The conundrum of digital humanitarianism: when the crowd does harm

We saw this coming. It’s like when you start sniffing and coughing and you know the real flu is coming. And you know you cannot do anything about it, because even if you take a very strong aspirin, it is too late and you will get sick for at least a couple of days.

We saw this coming: the truth is that the consequences of Typhoon Yolanda are not only the one that we see on TV every day, but they are virtual, and the worst of those virtual consequences is coming.

The Digital Humanitarians (or the Volunteer Technical Communities, as you want to call them) came to be out of an amazing change in the world we live: the internet and mobile phones, with which now you can help, and talk, and share with anyone in the world. And you don’t need to have money or to be a professional to provide support to affected communities. You can give your contribution and you help just by sitting behind your desk in your comfy sofa.  But is that true? Does “the crowd” knows what to use and how to use it in a humanitarian crisis, and does it know what are the consequences of its actions? The answer is that no, most of the people in the crowd do not know what they are doing. But they are doing it anyway.

People want to help, and they can help, but they are not necessarily professionals, they have not done this before. Most of the times they do not know what the “do not harm” principle is and means in a practical way, and most importantly, they do not see the consequences of what they do.

This is not a new thing though: we have seen this in Haiti, in Pakistan, in Chile, Libya and we are starting to see this in the Philippines. And because Internet has not been restored entirely in the country yet, the magnitude of what it is gonna happen in the Philippines is still unknown.

You don’t trust me? Want some examples?

Here you are:

Facebook 1

This messages was posted in Facebook (I added the black lines to cover the information) and then reposted by several people – I counted 64,  but only the re-posts from one account. Which means that I don’t know how many others have reposted it from their accounts. To some of you this may look like heartbreaking (and it is in fact) and you may think that it is very nice for people to share this story so that maybe someone will help this family. The problem that I have with this is that whoever re-posted this did not knew that he was basically saying to whoever has bad intention: “Hey, here there is a young woman with two little kids, and two wounded people with her. Here is her location, and she is scared and alone, with no means to get for help”. This is more or less like to tweet that you have a million dollars in your house and that you are gonna go out for a drink and leave the door open.

This second one thought, is even scarier:

FB2 copyThis post, also on Facebook, has already 4000 shares and 5000 likes. The black boxes to cover the children faces were added by myself – here. The post has also 820 comments, a lot of those asking the organization that posted this to delete it, denying what they claim (that they will take all the children under 18 in the Philippines to the US for adoption). But there are also a LOT of comments asking how people can apply to adopt those children – some people even choosing which one they want from the picture. If any of the readers of this post have been to Haiti, they have seen this kind of things before.

But this is not all that is happening, there is more to come. Since the Typhoon, I have received around 10 different emails like this one:

Screen Shot 2013-11-15 at 11.58.10 PM

Now, this company is not doing anything illegal, and they are just offering a very good service to send blast SMS to multiple people in little time – a very good and interesting solution. The problem is, is that a coincidence that I received this just when the Typhoon happened? and that other 10 different companies sent me an email with very similar products or offers?

On Twitter and on several online volunteers Skype chats, I have also seen people already talking about how to set up SMS system to send messages to the people in the Philippines, how to set up a Text2Tweet account, how to harvest requests for help and geo-locate them on line, etc.

Now, don’t get me wrong: information sharing, and the use of technology to provide people with the information they need, when they need it, it is absolutely fundamental! This is why I work for an organization like Internews. Because information is KEY and can save lives. But it can also destroy lives if it is not treated properly and handled with cautions.

In Haiti we saw a proliferation of SMS services, requests for help spread on the internet with sensitive data in it, and multiple people organizing their own “shipment” of goods to the country – not knowing if anyone really needed that. A lot of the people behind those projects REALLY MENT WELL and learned their lessons the hard way. Humanitarian Organizations and NGOs were not immune to this “multiplication” of digital information systems. The real victims though, Haitians people, were the once left to deal with it: misinformation, frustration, and sometimes much more serious consequences.

Let’s be clear here: I am not writing this post to ‘demonize” online VTC or DH communities and individuals. This is not the case. I am myself the co-founder of an organization that does that, the Standby Task Force. This is in of the reason why 3 years ago with some colleagues we created this organizations: to be ready, but most of all to educate people, and to be able to support humanitarian organizations during a crisis, while making sure we can help people not to harm others. This is why we have codes of conduct and CDAC trainings for our volunteers.

But the truth is that the beauty of the internet, in humanitarian crisis, is also its curse: everyone can do everything and does not need to be “trained” or to be a “professional”, or to be part of a formal organization.

So here there are some suggestions to EVERYONE that is today looking at the internet to help and to support people in the Philippines:

1. Do not re-post/share or re-tweet ANYTHING that has sensitive information in it. Sensitive informations are: location of people that need help, names of people, GPS coordinated of their location, picture of children or minors. If you see a message like this, you should do 3 things:

A. Tell the person that posted it to take it off, and explain why

B. Contact the relative NGO working on the ground in the Philippines – use this resource here to find out who does what.

C. If you think that the message is really urgent, and that someone CAN do something about it, look for a hot line number – the government in the Philippines is setting those up for the municipalities locally. See here.

2. If you want to help in any way, contact an NGO, or a humanitarian organization and ask them. If you don’t find anyone, email me(I am at or @anahi_ayala). I swear, I will make time to answer to you. DO NOT DO ANYTHING ON YOUR OWN INITIATIVE IF YOU HAVE NEVER DONE THIS BEFORE. You can also join one of the many online communities that have been doing this for some time, see here a list.

3. Do not try to send information to the local communities online unless you are SURE that the information you are giving is correct. If you see a request for help, use the internet wisely: search for a governmental agency, local or international NGOs, UN agencies that are working in that area, see if they have a contact information.

4. Use this resource to find out what is being done and how.

5. Think before you do. I know, we are emotionally touched by what happened and is happening, but the fact that you are online does not means that the people in the Philippines are virtual. Everything you say or do has consequences in their real life.

6. Do not create new software, technologies an other techie stuff to help the humanitarian community without talking to them first. Here is why and how you can do that.

7. If you hear something that sound crazy, probably it is crazy. Do not  report/share or re-tweet it automatically, but try to figure out from other sources. Do your homework!

8. And for the love of god, DO NOT SET UP YOUR FREAKING SMS SYSTEM!!!!!! Unless you are the PH Government, or a coordinated effort from all the RESPONDENTS on the ground. Really, just don’t do it.

The Internet is a powerful tool, use it wisely and think twice. You are not in an emergency, so you can take the time to do that. Keep willing to help, contributing to the community and make your a contribution to a better world, just make sure you don’t screw up.

Asia Trip 2013: Follow the adventures of a crisis mapper in Asia!

I owe an apology to my readers: I did not disappeared or stopped blogging, I just changed platform for a little while. No worries, this is still my official blog, but for the time being you can see what I am up to here. I am using this platform because it is simpler and easier, it allows me to post from my phone and not necessarily original content. As to say: different methodology, different content, different technology.

Screen Shot 2013-08-21 at 4.18.16 PM

I have started a long trip in Asia, visiting 6 countries in one month to work on social media, local technology communities, crisis mapping, local context with regard to communication with communities, media and much more. For the trip, I have set up a Tumblr, so I am using it to write about my trip, my discoveries, and interesting projects or people I am meeting.

I will be back blogging here once I am back into a more of a normal life, but for the time being, please refer to my Asia Trip 2013 Tumblr for more information about what I am up to 🙂

And, as always, contact me if you have any tips, suggestions or comments 🙂

Crisis Mapping Intelligence Information during the Libyan Civil War

Steve Stottlemyre from the Office of Intelligence & Threat Analysis, U.S. Department of State and Sonia Stottlemyre from Georgetown Public Policy Institute, have recently published an article titled “Crisis Mapping Intelligence Information during the Libyan Civil War: An Exploratory Case Study”.  The article touches on one of the most interesting topic related to crisis mapping applied to civil unrests or conflict settings, and has some very good points in it, as well as some very big mistakes and misrepresentations. The article is definitely worth a reading though!

