Team member George Chamales and the Wilson Center are happy to announce a new policy memo on the issues surrounding trust in social media and crowdsourcing. The brief is being released at a time when the problems facing the use of these technologies have been highlighted by recent events ranging from inaccuracies in the hunt for suspects in the Boston bombings and false Twitter messages claiming terrorist attacks at the White House.
From the policy memo:
Individuals and organizations interested in using social media and crowdsourcing currently lack two key sets of information: a systematic assessment of the vulnerabilities in these technologies and a comprehensive set of best practices describing how to address those vulnerabilities. Identifying those vulnerabilities and developing those best practices are necessary to address a growing number of incidents ranging from innocent mistakes to targeted attacks that have claimed lives and cost millions of dollars.
Thanks again to the Wilson Center’s Commons Lab for the opportunity to continue working on this challenging topic.
Team member George Chamales recently presented at the FCC’s 2nd Field Hearing on Network Resilience and Reliability. The hearing included a panel discussion led by FCC Chairman Julius Genachowski along with FCC Commissioners Robert McDowell, Ajit Pai and Jessica Rosenworcel. The discussion centered on how new technology can enable more effective disaster response and how that technology is expected to evolve in the coming years.
More information on the hearing, including the public statements from the commissioners is available here.
The Rogue Genius Micro-Tasking System enables organizations to create information processing assembly lines to manage large volumes of data. In the Micro-Tasking System, each member of a team performs a single task on a message as it moves from unstructured data towards final approval as a finished report. The system is built using a modular architecture which makes it possible to create custom assembly lines tailored to your specific needs.
The Micro-Tasking System is built on top of the Ushahidi Platform and contains a variety of built-in features including:
* Security: Workers can only view tasks they are assigned, allowing sensitive tasks such as Anonymization to take place using a select group of trusted users.
* Dynamic Ordering: Tasks can be enabled, reordered, run in parallel, or disabled
* Statistics: Use the system’s dashboard to view task queues and progress graphs
* Messaging: Contact workers using in-screen messages or email each task team separately
If you’re interested in reviewing the Micro-Tasking system or have any questions about the system’s capabilities please contact firstname.lastname@example.org
Rogue Genius team member George Chamales recently took part in a panel discussion on the security challenges of crowdsourcing at the Connecting Grassroots to Government for Disaster Management Program hosted by the Wilson Center’s Commons Lab in Washington DC. From the program’s agenda:
Security of Crowdsourcing Moderated by Eric Rasmussen, Vice President, AccessAgility, and Managing Director, Infinitum Humanitarian Systems
Panelists: • George Chamales, Principal, Rogue Genius LLC • B.K. DeLong, Principal and Lead Analyst, Extropic Technology Consulting • Aiden Riley Eller, Vice President of Technology and Security, CoCo Communications Federal information assurance often tries to eliminate risk. However, because crowdsourcing requires a greater degree of openness, it entails developing practices and technologies to manage risk. What are the emerging standards for crowdsourcing?
How should federal agencies approach the use of crowdsourcing data to make decisions under conditions of uncertainty? How different is this situation from the usual ‘fog of war’ that surrounds disasters?
The discussion included a great back and forth with the audience and the excellent panelists. Thanks to all who attended in person and online. More information on the program including program video is available here.
Team Rogue Genius is pleased to release the Humanitarian Hack Box, a VirtualBox image pre-installed with a number of humanitarian server applications. The HHB is designed to streamline testing by security professionals interested in finding and fixing vulnerabilities in these programs. The current set of applications includes Ushahidi, Sahana Eden, and Openstreetmap. Each of the applications have been installed and run by default when the Virtual Machine is started.
The image will be used at the upcoming JIFX/RELIEF exercise held at Camp Roberts on August 13th - 17th as well as promoted to various groups interested in submitting the bugs they find to the Access Innovation Prize for a chance to win $20,000. Note that applications for the prize are due August 31st.
This page will be used to provide any updates on the image. If you have specific questions or comments please email email@example.com
Team member George Chamales recently presented at the Google Ideas INFO Summit held outside of Los Angeles, CA. The summit brought together activists, organizations, and technologists to discuss means to interrupt illicit networks around the world. George’s presentation was focused on the current trends in computer security facing activists.
From George’s Innovation Lab description:
Rogue Genius: Attacks on Activists Through Insecure Technology
Rogue Genius's George Chamales is an expert in how crowdsourcing, communications, and mapping technologies are attacked and infiltrated by hostile actors. Participants learn about recent attacks against these technologies and discuss the creation of a worldwide repository of defensive best practices. They leave with a set of defensive principles and an organizational proposal.
We would like to thank Google and the attendees for their time in making this an excellent conference.
