[Webinar] Data for Environment: From Insight to Action

Prof. Rolien Hoyng, School of Journalism and Communication, CUHK and the Internet Society Hong Kong are organising Data for Environment: From Insight to Action. We invite you to join our webinar discussing the role of data in tackling the environmental problems that cities like Hong Kong are facing.

The event explores how better access to, and use of, data can contribute to social innovation and awareness of environmental threats such as pollution and waste. What kinds of data would be necessary and what can be done with them? What can Open Data mean for stakeholders such as environmental NGOs and how can they push for it? 

Date: 23 October, 2020 (Friday)

Time: 15:30 – 17:30

Venue: Online meeting room

Registration: https://forms.gle/KwvSe8KFvBUptDRd6

Speaker: 

  • Prof. Daisy Tam, Department of Humanities and Creative Writing, HKBU

Prof. Tam will talk about her research journey in food waste and her web application Breadline (by HKFoodWorks) which uses data to decentralise food rescue operations. 

  • Prof. Wilson Lu, Department of Real Estate and Construction, HKU

How much construction waste is being dumped illegally in Hong Kong’s countryside? Prof. Lu is going to tell us about his research project that dug out the truth using data mining and modelling. 

  • Mr. Wendell Chan, Project Officer of Friends of the Earth

How “green” are LegCo and District Councils? Friends of the Earth looks into the meeting minutes, attendance and voting record of council members to find out how committed they are to environmental issues. 

  • Dr. Scott Edmunds, CivicSight (formerly Open Data Hong Kong) & CitizenScience.Asia

There are not many publicly available academic and government data in Hong Kong. That was why Dr. Edmunds mobilised the power of citizen-collected data in his crowdsourced mosquito detection projects and in understanding other environmental issues.

Read more

什麽是「路由安全共同協議規範」Mutually Agreed Norms for Routing Security (MANRS)?

路由系統是全球網絡基礎設施的重要一部分;不良分子可以透過騎劫路由器 (route hijacking)、路由洩漏 (route leaks)、欺騙網絡協定地址 (IP Address spoofing)等發起分散式阻斷服務攻擊 (DDOS) 及其他攻擊網絡服務的手段。因此,路由系統的保安和韌性(reslience) 至關重要。互聯網協會 (ISOC) 推動的「路由安全共同協議規範」(Mutually Agreed Norms for Routing Security,MANRS)計劃,正是為常見的路由威脅提供關鍵修復,維護互聯網的穩定和安全。

這項計劃促進網絡運營商(ISP)、互聯網交換點(IXP)、內容交付網絡(CDN)和雲端供應商的及時通信和協調,並鼓勵他們發布和分享路由數據。參加的運營商亦要同意防止傳播錯誤的路由信息​​,以及截停帶有欺騙性源頭的IP地址流量。更重要的是,這個計劃鼓勵網絡營運商承諾和承擔維護路由系統的保安和韌性的責任;同時,透過更多支持者的加入,擴大這個安全規範的影響力。

大家可以在此查閲到MANRS參加者名單: https://www.manrs.org/isps/participants/ 大部分服務香港的網絡運營商,均提供跨區域性服務。MANRS參加者名單上列出了8 間服務香港的網絡運營商;其中有兩間運營商: Anexia 以及RETN 達到MANRS全部4項服務要求目標,分別是防止錯誤的路由信息傳播 (filtering);防止IP地址欺騙 (anti-spoofing);改善網絡之間的協調 (coordination);路由信息驗證 (global validation)。

資料提供: ISOC 義工訓練計劃參加者Joey Che

2020年6月20日

Read more

什麽是社區網絡 (Community Networks)?

