Incompetence or arrogance?

Image by Loutron Glouton via Flickr

Respected security analysts and consultancies have now confirmed what many industry watchers, pundits and commentators suspected last week - that the 'upgrade' pushed to tens of thousands of BlackBerry mobile devices in the UAE by telco Etisalat was, in fact, not what it seemed to be, an 'upgrade for Blackberry service. Please download to ensure continous service quality.'

Interestingly, this rather flies in the face of the somewhat belated statement made by the telco itself, which I reproduced in full here at the end of last week. That statement rather annoyed a number of BlackBerry users who found it facile and lacking the one element that tens of thousands of frustrated customers whose mobile devices were affected wanted to see - an apology. Many of those users say their BlackBerrys were rendered inoperable or suffered significantly downgraded performance. A number reportedly bought new batteries for their BlackBerrys, believing the battery was at fault when, in fact, it was the software update they had accepted from the operator.

A press release was issued on the 15th July by security company SMobile Systems. The company, which positions itself as 'the leading provider of security solutions for mobile phones and maker of the only antivirus and antispyware applications in the world for BlackBerry devices, has released a solution for the (in their words) 'recent spyware-laden update sent out to BlackBerry users on the Etisalat network'. That press release in full can be found here.

The company's release claims, 'The BlackBerry Spyware, which intercepts email and drains battery life quickly, was pushed as an update to BlackBerry's on the Etisalat network. Sent to users as a wide-area protocol (WAP) message, the Java file intercepts data and sends a copy to a server without the user's knowledge.'

That is an extraordinary claim to make regarding a piece of software that Etisalat's official statement says was software 'required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.'

It is perhaps worth noting that the Chairman of SMobile Systems, quoted in the release, is a former White House Deputy Chief of Staff and so, we must reluctantly admit, carries some weight.

SMobile is not the only expert testimony that claims the notorious update is other than it seems. Besides the many people who believe that the Etisalat network is 100% 3G now and therefore does not present 2G to 3G cell handover problems, there are also a number who point out the fact that BlackBerrys haven't experienced cell handover issues for some time now - in fact, the only online references I can find to the handover issue date back to 2006.

Added to this, you have those who have examined the code - Qatar based programmer Nigel Gourlay was quoted widely in the initial coverage of the issue, but his assertions that the network update was in fact an attempt to install monitoring software have been backed up by respected security blog Chirashi Security - a white paper analysing the code in some detail, written by Sheran Gunarsekera, is linked here.

That white paper asserts that the code is a monitoring application. It also points out that the application was not properly implemented, pointing out that the application developers had not used any form of source code obfuscation - in other words, it shouldn't have been as simple to trace, upload and analyse the code as it in fact was. The code, according to the White Paper, is set up to hide itself from the user, attach itself to network events and report these to the service-provider's server and look out for control messages that enable interception of user messages. If enabled, the application will forward a copy of emails sent by the subscriber to the service provider's servers.

Damningly, the White Paper asserts that the code 'was not mature enough to be deployed. This is especially relevant if Etisalat planned to conduct full-scale legal interception on BlackBerry users.'

The Chirashi White Paper is scrupulous to point out that the application only forwards outgoing emails and not other message types and then only when the application has been enabled to do so - it does not report on emails by default. But it does make the point that the version of the interceptor software it analysed should not have been deployed - particularly not as part of a legal interception.

The White Paper also strays out of geekland into my domain when it asserts, in the context of requiring legal interception software to meet two criteria, to do no harm and to be thoroughly tested: 'A service provider should always be prepared for the worst. In case things do not work out as planned, there needs to be a dedicated PR team who is ready to step up and deal with the public. Users should not be lied to or ignored, they will accept it better if they know the provider is well within legal rights to perform such interception.' (The italics are mine, BTW)

Security company Veracode also analysed the upgrade last week, asking whether the fact that the implemented update contained both .jar and .cod versions was down to 'arrogance or incompetence?'. That's an area explored by a journalist from the region's leading telecommunications magazine, Comms MEA, here. Again, Veracode's Chris Eng reports that the clear purpose of the update, in his expert view, is to install a piece of software that, when activated, will forward user data to a third party server, presumably owned by the service provider.

All of this leaves me wondering quite what on earth Etisalat thought it was doing. And quite how our media is standing by and allowing Etisalat to simply claim that the great big elephant in the cupboard is in fact a pair of shoes.

