digital rights – Niel Harper

New ISACA Research: 63 Percent of Privacy Professionals Find Their Jobs More Stressful Now Than Five Years Ago

January 23, 2025nielharper

The ISACA State of Privacy 2025 survey report, which gathered responses from over 1,600 privacy professionals globally, revealed that 63% of these professionals find their roles more stressful than they were five years ago, with 34% reporting a significant increase in stress levels. The primary sources of stress identified in the survey were the rapid pace of technological advancements (63%), difficulties with compliance (61%), and a lack of resources (59%).

“In an increasingly complex international regulatory environment, often with lacklustre resources, it is understandable that many privacy professionals are feeling strain from their efforts to stay compliant and keep their organizations’ data safe. Addressing these challenges and getting practitioners the support they need will be vital to not only ensure a healthy privacy workforce, but also to maintain data integrity and security, and avoid potential harm to data subjects.” I made these comments via BusinessWire on the report to emphasize not only the challenges associated with implementing privacy programs, but also the importance of organizations demonstrating their commitment to data governance, data ethics, privacy rights, and overall digital trust.

With AI, the privacy landscape has changed dramatically, including the regulatory burdens for companies. Continued leadership in the boardroom, at the executive level, as well as embedding privacy principles in organizational values is integral to nurturing the trust relationship between enterprises, their customers, and society at large.

Caribbean telecoms operators seek to deepen their monopoly strangleholds

June 24, 2023August 6, 2023nielharper

This past Friday, Caribbean telecommunications operators held a meeting in Miami to fine tune their strategy to have Big Tech companies contribute financially to regional telecoms network infrastructure. Hosted by the Caribbean Telecommunications Union (CTU), and taking a similar perspective to the “fair share” proposal currently being debated in the European Union, regional network operators are arguing that over-the-top (OTT) service providers such as Meta (Facebook, Instagram and WhatsApp), Alphabet (Google), TikTok, Netflix, Amazon and Microsoft are responsible for 67 per cent of the total Internet traffic in the Caribbean, but make no contributions or investments toward local delivery networks. Moreover, they further asserted that a market failure is occurring with resultant stalled revenues for telcos, and limited prospects for future growth.

This “fair share” argument is literally reviving antiquated telecoms regulations from the era of the public switched telephone network (PSTN) and circuit switched networks. There is no evidence that a real problem or market failure exists in the Caribbean telecoms sector and there has been no credible evidence warranting the introduction of network fees. I challenge Caribbean network operators to provide conclusive data that shows their networks are over capacity, and that they are financially incapable of investing in their own infrastructure, especially when we consider that consumers are already paying for the use and improvement of their networks (Caribbean consumers are currently subjected to some of the highest mobile data costs in the world) – Hence ISPs effectively want to charge twice for the same infrastructure. The Internet has proven its ability to cope with increasing traffic volumes, changes in demand patterns, technology, business models, as well as in the (relative) market power between market players. These developments are reflected in the Internet Protocol (IP) interconnection mechanisms governing the Internet which evolved without a need for regulatory intervention. There are multiple ways to finance network investments that don’t result in irreparable harm to the Internet’s technical architecture, the rights of consumers, and the overall Internet economy (e.g., joint ventures, private investors, spinning off segments into separate companies and seeking limited financing, special purpose vehicles based on public infrastructure funds, etc.).

From a technical standpoint, the Internet is based on different networks negotiating simple connection agreements between each other, based on interoperable technical standards. What Caribbean telcos will more than likely achieve – similar to their European counterparts – is where consumers will be restricted to only accessing content and services that are subject to agreements between ISPs and OTTs, and the quality and conditions of the content delivery will also be subject to the negotiated commercial arrangements. The technical danger of requiring network fees will invalidate the global and open Internet model for permissionless innovation and can lead to a highly fragmented Internet. It is a terrible policy suggestion for our region, and for the Internet as a whole, to suggest ‘rules’ that seek to artificially regulate how IP networks are managed.

This proposal also presents a rights-based threat to Internet users across the Caribbean. One of the most sacrosanct rules of the Internet is ‘net neutrality’, which is that Internet service providers (ISPs) must enable access to all content and applications regardless of the source, and without favouring or blocking specific websites or services. Given that ISPs also own what is known as the “last mile” (the physical connectivity to our homes), they can filter what content or services we are able to access, as well as determine the quality of our access. They can do so by blocking content, throttling network performance, and by introducing prolonged congestion that affects consumers negatively […].

