Resilient Citizens in the Information Society
A Framework for Discussion Developed byJulie Cameron, Managing Director, Info.T.EC Solutions Pty Ltd, Australia
For the IFIP WG9.2 & WG 9.9 Joint Workshop, Milan, June 2011, “Social Accountability & Sustainability in the Information Society: Perspectives on Long-Term Responsibility”.
1 A Sustainable Information Society Requires ResilienceThe concept of a ‘sustainable’ Information Society incorporates the requirement for ICT (Information and Communication Technology) to support and promote viable communities of citizens. ‘Sustainability’ presupposes the requirement for ‘resilience‘. ‘Sustainability’ is defined as the capability of ‘keeping something going over a long time or continuously’. ‘Resilience’ is defined as ‘able to rebound’. [Source: “Oxford Dictionary of Current English” published by Oxford University Press, 2001]. ‘Resilience’ in the Information Society is therefore defined in this document as: ‘The ability of ICT users and those affected by the use of ICT by others to:- Adapt effectively to change- Recover from harm’. But who is accountable for ensuring ICT and the way it is used fulfils this responsibility for sustainability and resilience? “Accountability describes the structures that need to be in place to facilitate responsibility” [Bernd Carsten Stahl, (p52) “Accountability and Reflective Responsibility in Information Systems pub in “The Information Society: Emerging Landscapes”, editors Chris Zielinski, Penny Duquenoy, Kai Kimppa, published by Springer for the Information Federation for Information Processing (IFIP), 2006]. ICT is used widely within industrialized societies by governments, organizations and individual citizens. Consequently, these three groups are accountable and have a long-term responsibility for ensuring the sustainability of the Information Society. But does each of these three groups have the structures and support that facilitate this responsibility? And are they resilient? This framework is a living document aimed at citizens, not an academic paper. It is a summary of issues intended to provoke discussion. Although some of the scenarios and examples presented for discussion are ‘worst-case’ outcomes, they are based on actual events. This document builds on research into the social impacts arising from the Information Society. It advocates developing the processes and structures that need to be in place to facilitate long-term responsibility for a sustainable Information Society. Importantly it examines the requirements for resilient citizens in the Information Society. 2 ICT is Ubiquitous2.1 Thirty years ago, academics, policy makers, business leaders and community representatives discussed the social impacts of introducing computers.In the IFIP community, Working Groups (WGs) and Special Interest Groups (SIGs) established by Technical Committee 9 (TC9), discussed the social impacts of computers and identified crucial issues. The membership of the groups was diverse, multi-disciplinary and international, although most members came from Europe and industrialized countries. How would computers affect the workforce? [WG9.1] How would ICT affect society? [WG9.2] What is ethical behaviour in an Information Society? [SIG9.2.2] How do emerging economies face the same issues but within different and compressed timeframes and with less time to adjust to increasingly complex ICTs? [WG9.4] Significant papers from conferences, and discussion papers presented to some group workshops were published. Crucial issues related to sustainability and resilience arising from the introduction of computers and the publications in which they were discussed included: What is an Information Society? [Refer to “The Information Society: Evolving Landscapes. Report from Namur”, editors Berleur, J., Clement, A., Sizer. R & Whitehouse, D., published by Springer-Verlag: New York & Captus University Publications: North York, 1990. “Computers and Society: Citizenship in the information age” editors C. Beardon & D. Whitehouse published by Intellect Press: Oxford, 1990. “The Information Society: Emerging Landscapes”, editors Chris Zielinski, Penny Duquenoy, Kai Kimppa, published by Springer for the Information Federation for Information Processing (IFIP), 2006] What is an ethical Information Society? [Refer to “The Ethical Global Information Society: Culture and Democracy Revisited”, editors Jacques Berleur, Diane Whitehouse, published by Chapman & Hall for the Information Federation for Information Processing (IFIP), 1997] What kind of training is needed to prepare ICT professionals? [Refer to “Ethics of Computing: Codes, Spaces for Discussion and Law”, editors Jacques Berleur, Klaus Brunnstein, published by Chapman & Hall for the Information Federation for Information Processing (IFIP), 1996] What are the risks and challenges of the network society? [Refer to “Risks and Challenges of the Network Society”, Proceedings of the Second IFIP 9.2, 9.6/11.7 Summer School, August 2003, editors Penny Duquenoy, Simone Fischer Huber, Jan Holvast, Albin Zuccato, pub Karlstad University Studies] The IFIP community argued the move towards the Information Society may be:
The demand for ICT is driven both by users and suppliers. Users want the convenience of integrated, powerful ICT systems. Suppliers drive profitable innovation.
