Public Comment on the Trinidad and Tobago CyberCrime Bill, 2017.

cybercrimeI like the spirit of the bill. My own personal background in technology is public knowledge; my LinkedIn profile will demonstrate that I have worked with companies that have been sensitive to ‘cybercrime’.  As an author on technology (virtual worlds and more), as someone who has earned media mention (BBC, New York Times), as someone who has been active in technology circles in the region (CARDICIS, LACNIC) and outside (the 1st Mobile Convergence, among others) and as someone who has spent over two decades of his life in software engineering, I submit the following comment:

Clause 4:

““electronic mail message” means an unsolicited data message, including electronic mail and an instant message;”

While these messages can be unsolicited, they can also be solicited. I think the use of the word ‘unsolicited’ should be reserved for what is popularly known as SPAM.

“hinder” in relation to a computer system, includes—
(a) disconnecting the electricity supply to a computer system;
(b) causing electromagnetic interference to a computer system;
(c) corrupting a computer system; or
(d) inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data;

Item (d) is problematic because it is contextual and no context is provided. It describes functions that can be perfectly legitimate in designed use of systems. Further, I would like to point out that the undesigned use of systems is what is called ‘disruptive’; that ‘disruptive’ in this context is about innovation, and that innovation is of particular importance to a developing economy. To stifle innovation is to stifle the economy and culture of the nation.

For example, no one expected ‘apps’ to become popular on phones, and installing ‘apps’ on a phone can have an adverse impact on performance.

The question then becomes how much is adverse, and we enter a realm of subjectivity in a world where Moore’s Law advances faster than amendments to Acts. This is why computer software has ‘System Requirements’ as far as operating system and hardware.

Further, there are ways of altering data that are not direct, and as such, defining the methods of altering data limits the Act. Since this is a public comment, I shall not divulge further.

I suggest the following:

““hinder” in relation to a computer system, includes—



(d) Affecting computer data or software in such a way that overall performance and use of the system is adversely affected to the degree that a system cannot perform it’s functionality when all documented system requirements are within normal limits.

(e) Rendering the data on a computer system to be unusable for it’s operation.”

 

Clause 10:

It should also be worthy noting that the critical infrastructure also entails the entire Domestic Communication Infrastructure (DCI), which has crossover to the Telecommunications Act (Section 69). This is increasingly important since Session Initiation Protocol (SIP) trunking is  increasingly used for telecommunications (Voice over IP (VoIP)).

Businesses also are concerned when it comes to critical infrastructure; they have their own. Examples include banking systems, medical systems (should we get some in use), etc. While not directly critical infrastructure, havoc can be created by bringing down these systems. I suggest allowing businesses the concept of their own ‘critical infrastructure’ within the bill. It would be open to interpretation by the Court.

As an example, when I worked for Emergency Communications Network in Ormond Beach, Florida, the business was to make people aware of emergencies by phone (telephony), text (SMS), email, and social media according to contract. We did this at the Town, City, County, State and Federal Levels. Our security was therefore required to be as good as or better than these systems, but we were not considered a part of the DCI. However, we had to perform security audits.

Clause 16:

Consent can be as fluid as a relationship, and the storing of the image(s) does not mean that they actually took the images; they may have been sent by the offended party. A scenario of a bad breakup might be immediately followed by an accusation of such images existing on someone’s computer system (phone, computer, etc.) and suddenly, what were once consensual intimate images become reason for the upheaval of the accused’s life. That seems a bit extreme, and seems like an aspect of the system very open to abuse.

Sharing the images without written and signed consent, on the other hand, is without question an offense.

General Notes

(1) There is a lot of authority to decide given to Magistrates and Police who may not understand the technologies that they are dealing with. This brings up potential appeals that can clutter the Court(s) further; there is no mention of prerequisite training and continued education in these aspects of Law. This legislation may not be the place for such things, but as a layperson all I can suggest is that it should exist somewhere.

(2) There are potentially cases where trained professionals can be accused of doing illegal things when, in fact, they communicated what they were doing clearly with the person or legal entity that they were doing work for. This highlights the importance of appropriate contractual documentation, and this needs to be highlighted to professionals and their clients such that all understand it.

It would be good to see that level of professionalism become the norm.

(3) Separate from (2): Sometimes bad things happen when troubleshooting or installing a system, and professionals can be put at risk by this legislation. This is, sadly, quite common – ask any Doctor. Systems are increasingly complex and while attempting to fix something that is the focus of a contract, it is possible to break something else – particularly when the lowest bidder gets the work by not billing for appropriate documentation.