The full article can be found on the CircleID website.

Would love to hear your thoughts on this important topic!

Regulating AI Tech is No Longer an Option: It’s a Must!

April 9, 2023April 29, 2023nielharper

“Responsible, ethical use of AI is the key. From a corporate perspective, business leaders need to articulate why they are planning to use AI and how it will benefit individuals. Companies should develop policies and standards for monitoring algorithms and enhancing data governance and be transparent with the results of AI algorithms. Corporate leadership should establish and define company values and AI guidelines, creating frameworks for determining acceptable uses of AI technologies.

Achieving the delicate balance between innovation and human-centered design is the optimal approach for developing responsible technology and guaranteeing that AI delivers on its promise for this and future generations. Discussions of the risks and harms of artificial intelligence should always be front and center, so leaders can find solutions to deliver the technology with human, social and economic benefits as core underlying principles.”

I recently wrote a short piece on the ISACA Now Blog explaining why a robust framework of laws and regulations are needed for the potential of “AI” to be truly realised.

Check it out and let me know your thoughts!

Digital ID Explained: Pros, Cons, and “Should I get the Trident ID card?”

March 7, 2023January 28, 2024nielharper

PURPOSE

I continue to receive countless questions from various walks of Bajan society about the Trident ID card and the national digital ID program. This is stark evidence that the Government of Barbados HAS NOT done an adequate and effective job of alleviating the concerns of the public. As such, I wanted to clarify once and for all the pros and cons of digital ID systems, and answer the million dollar question I am repeatedly asked, “Should I get the Trident ID card?”

INTRODUCTION

Digital identity (ID) has become the topic of the moment in Barbados, given the government’s poor implementation, failure to address the fears and anxieties of the public, and generally ineffectual communication to the average person on the street as to why they need digital ID and what value it will bring to their lives. The government has set out to provide a single digital identity to all residents/citizens through the collection, storage, and use of their biographic data (e.g., name, address, date of birth, gender, national registration number, etc.) and possibly their biometrics (e.g., fingerprints, iris scans, facial scans, etc.) as the primary means of establishing and verifying their identity. They will achieve this through a legally mandated, centralised national digital ID system.

Governments, international organizations, and multilateral banks (e.g., International Monetary Fund, World Bank, etc.) argue that digital ID systems provide benefits such as more effective and efficient delivery of government services; poverty reduction and welfare programs; financial inclusion through better access to banking and other products/services; minimise corruption; and preservation of national security interests. Multilateral banks are providing significant funding to developing countries to implement digital ID. In some cases, they’re even making the implementation of digital ID systems a ‘condition’ of loan agreements.

Critics maintain that digital ID systems may actually not guarantee more effective access to social and economic benefits, enhance service delivery, or improve governance, while at the same time, they raise serious issues, including worries about how they are developed and managed; social exclusion and discrimination; privacy and data protection; cybersecurity; and major risks for human rights. With regards to human rights, they threaten the right to privacy, freedom of movement, freedom of expression, and other protected rights. Additionally, since they usually involve the creation and maintenance of centralised databases of sensitive personal data, they are also prone to breaches by hackers or abuse/misuse by government institutions. These issues may lead to digital IDs becoming widespread tools for identification, surveillance, persecution, discrimination, and control, especially where identities are linked to biometrics and made mandatory.

For a more detailed explanation of both sides of the debate, please see below the PROS and CONS related to digital ID systems.

PROS

Easier access to services: digital ID systems can enable more efficient digital transformation across the local economy and increase Barbados’ participation in the global digital economy, especially given that many transactions – local and international – require personal identification. With Barbadians presented with less obstacles to prove their identity, commercial activities (including e-commerce) and government services (including e-government) become more accessible and effective.

Faster and cheaper transactions: the use of digital ID can allow for reductions in costs and response times, resulting in speedier execution, less red tape, and the availability of more responsive and relevant services. The quickness and trust with which a person’s identification can be verified allows for cheaper and more efficient interactions for all involved.