Team member George Chamales recently submitted an entry to the Economist Magazine’s Innovation Competition. The paper describes the work done over the last several years on various projects including the Haiti Cholera Epidemic, Afghanistan Wells tracking, and American Red Cross Disaster services logistics.
From the Economist’s Challenge Description:
It is easier to gather data today than at any other time in history, yet data remain an under-utilized resource. Trends in data can be difficult to spot, especially when individual unique perspective or expertise may be required to relate observations to meaningful occurrences in the world. This Challenge gives Solvers the chance to dive into public datasets and identify opportunities to improve communities based on the evidence discovered there.
The increasing availability of data is enabling “smart” systems in cities and communities around the world. These systems are safer, more responsive to human needs, more convenient, and more efficient in terms of resource consumption than previous generations of the same technology. For example, new “smart” medical technologies communicate with your social networks from sensors inside or nearby your body, enabling you and your physicians to better monitor your health. This and numerous other examples of smart systems, many of which utilize advanced or distributed sensor technologies, may be found all over the world, and they all take advantage of the fact that information can be used as input to the dynamic behavior of the technological system. The Economist published a special report on smart systems, which can be found here.
Members of the Rogue Genius team have been supporting the development of a rapid-response crowdsourcing capability for the US Navy. The project, called Quick Nets, recently completed a six day exercise utilizing the Rogue Genius Modular Micro-Tasking system.
The following press release from Humanity Road – who provided the volunteers for the exercise – has more information on the exercise.
Last week, volunteers around the world created content for a crisis map for the 2012 Rim of the Pacific Exercise (RIMPAC). The virtual crisis team mapping initiative was orchestrated by Humanity Road on behalf of the U.S. Navy QuickNets team.
FOR IMMEDIATE RELEASE
PRLog (Press Release) – May 25, 2012 – It is fitting that the world’s largest maritime exercise would include the world’s largest crisis mapping exercise as a component to its planned activities. Last week, volunteers around the world created online content for a crisis map that will be used during the 2012 Rim of the Pacific Exercise (RIMPAC). The virtual crisis team mapping initiative is being orchestrated by Humanity Road, a public charity that trains volunteers on using mobile device and Internet technology to connect those who need aid with those who can provide aid. Over the course of six days in mid-May in Oahu, Hawaii, the U.S. Navy QuickNets Crisis Mapping Exercise completed its mapping activities by creating content that represents thousands of simulated incidents to be referenced during the full simulation RIMPAC slated for July.
Team member George Chamales’ presentation at the 2011 Defcon Security Conference has been posted on YouTube. The recording was made in August of last year before a number of crisis mapping security incidents had taken place. With that in mind, it is fascinating to observe the potential attacks that George discusses.
Among the security concerns George raised last August:
* Identification of drug cartels as a potential threat to those using online technology as has happened in Mexico. * Counter-messaging to crisis-mapping deployments like the Russian Anti-Crowdsourcing Propaganda video. * Attacks on administrators through technology or arrests and torture as was recently detected in Syria * Software vulnerabilities that expose sensitive information like those found in Ushahidi’s Somalia deployment.
The presentation included a number of points where audience members were asked what they would do if they were the bad guys. The responses clearly demonstrate the ease with which security professionals are capable of identifying weaknesses in the current approach to crowdsourced crisis mapping. Thanks again to the Defcon organizers for giving us the opportunity to discuss this information with our peers in the security industry.
A video apparently demonstrating a number of attacks against crowdsourcing has been posted online. The video uses an attractive Russian woman who: * Accuses the operators of the site of being in league with malicious foreign powers * Submits false messages to a crowdsourcing site via phone * Submits false messages to a crowdsourcing site via online form * Encourages others to submit false reports to the site
While it is unclear who the source and intended audience of the video is, the thoroughness and relatively high production value do indicate a professional organization very interested in the security of these types of deployments.
From the translation:
Well, exactly as we expected, 5 minutes later, our report appeared on the map, and was automatically listed as an election violation. The election process, you can confirm how we did everything, how we wrote everything, our make-belief city's right here, and all our words.
Want to know why the authors of this map are so trusting? Why do members of the organization Golos publicly celebrate every hundred and every thousand reports like their anniversaries?
The goal here isn't just in their primary goal to delegitimize and present the Russian elections in the worst light but in deep-rooted, personal interests. Simply, the number of total recorded cases directly influences the financing of Golos' local branches post-elections. It's not hard to conclude that the lion's share of these tales they invent and send it in to themselves.
What next? After the elections, they will proudly report to us and to the rest of the world the grand scale of falsification, in the winner's favor. Financed by the same external entities that finance Golos, marginal politicians will take to the streets and the mythical violations from the map will become a reason to seriously demand the reevaluation of the election results, and along with the results, a reevaluation of the entire government structure of Russia.
The translated video can be viewed here. Note that the translation file is linked to in the comments section for those interested in writing a version in other languages.