ITS Broadcast App for Android and Privacy Implications

There is a lot of buzz about the new ITS Broadcast Android app, which upon debut has received hundreds of 5-star reviews. I don’t have an Android phone so I won’t comment on the app features or lack thereof, but from my understanding this is a tool that ITS wants to use to broadcast messages to its’ users.

ITS Broadcast is a messaging tool for ITS dept (E-Jamaat).
After installation you will have to provide ITS (E-Jamaat) ID and password to register.
This app can be configured only for Single ITS (E-Jamaat) ID.
Once registered future communication will be made by using this App.

Given that ITS already has a unique identifier for all users and a listed contact email, reviewing the app permissions with the above stated purpose in mind seems to raise some concerns. Importantly, the application asks for permission to Find Accounts on the Device:

Allows the app to get the list of accounts known by the tablet. This may include any accounts created by applications you have installed. Allows the app to get the list of accounts known by the phone. This may include any accounts created by applications you have installed.

Why does the ITS application need to know what other accounts its’ users have on their phones? Is it necessary for ITS to be able to know what Google, Facebook, Twitter, Tumblr, Instagram, Flickr, and other accounts are active on your phone? How will ITS use this data?

Those are some questions to ponder before you go ahead and click the Install button…

Crack down on telemarketers

In today’s South China Morning Post, a letter of mine appeared in the Letters section (page A12), the text of which is reproduced below (with some links added, for easy reference):

Crack down on telemarketers

Today, with so many different channels of communication, we are deluged with unwanted marketing. I wholeheartedly welcome the news that Hongkong Post is launching an opt-out sticker scheme for certain unaddressed circulars (“One way to stop some of that junk mail”, August 25).

However, the real menace is not mail, but telemarketing calls. Telemarketing is the most inconvenient type of marketing because it requires active participation by the receiver, at a time that is convenient to the caller. Why should the public be expected to adjust to the schedules of telemarketers who are selling a product that they most likely do not want or need – and one which they certainly did not solicit?

A few years ago the telecoms watchdog OFTA launched the “Do-not-call” register for pre-recorded messages. It is now high time that it extended this register to include non-recorded – that is, live – calls.

This is hardly a novel idea: do-not-call registers in other countries typically make no distinction between pre-recorded and live telemarketing calls.

This would cause a hue and cry from telemarketers, who would claim they provide a useful service that brings benefits to consumers. Yet that is nonsense; the only beneficiaries are the telemarketers themselves and the companies they represent.

The theft of property is an offence punishable by a prison sentence. I wonder if telemarketers could provide a convincing argument why we should tolerate the theft of our time.

Ali Ebrahim, Mid-Levels

For those who are interested, I’ve uploaded a scan of the relevant page.

eJamaat and Data Retention

My religious community, numbering approximately one million worldwide has a centralised system for almost everything (both religious and non-religious). One of the non-religious centralised systems that has really irked me over the last couple of years has been the eJamaat system which is maintained by the religious administration.

The eJamaat system (update: now called ITS or Idaratut Ta’reef al Shakhsi) contains personal biodata (name, DOB, address, education, business details, levels of religious learning, blood type, family trees/relationships) of almost all community members worldwide. This system is mainly used to gather data about the community and also to perform registration for attendance of reglious events or sermons. Now – the administration seeks to make entering passport information mandatory as well.

Why does it irk me? It’s not because the system is not needed or because it performs no useful functions. In reality, there is a real need for this system and it is effectively used to manage registration for events. It irks me because of the administration’s compulsion for collecting data that is not required just for the sake of collecting it. Further, there is no disclosure as to how the information is used and no information about what steps are being taken to secure our personal data. For starters, communication is unencrypted because SSL is not used to secure HTTP conversations so any data entry is inherently insecure, especially if you do so over a public wifi signal.