Fraud reduction: digital ID systems can offer several benefits in terms of online security, thus reducing the occurrence of online scams, fraud, and personal data breaches. A number of countries that have implemented digital ID have experienced significant decreases in fraud, saving them tens and even hundreds of millions of dollars.

The graphic below outlines several ways in which digital ID can be used based on the roles played by organizations and individuals (Source: McKinsey).

The four (4) main areas of direct economic value for individuals have been identified as increased access to financial services, improved employment opportunities, greater agricultural productivity, and time savings. The five (5) highest sources of value for institutions – both the private and public sectors – are cost savings, fraud prevention, increased revenues from goods and services, improved employee productivity, and higher tax revenues.

CONS

Privacy and security: digital ID systems process billions of data points of our private information, regularly without our consent or knowledge. This information can include biographic details (NGN, date of birth, gender), biometrics (facial recognition, iris scans, fingerprints), banking and transactional data, and location-based info when digital ID is used for example in public transportation (the government has expressed plans to use the Trident ID for cashless payments on buses). The centralisation of so much data, excessive sharing of personal data without user consent, inability to control your personal data, exposure to cyber attacks and data breaches, and in worst case scenarios – mass surveillance by corporations and governments – are all issues which show the potential negative impact of digital ID.

Discrimination, biases and exclusion: the Barbados Digital Identity Act has a number of clauses which generate concerns about discrimination and exclusion. The Act states in several places that the digital ID will be required for persons to be added to the register of voters, to vote in elections, to access public and private services, and to obtain a driver’s license. There are no provisions in the Act for mandatory accessibility features in the digital ID and related services. As such, persons with disabilities may be excluded (e.g., the Trident ID website currently DOES NOT have several accessibility features for the disabled). Digital ID technologies are also at the end of the day developed by humans, and through poorly designed algorithms and data analytics, can reinforce their biases. Discrimination against key communities such as immigrants, LGBTQ+, homeless, and the disabled, among others have been highlighted in many digital ID related studies globally.

Technical errors: unintended consequences can occur that lead to restricted access to critical services (e.g., failures in authentication at points of service with no redundancy; websites that aren’t user friendly or stable; duplicate or inaccurate records; inability to add essential information; or the lack of reliable technical support, etc.). The government must fully consider availability risks and identify user-centric and privacy-enabling solutions to mitigate them. In African and Asian countries, numerous instances of technical errors were uncovered which presented citizens with major challenges.

Deployment challenges: five key problems exist, which are the lack of funding to maintain secure cyber systems and to hire or retain critical human resources to administer them; unequal access to mobile Internet and smartphones – the technology with the most potential to drive the uptake of digital ID; dependency on a specific technology or vendor; low trust in government; and the difficulty of rolling out in rural areas.

SHOULD YOU GET THE TRIDENT ID CARD?

As I have stated before, my concern is not particularly with the Trident ID card. The card is only one small piece of the overall digital ID ecosystem. My biggest concerns are as follows:

Poor legislation underpinning the digital ID system: Digital ID must be supported by a legal and regulatory framework that supports trust in the system, prevents abuse such as warrantless and disproportionate surveillance, guarantees data privacy and security, prevents discrimination, and maintains provider (government and corporations) accountability. This includes laws for digital ID management along with laws and regulations for e-government, privacy and data protection, computer misuse, data sovereignty/localisation, electronic transactions, limited-purpose ID systems, accreditation of participants, and freedom of information, among others. Unfortunately, a number of these laws are not available in Barbados at this time, and where they are, the language is problematic, enforcement is deeply lacking, or the legislation is outdated.

Government’s atrocious record in terms of protecting IT systems and the personal data privacy of individuals: The Government of Barbados DOES NOT have the resources (people, processes, or technologies) to secure complex IT systems and provide consistent privacy-enabling solutions. If they did, there would not be so many successful cyber-attacks and data breaches of government online systems in recent years (e.g., Queen Elizabeth Hospital, Ministry of Information and Smart Technology, Immigration Department, Barbados Police Service, and many others). Until government invests significantly in building their capacity in these areas, their IT systems and the personal data of Barbadians will be AT RISK.