International trade quickly spreads ICT to users even in remote locations. Satellite phones, powered by solar energy or battery, can be used anywhere in the world.
Governments cannot totally control the use of ICT. Information flows, even when governments try to shutdown communication networks or apply stringent censorship. 2.2 In 2012, many societies and citizens are very dependent on computers and need to be prepared for the impacts if ICT is misused, malfunctions or fails.An Information Society depends on ICT for: a. Information Data is collected in digital form or may be digitized. Information from different media (eg books, photos, music) and independent sources can be stored electronically. Digital data can be analyzed and combined to provide additional information. For example, a digital telephone directory is more useful than a paper directory because it enables searching by phone number or address, and not just by name. “But it is less useful because you need to have an expensive electronic device to read it” [Chris Zielinski comment 13 March 2012]. b. Communication Most communication is now digital. Analogue technologies (eg TV transmissions) are being superseded. c. Transactions (eg personal, commercial and government) Some organizations require customers to go ‘on-line’ to obtain services. Governments provide information through web portals. Internet banking is a prime example. “Not having a choice or alternative way of transacting with organizations other than using ICT becomes an ethical problem” [Chris Zielinski comment 13 March 2012].Consumers frequently find shopping for goods on the Internet (‘etailing’) is a cheaper option. d. Operations (eg facilities, transport) Most forms of transport use computerized dispatch and control systems. Aircraft and even cars use inbuilt computerized systems to control and monitor essential components and performance. e. Life support (eg heating, health, critical systems) Most life support systems depend to some extent on ICT. The Japanese experience of the March 2011 earthquake, tsunami and Fukushima nuclear disaster tragically illustrates the risks to life support arising from natural disasters. Even, water purification plants depend on automated computerized processes to produce and deliver clean water to citizens. The Chernobyl disaster demonstrated the effects of human error and system malfunction and recent events in the Iranian nuclear facilities show how vulnerable systems are to cyber attack. Citizens need to understand the impact of ICT and protect themselves against harm caused by its use. Society needs to ensure alternative methods to using digital ICT remain available for citizens. And citizens need to prepare in case ICT malfunctions or fails. 3 ICT Is Complex and TransformativeThe definition of ‘resilience’ includes ‘the ability to effectively adapt to change’. This means a resilient citizen in the Information Society needs to understand ICT and the way it can be used. Resilience implies citizens have the ability to assess the benefits and risks. However, in the Information Society it is debatable whether citizens can be truly aware of the actual and potential impacts of numerous types of ICT and systems. These impacts are even more complex when ICT and systems are integrated and interoperable. Unless they can take advantage of the benefits and protect themselves from risks, the resilience of citizens is limited. 3.1 Question: Can citizens identify the impacts of ICT?Assessing the impacts of ICT is made extremely complicated because of the: a. Complexity of ICT Most citizens do not understand how forms of ICT work. For example: When communication was by wireless telegraph using Morse code, citizens could see the wire or cable and knew the message was converted by the operator into dots and dashes that represented letters of the alphabet. They could hear the outgoing signals and responses when they attended the telegraph office. Modern communication is unseen. The ‘wire’ may initially be a copper wire, but then may be a satellite dish. The message (eg picture, voice or data) is now digital. The conversion and transmission is a ‘black box’. If there is an error, misdirection or interception, citizens will not necessarily know this has happened, or why, let alone who was responsible. b. Lack of transparency about the capability and use of new ICT When new ICT is introduced the suppliers normally publicize the benefits. They want sales and return on investment. Citizens are not initially informed about any risks. Suppliers may not know how buyers or users will use the ICT (eg SMS messaging). Organizations that buy new ICT may suppress information about the impacts of systems for strategic or commercial reasons. They may adapt systems for uses the suppliers did not intend or predict. c. Integration The integration of data and systems may have complex consequences and significant impacts. For example: a name and address provided by a citizen to government agencies for different purposes (eg for voter enrolment and taxation) may differ for appropriate reasons, but may also arouse suspicion of fraud. d. Function creep Often ICT implemented for one purpose is extended and utilized for other functions by a different