By Robert Ndlovu

GOVERNMENTS and businesses around the world now recognise the power and benefits of social mass communication networks, news distribution, as well as promotion of products and services.

However, when combined with social engineering efforts, they also have a dark side and pose a tremendous risk to organisations in today’s interconnected world.

In this brief article, I seek to make a follow up on the current developments in Zimbabwe, namely alleged threats to ban or throttle social media access, arresting and prosecuting the offenders, cyber laws and opportunities and challenges that come with them.

I must remind the reader that what is illegal in the physical world is naturally illegal in the virtual world. Because of the anonymous nature of the internet, some users would use “some” veil in order to push their agendas. My aim here is not to discuss the morality, legality or lack thereof, but the technical and practical side.

Can authorities monitor my online activities? It depends.

For the average internet user, it’s a big yes. But for advanced users, no! The Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) has power to instruct any service provider to monitor activity on the internet if such a need arises. But this process is complicated because it has to involve law enforcement, the courts issuing an order etc. On the technical side, this is a piece of cake. This is done via use of advanced gadgets for deep packet inspection. In short, whatever you do in your browser is “tunnelled” into the analysis system. This mode of monitoring requires a firm commitment by the service provider in question. An application has to be made at the High Court in order to intercept any kind of communication because should government gather some data about what you have been doing online “illegally” without a court order, the evidence collected therein is not admissible in a court.

Advanced users can choose to use a virtual private network (VPN) for communication so as to keep the snooping eyes out. A VPN works like this. Consider Nomsa a banker with a laptop and connecting from a WiFi spot somewhere in town. She downloads and installs Open VPN software which is free. Should there be need to urgently send sensitive and confidential information to her client Dan, based in London, she will turn on VPN, connect and send.

Technically, what happens is that her VPN software connects to a VPN server somewhere on the internet. Once that connection is established, all communications between her laptop and her customer goes via the “private tunnel”.

The ISP might just see that there is some activity, but thanks to encryption, they cannot de-code what is being sent. My name Robert comes out as: “UlpZVp/0XwQX1qbgsEDZ/w==” after encryption using 128 bit encryption with a key 1234567890. Gibberish.

So do not let anyone lie to you that people can read your private and encrypted communications. Open VPN is available for Windows, Linux, Mac, iPhone and Android users. As I said, use of VPN is not a licence to commit a crime behind encryption. It is meant to protect and secure your privacy. Banks, corporates, non-governmental organisations, government, military, health and academia communities must make use of VPN so as to safeguard their information. Zimbabwe has been put on the spotlight thanks to some threadbare kind of thinking in some of our local media. Thus more and more cyber threats will emerge from local establishments; internal and external circles. That is, however, not an area of my interest.

And turning to social media vector; this is a very interesting topic for most people. Social media is here to stay.

“Contrary to the gun battles we are accustomed to, we now have cyber-warfare fought from one’s comfort zone, be it bedroom, office, swimming pool, etc but with deadly effects,” said the former ZANU-PF secretary for science and technology, Olivia Muchena.

Cyber security laws and implementations are not peculiar to Zimbabwe. This is a worldwide necessity. We have bad guys out there who have ICT skills they abuse. The cyber laws have been drafted and debated, and I am sure any time from now they will be law.

However, my questions was and still is: Do we have the forensic skills to deal with cyber challenges, given that we have “some” members of our law enforcement who are used to manning unjustified roadblocks and asking for spot fines? We need to build the human capital. I thought this was obvious? The cyber laws will be a dead donkey on day one if this is not addressed. Let us stop dreaming.

Unfortunately, most of us have either a short or volatile memory. In essence, the global trend to deal with the increased adoption of social media and other web-based technology is to conduct research, collect data then analyse it to make informed decisions.

Legislation can never catch up with technology in an environment where the concept of research and development still eludes many. Social media is just a platform, which can either be used for good or bad. But lack of foresight among powers-that-be is what has led to the present chaos and confusion. Someone somewhere has been sleeping on the wheel.

By now Zimbabwe, in line with International Telecommunications Union guidelines, should have set up a cyber incidence response centre. Besides manning roadblocks, I am not sure whether the majority of our police officers know what an IP is. Social media can be a dangerous place for our kids, families and businesses.

As such, no rocket science is needed to figure out that a data-driven solution to accommodate the new modes of communication is long overdue; coming up with dubious legislation overnight will not work. Social media is not something that is just passing by. It will be a norm before 2020. The best stakeholders can do is to come up with win-win ways of accepting it.

Can authorities take my phone and arrest me if I received a “bad” message on WhatsApp? Yes, they can take away your phone. What is a phone? I have seen police impound a vehicle. Is it legal? I do not know. What I know, however, is that the digital evidence that they collect in such a manner must meet a certain minimum of handling standards if the evidence in your WhatsApp message has to be admissible in a court of law. What I mean is that digital data is very easy to manipulate. The burden of proof lies with prosecution to prove that the data’s integrity and consistency has not been tempered with. Anything less and the case will be thrown out of court.

Yes, I can call you or text you from any number using spoofing techniques. My point is that digitally acquired evidence has problems in court, especially in a country with no more than five digital forensic analysts and probably no mobile forensic analyst.

For crying out loud, there is no cyber security lab. If you deliberately send a “bad” message to cause chaos and chaos does happen and you are picked up and you lose a few front teeth, don’t blame anyone. Freedom of expression comes with responsibilities.

What is the way forward?

From a technical perspective, the authorities must engage stakeholders so as to look at what the real issues are and how to handle them.

This starts with data collection so that decisions are based on facts.

Secondly, it does not make sense to start crafting laws to arrest people for posting on social media and grab phones when you are not making any effort to educate the people and also build technical capacity to support those laws. In short, expand user awareness training, create a social media policy and develop local technical capacity to deal with this.

Authorities might need to review the competence levels of some ICT advisors. Do not make us the laughing stock in the ICT arena. We raised these issues years back.

We patiently await the publication of the Innovation Fund set up by the Ministry of ICT along with POTRAZ to help the youth develop home grown solutions. We hope the application and awarding process will be clear and transparent.

We want to leverage ICT use in all sectors of the economy to create opportunities, jobs and disseminate information. Let the information Ministry deal with the media. As for my embattled mobile operators, the message remains the same — innovate or die. Just ask some banks what mobile money did to them.