Nobody I know has a problem with legal interception. I think most of us would recognise that it is highly desirable that the security agencies employed by our governments have access to the information they need in order to protect society in general. Those agencies are constantly monitoring network traffic, legally and within the charters and frameworks that govern their activity. We need them to be competent and we desperately need to believe in their competence and efficacy.

Similarly, we need to trust our telcos. As a commercial entity operating in a regulated and competitive free market environment, even the biggest telco has a duty towards its subscribers and a duty to tell the truth - not only to earn the trust of its customers, but to underpin the level of trust required by investors and multinational companies who wish to trade in that environment. Mendacity and silence are not good enough - people are still facing problems with their terminals even now because there has been no clear attempt to reach out to customers and fix this issue - let alone roll back the update. There are critical issues related to privacy and security that the operator has refused to address - and questions are now being asked by a wider community about the long-term implications for BlackBerry security in general as a result of this whole farago.

Finally, there is the issue of responsibility. Someone was responsible for this Keystone Cops attempt to police BlackBerrys and the subsequent lack of timely and appropriate response that turned a customer service problem into a full-blown case study in how fumbled issues management rapidly evolves nto crisis management and how ignoring a crisis simply, in today's commercial environment, won't do.

Trust

Image via Wikipedia

Many journalists working for 'traditional' or 'mainstream' media have been arguing about social media, particularly Twitter and its lack of dept, context, analysis or comment. There's also an argument that social media platforms (blogs, Twitterings, Wikis, Forums) don't necessarily derive the truth in quite the balanced and reliable way as a trained journalist.

There's a counterpoint to that, with respected journalists taking to online like whale sharks to aquariums and aiming to apply the (admittedly somewhat idealistic) standards of journalism to that environment. I'd argue it's easier for journalists to do that - and do it well - because online doesn't put the same pressures of proprietorial, commercial and reputational restrictions on the practice of the profession as 'traditional' media such as newspapers do.

The argument that we need journalism to filter the raw content out there is a seductive one, but it sadly flies in the face of increasing evidence that the filters are broken - and that we are actually happier filtering the stuff we are interested in ourselves. That's doesn't necessarily mean we want to filter everything ourselves, just the stuff we're interested in. And the more interested we become, the more it becomes apparent that the filters aren't quite what they're claiming to be.

Here's a great example. Emirates Business 24x7 today reports that 'Emiratis go online against Harvey Nichols'. Now, for those of you wot doesn't know, UK top-end retailer Harvey Nichols has been accused of putting a t-shirt on sale that depicts a bulldog standing on a UAE flag.

This is not generally considered to be a clever thing to do - in fact, whoever authorised putting the damn thing on sale should be considered dangerously incompetent and, at the least, keel-hauled.

"Emiratis have organised a campaign on Facebook and Twitter to boycott Harvey Nichols in response to an offensive T-shirts for which they were also pulled up by the authorities." trumpets EmBiz24x7, albeit in an unconscious echo of Churchill's famous "This is the sort of English up with which I will not put"

The story is clear, no? There's a significant grassroots movement of furious Emiratis against the retailer. Except the story, suspiciously, doesn't quantify 'the movement'.

In fact, when we look beyond the headline, and the story underneath it, EmBiz24x7's story is stood up on a Facebook group of 21 members with 2 wall posts. I can't find any evidence of a concerted campaign on Twitter, searching for Harvey, Harvey Nichols and HarveyNichols - and there are no Tweets bunched under #HarveyNichols, while the #UAE hashtag features no Harvey Nicks but quite a bit of Etisalat's BlackBerry PR triumph.

In fact, the reader is not given the information to make up his/her own mind about the relevance, force or weight of this online campaign. Given access to that information (for instance, the data I have surfaced in this post) we'd all file the story (wouldn't we?) under 'non story why are you wasting my time with this?' - the very filtering that is supposed to be taking place on our behalf, no?

Tags: Shoot. Foot. Self. Media.

Speech!

Etisalat BlackBerry Software Upgrade Aims to Enhance Performance of Devices and Facilitate Handover from 3G to 2G Networks

Abu Dhabi 15 July 2009: Etisalat today confirmed that a conflict in the settings in some BlackBerry devices has led to a slight technical fault while upgrading the software of these devices. This has resulted in reduced battery life in a very limited number of devices. Etisalat has received approximately 300 complaints to date, out of its total customer base which exceeds 145,000.

