My column last week touched on the extremely problematic Memorandum of Understanding between the Government of Sri Lanka and a well-known Chinese telecommunications company, known to have sold sophisticated surveillance equipment to the Rajapaksa regime. Despite disturbing recent revelations in the mainstream media that have gone unquestioned in Parliament, a high-profile visit by Sri Lanka’s PM to the company’s Shenzhen headquarters resulted in an MoU that invited the company, inter alia, “to participate in ICT planning and infrastructure construction for Smart Colombo”.
Arguably, companies are interested in profit, and governments are often good customers. Why the present government continues to deal with – without any due diligence or scrutiny of past business practices –the same enterprises that had a direct role in seeking to undermine the democratic fabric in Sri Lanka is what is more outrageous. Clearly, money is at stake and with more zeroes than can be easily comprehended. As clearly, politics and optics are at play – an early, expedient distancing from China during elections, now facing near complete reversal in light of dire macro-economic circumstances, which the US for all its visiting warships, aircraft and diplomats, can’t provide an alternative to. Effusive tweets from State Department don’t FDI make. With projects like the much touted Google Loon lost somewhere in the stratospheric promises our politicians and their apparatchiks make, the Government needs high-profile technical partners with appropriate technology solutions to undergird its vision for the Western Province make-over, including the Port City project. Transactional diplomacy with Chinese companies is thus a no-brainer for a government already hostage to the Chinese government through monumental debt. And so we will be saddled with network infrastructure, from China, of indeterminable quality and standards, from the very companies that sought to undermine our civil liberties, and without any safeguards around data integrity or privacy integrated into systems that will impact all our lives, no matter what we do, or where we live.
This matters because what appears to be a really technical or technological challenge, best debated by experts, is really something that will impact – in a very real way – our lives in and entry to cities, and well-beyond. There has been much written about smart cities – about the millions of dollars of saving accrued per annum on account of more efficient and effective service delivery, more streamlined governance and the icing on the cake, local government that is more responsive and citizen centric. These buzzwords find their way into advertorials, press releases, academic papers and even official government policies. This is the promise. What is the reality? The underlying infrastructure around a smart city is digital. What that means is that our negotiation of city life – from travel and transport to a myriad of transactions – will be mediated through services linked to personal identity. How a digital personal identity is created and managed is up for grabs – it could be through a smart-chip, a social security single number or by the conversion of current laminated, hand-written NIC to an electronic version (e-NIC). A smart city is also about the aggregation of what are now disparate systems. For example, a bus pass linked to a debit card, which in turn is linked to a mobile phone based payment system, that can be topped up online or through a telco with one’s identity verified by a unique e-NIC number. Smart cities are about other things as well – traffic light and driving lane management that is dynamically adjusted on the volume of traffic, and historical data around traffic flows in a particular area. Real time updates on public transportation. Simple, single portal based access for citizens to engage with government services. Dashboards that showcase report card based feedback on things like garbage disposal. Free parking around a city that shows up in real time on a mobile. Hospitals and accredited doctors who securely share medical records.
What the smart city promises, ultimately, is a better quality of life. Underlying this, and often unquestioned, is what one has to give up in order to enjoy la dolce vita. And here we must consider a 17-year old’s successful attempts to hack our President’s website. The connection is a simple one. A smart city is actually anchored to giving up some privacy in return for mostly the promise, and hopefully, also the delivery of material and mental well-being. Identity management – what each citizen does, who they are, where they are, what they need and various other transactional records from transport to tax, need a high degree of security to manage and oversee. Else, simply put, everything from impersonations to crime, extortion, blackmail, data loss and surveillance stand a chance of increasing exponentially if records aren’t securely managed. And importantly, the risk to records is not just from juvenile or criminal elements of society. It is from within government itself. If our intelligence services have ready access to the back-end data around a smart city with scant or weak judicial oversight, or worse, through gateways we may not even know exist, foreign powers gain access to sensitive information that even in the aggregate can yield insights into social, political and economic trends, our civil liberties are compromised in very real and dangerous ways. And even if you resist by non-registration or compliance, you are still at risk – just as much cybercrime today directly impacts even those who bank in person and using real money.
Which brings us back to the now infamous 17-year old. The JO wants to give him a job as an IT consultant, perhaps one of the better ideas they’ve had since it resonates with many others who question more than the young gentleman’s actions, the ineptitude of those in charge of security around official web properties. And while this teenager was caught and is in custody, there has not been a single line of reporting and no official response from government around how or to what degree officials in charge of network security for the President’s Office have been held accountable for what was clearly a grossly over-paid hack job. This isn’t the first time official government websites have been hacked. A simple Google search brings up at least one serious disruption or deletion of a high-profile official government website every year, for the past several years. And this is just what’s reported in the media – the cover-up of many more incidents, perhaps far more serious, is more than likely.
So it takes a 17-year old hacker to bring to light the serious concerns around not just over an MoU with a Chinese company, but around the government’s e-NIC project and its entire vision for a digital Sri Lanka. A glittering promise is what’s sold, and it is a compelling fiction. Citizens willingly buy into it. Telcos see profit. Governments see control. Cities see positive returns on investments. Private enterprise sees more consumers. Largely hidden though are serious concerns around the commercialisation of essential services, the nature of command and control architectures, access to information even under RTI, information management practices by public agencies and above all, oversight mechanisms. Smart cities, especially where there is or has recently been a huge democratic deficit, run the risk of turning inquiring citizens to obedient consumers, where dangerous new inequalities – between say those who can afford to secure their privacy vs. those who cannot – are created even as older class differentiations are torn down.
All of this is to not say that smart cities aren’t needed here, or indeed, long overdue. But we must ask how with successive governments so inept at digital security, and the present government in bed with Chinese companies which have had no qualms undermining our civil liberties, a smart city can actually protect the dignity, liberty and freedom of all those who subscribe to and live in it, and indeed, all those outside, in the margins, risking death through deletion.
First published in The Sunday Island, 4 September 2016.