Let start with the good points:

1. The way Twitter users fused crowd-sourced data during the Libya War resulted in the creation of tactical military intelligence. This is indeed a super interesting matter, that in a way leads us to a broader discussion about the fact that tasks performed by hierarchical centralized systems may now be taken on by networked decentralized systems, in a way that may (or may not) lead to the same outcomes. What this means is also that crowdsourcing is creating a new way to process information that before was only possible by organizations that had the means and the money to do it. These new processes are so decentralized and embedded inside such a huge network (the Internet) that may be able to reach the velocity and accuracy of the centralized hierarchical systems and gain value because completely free and much larger in volume.

2. During the Libya Crisis War it was members  of the “crowd” who planned and directed collection efforts, and established  operating procedures for intelligence operations. This point is in a way very similar to what this article is formulating when talking about the “self-regulation” of Twitter. The social media space seems to be more and more described as a self-regulating and self organizing environment more than an “anarchy”. Balances and collective planning seem to happen in this space even with the complete lack of a unique authority to direct it.

3. Twitter provides both a platform for reporting information, and much of the infrastructure required to convert information into intelligence. The power of Twitter in this sense is incredible and undeniable: this platform I think has by far exceeded the expectations of the same people that created it. More than Facebook has done, or if you want in a different way, Twitter is being used for a range of tasks that all together make it one of the best real-time coordination tool. The division of tasks and the consequent combination of its component can be done, again, in a decentralized, real- time dimension, while the vetting of the information combined is distributed to the all network.


4. Twitter acted as a platform for collaboration on and compilation of intelligence products. Again, the inherent structure that Twitter has and the use of hastags makes is a very efficient curating system. What is happening is that this curation process is being done collectively and intelligently in real-time, making it possible not only to access already curated information, but also to have a sort of continuous verification/vetting system that constantly reiterate itself.

So, let’s make it clear here: people creating crisis maps and people using social media were and are creating intelligence. This was true for the Libya war, as it is for ANY crisis mapping deployment or social media coverage of an event. The first time I had a conversation about this, it was with Heather Blanchard, co-founder of Crisis Commons, in 2010, discussing about PakReport, a crisis mapping deployment in Pakistan. A big kudos to the authors of this paper to have reached the same conclusion 3 years later!!! 🙂

Now, let’s go to some of the major mistakes in this paper and to some of the weird points that the authors make in an attempt to prove their thesis.

Vocabulary and Glossary mistakes

1. Crisis Mapping is not equal to Twitting. Unfortunately it looks like the authors of this article are a bit confused about the vocabulary they use, when they attribute to people twitting the definition of “crisis mappers” and the contrary. For example, the Libya Crisis Map was clearly a crisis mapping effort, but did never engaged in active twitting, while people twitting were not necessarily the same one creating crisis maps out of twitter messages, even if involved in the curation of the data that was subsequently mapped. I suggest the authors to read this blog post to learn more about this.


2. Hashtags do not equal @. This is the most disconcerting mistake in this paper, namely because you would think that people writing a paper about social media would have done their due diligence work in understanding how social media work. In the paper the authors infer that people using the hashtag #NATO wanted to address the information in that tweet to NATO. At the contrary though, people use hashtags to underline a topic, or a specific actor involved in the action reported. For this reason if I am tweeting that the US have just passed a law on cybercrime, I will add an hashtag to US and one to cybercrime, but the reason why I do it, it’ s because I want people interested in the cybercrime topic to find that information, as well as people looking for information about the US. The very interesting part of this mistake in understanding how Twitter works is linked directly to the intentionality that the authors want to attach to everyone that used the hashtag NATO. In fact the thesis they are trying to support is that everyone that used the hashtag NATO wanted to actively pass information to NATO.

The missing point here is that as much as we can assume that the NATO was following its hashtag, we can infer that the rebel groups would have done that too, as well as the Gaddafi forces, as well as the media, as well as everyone on the Internet that wanted to see what the NATO was doing during that period of time. This of course is a very different issue than the Twitter messages that had @NATO or @NATOPress, since this was indeed a way to make sure that the specific accounts were getting that information. Without going into details about the actual intentions behind the willingness of people adding the @NATO to their tweets, those two groups cannot be merged together, nor can their motivations.

Factual Mistakes

As one of the person managing the Libya Crisis Map project I have to say that I am definitely pissed off by one main factual mistake done in this paper.

The mistake is about why and when the volunteers working in the project where reporting about military operations happening in Libya. Interesting enough the assumption that the authors make is that we started reporting about military operations because we wanted to actively support the NATO Operations in Libya. What looks strange is that the  Stottlemyres did not connected the fact that military related reports were increasing in the platform to the fact that military actions overall were increasing in number – since there was a new actor in the battle field, and namely NATO. The second factor that they seem to ignore is that NATO military operations were much more visible and reported than military operations done by the rebel groups or the Gaddafi soldiers.

In addition to this, the authors seem again to ignore a very important point here: if we are assuming that the Libya Crisis Map was reporting more military related information to support the NATO , why not to support the rebels? or the Gaddafi soldiers? as the internet is accesible to everyone in the same way, no causality can be drawn by the simple fact that more information was reported.

In addition to this, what really strikes me in this strong tentative to accuse 300 volunteers of wanting to support a military operation that caused thousand of victims, in a very complex emergency, is the subtle idea that the Standby Task Force is a unique body composed of people that are all politically aligned,  or, the even more annoying idea, that we, as the Core team, could have been instructed people to search and publish information specifically for the purpose of supporting NATO operations in Libya. Both those scenarios are not only unrealistic but also offensive.


To be added to this is the simple fact that the SBTF was acting under the activation of UNOCHA, one of the most independent and imparcial body of the UN. In fact, if the authors of this paper would have taken some more time to actually support their accusations, they would have seen that once UNOCHA took full control of the deployment, the reporting of military related operations stopped entirely. One of the main reasons why this happened was because, while in the beginning of the deployment the SBTF was mandated to give UNOCHA an overall idea of what was happening, and what was the humanitarian situation, in the second part of the deployment, when UNOCHA had more information coming from the ground, the focus switched to more attention to the provision of humanitarian relief.

Let me also add something else here: in order for the SBTF to give an overview of what was happening on the ground in Libya, the location and intensity of the combat was indeed a very useful information. For example knowing that Benghazi was under attack for days, and that the port was blocked, was indeed valuable to infer that civilians would have been in need of water and food, and that they most likely would have been trying to run away, causing an influx of IDPs and refugees in other areas. All in all, saying that combat information do not have a relationship with humanitarian needs is like to say that hunger has no relationship with availability of food.

Specifically in this instance, I would like to think that the authors of this paper are rather ignorant than to think that they are intentionally trying to accuse the SBTF to be an ally of NATO, which would not only be malicious but also dangerous for some of our volunteers, that live in Libya and could be subject to repercussions due to those accusations.

A piece of advice for the authors, is also to remove the twitter account names from the article, especially when they are publicly accusing those people of being NATO supporters.

Totally not supported assumptions

As I said before, this paper is a very good piece of research when it comes to the relationship in between the military intelligence process as done by the army, and the same process as done by the collectivity in the social media or in crisis mapping projects. I find this topic extremely fascinating and definitely in need of more research and possibly in depth research. What is very curious about this paper is the decision of the authors to infer intentionality for everyone using social media or doing mapping to support the NATO. I have been reading this paper over and over and I cannot find a good reason for the authors to add element this to their paper.