The communication (or lack of) by government addressing the public angst around their digital ID program: Government has not effectively articulated the benefits of digital ID, its value to the average person on the street (in real and meaningful terms), its potential disadvantages and risks, what they are doing to manage these risks, and what Barbadians can do to protect themselves. Instead they have chosen to evade questions, avoid public discussion with experts involved, and turn their resources towards attacking private citizens who are expressing concerns.

In 2018, I conducted a European Union (EU) cybersecurity assessment for the the Government of Barbados. In the report, I clearly stated:

Trust in the Internet and in the use of online services is critical to developing a thriving local Internet economy and to participating widely in the global digital economy. Low trust in the Internet, e-government services, and e-commerce services hampers the government, businesses and consumers from fully taking advantage of all the economic benefits the Internet has to offer. Given the high fixed broadband and mobile data penetration rates in Barbados, this is especially concerning.
European Union Consultancy to Develop a Government Cybersecurity Assessment and Strategic Roadmap – Cybersecurity Assessment Report (Authored by Niel Harper)

From 2018 to this present day, the government has failed to address the low levels of trust or their lack of expertise in delivering secure and privacy respecting IT solutions, all of which are undoubtedly preventing them from delivering their digital transformation and modernisation agenda (including the implementation of the digital ID).

Ultimately, Barbadians need to decide for themselves if the value of obtaining the Trident ID outweighs the associated risks. I cannot make this decision for anyone. All I can do is educate and build awareness, and try to put some pressure on the government to be more accountable and take greater responsibility for protecting citizens from the negative effects of digital ID, mass personal data processing, cyber attacks and data breaches, human rights violations, online fraud, and other harms resulting from widespread government use of information and communication technologies (ICTs).

ADDITIONAL RESOURCES

FACT CHECK: The Electoral and Boundaries Commission’s Response

Why the Barbados Election Least Data Leak is Problematic – And How It Could Have Been Prevented

Comments on the National Identity Management System Act

Too Many Unanswered Questions: The Barbados National Digital Identification

Creating a good ID system presents risks and challenges, but there are common success factors

What is a digital identity ecosystem?

Understanding the risks of Digital IDs

The Cost of 1GB of Mobile Data: Why It Matters!

July 29, 2020July 29, 2020nielharper

While not the only barrier to access, the high cost of data is the biggest factor keeping people offline. Undoubtedly, those countries/regions with the least affordable data are also those with the fewest people connected to the Internet. A failure to deliver affordable Internet access keeps citizens offline and compounds global inequalities.

From a personal perspective, I have complained bitterly over the years about the cost of mobile data in my country Barbados and how it negatively impacts economic growth and the effective transition to a digital economy. Based on available statistics, the cost of 1 GB of mobile data in Barbados is USD$9.32 (ranked 196th globally).

In comparison, below are the prices/rankings for a sample of other countries:

>> India: $0.09 (1st)
>> Somalia: $0.50 (7th)
>> Russian Federation: $0.52 (9th)
>> China: $0.61 (12th)
>> Denmark: $0.80 (29th)
>> Brazil: $1.01 (38th)
>> United Kingdom: $1.39 (59th)
>> Hong Kong: $2.55 (101st)
>> United Arab Emirates: $3.78 (130th)
>> Jamaica: $3.88 (138th)
>> United States: $8.00 (188th)
>> Canada: $12.55 (209th)
>> Cuba: $13.33 (212th)
>> Bermuda: $28.75 (225th)

High mobile data costs also have a negative knock-on effect on the diffusion of existing and emerging technologies and applications (e.g. IoT, smart cities, telemedicine, mobile payments, etc.), many of them with high social benefits.

Do you know where your country ranks? What do you think of these statistics?

No More Obscurity

July 5, 2019November 29, 2020nielharper

With revenues of $36 billion in 2018, the global video surveillance market is growing exponentially, allowing for every mundane activity to be captured and made publicly accessible. Acclaimed artist Xu Bing reviewed thousands of hours of online surveillance videos and transformed this journey into a story about (in)visibility and today’s culture of permanent exposure.

I joined Xu Bing and Jennifer Lyn Morone in a panel discussion titled ‘No More Obscurity’ at the World Economic Forum 2019 Annual Meeting for New Champions (Summer Davos) in Dalian, China.

Using Xu Bing’s story as a backdrop, we discussed the impact of online surveillance on individual privacy and society as a whole in terms of pervasive monitoring.