These upgrades were required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.

Customers who have been affected are advised to call 101 where they will be given instructions on how to restore their handset to its original state. This will resolve the issue completely.

Silence is Golden

Image via Wikipedia

The Etisalat BlackBerry update story has started to grow little legs now, with the coverage from Gulf News and ITP.net yesterday joined today by a story from The National and a GN followup. Both of today's UAE dailies focus on the irritation of subscribers and the silence of Etisalat, an angle that The National, in particular, highlights:

"Etisalat does not lack the ability to talk to the public. It is one of the UAE’s largest advertisers and it would be difficult to spend a day without seeing one of its promotions in print or on television. Its public relations machine is well oiled, putting out press releases daily..." says reporter Tom Gara before launching into an entertaining, if slightly surreal, series of nautical metaphors spanking the uncommunicative communications company.

Now coverage has gone international, with stories from Wired and from the UK's rightly feared (or revered, depending on which side of the industry fence you sit on. Rather marvellously, its tagline is 'Biting the hand that feeds IT') The Register.

It is, yes, a wee social media case study, this one. A single user posts some stuff he found on a specialist forum, triggering the swift passing of that information among a frustrated customer base that is being poorly communicated with. The news is examined, refined and passed on again, a great deal of that traffic going via Twitter BTW, and now it's going wild. Many media reports internationally are focusing on one or two media reports locally - the role of a single Qatari software expert being key right now in the coverage from 'mainstream' media as it is picked up by media outlets. In fact, both Wired and The Register covered the story from ITP.Net. And now uber-blog engadget has covered it from The Register. And if that isn't as bad as ReTweeting, I don't know what is!

Now major international technology media outlets are repeating a story based on the stated views of one man following his comments on a local blog. Scary, in its way. I'm not denigrating that expert, BTW: Nigel (and original discoverer DXBLouie) are both chaps that certainly appear to know a great deal about what they're talking about - as does Steve Halzinski, whose post on BlackBerrycool here still contains his considered view on the nature of the 'network update' that apparently forced BlackBerries into meltdown as they scrambled to contact an overloaded server.

News expands to fill a vacuum. Particularly a social vacuum. For what it's worth, my prediction is that this story will grow - Etisalat really needs to fill that vacuum before it does, although I suspect that by now the genie is well and truly out of the bottle.

Thanks, Gulf News!

Image via Wikipedia

Nice to see Gulf News' Abbas Lawati covering the BlackBerry software patch story today - great reporting, from surfacing the story and 'getting' what was going on in the first place right through to finding Qatar- based progammer Nigel Gourlay to comment on the actual functionality of the patch. Great journalism, top marks for effort and really cutting through to the heart of the story.

Thanks, BTW, to the lads at the most excellent Stuff Magazine for the link back they included in their story!

It's going to be interesting seeing how Etisalat deals with this one now from a communications perspective. The company could choose to clam up and fillibuster any journalist unwise enough to pursue the story further, ignoring the howls of pain from customers while it quietly fixes the problem. Or could institute a wide-ranging reaction to the unfortunate incident, apologising for the inconvenience the move has caused, communicating effectively with customers, explaining what has gone wrong and how they can restore their devices and performing as clean and efficient a 'roll back' as possible.

There have been reports of users buying new Dhs200 batteries for their BlackBerries as a solution to the sudden battery-drain they experienced - and performance of the handsets has also reportedly been affected. So there is a strong argument for a smart, transparent customer service push that redresses at least some of the key customer irritations.

Meanwhile, if you want to get into the security software business, here are some handy hints and tips.

Make sure that nobody knows you're trying to install a security or monitoring patch because they might be scared or protest. Tell them it enhances teddy bears or something. Having done that:

• Do make sure that your software is called something scary, like 'Raptor', 'Destroyer' or 'Interceptor'. Name the subroutines you are using after the software so that users can see the name and be spooked by it.
  

• Do make sure you install all software into a directory clearly named after the security company that is providing the solution. This helps curious customers, bloggers and yes, even journalists, quickly and easily find out more about what you're up to.
  