In addition to this, what is extremely curious is that, while in the paper the authors repeatedly use several reasons to support the argument of intentionality to support the NATO (i.e. the use of the # NATO or the number of tweets or maps monitoring the military operations), they also specify in the conclusions that “we cannot precisely extrapolate the motivation of crisis mappers who created finished intelligence products, nor can we determine how responsive crisis mappers would be to official PIR and RFI issued by military commanders.” It definitely looks like some confusion is going on there, but we can also notice that there is a huge stretch in the tentative to infer intentionality by using an argument that could be used as well as to infer intentionality to support the Gaddafi soldiers or the rebel groups, or whoever was in the field at the time.


The main questions were basically not asked 

This paper is just scratching the surface of the real issues. What is a shame is that the authors of the paper did not asked the right questions, as if they did not want to actually find out the two main  issues:

1) If the military was actually really using the data produced by crisis mappers or social media;

2) and related to that, if the data produced was of any additional value to what the military already had.

In this matter, clearly the authors of the paper did not noticed that the Libya Crisis Map, for example, had a delay of 24 hours – meaning that data posted one day on social media would have only been visible and usable the day after in the Libya Crisis Map. Would that data be of any value for military purposes?

The authors themselves say that “Public information is unavailable about the extent to which military commanders used information from crisis maps during the Libyan Civil War. Nevertheless, commanders had access to such information, and likely used intelligence products derived, at least in part, from information pulled from social networking websites.”  Forgetting for a moment that this is stating the obvious, since it would make no sense to even think that military do not look at social media data, the actual question for me is to which extend, and how, this data was used by the military, if it was ever.

Hoping that someone competent in the issue will take this topic on, I would love to understand this and know more about how the collectivity is being (or not) more reliable, fast and articulated than the military is in creating intelligence.

Kenya: one election, 7 phone services, 3 maps and some confusion!

We all knew it. We saw this coming in Haiti and talked about it in Egypt, when 5 Ushahidi maps popped out the day before the elections. But the Kenyan elections are somehow different, and the reason why they are, is that the possible outcome is indeed a civil unrest that could bring the country years back to 2007.

I have lived 3 years in Nairobi, and I have been working with journalists, media, technologists, mappers and so on. I admire and respect most of the organizations I will be mentioning in this blog posts, but still, there are some important questions that really need to be asked here.

Today is election day in Kenya, and a lot of organizations have been preparing for this day by setting up their own branded, advertised, funded and public electoral monitoring system.

Let’s have a look at them:

1. Uchaguzi. This is the well known Ushahidi project to monitor the elections in Kenya. Uchaguzi was used already 2 times, for the Constitutional referendum in 2010 and for the by-elections in February this year. Uchaguzi will be receiving SMS at the short code 3002 and also via social media #uchaguzi and via web forms, as well as via Android app and iPhone app.

Screen Shot 2013-03-03 at 9.16.11 PM

2. Voice of Mathare. This is a project from Map of Kibera Trust, monitoring only electoral events happening in Mathare. The project also has an SMS number 0726300400, and also has a web form to report to.

Screen Shot 2013-03-03 at 9.16.41 PM

3. Amani Kenya @108. This is a project from the National Steering Committee on peace building and conflict management, under the Ministry of state for provincial administration and internal security. The system will make use of the current District Peace Committees (DPCs), Peace Monitors and other relevant parties to gather crucial information from the field. Once information is gathered from various sources on the field, an analysis group will be able to analyze the information and to issue an indicator based Early Warning Report to the relevant parties for a response. Amani has its own short code for reporting on election related events, which is of course 108. In addition to this there is also a web form to report to on-line.

Screen Shot 2013-03-03 at 9.19.27 PM

4. The Independent Electoral and boundaries commission Whistle Blowing Portal, where people can report via web any issue competency of the Director Risk and Compliance
Independent Electoral and Boundaries Commission. They also have an election hotlines for issues, complaints or inquiries: 0711035606 / 0711035616

Screen Shot 2013-03-03 at 9.17.23 PM

5. SiSi Ni Amani. Sisi Ni Amani Kenya has worked with local peace groups to set up an SMS-based programming available to subscribers through USSD code *762#. Subscribers are able to dial in for free from any Safaricom line to subscribe and receive SMS from SNA-K. The project aims at looking at rumors spreading via SMS and have a team of “peace-keepers” on the ground responding timely to it by directly addressing the problem.

Screen Shot 2013-03-03 at 9.17.53 PM

6. And finally the actual formal national emergency services aka, Kenya Police: 0800 720002 and the ambulance service: 0700395395 or 0738395395, which also has a web-form reporting system.

Screen Shot 2013-03-03 at 9.31.27 PM

7. And lastly the Kenya National Commission on Human Rights toll free hotline for election monitoring: 0800721410

So, let’s be clear here: I am all for more transparency and for multiple channels of communication. Especially in emergencies, the more people are ready to respond, the better it is. Now, the problem is exactly this one: are all of these people really ready to respond?

I have been looking and reading all the pages of those organizations and what strikes me is that, apart from SiSi Ni Amani, which is a system that has been working for almost 3 years now, and it is not a reporting system really, but more a prevention tool; the Kenyan police, which I believe everyone knows what it does; and Amani 108, which is using a very predefined system of Peace Monitors, all the rest of the projects here have very vague explanations of what is that they will be doing with the information they want to collect. Will they respond? Will they have responders on the ground? Will they only monitor for the sake of transparency and accountability?

But other questions are really coming out from this picture is: DO WE REALLY NEED ALL OF THOSE PROJECTS??? Do we really need 3 maps, 7 phone numbers, and several web-forms? Is that really such a crazy bad idea to have one coordinated number/web-form that could then have in the back-end multiple responders and organizations working together?

I mean, seriously, what the hell should a Kenyan do today when something happens? Send 7 SMSs and compile a bunch of web-forms for each event they see? They should all go around with a list of the specific topics that they should report on and which platform they go to?

This would look like something like this: “If you are in Mathare send a report to 0726300400 and to 3002 and to 108, but only after you have alerted the police at 999 or 112. But if it is something related to human rights violations, and more in particular IDPs, then remember to also text 0800721410. If the issue is related to violations competency of the  Independent Electoral and Boundaries Commission then you should text 0711035606 / 0711035616, but if you get a rumor via mobile phone you probably should send a text to 8762 just in case SiSi Ni Amani is also working in your area. Oh, and by the way, keep safe and keep reporting to us. If you still have any credit in your mobile phone or if by the time you send us a message you did not ended up being killed!”

Now, I do know that coordination and partnerships are not easy things to do and set up, and that all of those organizations have been meeting on a regular basis before the elections. I also do know that they talk to each other and know what everyone else is doing. But on the other side I believe that the messages being sent out to the actual people that are supposed to benefit from those systems is vague, misleading and possibly dangerous. If technology is supposed to make our lives easier, than I am not sure we are really getting there.

Just a week ago GSMA launched their SMS Code of Conduct. I believe this document is still far from being complete and from addressing all the issues related to the use of SMSs during emergencies. But it is a great starting point, and a very necessary one. Looking at it though, I cannot not shake my head and think that there is still a long way to go from the “Code of Conduct” the piece of paper, to the reality of a Code of Conduct.

Some guidelines in that document COULD BE a good starting point for all of those Kenyan organizations and projects mentioned in this report are namely:

Screen Shot 2013-03-03 at 10.06.44 PM Screen Shot 2013-03-03 at 9.46.52 PM Screen Shot 2013-03-03 at 9.47.28 PM

The very first Humanitarian “Customer Calling Center”

Several weeks ago I had the fortune to meet with Fatuma Abdulahi, Communications Officer for Accountability for the Danish Refugee Council (DRC), the person behind the HIF project called “Piloting Accountability Systems for Humanitarian Aid in Somalia”, in partnership with UNICEF through the CDRD project (Community-Driven Recovery and Development). Also called “SMS Beneficiary Feedback”, the project is a quick and convenient way for Somali beneficiaries to give feedback about projects funded or services provided by the Danish Refugee Council using an SMS feedback system. The system enables beneficiaries to have a direct access to DRC and a voice in the decision-making process to allocate funds to local projects. It also helps DRC better monitor the effects of the projects on the ground (For more info see here).