Further, operating systems and hardware are fluid. Unlike medicine, where the human body generally follows certain anatomy and physiology, computer systems by and large are made up of various permutations of software and hardware that may or may not be up to date, making it a very difficult thing to protect against. There is no certification that covers everything, there is no degree that is current with technology and there is no way to know everything about a system when troubleshooting it.

Thus, actual criminal intent needs to be required in all of this. After all, lawyers are not held accountable for losing cases (even when they do everything correctly) by means of fines or jail time. To put this burden on the shoulders of other professions seems unethical.

 

(4) It bothers me that the opportunity to protect the privacy of individuals is not highlighted in this Bill. While individual privacy has been protected by copyright in the past in other nations (I do not know about here), there are larger concerns.

For example, asking me for a digital copy of my National ID opens me up to identification theft. I do not have laws that protect MY information once it gets into government systems – until Clause 15 is enacted, and even then, I have no assurances other than someone will get prosecuted. That hardly makes me feel secure. This leads to security audits in Government offices, which are not mentioned at all in this legislation (see (6)).

(5) There should be different criteria for first time offenders and repeat offenders, as well as with minors and adults. We might end up making criminals of children before they begin thinking of adulthood. We need to be very careful here not to limit young curious minds because ignorance of appropriate technology etiquette. These could be teaching moments.

Repeat offenders, on the other hand, may need Court orders that limit their access to technology as is done in other parts of the world.

(6) There is no mention of the requirement of 3rd party audits on Government computer systems (critical infrastructure and otherwise) to assure that national security and privacy of information of citizenry is maintained at the highest levels by the government. This, in my eyes, is a serious flaw.

Conclusion

I observe local IT professionals, and more often amateurs and amateurs in professional’s clothing, putting themselves into positions where they could be wrongfully accused of things that they themselves were contracted to do.

Certifications and Degrees do not make someone responsible.

The public needs to be better educated on this Bill in this regard, particularly since companies are notorious for hiring someone who they know instead of who knows what they are doing. There is public speculation on Government doing this as well, which I know little enough to comment on but have heard enough to make comment.

The Bill implicitly pushes forward best practices in the IT field, where contracts would have to be in writing and agreed upon, where documentation should be provided on the work to be done as well as the work done. I would suggest some degree of indemnification when it comes to troubleshooting and repairing systems to give guidelines in the readings of the Act by Magistrates.

The Act should codify requirements of critical infrastructure to be audited to assure security of information. This is the main thrust of the legislation, and yet there are no preventive measures to be found in this Bill that provide for that and no responsibility communicated that makes the Government responsible for critical systems. Certainly, securing systems is of interest enough to create a Bill like this – it should also be of enough interest to assure that government computer and network systems, as well as those that use them, are independently audited on at least an annual basis. Failure in this regard makes this Bill moot.

The Property Tax of Trinidad and Tobago: Privacy

Property Taxes IconWith all the media coverage on the new (2017) Property Tax here in Trinidad and Tobago, it’s hard to pick one article out of all of them to get a cohesive idea of what it is. In fact, most of the articles I’ve seen have been devoid of facts and full of opinions – let’s just say that there is a communications issue.

Frankly, if the roll-out had been done with better communication, it would have been less the political football it has become.

I own property – a fair amount – and people know this, so they ask me about it. My land is agricultural, so the new tax is almost straightforward for me. Almost.

But who reads these forms? Who has access to these forms? With people being asked to take pictures of their property and give personal details, one of the main questions I have heard from more moderate voices revolves around privacy.

And there are privacy issues to consider with crime as endemic as the common cold, and allegations in foreign news:

A project that Cambridge Analytica carried out in Trinidad in 2013 brings all the elements in this story together. Just as Robert Mercer began his negotiations with SCL boss Alexander Nix about an acquisition, SCL was retained by several government ministers in Trinidad and Tobago. The brief involved developing a micro-targeting programme for the governing party of the time. And AggregateIQ – the same company involved in delivering Brexit for Vote Leave – was brought in to build the targeting platform.

David said: “The standard SCL/CA method is that you get a government contract from the ruling party. And this pays for the political work. So, it’s often some bullshit health project that’s just a cover for getting the minister re-elected. But in this case, our government contacts were with Trinidad’s national security council.”

The security work was to be the prize for the political work. Documents seen by the Observer show that this was a proposal to capture citizens’ browsing history en masse, recording phone conversations and applying natural language processing to the recorded voice data to construct a national police database, complete with scores for each citizen on their propensity to commit crime.