When this system was first set up, I requested a copy of eJamaat’s privacy policy. It is not publicly listed anywhere and I never got a response. From this I can infer that either they don’t have one, or that it is not available for public viewing. In some jurisdictions the collection of this kind of personal data without a published privacy policy that meets certain guidelines is actually outright illegal (see below for details on relevant legislation within the UK).

I am genuinely concerned that if this data was to fall into the wrong hands, it would be a treasure trove for individuals seeking to engage in identity theft. With information including full name, father’s name, mother’s name (including maiden name), DOB, passport information, photographs, address, blood type, information about health conditions, business details, educational qualifications it is frankly quite scary to imagine what could happen if this information was stolen by a third party or misused by those with access to the data. Identity theft would be the tip of the iceberg.

It would be reassuring to the community if important information was disclosed (and more importantly followed) regarding what steps are taken to secure the data, under what circumstances data will be shared with other parties, if users will be informed in the case of a data breach, and also why data like passport information is required (personally, I can’t see a legitimate reason for this).

I think it would be naive to think that feeding all this information into a black box with no accountability is a good idea and that there will never be a major breach of confidentiality. With the scope of data contained, it is quite plausible that someone could call a bank and successfully obtain account information and effect transfers, or apply for a library card by post in someone else’s name.

I hope someone can demonstrate that my concerns are unfounded, but I doubt that will happen.

For those who are interested, the Data Protection Act 1998 is the most relevant piece of legislation in the United Kingdom to this discussion (and other countries may have their own equivalents). Accoring to the ICO, there are eight basic principles, which is to make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

[Source: Personal data, Personal rights – Data Protection Act (DPA) – ICO]

The page on legal obligations imposed on data controllers is also interesting:

  • Do I really need this information about an individual? Do I know what I’m going to use it for?
  • Do the people whose information I hold know that I’ve got it, and are they likely to understand what it will be used for?
  • If I’m asked to pass on personal information, would the people about whom I hold information expect me to do this?
  • Am I satisfied the information is being held securely, whether it’s on paper or on computer? And what about my website? Is it secure?
  • Is access to personal information limited to those with a strict need to know?
  • Am I sure the personal information is accurate and up to date?
  • Do I delete or destroy personal information as soon as I have no more need for it?
  • Have I trained my staff in their duties and responsibilities under the Data Protection Act, and are they putting them into practice?
  • Do I need to notify the Information Commissioner and if so is my notification up to date?

[Source: Personal privacy, legal obligations – Data Protection Act (DPA) – ICO]

Update 16 November 2008: I have been requested by a legal advisor to Dawat to temporarily remove this post while some issues are being worked on. Certain representations have been made which paint a positive picture of what is going on behind the scenes and if this is followed through it will be a very positive development for all eJamaat users.

Update 23 September 2009: eJamaat now has a privacy policy in place (see also locally archived copy dated 23/09/2009) which addresses many of the concerns stated above. It is good to know that positive steps are being taken and users are being told why data is being collected, why, and who will process it, and also how to opt out, and it is also being made clear that the entering of passport information is optional and not mandatory. The privacy policy is not perfect, it does not address how the data is being kept secure, but it is a step in the right direction.

Given that I was requested to remove the post only temporarily until action was taken, I am quite comfortable to put the entire post back online in the knowledge that action has already been taken (and there was ample opportunity to do so) and I hope that the privacy policy will be vigilantly enforced and that steps will continue to be taken to protect the privacy of eJamaat users.

One further step that I would like to see taken is for eJamaat to publish a list of organisations that they share our data with. In the privacy policy they mention that they only share information with organisations affliated with Dawat-e-Hadiyah but this could be a very extensive list and sometimes the distinction between being affiliated or not is an obscure one.