• Do try and work with a security company whose website shrieks 'Be Scared! Be Very Scared!' or at least trumpets how it makes interception and monitoring software that allows intelligence agencies to monitor and analyze targets. Nothing makes consumers happier than being referred to as 'targets', except possibly the sight of red laser dots on their chest.

Meanwhile, I'd just like to say that my Nokia battery has ground to a virtual halt, supporting no more than 20 minutes of talk time before failing. And that didn't even need a patch from Etisalat to achieve!

Blodge

Image via Wikipedia

It looks on the surface about as bad as you can get in terms of completely mis-handling your customer base, lying to consumers and losing their trust and respect in one single great big blodge.

A telco pushes an upgrade to users of devices on its network. That upgrade not only apparently has the effect of downgrading the service, but is widely reported to screw up the batteries of those devices, triggering a public outcry.

Then people start to look at this software, labelled, "Etisalat upgrade for Blackberry service. Please download to ensure continous service quality" to see quite why it has been such a disaster. And they start asking questions about quite why it was important to download a network performance upgrade to the clients.

This is what they find, according to DXBLouie (no relation to our pal Bluey methinks), posting his findings on the BlackBerry support forums: A series of Java files. Perhaps interestingly, they all install to a folder called SS8.

SS8? Who they? What do we find, for instance at SS8. com? A security and interception company perhaps? One with a newly opened local operation, too, it seems.

So the inference customers are drawing is that the telco knowingly pushed a security and monitoring application to their handsets without informing them - one that has crashed their handsets and caused considerable annoyance. Obviously, they're jumping to conclusions.

But now they're starting to ask questions about quite why it was that a telco thought it could stealth a nasty little monitoring application, without telling them, without asking their permission and without any 'by your leave' onto their handsets. You'd expect the telco to start facing questions about that...

It's going to be an interesting 48 hours, people...

Nostalgia, Ephemera and Aeronautica

I said I'd share some more stuff from my wee collection of information on the Handley Page biplanes that used to ply the pioneering route from Croydon to Australia in the 1930s. There's more info here and here and a fantastic video of Sharjah airport (Kalba, incidentally, was the location of the 'backup' air strip and therefore posessing a greater importance in the 1937 scheme of things than, sleepy little town that it is, it does now) as it was back in the days of Empires, tally-hoes and people whacking the ball long and straight, dont'cha know.


This is the plane itself. These used to land at Sharjah in Oman (from Basra via 'Koweit and Bahrein) on the way through to Gwadar in Baluchistan. Let's just take the [sic]s as read. With 36 seats (and TWO toilets - you listening EK? A bog for every 18 pax!) and a bar, the planes were luxuriously decked out in mahogany and the like. It must have been a gut-wrenching ride.

The planes' engines had to be completely overhauled overnight at Sharjah, where guests were put up at the Mahatta Fort, a remote outpost (the fort was built for Imperial Airways by the ruler, who also provided a guard) containing three stir-crazy Brits and assorted staff. The met report used to be done by flying a light bulb up on a balloon to measure the wind.




This is the 1936 timetable. Arab readers might like to note where Gaza is located. Have a think about these journey times! Given that the 7 hours to Heathrow gives me mild shudders, this trip must have been a complete joy and let us not forget that these planes flew low, had no weather radar, no stabilisers and had wings made out of stretched canvas. Oh! And when you get to Shar-Jar, there's no AC. Let alone Gwadar and the others!

Mind you, if you think the hack to Sharjah's bad (4 overnights, including a train journey from Paris to Brindisi), it's a 14-day, 12 night flight to Brisbane!

Perhaps interestingly, my information is out of whack with the info on Wikipedia - it is my strong understanding that one of the HP42 series 'planes was lost at sea in the late 1930s in the Indian Ocean, while Wikipedia says only one was ever lost to a hangar fire in the UK. Hmm...

I also have a set of 1938 timetables and if anyone's interested in better quality scans that aren't quite so JPEGed, do just drop me a DM on Twitter or a mail at the usual address. I collected all this stuff because of an abiding fascination with Mahattah (which is, after all, on my doorstep) and the idea that one day I'll get a novel out of this lot...

If anyone owns copyrights to these, I'm not aware of them so please do let me know and I'll arrange appropriate attributions or whatever.

1937 and all That

Image via Wikipedia

Remember this blog post about Mahatta museum in Sharjah and the old Imperial Airways flights?