“The plan put to the minister was Minority Report. It was pre-crime…

The sole local article I saw on that was hereI admit I don’t read the local newspapers too much, so I might have missed a few other articles. 

Now, being sensible and intelligent, you’ll ask me how this all ties in to the question of privacy as related to the property tax information being voluntarily sent in. That quote isn’t about the reported 105 warrants to intercept communications with 1 arrest (Less than 1% success if you bother with math). We’re talking about other stuff.

We all know that there are issues with corruption – such as the open secret of passing bribes in the Licensing Office. Anyone who lives in Trinidad and Tobago knows that there is rampant corruption in government – which, to my understanding, happens to be the largest employer in the country. And if they can’t even pay their people, when there are meetings about not purchasing toilet paper, you have a security risk. You have a privacy risk.

The privacy is a legitimate concern. Who has access to this information? How will it be used in other ways? Who is speaking to the populace being comfortable about that?

Certainly, I understand that the government needs to build it’s data – the log books of old would take decades to computerize, and I do applaud the genius of crowd-sourcing from the populace… but… privacy.

I’m of low confidence.

And that’s the press of this entry.

A little ad lib below.

Some Personal Notes On The Property Tax.

Personally, I don’t like the idea of a property tax where one can forfeit property if one doesn’t pay it for 5 years. It’s a de facto tenancy to the State at that point, and I think that’s wrong. People pay stamp duty when they purchase, and many other taxes are levied.
However.
I also don’t like speed limits as they are in Trinidad and Tobago, but if I break them I get a ticket, so I obey them. I don’t agree to a lot of silly laws, but I also understand that a society of laws is necessary. I don’t have to like them.
I bring this up because a lot of people are saying that people shouldn’t submit their forms, particularly in grassroots meetings. It’s a matter of Civil Disobedience, I suppose, and I doubt that few people who are considering it know the story of Henry David Thoreau’s Civil Disobedience – about how he didn’t believe in the Church tax, and how he was thrown in jail. What many people tend to overlook is that he only got out of jail because someone came by and paid his Church tax for him.
I will not advise anyone to take this course of action. If the person or people advising you to do this will pay the $500 fine you’ll get for not submitting… well, you decide. It is the Law.

A Few Thoughts on the techAgri Expo 2017

Given my return to Trinidad and Tobago, which my last post gave some context to, and the fact that I own agricultural land in Trinidad and Tobago, I went to the UWI techAgri Expo armed with my decades of experience as a software engineer, years of experience dealing with land, and my own trials and tribulations at growing things not just on my land, but over the years. I had good counsel on the latter from established farmers in Trinidad and Tobago, but I am not an expert.

I purposefully left my camera behind. People treat you differently when you have a camera, and I wasn’t going as some sort of media person or pretending to be. I was going for information. I didn’t need a camera for that.

Generally, I thought it was worthwhile. One person I know remarked that it was more like a bazaar in that people were selling things – I see that as a factor of any expo to get foot traffic. Another criticism is that the students didn’t have all the answers to the questions asked, but a quick analysis of that criticism reveals an unrealistic expectation in the critic. They are students, after all. Someone said that it could have been held inside, but then, what of all the plants? So, personally, I dismissed a lot of the criticisms.

The farming equipment was plainly visible. Children packed into the tractors for photo opportunities, and every now and then people would inquire about prices. Plants galore – the savanna was alive with plants, and there were many people leaving with plants.

I bumped into the tent where they had information on the apps – things like Maps.tt I would find an immediate benefit from, and their land suitability app looks promising. The AgriDiagnose Mobile App also looked very useful. The data from NAMDEVCO could be useful, but in it’s present forms it’s not too useful for people planning to do things – more on that later. A brief chat with Dr. Bernard showed we knew some of the same people.

Moving on, I came across rabbits at the UWI Faculty of Food and Agriculture University Field Station – dealing with academia must be a preparation for long German – and I saw rabbits and agouti. There were signs about entrepreneurship behind these creatures imprisoned in their cages, so I asked around about the market for them. They had no idea. They had no idea where to find such information. Well, they were students, so no need to be hard on them.

Continuing my walk, I had some interesting conversations with some international folk, a few criticisms from staff about getting interdepartmental assistance for some things (a few people knew me and the criticisms were more specific, but I know the unpleasant frustration of academic silos), and I came across a business that was marketing rabbit meat.

Well, here we are. They’ll have answers. So I spoke with them about the market for rabbit meat and rabbits in general, and as expected, it wasn’t exactly a high demand market. It’s not as if I see ‘rabbit roti’ on the roti shop walls. It’s more of an exotic market, and more for pets than pots. Completely understandable and expected, so I thanked the lady for her candor and moved on.