For example, the site Malumaat.com requires users to register with an eJamaat number and says that if incorrect information is entered then an account is liable to deactivation. This is interesting because it means that any one of the following cases must be true:

  1. Malumaat is able to access eJamaat records in order to verify that the numbers provided are correct. In this case, eJamaat is in violation of their own privacy policy because Malumaat is not an organisation which is affliated with Dawat-e-Hadiyah or Alvazaratus Saifiyah.
  2. Malumaat is not able to access eJamaat records in which case Malumaat is purporting to collect eJamaat numbers for a purpose otherwise than what they state and users have no guarantee about the privacy of their data provided (and in any case should be wary of providing unique personal identifiers to a site which has not issued them in the first instance).

Another point worth mention is that eJamaat, according to their privacy policy, does provide information to third parties. In this case it is legally incumbent upon eJamaat to ensure that the third parties they provide data to are also processing it in accordance with the protections that eJamaat is subject to otherwise the provision of said data to third parties may be unlawful.

One more easy improvement that could be made is to encrypt all website transactions using SSL (preferably EV SSL). At the moment all information entered by users on the eJamaat website is not encrypted and in this day and age there is no legitimate justification for this.

In short, the situation today is much better than it was a year ago, but data privacy is an aspect of data retention that needs to be continually addressed at every step of data processing and data sharing. A “write a privacy policy and forget about it” approach will not yield the correct result. The more users are reassured that their data is being sensibly and lawfully processed, the more comfortable they will be to provide sensitive data.

Getting Married and other Tidbits

My last blog entry was on July 8, a good two and a half months ago, I think my longest hiatus yet from blogging. Since then, things have been sort of a whirlwind on all fronts (in a good way, of course).

Most important on the list is that I got married on 15 August 2005, to Zainab Currim (now Ebrahim), who I have known for the last five years and been engaged to since December 2002! We had both been waiting for this for a long, long time, and it is amazing to finally be married.

When I say that I got married on 15 August, I should qualify this statement, because marriages for Muslims and Indians don’t work in the same way as they do for many of you who have grown up in a Western environment. For many of you, after the marriage ceremony in a church, there is a reception, and then that’s it. For us, it’s a bit more complicated. First we have what is called the nikah, which is the marriage contract itself, and is executed between the groom and the bride’s appointed representative, which is usually her paternal grandfather or father. Once the nikah is complete, the couple are legally married. However, that’s not the end of the deal. Prior to and after the consummation of the marriage, there are other traditional ceremonies that also take place, and it is these ceremonies that constitute the wedding celebrations.

So my nikah was performed on 15 August, but the wedding celebrations are yet to take place. They’ll happen this December in Mumbai (most of my extended family lives there) and Kolkata (Zainab’s family lives there), both in India.

The venue of our nikah was Najam Baug, a Dawoodi Bohra community hall that my great, great grandfather originally built along with his brother-in-law in 1886, and was recently rebuilt by our family and inaugurated on 15 August 2005 (my nikah took place during the inauguration).

I took on the task of designing the website for Najam Baug, and just completed it a couple of days ago. It’s the first website that I’ve designed from scratch (though I did use a CSS trick or two from ALA), and I’m pretty happy with the result. Designing the website just reminded me what a pleasure it is to design for standards-compliant browsers such as Firefox and Opera.

When it comes to rendering standards-compliant pages, these browsers Just Work™. Internet Explorer drove me crazy with its Screw Standards™ rendering mode. I spent hours making IE not totally screw up floats, and also a long, long time trying to figure out why content was just plain vanishing in IE. As it turned out, the vanishing content bug was IE’s notorious Peek-a-boo bug, which I was able to fix using Matthew Somerville’s line-height hack. After making all these efforts, the website now displays only acceptably in IE, but still not perfectly. For those of you who have IE, you’ll notice that there is a lot more whitespace than you see in other browsers. I still haven’t figured out how to fix this.

There’s still a lot more that’s happened in the past couple of weeks to talk about, but for now this is all I have time for. I hope that over the few days I can write a couple more entries. One of the things I want to write about is about using Firefox at work, and a few observations and challenges I’ve faced in being able to use it 100% of the time.

