just switch back to interesting stuff rather than discuss the tar pits of the information economy in Trinidad and Tobago.

I call it La Brea Syndrome.

Better Business, Privacy

~ Taran ~ Leave a comment

When I read, “Better Business TT launches app, website: Protecting customers from rip-off“, I laughed a bit. It’s not a bad idea, so let me explain.

The article, on the Internet, doesn’t link to the website or app.

It doesn’t really say much about the application other than it being a concept borrowed, with attribution, to successful Angi (formerly Angie’s List) online directory in the United States. That’s the way of these things because it really is dependent on community buy-in, and so the article and content related to this should be sticky. That article is not sticky. It was coated in butter and sent out the door.

The website name might make people with American exposure confused it with the Better Business Bureau, which it is not and not even near a local equivalent.

Having mastered the art of search engines long ago, even when people were still fighting with the blinking lights on VCRs, I found the BetterBusinessTT website. Again, pretty generic, and it could be early on and looking for an organic ‘boom’ to happen, but it needs more oomph in that regard.

And again, it’s not a bad idea. It’s a good idea, though with an estimated population of about 1.5 million with a lot of economic disparity, I don’t know that it will beat out personal recommendations. The security aspect, mentioned in the article, though, was very funny and the reason I wrote this.

Where in the context of lack of the Data Privacy Laws in Trinidad and Tobago, with recent data breaches, would anyone consider their data to be secure in this country? And why then can someone not just tamper with the website so that they can get sales for their services and products?

This is not against BetterBusinessTT. Not at all. It’s about knowing where the laws of liability land on information in Trinidad and Tobago.

Information has been the ‘new oil’ for over 20 years at this point, and it looks like WASA may be in charge of that these days.

A Telecommunications Company Without A CTO?

~ Taran ~ 2 Comments

I’d moved on to other things after writing about the TSTT data breach, and while it seemed that most of the breaches in Trinidad and Tobago that we do know about could have been because organizations didn’t keep their content management systems up to date, there was something very weird to me about the whole TSTT debacle aside from the response(s) they had.

When the CEO, Lisa Agard, was removed, Kent Western replaced her. It’s on the TSTT leadership team page. Of course, Agard’s LinkedIn page hasn’t been updated with what she’s doing now, but she’s not really the story here.

What is interesting is that TSTT, the Telecommunications Services of Trinidad and Tobago, with majority control held by the Government of Trinidad and Tobago… has no Chief Technology Officer listed. Through the previous CTO’s LinkedIn Profile still has him listed as the CTO of TSTT. This is likely an oversight, easily explained and remedied.

The Honourable Senator and Minister of Public Information and Digital Transformation, Hassel Bacchus, former CTO of TSTT, did in fact leave as CTO a few years ago. In fact, it was a little controversial because there were claims he got ‘special payments’ which were refuted by TSTT. That article is about 2 years old, so one has to wonder…

In 2 years, TSTT couldn’t find a CTO? A data breach would have fell into a CTO’s wheelhouse, as would avoiding it. If there’s anyone that should fall on their sword because of a data breach, it would be the CTO, not a CEO. Sure, the CEO is ultimately responsible, but the CTO is the technology officer.

I found this leading to larger questions beyond the data breach. Why would a company that deals almost if not completely in technology not have a Chief Technology Officer? Why don’t they have one yet? Where are TSTT’s Board of Directors on making such appointment?

That I missed this on the first evolution of the data breach speaks to my own mindset. I immediately honed in on the technology and privacy issues and didn’t look at the structure of TSTT.

It boggles the mind that a telecommunications service company doesn’t have a CTO, and hasn’t had one for years. Of course, maybe no one wanted the job.

Maybe we know why.

And as it happens, with all these data breaches, I suppose it’s good to have a Minister of Public Information and Digital Transformation. Information, as some say, wants to be free, and in such cases it makes it to the public.

“Business In The Street”

~ Taran ~ 1 Comment

That’s a Trinidad and Tobago colloquialism much like dirty laundry, but with it embedded in the street networks of information. Gigabytes, terabytes, or even bytes – it didn’t matter the amount of bytes, just the weight of the bytes.

A juicy tidbit of gossip didn’t need much. In fact, you could consider it decompressing in a different way each time it was re-told.

In a world built largely on trust, on integrity, the wrong information could ruin someone. The right information might get you elected to political office, for those with such aspirations.