The Agricultural Development Bank (ADB) was interesting, though I’m not sure that it was all accurate. They advertise great interest rates for agricultural and aquaculture projects, but when I spoke about the specifics of things I was looking at doing, I asked about whether I should split some land off for collateral and repeatedly told I didn’t need to do that. That seems peculiar. Established farmers I know have criticized the ADB in that while their interest rates seem low, with all the fees one ends up paying, it’s effectively the same as banks with higher advertised interest rates. An after discussion with someone who knows more about interests rates revealed the 3-5% was effectively around 8-9%, but that advertised bank rates at 8% were closer to 14% in reality.

So, the ADB didn’t really sell me on anything in the end.
I was finding holes. Opportunities. Flaws in the bureaucracy, as there always are and always will be.

The rest of the expo was as informative to me on aquaculture, agriculture, potential markets.

Try Cafe Vega. They had a stall. I met Dr. Floyd Homer, and we talked about beans and all sorts of things. How could I pass up a cup of local coffee? Good stuff.

The NAMDEVCO Data

The thing that jumped out at me most was market data.  What’s published is Open Data – it’s one of the founding principles, it seems, but it’s not as open as you would think. If you take a look at the data available from NAMDEVCO, it gives you averages of monthly data over the years (starting in December 2016), but it doesn’t show you volatility. It is lacking, and part of that may be that NAMDEVCO simply wasn’t designed for it – or the people who want to do it are getting crushed by the gears of bureaucracy (been there, done that), or it simply hasn’t entered into people’s minds.

But I’ve spoken to farmers. One successful farmer revealed his success one time with cabbage, being able to buy a car for cash after reaping one cabbage crop. That’s an outlier. So there is volatility in these markets that farmers have to be able to plan for. Granted, the app that shows the immediate prices is good, but if you’re getting into a market, you want more data. It is there at the link, but it has to be hand typed in from the images in the monthly PDFs to get what you want… when I tried the contact link on their website, I was greeted by a configuration error. So I can’t really tell them about the error, now can I? Try it. Maybe they’ll fix it. Let me know.

In all, I think my only real criticism of the techAgri expo is that I wish it were more helpful to me – but that’s not so much on them. I’m a demanding person when it comes to information, and I know how to deal with Big Data – something lacking around Trinidad and Tobago, really – and my criticism is more of an identification of opportunities for myself and others. There is further analysis that can be done, and there are opportunities that you can find… if you have the gift of seeing what doesn’t exist yet.

A Walk Down High Street.

It was a walk to see what had changed, to see if I could get a few things I needed. It was a walk to reconnect me with something that I felt I should reconnect with. My feet had pummeled there throughout the 1980s, when I often wore the Presentation College uniform. It was where I went into every business to try to sell advertising for my father’s ‘Trini Trader’ magazine, or to do things for the printery, or to desperately check for the latest computer magazines at Victor Manhin’s, long gone.

It was where I haunted when I ‘broke biche’, playing hookie in my last few years at Presentation College, hiding in an amazingly small coffee shop you would not know was there unless someone told you – to either meet with skirts of both shades of blue, or to read. It was where I hiked down to the old Muscle Connection Gym to work out and to later get my free Tandoori chicken meal at Tara’s Kitchen in Carlton Center. I paid for neither, having bartered for the first and earned the last through friendship.

Of course, most of it was gone, as the old dustbins that used to be were. I hadn’t walked down in that area for close to a decade. I was surprised to find it more clean than it had been, though it was still dirty. Library Corner no longer had the library. A facade in front of the old Library would have made me worry that it would suffer the same problems of the Red House, but on the way I had seen where it was relocated. A mental note to swing in there sometime.

A walk down the street saw me looking for the sports store that was no longer there, saw me heading down to look at shoes to replace the tired old running shoes I had – these were 10 years old, detritus from my last period of life in Trinidad, not looking worn but the bounce of the sole lost in time like the bounce of so many souls. I shopped around, toward the bottom of High Street, seeing all manner of shoes costing thousands of dollars that I would never be seen in public with. Gaudy. Eye catching colors. A culture I shunned in footwear and in most other things, preferring to remain as unnoticed as possible on the streets where I always stood out anyway. “The Professor”, as they called me back then on the Coffee and the Carib, liked to blend in but somehow always stood out. Damn it.