group of users. For example: Drivers’ Licenses are issued by a government agency to people approved to drive motor vehicles. However, banks and other organizations also use licenses as ‘proof of identity’. e. Speed and extent of change ICT is constantly and rapidly changing. Citizens cannot know or understand all developments and assess their impact. For example: In Australia cameras placed beside the road were originally used to photograph offending vehicles either because the driver ran a red light or was speeding. Now vehicles can be tracked in real time using overhead digital cameras with high resolution, combined with optical character recognition that can scan and ‘read’ vehicle register number plates and fast broad-band communication. [Refer to use of Number Plate Recognition by Enforcement Agencies – www.privacy.org.au/bba2011] f. Invisibility of ICT and systems ICT is frequently invisible so that citizens are unaware it is being used. For example: Because embedded microchips and RFID used by manufacturers in clothing are invisible to consumers, they do not remove them. g. Lack of controls over development and introduction In a global market, governments have little control over what is ICT developed and introduced into a country and how it is implemented. Legislators are usually reactive, not proactive. Legislative change generally occurs only after misuse of ICT has taken place and users have been disadvantaged or harmed. h. Assumptions used in ICT products Many ICT products utilize software programmed according to assumptions that are invisible to the user. For example: Algorithms, which are invisible sets of rules coded into computer programs, are assumed to be correct over time. There is also no reliable way of testing all the interactions among algorithms embedded in other products with which a program interacts prior to adoption. It is thought that algorithms used in stock trading may exacerbate the volatility of international share markets. Answer: Few citizens can assess the specific impacts of ICT accurately. 3.2 Question: Can citizens identify generic benefits of ICT?Despite the complexity of ICT and its impacts, information about the risks and benefits of similar and earlier types of technology can provide general guidance for citizens. Experience with telephones taught citizens that faults occur in the equipment and in transmission. Telephone exchanges get overloaded and calls ‘drop out’. Telephones created new business opportunities. However, telemarketing became intrusive and public access to home telephone numbers reduced privacy. Similar experiences occur on-line. By referring to past experience and observing benefits from early adopters of a specific ICT allows some generic benefits and opportunities to be identified including: a. Improved access to global information and knowledge The quantity of information and data available has significantly increased even though the quality varies. Reliable sources enrich knowledge and experience. Internet searches can simplify sourcing and evaluating opportunities (eg for commercial ventures). b. Increased social global connectivity Dispersed markets are viable. Products can be tracked from the producer to the consumer (eg a farmer in Australia can sell directly to a consumer in Austria!) International collaboration is routine (eg colleagues need never meet but successfully jointly author conference papers).Social media and social networks allow instant communication and have supported mass movements like the ‘Arab Spring’ in 2011. c. Increased productivity Manufacturing can be dispersed. The quality and speed of delivery is improved using Just-in-Time methods enabled by sophisticated ICT – providing there are no outages or delays. d. New products and services Products can be personalized and customized using ICT-enabled manufacturing. Electronic books are published on demand. e. Improved quality of life for people who are less advantaged ICT has helped diagnosis and prognosis for many people who are sick, elderly or who experience certain disadvantages. Even the economically disadvantaged can be assisted as the costs of aids and equipment reduce over time. Answer: Some citizens can identify generic benefits of ICT and, if they are prepared, can adapt effectively to change and exploit opportunities. 3.3 Question: Can citizens identify generic risks of ICT? Specific risks from ICT are often difficult to identify. However, assumptions about general threats, including the following, enable some citizens to act proactively in some circumstances: a. All digital communications are monitored For example: Mobile phones enable location tracking.Turn off GPS options, and mobile phones when not required, and use less sophisticated devices or non-electronic communication. b. Many places are under real-time surveillance For example: CCTV is used in many buildings and public places, especially lobbies and including lifts.Be aware your image may be captured and behaviour monitored. c. ICT services and equipment may malfunction or fail at any time Back-up and secure essential data. Be aware of non-electronic options. Retain paper copies of important documentation. d. Misuse of ICT by government, organizations and individuals