I have been interested in accountability systems for Humanitarian organizations since long time and I blogger before about this very topic. This DRC project is the first project I have heard about (ever) that uses mobile technology and crisis mapping to create a completely transparent and direct communication system in between a humanitarian organization and its beneficiaries on the ground. And if this wasn’t enough, this project is taking place in Somalia, not exactly the safest place on earth.

The SMS Beneficiaries Feedback project is a very simple system that basically creates something that most NGOs and humanitarian agencies should have done and learned from the private sector: it creates a calling center for DRC beneficiaries in Somalia. Since the start of the project in September 2011, beneficiary SMS feedback has been implemented in 31 towns and villages in the North and East of Somalia. Now, the project is extended to a number of districts in Mogadishu from where hundreds of SMS’ are submitted every months (see here).

Since then Fatuma has been going around in Somalia basically talking to all those families and beneficiaries and explaining them the project and the possible outcomes of it.

The fact that she actually went to meet all of them in person respond to one of the first possible criticism against this project: managing expectations and deliver a clear message. The fact that beneficiaries can contact the aid organization in fact is always seen as possible disaster in terms of what they will expect once that direct channel is created.

For the past 2 years, every time I have been talking about the possibility to do something like this, the answer I got from aid organizations was that this would have let people think that once they communicate their needs, the aid organization had to respond by delivering what beneficiaries need or ask for. The nightmare of humanitarian organizations thinking about doing something like this, is the prospect of thousands of messages asking for more help, that would then become thousands of angry people that have seen their expectations deloused by overwhelmed aid agencies.

Fatuma did what is the most simple and easy way to do this: went to meet people in person and explained to them what they could expect and how – leveraging also on the fact the Somali society is based on an oral culture. She also explained to them something really simple: this is not a crowdsourcing/help line, this is a system to find out how and if beneficiaries of the DRC program are actually satisfied from the service provided to them and what can be done better.

The ways people can communicate with DRC is channeled in two ways: SMS and phone calls. So what happen next?

1. The first thing that happened is that all the messages are translated into English and channel to the right department/office inside the organization. Each message is reviewed and given an answer to. The speed of the answer depends of course on the readiness/speed of the relative office/officers inside DRC that can respond to that inquiry.

2. Once the relative person has provided an answer to the question/comment, Fatuma’s team delivers the answer directly to the person sending the information. This communication happen in 2 ways: they can send an SMS, if the information they have to deliver is appropriate to this mean (short and not sensitive) or they directly call the number that send the SMS/called. See here the workflow:

3. This all process is documented step by step on a Ushahidi platform, where all SMS are mapped and all responses/commentaries are showed.

The incredible part of this project is that the entire process is completely public and open: all messages and all answers are made public in the platform, including complains, no yet responded messages, appreciations messages and so on.

See here an example:

Another part of this project also provides the mapping of all the DRC projects in the area allowing everyone to brows the map, search for projects, and see what DRC is actually doing on the ground. See here:

Again, this is not just “dots on a map”: each mapped project had attached the financial and beneficiary report, where it is possible to monitor how much  money have been spent, where and from whom the money are coming from.

The reason why I love this project is that it is really showing not only that transparency and accountability is possible in humanitarian aid, but also that it is pretty simple and can be done avoiding to raise expectations with very simple technologies.

In addition to this, the system is also supported by a Flickr page, a Twitter account and a Blog. Again all messages (complains as well as compliments or appreciation messages) are shared on the Twitetr page, while it is possible to see the sites and the projects pictures on the Flickr page and to read stories from Somalia on the Blog.

The SMS system, based on a Galaxy Tab app to receive and send messages to the Ushahidi platform,  needs to be online to work. The system DRC is using, based on a Galaxy Tab app to receive and send messages to the Ushahidi platform that therefore needs to be online to work, could be improved by using a simple method like FrontlineSMS or, if the number of SMS is actually high and she envision the possibility to receive hundreds of SMS a day, to use something more robust like RapidSMS or Souktel.

What DRC could also to make this system faster and more sustainable in the long term would be to outsource or better crowdsource the translation and processing of the SMS by using, for example, students from the Universities in Somalia and giving them credits in exchange of this. DRC could also think about creating a Crowdflower account and have the entire translation process done by anonymous volunteers around the world – something that could be done only giving a closer look to the sensitivity of the information and the possibility to anonymize the sources.

This pilot project is an incredible project that should be looked at the first experiment in the field of transparency and accountability for humanitarian organizations and crisis mapping. The M&E of this project could be used to pave the path for more projects like this, and lessons learned from this project could be used by other organizations to follow the same route.

If I have to think about the lessons learned so far, after my discussion with Fatuma I would say that there is a lot to learn already:

1. Do not use technology to replace the in person dialog. Use it to support it.

2. Manage expectations with dialog and timely accurate information, not with silence.

3. Make sure that  a response mechanism is in place, so that people may not have what they want, but they feel they are being heard and they are having a dialogue.

4. Integrate all the system you have and you can possibly use: face to face, SMS, voice calls, social media. A combination of tools is also a combination of resources and people, and as such as a great potential.

5. Transparency in humanitarian aid is and will continue to be a fundamental factor that will not only make the difference in between successful and unsuccessful projects, but also in between sustainable and not sustainable relationships with beneficiaries on the ground.

Kudos to Fatuma, the DRC team and the Humanitarian Innovation Fund for this incredible project!

Integrating Local Media and ICTs into Humanitarian Response in Central African Republic

[This blog post os cross posted on the Ushahidi blog]

It is done. I have been dreaming about this project for the past 2 years and today, I am incredibly proud to announce the launch of the Internews Crisis Map for Central African Republic.

The “Integrating Local Media and ICTs into Humanitarian Response in CAR” project is a collaboration in between Internews, Ushahidi, the Association of Journalists for Human Rightsin Bangui and UNOCHA–RCA and funded by the Humanitarian Innovation Fund. This is an innovative system that comprises a bounded network of trusted local media organizations who gather real-time first-hand information from affected populations to create a two-way communication flow with humanitarians to improves emergency response, community participation and community resilience.

This new media and communications system aims at increasing the efficiency, transparency and accountability of humanitarian relief efforts and increase community resilience by leveraging the relationship that local media have with their communities while being strengthened in this task by technological solutions. If you want to read more about this project you can go here and here.

I am particularly proud to tell you all about the incredible (and yes most awesome awesomeness) customizations done by Robbie McKey to the Ushahidi platform we are launching today (yes yes, this will all be available on Github to be used, spread, and admired by everyone!). A big thanks to Patrick Meier as well for being so pro-active about this partnership and seeing the huge potential two years ago (together with Mark Frohardt).

So let’ start from the user interface functionalities: 

1. Printing Maps: the CAR map has a printing map functionality available for three different types of pages. The big map (which is our home page); the list of report page; and the single report page. The idea behind this customization is that you can print (or save as PDF) any report you like without having to copy and paste it manually. This also allows people to search for specific reports (like water needs in Bangui) and print the reports/save it.

2. Action needed/urgent and actionable plugin modification. This plugin was already created some time ago, but we tweeked it a bit. Now from the main home page, you can see only urgent reports, reports that needs to be addressed or reports that have been addressed already. This system has been developed with the ideas of allowing for a better organization in between humanitarian organizations responding to needs on the ground.

3. Low Bandwith version.  This is really not a modification that we have done but just a trick. Basically you can decide to brows the entire platform as a mobile version (even on your computer). This comes extremely useful for places like CAR, where the internet connection where available, is often very weak and cannot necessarily load the entire platform.

4. Offline Version. This is the most important piece of the puzzle: this Ushahidi deployment allows users to browse all the reports and see them offline. In the incoming weeks the functionality will be expanded to allow people to actually edit reports offline and then upload the content once they have connectivity back.