One store I was ushered into had me go down some stairs, into a basement that reeked of mold. Where there’s mold, there’s compromised inventory. To the credit of their honesty, they didn’t even try to cover the smell – maybe the product of having tried and failed over time. To their credit, they had their display shoes in clear plastic bags that had seen much reuse. But the scent. I have seen what mold does to shoes. To walls. How it secretes itself insidiously on everything. And then I remembered this plaza for the work my father had done on their electrical. I remembered the owner, who I am certain has not changed.

I was permitted an opening as the worker spoke with someone else very seriously about why their shoes were better priced than anything else in the area – but the price for the shoes I would put on my feet was still higher than what I saw in Detour. I went back to Detour, stood by the shoes and was attended briefly, they brought the shoes down and I purchased them without hesitation – 25% of the price of the majority of the shoes, 20% lower than comparable shoes where I saw them. The Syrian gentleman smiled slightly at this; he had seen me there 10 minutes earlier, he had seen what I did, and he also saw that I immediately put the new Nikes on and tossed the others, leaving them with box and bag.

Hands swinging.

I walked up further, finding new spaces where old ones were. The sidewalk was the same. The street smelled the same – that odor of dry season dust with the occasion of stale urine. No one talks about that pungent aroma in cities when they say that they love them. New York. Orlando. Dallas. Honolulu. Panama. Managua. Port of Spain. San Fernando. The list goes on about which brochures should have scratch and sniff photos.

Or the smell of the casual vagrant. That lurid smell of sweat upon layers of sweat, a topology on the sinuses not easily forgotten.

A new book store. A casual conversation revealed why there were only books marketed to women (read: romance) on the shelves, though it was spared 50 Shades of Bad Writing by the Muslim owner. Another bookstore I frequented with it’s meager selection poorly laid out so it seemed like they had more of a variety.

I stopped in one store, saw an old school friend who worked there and we chatted. Caught up.

I left High Street, striding home in new shoes and old memories, thinking as I kept an eye on the shadows near my own and the sound of footfalls behind me – a habit over the years. I thought about how big High Street had been for me in the 1980s, and how small it seemed now.

When I was younger, it was a window to the world. Thriving. Knowledge I craved was pooled in bookstores that no longer exist. The street had become smaller not because I had gotten larger, but because it was a window into what could sell in a country where the buying power of the average citizen limited choices of what businesses could bring in and make a profit from. The only local thing was a side stall of leather belts and sandals, a throwback to a forgotten age when Medford Gas Station was at the bottom of High Street.

The walk told me what I already knew. San Fernando had changed but not grown, just as the rest of Trinidad and Tobago. Perhaps it was the error of my younger eyes to have seen so much potential.

Natural Language Processing, Health Records and the Developing World.

Case Investigation Team

The Veterans Administration will be using Natural Language Processing (NLP) for their medical records. It can be a powerful tool for searching for trends and getting the right people to the right treatments in a timely manner. That’s a gross oversimplification.

I know a bit about medical records1. I also happen to know quite a bit about Natural Language Processing, since I’ve worked with it in the context of documentation management.

And, as it happens, I know a bit about the developing world – the Caribbean and Latin America. And I know a bit about the hospitals in the region, where hand written records are kept, but lack the rigor and discipline necessary for them to truly be useful. I recently looked at the medical record of someone in Trinidad and Tobago, if you could call it that, since I found it odd that the Doctors and Nurses didn’t seem to communicate not only with each other but their own subgroups. I saw why.

I know of one doctor who keeps patient records in Microsoft Word documents – a step in the right direction.

There is an opportunity here for the developing world in general, but it’s a technology leap that must be undertaken with the discipline of good medical records in the first place. These delapidated medical systems, despite new buildings, need to have medical records that enable good care in the first place.

There’s no reason that medical care in the developing world should suffer; it can be done much more cheaply than in the developed world and with the advancements such as NLP already being implemented, it’s vacuous to build shiny buildings when the discipline of the medical records themselves should be paramount.

But then, maybe implementing electronic medical records properly would be a good start to building that discipline. 

1Medical Records have interested me from my days as a U.S. Navy Corpsman, where we were assiduous about medical records – Doctor’s orders, nursing SOAP notes, lab results – all had their place within a folder. It was just on the very edge of the medical databases that the U.S. Navy rolled out. When I was at my first USMC command, myself and other corpsmen’s first job was  to get the medical records ready enough to allow us to deploy – and it was an onerous task, with those who had gone before not having taken the records as seriously as they should. Later, I would work with a Reserve USMC unit at Floyd Bennet Field where I would be commended for my database work as related to their medical records.