may occur For example: In April 2012, the British Government was reported to be planning to monitor email addresses of all emails in and out of its jurisdiction. The philosopher A. C. Grayling expressed concern about the attitude that: “We all need to be watched. We are all potential suspects”. [Source: interview on ABC Radio National 8.30am 14 April 2012.]For example: Unknown ‘others’ may upload and use personal data (eg hackers).Provide minimal personal data and use anonymous transactions whenever possible. Be aware of risks arising from social media, including loss of reputation. e. ICT and data will be used in new ways For example: New applications like automated pattern recognition provide surveillance based on assumptions that are generally unknown. Some organizations use software that scans spending patterns. When used by banks abnormal patterns can help detect theft from customer accounts. When used by enforcement agencies, inconsistency can imply illegal activity.For example: The collection and storage of health data in electronic format may be used to disadvantage citizens. Data acquired by insurance companies could be used to evaluate risk prior to providing a citizen with insurance cover. “More elaborate eugenic scenarios can be envisaged where the state, for example may decide a citizen’s DNA should not be replicated because of perceived flaws and risks” [Chris Zielinski comment 13 March 2012]. f. Data will be integrated For example: Data from on-line web transactions may be integrated and data mining used to provide profiles of people or their social networks. g. Errors and mistakes will occur For example: Clerical errors may occur in data entry or linkage of records to the wrong person.Check personal records maintained by organizations and query inconsistencies or inaccuracies. h. Citizens may be denied services if they refuse to use ICT For example: The Australia government is introducing full body scanners at international airports. In February 2012, the Minister of Transport announced, agreement to the scan is a precondition for travel!For example: “In some countries citizens are required to fill in forms online for social benefits, voting and all the myriad of things that make up citizenship. Citizens who are not able or not inclined to go on line may risk being denied their rights as citizens” [Chris Zielinski comment 13 March 2012]. i. Poor ICT management practices For example: A major cause of risk results from inadequate management controls over systems and/or data. Some organizations depend on automated system monitoring to ensure security.Whenever possible check the information held by organizations (eg bank statements). j. ICT will be superseded For example: Previous versions of software will be replaced regularly and newer versions may not be backwardly compatible. Similarly, ICT devices quickly become obsolete and cannot be repaired economically.Convert and transfer essential data to updated ICT or retain the previous versions to enable continued access. Answer: Some informed citizens can assess generic risks, avoid or mitigate damage arising from ICT and sometimes they can mitigate or recover from harm. 4 Resilient Citizens Require Government & Organizational SupportBecause ICT is ubiquitous, complex and transformative, most citizens in the Information Society need governments and organizations to help them to adapt effectively to change and recover from harm. Many organizations, including government agencies, aim to continually improve their outcomes by assessing their structures and procedures. When the experience and expertise of multiple organizations in handling specific events are assessed, the most effective methods are developed into a concept of ‘best practice’. For example, the European Union reviewed data management practices of various countries and the affects of data transfers on the privacy of its citizens. The result was the European Union Directive on Data Protection. The terms this legal structure embraced became ‘best practice’ for other jurisdictions. After review of its effectiveness, which included consideration of ICT developments and practices, this Directive is to be updated. In January 2012, the Commission published a Communication proposing new content for the next Directive. [Refer to: http://ec.europa.eu/justice/data-protection/document/review2012/com_ 2012_9_en.pdf] Because of the dependence on ICT and the importance of resilience in the Information Society, we need to identify and implement ‘best practice’ by government and private sector organizations. 4.1 ‘Best Practice’ for GovernmentsA formal study of government practice in adopting and using ICT is required. However, based on observation and methods used to assess other functions, ‘best practice’ for governments aiming to support resilient citizens includes the following: a. Assess and monitor risks from ICT development and use