5. Information Evaluation. We have changed the information evaluation criteria according to the peculiarity of the project. Since we are working with humanitarian organization and radio stations, we have decided to use the only criteria that we normally use in the media world: direct source, indirect source, I don’t know. The same has been done for the probability of the information: confirmed, not confirmed, I don’t know.

We also changed the appearance of the platform and specifically:

1. Change time span for report visualization. When you go the home page of the platform you will see only the reports that have been inserted into the platform in the past 2 weeks. The reason behind this change is that we don’t want to end up with a super crowded platform – since this is supposed to be a long-term project – and we also want to make it easier for humanitarian organization to find the latest information on the map. By going to the TimeLine, people can always go back to the visualization of all reports inserted in the platform.

2. Possibility to set an icon/color for All Reports category. We ended up not using this, since we cannot find an icon that can work with all categories, but still we now can set up an icon and change the color of the All Report categories.

3. Big Map as the home page. We realized that we needed a bigger map on the home page but also that the map was our main way to add value to the feed of information that we are already collecting from the ground from radio stations. Having the Big Map as the home page we get rid of the report list, already available in the List of report page, and of the news feeds, that are now coming in only from the back end for the managers of the platform to decide what to do with it.

On the back end side we have done only one customization, but a very important one:

1. Editing information: this customization basically allows us to see who has modified what and when. The functionality that was there before was allowing admins to see when someone had opened one report from the back end and changed something. With this improved system, we can now see from a Log Report page, who has changed something but also what exactly – the field- was changed. This customization was specifically done to make sure that humanitarian organizations that have access to the platform and journalists can always monitor who is doing what and preserve the integrity of the information.

This platform is an incredible achievement, not only with respect to the technology customization, but also visi-a-vis the framework of the agile development methodology that we want to use in future innovative projects in humanitarian emergencies. The technology here is just the starting point and the base for the creation of something that is entirely customized around the users and in this way designed to respond to specific operational needs.

In the coming weeks we will continue working on the translation of the platform into French and to finish all the customizations (and making sure that everything is working). We will also gather feedback from the humanitarian community using the system in Central African Republic and will refine the customizations done to make sure that this is really going to become a tool that will support humanitarian organizations in their work in CAR, by providing them meaningful and actionable information coming directly from the affected communities. In September we will come back and assess what are the outcomes of this novel project are in terms of consequences for the local communities in CAR.

One thing is left to say here: KUDOS to the Internews team on the ground; to the Ushahidi team; to  the UNOCHA staff in Bangui; and of course to the Association of Journalists for Human Rights, who made this all possible with its incredible daily work, trying to bring better information to affected communities in one of the poorest countries in the world.

A post on terminology: get it right or shut up!

I know I am not the best and most diplomatic person ever ever when it comes to arguing about things that I know about. On the other side I am also a big fan of the theory that if you don’t know what you are talking about, then you better just not talk about it.

In the past year I have eyewitness a lot of conversations, blog posts, papers and so on, on Crisis Mapping, Crowdsourcing and related issues that were completely misleading, not because the statements or the ideas in it were wrong, but because the underlying definition that the authors had about the subject that they were addressing was fundamentally wrong.

For this reason I want this blog post to be a sort of Glossary, a kind of “check list” for people talking about specifically Crisis Mapping, Crisis Mappers, crowdsourcing and Ushahidi related issues, to be used when they want to write about it. This is not because I think I have the Truth, actually I am far from being an expert in this subject, but because if we want to continue having constructive conversations about sensitive topics like security, privacy, verification of information crowdsourcing projects and so on, we need to make sure that we are indeed clear on what we are talking about.


One of the most comment mistake done by several people is the one were methodologies, tools and groups of people/organizations are mixed together as if they indicate the same thing.

Let’s start from the very first definition according to the dictionary:

  1. Tool: a device used to implement, esp. one held in the hand, used to carry out a particular function.
  2. Methodology: a system of methods used in a particular area of study or activity
  3. People: human beings in general or considered collectively

An example of misleading discussions about this very issue is this new piece from the Satellite Sentinel Project (SSP) where Crisis Mappers (a group of people) seem to be necessarily associated with doing Crowdsourcing (a methodology) and indeed only using the Ushahidi platform (a tool). This association of thoughts crowdsourcing-crisismapping-ushahidi platform is very common, and the mistake done by the authors of this piece is not new – or a single case.

So let’s look closely at this problem.

When people talk about Ushahidi, they are indeed talking about a tool most of the time, but they get confused because the same Ushahidi word is also the name of an organization. What this means is that the specific tool in question can be used by different group of people, applied to different topics and used with different methodologies. Example: this Ushahidi platform used to collect data bout the best burger/fries in the US makes use of the crowdsourcing methodology, using a specific tool. The fact that they are using Ushahidi does not make this project a Crisis Mapping project, for example.

You can also use the Ushahidi platform but not do crowdsourcing and still do crisis mappig if your platform is used in the context of collecting, analyzing and displaying information in a crisis context.

On the other side they may be talking about Ushahidi Inc. the organization, and in this case they are talking about a non-profit software company that develops free and open source software. Ushahidi Inc. is indeed NOT responsible for all Ushahidi deployment around the world, as Bill Gates is not responsible for all the documents written using Microsoft Office Word.

So here there is the little “glossary” I promised you:

CRISISMAPPING (field):  Crisis Mapping is by definition a cross-disciplinary field. Crises can be financial, ecological, humanitarian, etc., but these crises all happen in time and space, and necessarily interact with social networks. We may thus want to learn how different fields such as health, environment, biology, etc., visualize and analyze large complex sets of data to detect and amplify or dampen specific patterns.

Crisis Mapping can be then described as the combination of the following 3 components: information collection, visualization and analysis. Of course, all these elements are within the context of a dynamic, interactive map. So it is possible to use the following taxonomy:

  1. Crisis Map Sourcing
  2. Crisis Map Visualization
  3. Crisis Map Analysis
What it is extremely important to notice here is that crisis mapping is NOT necessarily related to the use of technology – meaning you can do crisis mapping without necessarily using social media sources for example – and also crisis mapping is NOT necessarily related to the use of the crowdsourcing methodology – you can map data is collected through representative sampling for example. All in all crisis mapping is a way to visualized information in an interactive map providing in this way an analytical temporal and spacial dimension to the information itself.

CROWDSOURCING (methodology): Crowdsourcing is a distributed problem-solving and production model. In the classic use of the term, problems are broadcast to an unknown group of solvers in the form of an open call for solutions. Users—also known as the crowd—submit solutions. Solutions are then owned by the entity that broadcast the problem in the first place—the crowdsourcer. The contributor of the solution is, in some cases, compensated either monetarily, with prizes, or with recognition.

The term is nowadays also used to indicate collaborative problem solving or collaborative and distributive activities, which do not necessarily comes from a direct open call to solve a problem. Media monitoring for example, collecting information form social media like twitter and facebook, can be called passive crowdsourcing – meaning that the crowd is not necessarily answering to a call, but the crowdsourcerer still is collecting and aggregating all the information to crete a collective picture of an event.

The important thing to know here is that crowdsourcing is NOT necessarily related to the use of new technologies: you can crowdsource information using a letter box, a normal phone, a black board, or any other tool you want. This means that using social media is not necessarily crowdsourcing. Also crowdsourcing can be applied to crisis mapping but also not: I can crowdsource information and then displayed them on an interactive map (crowdsourcing information for a crisis mapping project), or I can crowdsourced information and compile a nice spreadsheet with all the information collected (crowdsourcing for something for information collection – not crisis mapping).