Some say these were simpler times. Some think they were better times, when people would discuss what they read in a borrowed newspaper over some puncheon rum. I don’t know. It was different, and it’s hard to say progress has been made.

I write that after reading Mark Lyndersay’s, “TSTT’s dark night of the soul“.

TSTT’s data breach was shouted from the rooftops. On social media, people became more and more daring about showing the sorts of information available from the breach. To say that TSTT was not frank about the breach of their information security is an understatement.

There was outcry, enough that the TSTT CEO was replaced, but… it seemed like most people didn’t talk much about it. I’m not sure what replacing the CEO does anyway. That’s like changing the steering wheel when you have an oil leak.

There was no real reason for me to go outside and do anything today, but I wandered into a few places and talked to a few people. Some of them had heard about it but didn’t know what the breach had in it. One person hadn’t heard about the TSTT data breach while he worked across from a bMobile (subsidiary of TSTT) store.

Then I realized something. It wasn’t that it wasn’t written about, on television (I assume), on social media, and what have you. It was. It was there for people to find.

There’s the algorithm problem, where they might not normally watch technology related news, but someone along the way would probably have spoken to someone in person about it.

People just weren’t as interested as I had thought they would be. They have much lower expectations than myself about safeguarding of personal information. They didn’t see the threat of having their information compromised… or as someone pointed out today, “There’s just nothing I can do anyway”.

And oddly, that’s why Mark was writing about the Data Protection Act.

Meanwhile, TSTT customers have their business in the street.

Why So Many Breaches in Trinidad and Tobago?

~ Taran ~ 5 Comments

People continue to ask why there are so many data breaches happening in Trinidad and Tobago. I’m not someone who would call himself a security expert by a stretch, but it’s an intriguing enough question that I decided to look into it.

Commonalities in Website Technology?

First, I checked the websites of those that had been breached, which might reveal some commonalities. Bear in mind, it’s possible that the websites weren’t how the information was accessed.

TSTT, which had the most noteworthy breach, runs Wix – which was quite a surprise if only because of the vendor lock-in associated with it. I was expecting a more commonly used content management system but instead, Wix.

The Office of the Attorney General’s website, attacked earlier this year and probably the 2nd most important breach overall since it paralyzed the Judiciary is using WordPress. It also is actually not the first time; a teen was charged in 2007 for hacking into the Attorney General’s Office.

MassyStorestt.com also runs WordPress, but is substantially behind in upgrades. Pricesmart.com runs mostly BloomReach and a bit of Drupal. Their breach was reported yesterday.

It’s apparent that this isn’t an issue of common platforms being compromised. Yet there is a hint in here. MassyStoresTT.com being substantially behind in WordPress updates.

Maintenance.

When I was heavily into developing CMS websites, I tried doing that locally in Trinidad and Tobago and found that people thought they could just buy a website and it would simply be done and they could go about their business without maintenance contracts. It simply doesn’t work that way.

Maybe even after years, that hasn’t changed. Maybe these websites aren’t being maintained and kept up to date with technology, which includes patching for exploits that allow their data to be breached or otherwise attacked. Maybe.

Personally, with my experience in dealing with local companies and government offices, I don’t see them seeing maintenance as a priority. In fact, I didn’t do business with companies in Trinidad and Tobago for that same reason because… I didn’t want my name associated with poorly maintained sites.

Is this the only conclusion? Definitely not.

Who Has Access Anyway?

Everyone talks about the breaches, but the public always assumes that the people with access to the information had a reason to access the information. In the TSTT data breach, scanned copies of people’s identification were found and I have to wonder what TSTT’s information policy is. Who needs access to that level of information, and why?

I’d be surprised if it were available through the website because that would be just asking for trouble.

Assuming they themselves can be trusted with your personal information, there’s social engineering, which the video below explains.

We forget at times that the people with access to information themselves are open to attack to get to something bigger. Maybe their own computer systems they use to access the data are compromised, maybe they’ve been compromised.

Conclusions

Again, I’m no security expert. Some of the information available from these breaches and the way attacks happened on some websites was clearly associated with the websites themselves. TSTT’s data breach seems different in that regard because no sane company would have that information accessible through their website.

Altogether, it seems like a lack of maintenance for most of these breaches – and maybe there were deeper issues with all of them, but in particular the TSTT data breach.

What is most disturbing is that these are the breaches we’re worried about, which could be a fraction of the number of breaches that happened. The announced breaches we found out about because either someone showed evidence or it created an issue that impacted products and services.