很多人以爲互聯網必須由互聯網服務供應商 (ISP) 提供。其實,你也可以”自己動手”建造網絡。

社區網絡 (Community Networks) 提供了互聯網服務供應商 (ISP) 以外的另類網絡——一個由社區成員配置及經營、而且自行擁有和管理的電信基礎設施。數碼鴻溝 (digital divide) 是發展社區網絡的其中一個重要原因;例如,偏遠地區人口密度低,網絡搭建成本亦昂貴,因此削弱了互聯網服務供應商 (ISP) 到該處提供互聯網服務的商業誘因。

基於「互聯網屬於每一個人」(“Internet is for everyone”) 的宗旨,互聯網協會 (Internet Society (ISOC)) 致力緩解數碼鴻溝 (digital divide) 的問題,而社區網絡正是互聯網協會 (ISOC) 其中一個重點發展項目。透過推廣和提供訓練,互聯網協會 (ISOC) 幫助有需要的社區建設社區網絡 (詳見: https://www.internetsociety.org/tutorials/wireless-community-networks)。 

社區網絡能夠幫助市民減低連接網絡的費用,讓普羅大衆均可利用互聯網資源,例如電子學習、電子政府服務、電子商務平台等。在荷蘭,其無線萊頓基金會 (Wireless Leiden)利用低成本的硬件、開源軟件、開放標準在萊頓及周邊村莊建設無線社區網絡,為當地居民提供開放、便宜、快速的無線網絡連接。

香港社區網絡的需求 

香港家中有接駁互聯網的住戶佔所有住戶百分比雖然已達到94%*,但在一些偏遠新界及離島地區的居民,例如北面荔枝窩、雅洲、坪輋,東面海下灣,西面新田、上白泥,大嶼山分流、羌山、蓮花山等地區,尚有接駁互聯網的困難。

由於本港絕大部分住戶都有電力供應,處於偏遠地方的居民,理論上可藉電力傳輸線寬頻(Broadband over power lines,簡稱BPL)接駁互聯網。它是一種利用公共電力傳輸線,進行高速率資料傳輸的電力傳輸線通信技術(Power Line Communication,簡稱PLC),可在長距離電力傳輸線上提供高速率的資料傳輸。以此作為接入點,就可以在偏遠社區建構無線網絡。社區網絡方便推動偏遠地區的居民分享互聯網上的資訊,以及與世界志同道合的社群接觸,放眼世界。

另一方面,有大型群眾活動的地方,網絡連接亦經常發生樽頸不流暢情況。社區無線網絡可以解決這個窘況,因為建構社區網絡的器材要求簡單,價錢低廉,建立容易,在大部分國家都並不需要再申領牌照,以無線在2.4G和5G頻譜傳輸。在突發性的情況下,藉著臨時設立的社區網絡,群眾亦可分享連接互聯網的機會。

如有興趣瞭解更多,可參考:https://drive.google.com/file/d/1gquACP4fTmBTPQbJ9NIfLuZ5PQPo1sSo/view?usp=sharing 這個教學課程由國際互聯網協會編纂而成,由ISOC 義工訓練計劃參加者Noel Leung 翻譯,以分享給有志於建構社區網絡人士參考使用。

2020年6月15日

Read more

香港互聯網協會就立法會工商事務委員會2020年6月16日會議議程「香港的創新科技發展及再工業化政策」的意見書

第十三屆全國人大代表大會第三次會議於5月28日表決通過《全國人民代表大會關於建立健全香港特別行政區維護國家安全的法律制度和執行機制的決定》議案,以制訂「港區國安法」。議案內容包括「國家堅決反對任何外國和境外勢力以任何方式干預香港特別行政區事務,採取必要措施予以反制,依法防範、制止和懲治外國和境外勢力利用香港進行分裂、顛覆、滲透、破壞活動。」等定義不清、範圍廣泛的條文,令公眾憂慮到香港政府本地立法後將以國安法限制互聯網及通訊服務、封鎖網絡平台、審查互聯網或限制資訊流通等。香港互聯網協會憂慮,若香港無法維持資訊自由流通,將對本港的創新科技發展及可靠營商環境帶來極大影響。