b. Provide and enforce protective legislation and remedies that protect citizens from harm caused by the misuse of ICT c. Prepare citizens for ICT d. Provide alternatives to digital ICT to enable citizens to access services [Chris Zielinski comment 13 March 2012] e. Prepare Disaster Plans that assume failure of ICT During a crisis, citizens are supported by government agencies and trained volunteer organizations responsible for search and rescue. While people are displaced they are provided with essential goods and services. After the crisis has passed, governments provide assistance to help recovery. Governments and search and rescue organizations need to factor ICT failure into their plans and strategies. For example: There are still reports from disasters where key organizations (eg fire services and police) were not able to communicate because they use different radio equipment and mobile phones and telephone lines in affected areas were inoperable. Governments are accountable for providing generic information about impacts, benefits and risks of ICT to citizens. Governments are responsible for mitigating the risks arising from the Information Society and helping citizens to recover from harm resulting from the misuse or malfunction of ICT. 4.2 ‘Best Practice’ for OrganizationsResearch into ‘best practice’ for organizations to aiming to support citizens in the Information Society is required. Many private sector and community organizations already utilise ‘best practice’ for ICT security and IT management. However, ‘best practice’ is often internally focused. It aims to protect the organization’s activities. Organizations can build on existing practice and ensure they consider the impact of harm from misuse, malfunction or failure of ICT on users and other citizens. ‘Best practice’ by organizations supporting citizen resilience includes the following: a. Assess and monitor risks from ICT development and use
b. Embrace ethical development and use of ICT c. Protect users against risk d. Provide transparency e. Permit (where possible) anonymous transactions and no disadvantage. f. Provide appropriate remediation for harm g. Prepare Business Continuity Plans that assume failure of ICT Organizations are accountable for providing specific information about the way they use ICT and how it may affect citizens. Organizations are responsible for mitigating risk and helping their clients and other citizens recover from harm caused by ICT they or their employees and contractors use to conduct their activities. 5 Citizens Can Contribute to ResilienceGovernment and organizations are accountable for providing structures that support citizens the Information Society. However, citizens in the Information Society need to accept some responsibility for their own resilience. Resilient citizens need to adopt ‘best practice’ to benefit from opportunities and protect themselves and others against adverse impacts of ICT. “It is not feasible for governments to completely protect citizens from harm caused by using ICT” [F. Gokkus, & J. Memit, Informatik Ethik u. Gesellshaft, University of Zurich unpublished paper 8 March 2012]. ‘Best practice’ in the Information Society can be incorporated into a Citizen Resilience Plan. The definition of ‘resilience’ includes ‘the ability to recover from harm. Resilient citizens need to prepare in case ICT is not available to them. Resilient citizens need an ICT Failure Survival Strategy. 5.1 ‘Best Practice’ for Citizens – A Citizen Resilience PlanA Citizen Resilience Plan is a checklist that helps an individual to determine what actions they need to take to benefit from opportunities and avoid, mitigate damage, or recover from risk arising from ICT. It is a guide to ‘best practice’. The plan may include the following actions: a. Identify opportunities from ICT and acquire relevant skills and resources Ensure relevant knowledge is updated regularly and learn to use new ICT. Identify key resources (eg some community groups offer assistance with on-line skills – senior citizens associations; some libraries offer free internet access). b. Protect against ICT risks Adopt a back-up routine to ensure all data is copied and secured in case ICT equipement malfunctions or is lost. This must include converting key data and archives in superseded formats to current software so it can be accessed. c. Use safe practices Use a pass-code and change on-line passwords regularly. Take time to understand the risks as well as the benefits of new products and services. Information about the experience of other users is helpful. For example: Convenient smart phones store a large amount of sensitive information about the owner and others with whom they communicate. This data may become accessible by others if certain applications are downloaded onto the phone. d. Ensure actions do not jeopardize the safety or well-being of others Be cautious about posting on line, especially in social media websites. For example: Posting a photo of friends in compromising poses or situations on Facebook or making disparaging remarks that can be viewed by on-line ‘friends’ is harmful to them. Ask permission before posting information about other people and their actions and uploading photographs, especially those that name the people shown (ie ‘tag’ images) or include GPS information (included in ‘properties’) about location. e. Identify who (if anyone) is responsible for remedying harm from ICT Before providing personal information (especially on-line) check the jurisdiction of the organization (usually found in the ‘User Agreement’ and ensure there is a transparent way of contacting the organization and lodging complaints. Be informed about how data is used. f. Advocate for change when risks are identified Inform others about risks you identify. ICT is rapidly changing and remedies may not be available. However, there are bodies that will assist citizens to advocate for change when risks occur. Some governments have set up agencies to protect users (eg The Australian Government’s Telecommunications Industry Ombudsman [Refer to www.tio.com.au]) and advocacy groups exist in most countries, including consumer protection, civil liberties and privacy protection associations. g. Be aware of possible changes in human behaviour, expectations and values