I happily rambled on about Air Outpost, the documentary that was filmed in 1937 about the desert airport of Shar Jar - we have had a copy of this amazing film for many years on videotape.

Well, now it's online. The National has snaffled a copy and posted it up on its website - so you can now go here, watch it and decide for yourself if I was right to call the Brits in it 'preposterous'! The original blog post has more background on the fillum.

Enjoy!

Air Outpost

Swine

Image via Wikipedia

The UAE's advertising agencies have long been famous for their skill, creativity, taste and discernment, let alone managing to run their businesses on unbelievably tight margins (the latter, at least, an assertion made by advertising bigshot Joe Ghoussoub talking to Emirates Business 24x7 last week which did rather result in me having to clean half-chewed muesli from my keyboard).

So any hint of egregious opportunism in the advertising campaign for Dac, whose roadside promise to 'Eliminate flu viruses and doubts for 24 hours' in the face of rising public concern regarding the H1N1 'swine flu' virus is obviously in my imagination. It's nice to see big business taking a role in public education campaigns in the face of health scares rather than making unsustainable claims for products that target our fears.

The advertising campaign being mounted by Dettol (ten times more effective than soap, apparently) at least doesn't make a promise, directly or indirectly, to protect gullible consumers from swine flu or any other form of influenza, even if its timing does perhaps mean it sails a little close to profiteering from the pandemic.

The Dac advertisement did leave me wondering if global chemicals company Henkel, rightly proud of its track record in corporate governance and CSR, would truly associate itself with a campaign that makes the absolute promise that one of its domestic cleaning products will eliminate influenza viruses. And if it does, I'd love to see the peer-reviewed research that stands the claim up...

Marwa. Mainstream Media Fail? AGAIN?

Image by luc legay via Flickr

Egyptian Marwa El Sherbiny lived in Germany with her husband. Subjected to verbal abuse by a Russian man, Alex M, because she wore a veil, Marwa eventually took legal action against him. She was in the courthouse in Dresden when the man walked across the room and stabbed her 18 times with a knife he had brought into the coutroom. She died in the attack.

Marwa was pregnant.

Her husband rushed to help her, but he was shot by a policemen who apparently mistook him for the attacker. Having spent three days in a coma, he is currently in intensive care.

The man who stabbed Marwa is to be charged with murder. Early reports on Bild apparently said that the charge would be one of manslaughter. Interestingly, the vast majority of reader comments on the Bild website were horrified at the crime and how the man could have been allowed into the courtroom carrying a weapon.

The Guardian, finally, tells the story here. The incident took place on Wednesday last week and I picked it up when colleague Mai tweeted the news. Her first tweet on it came on Thursday (sparked by a tweet she had received linking to a report on Egyptian blog Bikya Masr) and was part of a growing tide of horrified Tweets from around the world reporting the incident. The horror expressed was both at the crime and at the way mainstream media appeared to be largely ignoring the incident - outside local German media such as Bild, which carried a report on its website the day the attack took place - there were no files from the major European newspapers and nothing from news agencies, either. Reuters, in fact, didn't file until Sunday 5th July, when it deigned to release a picture story caption showing protestors holding placards that said things like 'Our blood is red too, not cheaper than yours'.

As Bikya Masr points out quite correctly, European media coverage didn't break until almost a week after, when mainstream outlets started to report the protests in Egypt that took place. Those protests, as The Guardian points out, were fuelled at least in part by the way that the European media was seen to have ignored the killing. The Guardian's story, its first, was filed yesterday.

So, once again, we have news that travelled around Twitter, Facebook and blogs, the social media I talk so much about, but that was not considered newsworthy by the newspapers and TV channels that form 'mainstream media'.

At a time when the debate in Europe over women wearing the veil has been refreshed and brought into sharp relief by comments such as those made by Nicola Sarkozy, you'd be forgiven for thinking that a horrific murder committed IN a courtroom against a pregnant woman because she was veiled would be 'newsworthy' - the many people around the world who picked up the story from social media sources certainly thought so.

Now, a week later, we are seeing coverage of the protests - those comforting images of screaming zealots in the streets chanting for revenge that help people in Europe to 'understand' the Middle East.

The real question is why we didn't get to see that a gentle woman was killed in cold blood last week, when it happened. It took Twitter and blogs to tell us about that.