互聯網和通訊自由乃受基本法所保障

我們深信基本法所保障的言論、新聞、出版自由亦適用於互聯網的媒界上,網絡用家擁有獲取、分享資訊及言論表達的自由和權利,免於被審查、屏蔽、或以言入罪的恐懼。

香港受基本法保障各種自由,法治精神及制度享譽國際,亦因此得以成為一級國際城市。任何對互聯網的管制將損害基本法所保障的權利和自由,及對香港的法制以及國際聲譽做成不可挽回的破壞。

影響香港的國際金融中心和互聯網通訊樞紐地位

切斷或審查互聯網通訊服務會窒礙香港的經濟活動和削弱區域通訊樞紐地位。香港作為國際金融中心,十分依賴互聯網和通訊網絡從事金融活動,任何審查互聯網的技術亦將會把香港的互聯網置入類似防火牆的監控當中,並有可能造成巨大經濟損失。香港是亞太區域互聯網通訊樞紐,對科技行業而言,審查互聯網亦將嚴重影響行業日常工作,打擊國際及本港科技和創科公司對香港的信心,使科技和創科人才流失至其他鄰近地區,削弱自身競爭力,亦有機會令外資對香港失去信心,繼而撤資,損害香港經濟。

香港新聞自由收窄及國際形象受損

以互聯網作出現況直播以及提供實時資訊更新是近來媒體常用的報導手法。若政府以緊急法限制互聯網的使用,將會阻礙記者採訪及媒體報導,損害新聞自由和香港市民知情權,與基本法第二十七條不符。此舉會令香港的新聞自由收窄,將嚴重傷害香港作為自由城市的聲譽,令國際進一步對香港失去信心。

干擾互聯網將嚴重影響日常生活以至公眾安全

香港普羅大眾十分依賴互聯網互通消息,一旦互聯網服務無法正常使用,市民的日常生活將會大受影響,甚至影響公眾安全。在無法使用互聯網的情況下,不論社會運動人士又或者普通市民均無法得知公眾安全情報及與家人朋友取得聯繫,造成市民不必要的恐慌。

政府須承諾不會管制互聯網,以釋市民憂慮

開放的互聯網,絕對包含網絡私隱,例如以匿名身份發表言論,是香港言論自由和信息流通的基礎,亦是基本人權的一環。故此,本會懇請香港政府承諾,不會以國家安全法進一步檢查、管制,壓制或切斷互聯網及通訊服務,或者阻礙資訊流通,以釋除市民憂慮、保障香港市民的安全和權益。

二零二零年六月五日

Read more

Encryption Matters

The Internet has become even more important than ever since the outbreak of COVID-19. Imagine if we were living in a world where the development of the Internet was not as advanced as today, “work from home” or remote learning would be a myth, and our entire world would have been on pause completely in the past months.

In January 2020, the household broadband penetration rate in Hong Kong exceeded 90 percent (OFCA, 2020) and the mobile subscriber penetration rate reached 283.0 percent in November 2019 (OGCIO, 2020). Whether you are digital immigrants or digital natives, you are engaged in using the Internet or new technologies every day. From checking work emails to watching live streaming news with your social media account, we are more inseparable from the online world.

Many of us have added the Internet as the most fundamental need in the pyramid of Maslow’s Hierarchy of needs (GU Executive Education, 2013). Given how Internet has become an essential part, how much do you understand about the Internet though? Would you be fine with —— as long as you got your non-disrupted Internet connection —— exposing your personal data by using a non-encrypted social media service, or falling prey to an insecure network, which very likely might lead to a leak of confidential information? Definitely not recommended.

The Internet has become an inseparable part of our life, and the online and offline world are more intertwined than ever. Yet, most of us are unaware of online safety, just like things as simple as not leaving our wallet unattended in the public in the offline world.

What is encryption?

Encryption helps protect data you send, receive, and store, using a device (Porter, n.d.). It can be text messages stored on your smartphone, bank information sent through your online account, and your saved data on Animal Crossing.