CRISIS MAPPERS (group of people): The International Network of Crisis Mappers is the largest and most active international community of experts, practitioners, policymakers, technologists, researchers, journalists, scholars, hackers and skilled volunteers engaged at the intersection between humanitarian crises, technology and crisis mapping. The Crisis Mappers Network was launched by 100 Crisis Mappers at the first International Conference on Crisis Mapping in 2009. The website used by the community has since been accessed from 191 different countries. As the world’s premier crisis mapping forum, the Network catalyzes communication and collaboration between and among crisis mappers with the purpose of advancing the study and application of crisis mapping worldwide.

On the other side, people doing crisis mapping projects are by definition crisis mappers, even if they are not part of the International Network of Crisis Mappers. The Crisis Mappers network is NOT an organization in the legal term, and does not “deploy” projects; it does not have funders  and does not act as a unique homogenous hierarchal group. All crisis mappers around the world may not even know they are doing crisis mapping and that they are indeed crisis mappers.

USHAHIDI (an organization and a tool): Ushahidi, Inc. is a non-profit software company that develops free and open source software (LGPL) for information collection, visualization and interactive mapping. Ushahidi offers products that enable local observers/selected monitors to submit reports using their mobile phones or the internet, while simultaneously creating a temporal and geospatial archive of events. Some of those productos are: the Ushahidi platform, Crowdmap, Swiftriver and SMSsync. Ushahidi – the platform – can be use in crowdsourcing (methology) projects and in crisis mapping (field) projects, but those are just two examples of a very vast and diversified typology of applications.

Important to notice here is the fact that the Ushahidi platform is not (and repeat to make sure IS NOT) the only platform exiting on earth that can be used to do crisis mapping projects or for crowdsourcing. Examples of other platforms that can be used to do crisis mapping are for example, the Sudan Satellite Sentinel Project (SSP), Citivox, Development Seeds (organization that creates customized maps), and so on. Also Ushahidi is NOT a crowdsorcing platform, but a platform that can – or not- be used to do crowdsourcing.

To conclude: there are a lot of discussions going on about crisis mapping and security issues, as well as about crowdsourcing and the use of the Ushahidi platform, or crowdsourcing and data protection. I think that the more we talk about it, the better is it; but it is necessary that we start understanding what we talk about, otherwise arguments and positions that have a value, immediately loose it, because they are based on wrong assumptions. All in all the lesson learned is: do your homework!

Crisis Mapping and Cybersecurity – Part III: security is knowledge

In the discussion we had at ICCM on crisis mapping security, we discussed about what are the scenarios where we can see the issue of security arising for a crisis mapping project.

According to me those are 4:

  1. The case of a repressive regime, where the people managing the project are either activists or related to activists
  2. The case of a repressive regime where the people managing the project are not activists or are so called “improvised activists”
  3. The case of a humanitarian emergency where there are security concerns related to either the presence of militias or a repressive regime
  4. The case of a humanitarian emergency in general, where security is very much linked to the delivery of humanitarian aid and the do not harm principle (which indeed should inform also all the other cases).

Case 1 – repressive regime and activism

This was the example I talked about in my previous blog post. In this case the security issues that arise are very much not linked to the protection of the people managing the project, since they normally know the risks and are willing to take them. As much as we are sure they are informed about all the possibilities, it is ultimately their call to decide what to do and how. There is indeed a very important issue to be faced here: when the activists involved other people in the project, what is the knowledge that is shared with those others about the possible risks.?. The example that can be made here is Tahrir Square: the Egyptians that organized the first demonstrations were activists, a lot of them with a history or arrests, tortures and so on. But after a while a lot of ” common citizens” joined the demonstrations:  what was their knowledge of the risks? How much of an informed decision was the one they took?

All in all I think that there are 2 important things to keep in mind when approaching a case like this one:

  1. Activists normally make informed decisions and know the risks much better than we do. We have no right to decide for them if something is worth it or not. I come from a family where my father spent 5 years in jail to fight against a repressive regime; I would never dare to think that he did because he did not know, indeed he did because he did know and he decide to accept the risk.
  2. The crowd, if we want to call it, may be getting into the process not knowing what the risks are. There is no way for us to prevent this apart from spreading as much as possible the knowledge about cybersecurity. And with spreading I mean produce documentation, use simple language, have software companies and online networks do education and informing people about what is that they are using and what the vulnerabilities are. Information is here more important than food and water.

Case 2: repressive regime and “improvised activists”

I have worked on a case like this some time ago, where the people involved in the project wanted to do a crisis mapping deployment under a very repressive regime and they had 0 or little knowledge of the environment they were acting under. Since we were providing support from abroad, we had to use our knowledge to inform them. All in all the big lesson learned here was that our knowledge of the situation was not enough, and the risk for them was too high. We got under incredible stress, they got very scared and the deployment was closed. The risks that all of us and them run into was really high and we realized that there was no way for us to understand better the situation since we were not there, and for them to learn in such a short time frame without risking to be killed, tortured or worst. In those cases my take away is that BEFoRe you get the knowledge and after that u deploy. There is not such a. Thing as a learning as u do in those cases, because the risks are too high.

Case 3: repressive regime/militias and humanitarian emergency

This was the case of our deployment in Pakistan and Libya. This is a very complicated situation since we are talking about several actors, with several degrees of risks associated with each factor, and different possible outcomes depending on the actor, the beneficiary and the issue. I still think it is very complicated to draw lessons from those kind of situations since it really depends on the cases. In addition to this, the issue here is very much linked to the concept of open data and privacy and how you do provide useful information to both humanitarians and affected communities while making sure that you do not endanger them and respect the do not harm principle.

Those type of deployments are the one that will have to be extremely carefully evaluated, using local or trusted networks, doing a careful risk assessment for each actor involved and making sure that links and connections with key actors are in place. My 2 cents on those type of deployments are the following:

  1. Treat different actors indifferent ways: not all information is sensitive or useful for everyone, so create different channels, protect them accordingly and deliver different information to different people
  2. No information does not mean no risks. Not knowing can be as deadly as to give the wrong information to the wrong person, so let’s now panic, but instead find ways to make sure the information flows are built in a way that allows vital information to get to the right people
  3. Do a very careful assessment of what information people in the ground – being humanitarians, local population or the bad people – have or do not have already, what their information channels are and how they use it. People rely on what they know to gather and get information out, and if you know they channels, you know their possibilities.

Case 4: humanitarian emergency and the do not harm principle

In a recent working group in Geneva, a representatives of ICRC did a very good presentation about the DO NOT HARM principle and how we could apply it to crisis mapping. I think that this is a great starting point – learn from who is mastering it – and I gave a lot of thought to it lately.

In the SBTF for example we have already designed our code of conduct on the base of the ICRC code of conduct, but the issue he goes more inept into the actual implementation of the framework when it comes to applying to the do not harm principle. In this regard the SBTF has already started a discussion about how to use this better and u will soon see some results of those discussions in our blog. The main important thing here is that the DO NOT HARM principle is and should be always the main thing to keep in mind when doing a crisis mapping deployment, especially if there is communication with disaster affect communities involved.

On the other side I am intrigued by how can we make sure we always act under this framework when lots of times we know we do not know. The real risk here is that, since we do not really know all the actual implications of all the crisis mapping deployments, since this field is still growing and developing, how do we make sure that we balance the DNH principle with the urgency to do something, and with the actual benefit of a crisis mapping deployment? The more I think about it, the more it looks to me like a cat eating its own tail: should we not doing anything because the risks to harm are too high, or should we try, knowing that the more we try the more we risk, but also that the more we try the more we learn?

In those kind of situation there are also the so called secondary effects to take into accounts. In fact, while there are risks associated with publishing reports from people on the ground for example, or in making certain information publicly available, there are also other risks that may be associated with those factors that we do not take into consideration. One example may be the fact that, if the crisis mapping deployment is available on line, a repressive regime may be tempted to block the Internet, and in this case also endangering a lot of other situations/ humanitarian operations that need the Internet to work effectively. Another example can also be that, if the crisis mapping deployment is collecting information via. SMS, or social network, the groups in the populations that do not have access to those means may be cut out of the system, and their problems or needs may be completely missed or underestimated because they are not able to express them via those means. Secondary effects can be multiple and various, and it is extremely difficult to understand when and where they are taking place and what to do to avoid them.