The insidious breaches, the ones where people simply mine the information and don’t get caught or brag, we don’t know about. That’s what concerns me most.

We should be worried.

Confirmed Breach: Courts and PriceSmart.

~ Taran ~ Leave a comment

The data breach has been confirmed independently. There is a much better article on the data breach of Courts and Pricesmart available at TechNewsTT.com, and I’ll refer people to go read that article.

The original article (below) was written when it was just alleged.

In what looks to be a data breach of ShopCourts.com, this data breach seems benign. If it is as the image describes, it would expose the following information:

Unverified information in image from a plausible Facebook account whose interests include the National Security of Trinidad and Tobago.
  • Email addresses,
  • Names,
  • Gender,
  • Dates of Purchase,
  • Billing Addresses and Shipping Addresses,
  • Payment Method (which in common practice does not include credit card information).

It is altogether pretty benign. However, the ability to access the data potentially permits the ability to change the data.

It would seem someone wanted to make a point, wanted some sort of bragging rights, or quite possibly is looking for a job.

Given that Courts is in various countries, this could impact the following countries:

  • Antigua,
  • Barbados,
  • Belize,
  • Curacao,
  • Dominica,
  • Grenada,
  • Guyana,
  • Jamaica,
  • St. Kitts and Nevis,
  • St. Lucia,
  • St. Vincent and
  • Trinidad and Tobago.

Breach Ho!

~ Taran ~ 8 Comments
Image by Gerd Altmann from Pixabay

As everyone in Trinidad and Tobago knows, Telecommunications Services of Trinidad and Tobago (TSTT) had a horrible data breach that leaked quite a bit of personal information of customers, from scanned identification to credit card numbers.

I sat back for most of it. It was pretty clear to me from the onset that there was no putting the genie back in the bottle. As mentioned in the mainstream media, the story from TSTT changed quite a bit.

If there was a checklist of every bad way to handle a data breach of customer personal information, I think they at least hit the high notes. They were as unprepared for their information security being compromised as they were unprepared to have their information security put to the test.

TechNewsTT.com seemed to have the best coverage. I sat back and watched as details of scanned copies of identification, credit card numbers, a suspected password file and more began surfacing even as TSTT denied that they lost that information. When I searched for my information in the data dump, I found 2 occurrences. A few days later, I checked again and I was up to 37. This disturbed me not just because of the amount of times I showed up but because of one very interesting detail.

I’m not a TSTT customer. I am a customer of their subsidiary, Amplia. While I have heard but not met a namesake in Trinidad and Tobago, I strongly suspect that there are not 37 of us with the same name. Of course, that search doesn’t tell you what sort of documents and information was leaked. Why is my name in a data dump when I’m not a direct customer? Peculiar, suspicious, and enough to make one wonder a little bit about whether TSTT is co-mingling it’s information across subsidiaries.

Even more disturbing has been how many people misunderstand the data breach in their own personal context. The fact that a telecommunications provider, with a majority share owned by the government of the Republic of Trinidad and Tobago, mishandled this from information security to being honest with their customers should boggle any sane person.

Unfortunately, this is not the first data breach in Trinidad and Tobago. There have been some announced, such as when the Judiciary got locked out of their system and no cases could continue their slow moonwalk toward progress. These are the obvious breaches, the advertised breaches.

It’s the silent breaches we should be worried about.

There’s so many questions that people need to be asking that it’s hard to write just one article about it.

Free, Libre and Open Source in Trinidad & Tobago.

~ Taran ~ 1 Comment
Me, last presenter at the FLOS Caribbean Conference, 2003.

I don’t know if it’s a factor of age or experience – I consider them mutually exclusive – but when I saw a job opening for an Open Source Consultant here in Trinidad and Tobago, I thought back to how things were and how they have changed in the last 20 years since the FLOS Caribbean conference.

The short answer is that nothing has really changed.

It wasn’t long after that conference that the University of the West Indies was said to have signed an agreement with Microsoft. I imagine the Government of Trinidad and Tobago is paying Microsoft Office 365 subscription fees rather than using LibreOffice, and every time I get a hint of the back end of the results of government contracts related to technology, I see .Net. These are not good or bad things, but they are things that I think Trinidad and Tobago and other nations across the world spend money on rather than building their own experience pool.