It is a process of scrambling or enciphering data, so it can be read only by someone with the secret code or decryption key to return it to its original state. It provides data security for sensitive information. (2020, Internet Society)

Why do we need to care? 

Data is increasingly central to all aspects of our lives. Keeping our data secured is as important as locking our homes or protecting our valuable business property (2019, BSA). Most of us understand the importance of keeping our properties safe in the physical, but unaware of protecting our own data secured in cyberspace.

Some are under the mistaken belief that encryption is not that important if we have nothing to hide. But if our data falls into the wrong hands, it can be used to damage your reputation; you can be hurt financially by identity theft, as they may impersonate you to redirect a financial payment.

Encryption in daily life

We rely on encryption every day. Strong encryption is fundamental to our security, confidentiality, and privacy. For example, websites use HTTPS, an encrypted protocol, to keep our data from being read by criminals while in transit; we trust companies to protect our credit card information when we make a purchase online; we expect the messages to be kept private when we use messaging app like WhatsApp that uses end-to-end encryption.

End-to-end (E2E) encryption is any form of encryption in which only the sender and intended recipient can read the message. No third party, even the communication service provider that has knowledge of the encryption key. E2E encryption is the most secure form of encryption we can use to protect our data. (ISOC, 2020)

Although E2E is the most secure form of encryption, it does not mean we are 100% safe online without the need of worrying about anything. For example, many of us have been working from home amid the COVID-19 pandemic, business is booming for a video conferencing service, Zoom. Yet, there is some crisis about their service, particularly about encryption. 

The E2E encryption claimed by the company is fraudulent and misleading. E2E means from one end-user device to another end-user device to most of use, but in the definition of Zoom, E2E means from one end-user device to the centralized server as a relay. Although data is still encrypted in transit, Zoom holds the key and they can decrypt the data when it passess through.

Vulnerabilities in a system offer bad actors a chance to collect data from users in general for many purposes. Bad actors are not limited to hackers only, but also technology companies which strive for profit or even governments. For example, they can build up a data model to provide analytics for profit, they can sell it to black market for money, or even use the data to perform surveillance and ransoming.  Some may just do it for fun. Who knows? But if we don’t care about encryption and stay unaware of the complexity of the cyber-world, our security, confidentiality, and privacy will always be at risk.

Beware of the threats to stay safe

Some governments try to make companies create access to the content encrypted to enable content filtering or blocking. Some companies demand access to encrypted data for monetization purposes. However, any so-called backdoor access reserved for “authorized” uses will always weaken the system overall. Backdoor access mechanisms always add complexity to the systems which may lead to vulnerabilities. These vulnerabilities can act as points of entry that anyone can discover. 

A “Ghost protocol” is even proposed in the Government Communications Headquarters (GCHQ) in the United Kingdom (Garcia, 2019), by adding a silent listener into a private conversation, in order to facilitate access to encrypted data. The data is still encrypted, but the government will get a copy of the conversation from the end-user. The ghost proposal inevitably changes the trust relationship between users and service providers, regardless of the users being aware of it or not.

Ghost proposals do not passively add silent listeners, but actively conceal third party intrusion into supposedly secure and confidential services. If such practices are known to be adopted in some dominant messaging platforms, would users still trust any purportedly confidential service? (Internet Society, 2020)

Encryption matters to all of us

Whether you are an ordinary Internet user or a software engineer, we are all in this together. No party can stand alone to persuade governments to stop creating laws or policies that harm encryption and digital security. we need to first be aware of both the importance and potential dangers  of our cyberspace, and further build awareness about the issues or actions that are harming encryption and cyber security together. We are losing our privacy, confidentiality, and security, by not knowing or forgetting the importance of protecting our own data. It’s not too late to start paying attention to all these issues. I guess you wouldn’t want to have your information, or even your identity online, stolen, right?

Submitted by Jenna Fung, ISOC HK Volunteer
June 5th, 2020

Reference

Read more