In conclusion: I am sorry if readers did not find very good answers in this blog post. The intention is indeed not to give answers but to continue talking about the issue, hoping that a constructive debate could lead to some interesting discussions on real solutions. As final point, I would like to highlight that there is no advantage in the endless battle in between Muggles and Crowdsourceres on the security issue if this battle is only framed as a black and white battle.

The issue of security is there and will always be. Practice and constructive debate on the practical implementation of cybersecurity measures is according to me the only way to face this debate. We can’t go back, we cannot prevent people from using crisismapping in repressive regime environments or in humanitarian crisis. But we can inform them, we can share lessons learned and make as open as possible our failures and our knowledge. Free open source knowledge about security is the best weapon we have to avoid others, and ourselves, making the same mistakes and endanger others in those situation. I am happy to do that, so if you want to do a crisis mapping deployment in one of those situation, feel free to shoot me an email. I may not have all the answers, but I will be happy to share what I have learned ..for free. 🙂

Managing expectations..or hiding responsabilities?

At ICCM 2011 we could not miss the usual conversation about “rising expectations” in the local populations when doing a crisis mapping deployment. I have already said that, but I will repeat it here, since it seems a very difficult concept to understand: rising expectations is not an issue that is proper or specifically linked to Crisis Mapping. Rising expectation is linked to any humanitarian crisis, to any action taken in those cases and not only to humanitarians but to all subjects acting in environments where the local population is treated as a “receiver” rather than an active actor.

Now the real issue is that there is no way not to rise expectations, since I believe that expectations will always be there. What can be done, on the contrary, is to minimize those expectations by providing timely and reliable information and by being entirely honest about the purposes of the actions taken. I will use a practical example for this.

In April of this year I went to do an information need assessment in Central African Republic. My goal was to go in one of the villages where there are several refugee camps and IDPs camps and see what information they did have or not have, to better inform the local radio stations about it. In almost all the interviews that I have done, I was explaining at the beginning that the organization I worked for, was not there to deliver any aid, but to gather information and then work with local media. Despite the fact that I was taking some time to explain this, and the fact that I had a translator all the time to make sure that the info was passed in a very clear way, when I was asking questions about what information do the local population needed, the answer was always: “I need to go home, I need more food, I need a blanket”. In almost all the interviews I did, it took me almost 20 minutes of listening to all the things that the interviewed person need before I was able to talk about information needs. My boss explained it very well with another example: he went to do an assessment in Chad and asked to the refugees there “What would u like to listen to the radio if there was one?” and the answer was “that I can come back home”.

So to cut a long story short – I could give you another million examples of how expectation will rise no matter what you do or say.

The point here is simple: since expectations will be there anyway, people needs to be as informed as possible to minimize misunderstandings and people doing crisis mapping project need to be realistic and honest about their actual possibilities. Simple as it is, we need to learn from the past and current mistakes of the humanitarian community, to be honest.

Three things needs to happen according to me.

1. One is to spread as much as possible information about how do you communicate with disaster affected communities, how do you inform them about the actual possibilities of your project in terms of connection with the humanitarians. In Pakistan for example, we ask the local population to report what they were seeing around them, and not their needs, and we also actively send information out about the fact that we were not in the situation of knowing if the humanitarian community was using our information. Could we have done better? Yes we could, since you can always do better but at least we tried and we were really honest upfront about our goal and out possible outcomes.

My lessons learned in this years as related to this problem are:
– If you want people to send you information make clear what you will do with that info
– If you do not have contact with humanitarians or you are not a humanitarian organization, make that clear too
– Use radios, Internet, leaflets, posters, word of mouth to spread the voice as much as possible about the fact that U DO NoT HAVE the possibility to respond to the needs identified ( if you indeed not not have this possibility)
– Use a language that is not only comprehensible to the local population, but also a phrasing that leave no doubts, for as much as u can, about the fact that u do not have the possibility to respond.

2. The second thing that needs to happen is that we need to stop thinking that people that before the crisis were doctors, farmers, mothers and fathers, teachers, after a disaster or during an emergency will become suddenly retarded. I am well aware of the psychological consequences of being affected by displacement, war, natural disasters and so on, and I am not minimizing such effects on affected populations. What I am criticizing here is the victimizing stereotype that we attach indiscriminately to all affected communities at all times in favor of the “we need to protect them” approach. Protection of victimization are two very distinct issues, and we should not confuse them or use them as interchangeable.

Too many times the approach of who is calling for the “not rising expectations” seems to ignore the autonomous capacity of affected communities to understand and make decisions when they are well informed about what is going on. More or less the same way that lots of people talking about empowering communities to be resilient ignore local coping mechanisms. I believe effective communication can play a very important role on the expectations issue, but not only that: I believe there is an underlying thought in both the humanitarian community, and the crisis mapping community sometimes, that makes us confuse “protection” with not giving information to affected communities in the name of their inabilities to understand what is going on or to act logically as a consequence.

3. The third issue, and one of the most important according to me, is the one linked to accountability.

Let’ s do another example that I really find appropriate here. If tomorrow something happen, let’s say in New Orleans. If I am a journalist, then I decide to go there, and ask a lot of questions, do investigations, ask people what is going on and why. Some of those people will think that, since the media are there, and they will be reporting, and since a journalist is going to make this public, someone will respond to the government for example. Now in this case, the very act of journalists being there, even if people know that the journalists will not respond, is rising expectations, isn’t it?

The problem here is not rising expectations clearly. The problem is that we are talking about accountability of the humanitarian community, or responders in general, with respect to their work and the way humanitarian aid – or political decision, – are implemented. The existence of mechanisms where affected communities are allowed to express their views and their opinions about the way humanitarian relief is provided, is scarring for the humanitarian community because there are not a lot of existing used mechanisms to call for accountability in this sector.

In this sense crisis mapping is an uncomfortable and undesired approach most of the times, and this unease is masqueraded often as “need to protect” or “need to manage expectations”. The truth is that the is a need for more accountability systems in the humanitarian world that allow not only for external M&E, but that incorporate the opinion and the vision of affected communities as fundamental part of the evaluation of the humanitarian work. Taking into consideration all possible variables, from cultural perspective to different roles and duties, and to mandates, the inclusion of the affected communities’ opinion is and can be a winning key point for the humanitarian world. Often in fact, problems and issues arising from the delivery of humanitarian aid are related to the absence or the lack of cooperation from affected communities themselves in the process, or from their inability to understand the mechanisms behind it. A better informed and knowledgable “client”, if we want to call it this way, means that the work of the humanitarian community itself will be easier and smoother, and that also responsibilities will be clear to everybody.

I am well aware that this is a generalization of the humanitarian community and of the approach to humanitarian aid, since there are efforts going on to involve and incorporate the opinion of the affected communities in the evaluation of the aid system, but still the is a lot to do. Until affected communities will be kept under the umbrella of the “protection” paradigm, and therefore will not be fully informed about what is going on around them during an emergency, expectations will be rised, independently from the existence or not of a crisis mapping project. But saying that doing a crisis mapping project and asking people to report what their needs are during an emergency, is like to have a 911 number with no one answering to it, is simply too much of a simplicities way to approach the issue, that will always make me doubt that behind this statement there is a deep fear that letting people speak will highlight responsibilities and mistakes of the humanitarian community that otherwise will be be kept hidden.

Crisis Mapping and Cybersecurity – Part II: Risk Assessment

This blog expresses only my personal views, and not the one of any organization or institution I have worked or currently work for.

I have a background in human rights and humanitarian affairs, and in those fields you do something that I realized was not that common in the ICT world – or maybe it is just under reported – that is called risk assessment. How does a risk assessment look like?

