Vol. 4 Num 198 Mon. December 15, 2003  
Front Page

Summit on info society
Organisers under fire for poor show

Organisers of the World Summit on Information Society (WSIS) came under fire from critics for the unimpressive outcome of the summit and sloppy security arrangement.

Media also expressed doubt over the outcome of the WSIS, organised by United Nations, which wound up three-days of lofty speech-making by endorsing a declaration of principles and 29-point plan of action, but dodged the issue of bridging the so-called digital divide between rich and poor.

More than 170 countries approved an ambitious call to extend the Internet and the benefits of information technology to the poorest countries of the world but avoided detailing measures necessary for achieving it.

The declaration committed itself to using telecommunications technologies, such as the worldwide web and cellular telephones, to boost economic growth and meet the United Nations development targets for eradicating extreme hunger and poverty by 2015.

Around 90 percent of the world population is not connected to the Internet, depriving them of a 21st-century resource and widening the gulf of "digital divide" between rich and poor. But richer states, notably Japan and the European Union, which did not send top government officials to Geneva, resisted the call for a "Solidarity Fund" to help close the gap.

As a compromise, states agreed to study the issue further and report back before follow-up summit in Tunis in 2005.

Senior UN officials also agreed it was better to explore improved use of existing resources from the World Bank and other sources before rushing into new finances.

The International Telecommunications Union (ITU), the UN special wing for telecommunications, also came under fire as it failed to get United States of American and Britain participate actively. First world countries like USA and UK maintained low-key presence in the summit but countries from Africa and Asia were most vocal.

Meanwhile, an international group of independent researchers attending the World Summit on the Information Society (WSIS) revealed important technical and legal flaws, relating to data protection and privacy, in the security system used to control access to the UN Summit.

The system not only failed to guarantee the promised high level security but also introduced the very real possibility of constant surveillance of the representatives of the civil society.

During the course of investigation the group called Contra Info was able to register for the summit and obtain an official pass by "just" showing a fake

plastic identity card and being photographed (via a webcam), with no other document or registration number required to obtain the pass.

The limited personal data required for the production of the fake ID and thus register was easily obtained -- a name from the WSIS website of participants.

Moreover, the official summit badges, which are made of plastic and the size of a credit card, hide a "RF smart card" -- a hidden chip that can communicate its information via radio frequency. It carries both a unique identifier associated with the participant, and a radio frequency tag (RFID) that can be "read" when close to a sensor.

These sensors can be located anywhere, from vending machines to the entrance of a specific meeting room allowing electronic identification and tracking of participants, or groups of participants, attending the event.

The data relating to the cardholder (personal details, access authorisation, account information and photograph) is not stored on the smart card itself, but instead managed by a centralised database.

This solution enables the centralised system to monitor closely every movement of the participants at the entrance of the conference centre, or using data mining techniques, the human interaction of the participants and their relationship. The system can potentially be extended to track participants' movements within the summit and detect their presence at particular session.

Because all of the personal data is stored in a centralised database, any part of the database can be replicated locally, or transferred to future events -- for example in the next WSIS Summit to be hosted by Tunisia in 2005.

During the registration process Contra Info requested information about the future use of the picture and other information that was taken, and the built-in functionality of the seemingly innocent plastic badge.

No public information or privacy policy was available on demand that could indicate the purpose, processing or retention periods of the data collected. The registration personnel were obviously not properly informed and trained, blamed Contra Info.