Network Security in Africa = Cyber Redlining?

africaredline

Cyber security gained attention again last week as both the United States and the European Union put forth strategies for combating the growing threat of cyber attacks.  The European Commission released its new plan, An Open, Safe and Secure Cyberspace, which seeks to “ensure a secure and trustworthy digital environment throughout the EU” with three main strategies:

• Each member state must set up a computer emergency response team (Cert).

• Each member state must nominate a competent authority to deal with network and information security, to which companies would report breaches. These authorities need to have plans for dealing with major incidents.

• Specific sectors – such as banking, transport, energy, health, internet companies and public administrations – must adopt risk management practices and report major incidents.

During his State of the Union address, President Obama announced his new executive order on cyber security.  While many have already panned the order for either being anti-business or being weaker than what his administration had proposed two years ago, Obama stressed the importance of moving forward on securing the nation’s networks.

“Now, we know hackers steal people’s identities and infiltrate private emails,” Obama said.  ”We know foreign countries and companies swipe our corporate secrets.  Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems.  We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy”

Just in the last two weeks alone, Facebook, The New York Times and the U.S. Federal Reserve have become the latest victims of hacking. While some of the efforts to address cyber attacks should be applauded, have strict cyber security strategies become another contributor to the digital divide?

I happened to attend a great talk last week where Jenna Burrell, UC Berkeley professor and author of Invisible Users: Youth in the Internet Cafes of Urban Ghana, argues that the fear of online fraud and hacking in Western countries are possibly creating Internet access barriers in developing countries.  Burrell, an ethnographer by training, spent six years researching Internet cafe culture among young, middle-income Ghanaians.

She said that many websites that Westerners commonly use like Amazon, PayPal and Match.com have their IP addresses completely blocked in many African countries.  Burrell said she attempted to log into Amazon and PayPal accounts while in Ghana and her accounts were either suspended or detoured to another page to confirm that she really was who she said she was.  According to Burrell, the dating website Plenty of Fish blocks “all major traffic from Africa (yes, the whole continent of Africa!), Romania, Turkey, India and Russia.”

I have traveled to many countries throughout the developing world, and I have seen some of the issues Burrell has witnessed myself.  I remember traveling through South Africa and Botswana a few years ago, and noticing that when I looked up certain e-commerce websites, I was also detoured to another webpage.  The detoured page usually said that I was not allowed to look at that website.  At first I thought there was a random problem with my Internet connection, until a Tanzanian business partner I was traveling with told me that it was common for the IP addresses of major online companies to be blocked because of this fraud fear.  Interesting to note I have seen less blockage in countries where there is a high rate of Western tourists, like Thailand and Jamaica.

Mind you, online fraud and hacking is a big problem, and cyber criminals can be found in every corner around the world.  We have all received those annoying Nigerian emails seeking financial help for a family member who wants to go to school in America. But it seems a bit harsh and unfair to punish a whole continent, let alone a whole country, for the criminal actions of a few people.  Web address blocking also slows down the ability for many in the developing world to participate in the global economy, where so much about our way of life in general are more dependent on Internet access.  The New York Times was hacked by Chinese infiltrators, but there isn’t a movement to block IP addresses of Western companies in China?  In fact, since China is considered an “emerging market,” many major businesses have an online presence in the country, including Amazon and PayPal.

Redlining is the practice of denying access to services and products to a particular group of people.  In the United States, redlining is mostly associated with housing and credit discrimination against low-income African-Americans.  The severe IP blockage in Africa and other developing countries makes one wonder if this same level of discrimination is occurring.  Reginold A. Roylston, a UC Berkerley Ph.D candidate, first suggested to Burrell that cyber redlining might be happening here.

However, when is country-level IP address blocking justified?  There seems to be a fine line here between online censorship and free enterprise.  Legally, one can’t tell a private firm where they can and can not do business.  Companies such as Amazon likely do thorough market analysis of countries before they enter into a business relationship with them.  One analysis may look at “risks” and maybe Amazon feels that Ghana is too technologically risky not only because of the higher risk of online fraud, but it is also not commercially viable since Ghana is mostly a cash-based economy.

Over the last five years, many African governments have started to require new mobile phone users to register their SIM cards in the hope of reducing cyber attacks.  Nonetheless, more education is needed on this subject, especially in Western countries where Internet access can be taken for granted.  I want to do my part by bringing this issue up to the attention of my readers.   If you know of any IP address blocking going on anywhere in the world, you can report it to Herdict, a portal that “collects and disseminates real-­time, crowdsourced information about Internet filtering, denial of service attacks, and other blockages.”