Heading Home

This morning I officially graduated from my one-year Mandarin language course at the Beijing Language & Culture University. After five years away from Hong Kong, tomorrow I finally return home permanently, and am looking forward to starting at my new workplace.

北京语言大学学了一年汉语以后,我终于毕业了。今天早上我拿到了我的进修证书。我在2000年离开我家去美国上大学。在2004年为了学好汉语我来到北京。暂留了五年以后我明天才往家回去。回到了家以后,我快要在我家庭的公司开始工作。

ebrahim.org Turns Six Today

As a matter of pure coincidence, yesterday while I was renewing ebrahim.org’s domain registration, I noticed that ebrahim.org turns six years old today. Six years is a long time, especially in the internet world, where it’s an eternity.

When I first registered ebrahim.org back in 1999, I knew nothing about web or email hosting. On the recommendation of a friend, I bought ebrahim.org and purchased one POP account from Network Solutions, my first domain name registrar. I also had a one page “Under Construction” website at www.ebrahim.org (then, now). Things have come quite a way since then. I now host with a real hosting company, use ebrahim.org to host email for my family members, and also for this blog.

SSN Records at UChicago Compromised

According to the Chicago Maroon, student social security numbers (SSN) and grade reports may possibly have been compromised at the University of Chicago. The University has set up an Incident Response site where those affected by the compromise can find information about the event.

According to the Maroon article, the SSN of Alumni from 1990-2002, and the grade reports from Autumn 2003 are amongst the items believed to be compromised.

While I applaud the university for taking quick action and setting up a status website, I am hugely disappointed that they did not deem it necessary to inform affected students/alumni of what is a severe compromise of privacy and trust. I would also expect them to provide an aggregated list of compromised data, so that those affected know exactly what may have been stolen. If the Maroon is correct in its assessment of what data has been compromised, then I am among those whose data may have been stolen.

During my time at UChicago, I had the pleasure of working with some of the network administrators there, and I found them to be good people who valued the privacy of students. It is thus even more perplexing to me that I found out about this data compromise from news outlets, rather than by being informed by the university itself.

Challenges faced by Community Projects

Working on community projects can be one of the most rewarding types of volunteer work out there. This is for a couple of reasons, the most important of which is that these type of projects bring like-minded people together and from them build a vibrant community. Watching the community they create thrive is the greatest reward for the project contributors.

Another important reward is that contributors benefit from the exchange of ideas. Many heads are (usually) better than one, and decisions taken after group consultation are often the most well grounded in reason and are most likely to result in the best possible outcome for the community. Also, one learns a lot by following discussions amongst people who are experts in their own field. As long as the project is driven by active people who share similar goals and ideas, these projects always remain in good health.

The most severe challenges that these community projects face usually come months or years after their inception. Sometimes previously active members slowly become inactive, and often the ideas of the active members may evolve — sometimes in divergent directions.

Many people (particularly those involved in OSS development) believe labour is ‘replaceable’. As long as a process is documented, if a community contributor leaves the project, his shoes can be filled by anyone with the required technical expertise. I think this is a dangerous assumption to make. Finding a replacement who is willing and able to work on a volunteer basis, groks the group’s thinking and is technically capable is often harder than one might imagine. It’s easy to find people who meet two of these three criteria, but much harder to find the perfect match.

I think the second problem — divergent ideas — is the more severe of the two (and greatly exacerbates the first). As projects evolve (as they all do with time), contributors may develop different priorities or sometimes even different goals. A sufficiently motivated contributor often puts in extra hours for the benefit of the project to make up for the inaction of others. But divergence of goals or ideas at the most basic level can destroy this motivation.

I’m not sure what the best way is to solve these problems, I don’t see that there is a one-size-fits-all solution. Each project has to find its own unique way in the end.

I was motivated to write about this today because one of my friends, Yusuf, is facing similar issues with one of the projects that he’s involved in. His perspective on this issue is worth reading.