There are several components to the matrix: there is the risk, the source (sometimes), the likelihood, the mitigation tool/measure and (sometimes) the independent variables. I truly believe that this matrix can help in understanding what are the things that we should focus our attention on and what are the things that we cannot change or we should just ignore. The very key factor in the use of this matrix though does not lie in the matrix, but in whom is filling it.

Here is a couple of examples of simple matrix for risk assessments:

This is exactly the same matrix that we used for the U-Shahid project in Egypt and while I was the one that proposed to use it, I didn’t fill it: the people that fill it where the Egyptian activists that had a very deep knowledge or all those factors, due to their experience. If I would have fill it, the outcome would have been very different, since my ideas on the possible risks associated with this project were very different.

Here an example of how we used this matrix.

  1. First step was to identify the source of risks: in the Egyptian case the source was very easy to identify since it was only one, the Egyptian government and it’s national security. We also identifies an additional source of threat that could have been the Muslim Brotherhood, but since they came to our training to learn how to use the system, we decided that they were not going to be a bit threat: after all they have been discriminated against several times and they are not allowed to participate in the election, so we realized that they also had an interest in the project.
  2. Second step was to list all the possible risks and to associate them with a degree of likelihood from 1 to 10 and design mitigation systems. We came out with the following matrix:

A. Hardware:

  Get the computers where the Flsms software was hosted: DL= 8

We set up what I call the FLSMS mobile system. Here mobile stands for “that moves” and not for mobile phones. Basically we realized that the likelihood of those computers to get caught by the national security was to find them when they were getting online to send data to the Ushahidi system. For this reason we decided that all the people managing the FLSMS system had NoT to do that from their home, but instead from an Internet point. But since an Internet point can be found over the course of 12 hours (election day) we decided that the team responsible for using this system was going to move from Internet point to Internet point every 1 hour / 1 hour an a half. In addition to this, the messages were sent to the Ushahidi platform once in all every time the person managing the software was moving to another Internet point.

The second problem, related to the fact that the sim card could have been indent infield thanks to the IMEI number, the sim cards for the system were bought by the organization and registered all under the same name (yes that was a risk that the organization was taking, but they decided that it was better to have the risk on the organization than on individuals).

  Get to the server: DL= 5

The server was hosted abroad and accessed remotely. In addition to that, several copies of the databases were done and  distributed in different other servers. The main server had an automatic backup done every hour and it was encrypted.

B. System:

  Block the SMS number (in and out): DL = 9

This was one of the risks we knew we could do less. We had a public number that we had to advertise since the project was based on crowd sourcing methodology and the number was registered, as it was obligatory in the country. We decided to have other 5 numbers available and already working, that were registered as personal numbers of some of the less known people participating in the project (but swapped in between them). Those numbers were divided like this: one was used by the monitors, one by the NGOs involved in the project, one was used by the known network of the people that the organizers knew and that were also reporting (and they were sharing it with their trusted network). The other 2 were backups numbers.

  Block the website: DL= 9

We created several mirror websites, and we bought under several names all the similar domains that we could use to replace the main one.

  Infiltrate the platform: DL= 9

The high likelihood of this variable is due to the fact that we knew that the government was easily able to arrest the organizers and torture them to get the password to the system. For this reason we decided that it was not worth it to try to get any super hardcore security system, also because this could have meant for people to be killed if not able to access the system for the repressive regime security people. Some decided that the main thing for us was not to prevent them to access the system, but to make sure that if they did they could not destroy the information contained in there or get to the identity of the people working on it. So what we did was to create a system where we could monitor what each recorded person was doing inside the platform and allowed only the editorial board to be able to delete informations or change settings.

The only 2 people that had access to the database containing all the details of the SMS coming for example were 1 tech person inside the country and 1 tech person outside. All the back ups where handle by the person outside the country and the tech person inside the country had no access to it – this information, the fact that the tech guy was not able to access info from inside the country, was shared broadly on channels that we knew were controlled by the national security.

  Falsify informations DL= 10

We realized that there was little we could do prevent this. Some decided to ignore this issue by relying on the fact that the numbers would have played in our favor. In fact several tentatives to send in false informations were done and always detected. In addition to this, we had a very strong verification system that was verifying information one by one and was only flagging as verified information that were supported by several independent known sources, or by multimedia that we’re undoubtedly showing what was reported. In addition to this we were encouraging people to use the SMS alert system of the Ushahidi platform of that if something was being reported in their area, they could go and verify it.

C. People:

   Arrest all the participants: DL= 5

To try to avoid this possibility we wanted to keep the identity of the people working on the project hidden. Unfortunately this was not possible, since the national security pretended to have the list of all the people working on this project. Since any measure to prevent them from arresting the participants was completely unless we decided to do 2 things: the first one was that all participants were well aware about the fact that their contact information were in the hand of the ns. The second one was to ask to all of them to move as much as possible during the election day, to avoid an easy identification of their location. The third one was to create an arrest protocol (see below).

   Arrest of the activists managing the projects (editorial board): DL= 9

This was the most likely hung to happen, as all the activists had been already arrested before and where all well known by the NS for this project. To them we applied the same arrest protocol. In addition to this we set up an external team, based in another country. In the case all the participants were arrested, the entire system could be taken over and managed by a team of people, trained in the previous months, and that was unreadable by the national security of the country. In this way, the information could still come in from the country, but the processing was “outsourced” to a foreign team (key for this was the trust already present in between the two groups).

   Close the organization managing the project DL= 5

For this eventuality we had already set up a chain of international organizations (human rights watchdogs) that could at least use their international power to put pressure on the gov’t in case of the closure of the organization. In addition to this, the organization keeps constant contact with the national security and responded to all their inquiries about the project, including giving them all the information requested (sometimes written in such a way that was impossible to understand what we were doing for example).

   Intimidate the participants to the project DL= 10

This was something that was already happening during the design phase of the project. To avoid bad things to happen, we were always sure that the organizers – especially the less known once, and so the most vulnerable – were never alone and always in busy areas when outside.

   Intimidate the people sending in informations DL= 7

This eventuality was agin something that we could not avoid easily. For this reason, we were making very clear, even in the advertisement of the project was we the possibilities, how the government could reach out to people and how it could trace them. In addition to this we did training for free to people on how to use social media, mobile and Internet security and to do video and pictures with their phones without being caught.

In addition to this we had an arrest protocol in place. The arrest protocol was design by asking to the people that had been arrested before to describe exactly how the arrests happened. The main thing for us was to let everyone else know if someone was arrested, for two reasons: to allow action to be taken immediately, like call a lawyer, and to allow the rest of the team to take actions in order to avoid to be arrested or to stop working on the project.

The phases that we identified for the arrests were:

  1. Police arrive.
  2. If person to be arrested in the house possibly ring the bell or open the door directly
  3. If person to be arrested outside simply get the person
  4. In both cases ask/take their mobile phone and computer

On this premises we realized that our chance to get the information out, especially if the person was arrested while alone, so with no witnesses, was to allow for them to send an SMS out. The way we did that was really simple: we ask everyone to set up a direct SMS already written in their phone linked to the keyboard ( something as simple as to set up a button in the phone that automatically bring you to the message already written). The time necessary to send the SMS out was as short as two clicks on the same button: one to get to the SMS already written, one to send it to 10 predefined numbers. Simple as it is.

This deployment was particular for several reasons. The first one was that we knew that we could not prevent the gov’ t from doing certain things, like arrest us, or get into the system, so instead of trying to prevent them from doing it, we try to mitigate the effects.

The second one was that the people involved were activists, so people that were taking a certain amount of risk, knowing it, and we’re ok with that since they were willing to risk to achieve their goals.

For those 2 reasons our security protocols were focusing more on mitigation measures for the EFFECTS and not on preventing the act from actually happen.

In addition to this, we knew were well that there was no way we could control or mitigate all the risks, so for those ones, we decided to create system where the act was at least going to be known by others, as to allow other measures to be taken.