h. Behave ethically when using ICT Be aware of the risks and be careful how you treat others and their data. 5.2 A Citizen ICT Failure Survival StrategyCitizens who have become dependent on ICT for essential functions and services need to prepare themselves in case ICT services and equipment fail or cannot be accessed. Evidence shows that we cannot assume ICT will be available at all times. We must assume the ICT on which be depend may be affected by:
The following checklist is one method of preparing a Citizen ICT Failure Survival Strategy. a. Understand the level of risk that might occur Create scenario with different
Assume
b. Predict the impacts of scenarios on yourself and others Assume
c. Prepare to mitigate consequences of scenarios and impacts For example: if the scenario includes a major electrical power failure –
For example: if the scenario includes evacuation –
d. Identify and protect critical documentation and data e. Test and update the Citizen Survival Strategy
All citizens need to take responsibility for informing themselves and others about ICT and its impacts, benefits and risks and use appropriate behaviour and ethics to protect themselves and others. Resilient citizens need to adopt ‘best practice’ when using ICT. Resilient citizens need strategies in case ICT fails. 6 ConclusionICT has enhanced the lives of many people throughout the world. But with any great leap forward, change impacts communities, requires citizens to adapt and creates new accountabilities and responsibilities for governments, organizations and citizens. The industrial age (with machines available to do heavy work), allowed citizens who were able to access its benefits to be more productive and live in greater comfort. However, the introduction of machines also meant many men, women and children toiled long hours in factories without safe working conditions. In some industrial societies, governments accepted accountability for providing the legal structures to protect workers and mitigate risk to communities. They employ inspectors to monitor conditions and enforce legislation. They provide education so citizens can adapt and benefit. They require organizations and citizens to accept responsibility for their use of machinery and industrial equipment. Over time, organizations using machinery and industrial equipment that caused more harm than benefit to communities (eg through pollution) and citizens (eg unhealthy work places) are forced to change to sustainable practices or close down. Citizens that use machines in way that cause harm (eg drunk vehicle drivers) are held accountable and punished. To be sustainable, the benefits of the Information Society must outweigh adverse impacts and risks. In the Information Society citizens need governments and organizations to be accountable and take responsibility for the appropriate provision and use of ICT. They need help to understand the impacts of ICT and adapt to change. In some cases ICT poses new threats. Citizens need protection from the misuse, malfunction and failure of ICT. Governments need to provide legal and regulatory structures to mitigate risk. Threats may come from the actions of people like hackers, thieves or organizations that misuse ICT and personal data. Laws need to include punishment for offenders and restitution or assistance to affected citizens to help them recover from harm. Over time ‘best practice’ in the Information Society needs to be reviewed and revised to ensure it promotes sustainable communities and resilient citizens. Citizens need government and organizations to support their resilience. Now that ICT is ubiquitous, citizens need to develop resilience. Citizens need to identify, adopt and promote ‘best practice’ for the use of ICT to protect themselves and others from harm caused by malfunction or misuse of ICT. The resilient citizen in the Information Society is alert and prepared but not alarmed. Each citizen in the Information Society has a long-term responsibility for improving their resilience by adapting to change, mitigating risk to themselves and others and preparing to recover from harm due to ICT. Governments, organizations and citizens share accountable for a ‘sustainable’ Information Society that promotes and maintains viable communities of citizens. |
[…] and citizens can focus on ICT resilience. You can view, and comment on, Julie’s paper at: http://ifipwg92.org/?page_id=156. We encourage you to make visible your comments on the paper at the bottom of the same page. […]