That has been, and always will be, the most important aspect of open source software when it comes to a national economy. Sure, you can buy things off the shelf now from other nations, using your foreign exchange for that, but you can also develop the intellectual capital within a nation to meet those same needs. For reasons I do not pretend to understand, this hasn’t been considered a ‘good’ choice over the years in Trinidad and Tobago. Personally, I found my experiences in culture, ICT and open source to be of worth, but we are always measured by the values of others.

I applied for the consultancy position. It might be nice to get a nice 6 month stretch of helping the government save money in the long term while building something sturdy and of value, though I do worry that as a consultant advice will be ignored. That’s the trouble of being a consultant, and it’s also the blessing of being a consultant as well – you can advise your best with a clear conscience and let the chips fall where they may.

There may be hope that Trinidad and Tobago is ready to get serious about technology and innovation, and this could bode well as we have entered the age of large language models and promises of general Artificial Intelligence. It could also be just a position advertised so some Minister’s relative gets a gig to get paid to give crappy advice.

Time will tell.

I do stay in touch with folks from all the conferences that we had, some even sponsored by governments within the Caribbean, and we’ve all pushed ahead in our own ways. I haven’t seen the new generation, though.

I’ll have to ask around and see if they exist.

Caribbean Internet Connectivity and Big Tech.

~ Taran ~ Leave a comment

When I wrote about the recent internet outage in Trinidad and Tobago, I was waiting to find out what the actual cause was so I could follow up. As usual, the talking heads did not have anything of worth to say.

In fact, what they had to say seemed pretty insulting to me.

What TSTT did manage to do was give people free mobile data for the day, which certainly helped those who were using their mobile data, but did nothing for the people who were subscribing to TSTT/bmobile/Amplia for internet access that wasn’t mobile.

But the explanation explained nothing.

…In a recording attached to the release, CEO Lisa Agard apologised for the disruption and its impact on customers.

“To demonstrate our regret, we have decided that all customers will be given free data until midnight.”

She explained, “The disruption was triggered by an unexpected circumstance which regrettably persisted until 11 am.”…

TSTT restores services, gives customers free data for rest of day“, Trinidad and Tobago Newsday, Vishanna Phagoo, Wednesday 9 August 2023

“The disruption was triggered by unexpected circumstance” is the equivalent of a 5 year old explaining something as, “Fall down go BOOM!”.

I’d like a better answer, but I’m used to non-answers by politicians and their corporate cousins, CEOs, who are politicians as well.

To balance that observation, I’ll point out that she has said very smart things too – such as here:

After comparing how much Big Tech – Meta, Alphabet, Netflix, TikTok, Amazon and Microsoft – pays in other countries, CEO of the Telecommunications Services of TT (TSTT) Lisa Agard said Trinidad and Tobago earns only two per cent, since they already pay in South Korea, Australia and the US.

Speaking at Canto’s 38th annual conference and trade exhibition at JW Marriott Turnberry, Miami on Tuesday, Agard said, “We are in an existential crisis, and the crisis is driven by Big Tech operators generating a considerable amount of traffic on our networks.”

She said Big Tech is responsible for 67 per cent of the total internet traffic in the Caribbean, but offers no network investment…

Over US$500m for network upgrades, only 2% back from Big Tech“, Trinidad and Tobago Newsday, Vishanna Phagoo, Wednesday 19 July 2023

I’m not saying that the two are related. Trinidad and Tobago is rarely known for project efficiency, and TSTT suffers ownership by the Government of Trinidad and Tobago which is certainly not known to citizenry for efficiency. That being said, TSTT has a pretty good track record. I use Amplia presently, which was bought by TSTT, and I’d say that the service overall is world class.

What I’m saying is that they could be indirectly related.

However, what is interesting, and a bit refreshing, is that a data driven approach is presented in the latter quote, where the case is made that 67% of traffic in the Caribbean goes to the big technology companies. It begs the question about how much internet traffic the Caribbean gets on the global scale. It’s hard to say, since the amount of traffic hides in how one defines the Caribbean.

Internet penetration is something worth looking into, where we find Aruba at the top for 97.2% and Trinidad and Tobago at the bottom at 79% as of January 2023.

Should Big Tech be paying for infrastructure upgrades in the Caribbean? Now there’s a ripe question. Honestly, my opinion is that there should be investment – but without knowing how much the Caribbean internet traffic accounts for on a global scale, it’s hard to say how much.

It does fit, though. The Caribbean is a region of kickbacks, and Big Tech isn’t good with kickbacks. They spend most of their money lobbying. Done in the interests of the majority, kickbacks are not corruption.