Protecting the Most Vulnerable Users in Society: The Roles of Different Actors in Helping the New User Survive in an On-Line World Nominet

27 September 2011 - A Workshop on Security in Nairobi, Kenya

Agenda

Increased efforts around the world to address the digital divide have lead to an influx of new and vulnerable users on the Internet. This workshop will discuss the concerns of new and inexperienced internet users regarding using the internet. The audience and panel will be encouraged to explore how vulnerable users can be protected, who has a responsibility to deliver this protection and what methods are most effective in building trust and keeping people safe.
The discussion will be informed by research into how Internet users and non-users have different perceptions of risk and how they respond to attempted criminal attacks. Panellists will stimulate discussion by looking at different strategies to encourage people to get on-line and what is being done to help keep them safe.

The workshop will aim to answer the following questions:
• Are new Internet users more vulnerable than experienced users? Are they more likely to have a bad experience online? What are areas of concern for them? Do bad experiences (or the fear of them) make them more reluctant to go on-line?
• Who has a duty of care to new Internet users and what does this mean?
• What kind of education/training do people need to help them make informed decisions eg on privacy settings, protecting their data and accessing information? How do you inform without scaring the new user off?
• What work/strategies are there in different countries to help support new users and tackle online crime: rapid response to criminal activity, awareness programmes, initiatives to educate, build skills and train, user support networks?

 

 

A brief substantive summary and the main events that were raised:
The workshop looked at who were the most vulnerable users online and what could be done to educate and protect them on the Internet.

The panel and audience also considered:

• How to get those not online connected
• The best ways to develop and introduce programs for vulnerable users
• How to make people aware of the risks online without being alarmist

The workshop attracted a range of global viewpoints from the United States, UK, Netherlands and Germany, to the Caribbean, Kenya and Qatar.

Dr Vicki Nash of the Oxford Internet Institute gave an overview of her department’s most recent research which identified those with lower incomes and lower levels of education as significantly less likely to be online. These patterns are reflected worldwide.

She stressed however that there are a range of different groups with the “most vulnerable users” and that they need to be treated individually if efforts to encourage and protect them online are to be effective.

The biggest fear for people is getting a virus on the computer. Significant other fears are credit card fraud and (lack of) privacy. However once people are online, the level of trust they have in the Internet increases dramatically.

Marjolijn Bonthuis-Krijger talked about a program in the Netherlands where business, community organizations and the government is working together to help get people online. She focused on one group – those with learning disabilities – and noted it varies from young children to elderly people and that they require special training programs to be effective.

Alice Munyua from the Communication Commission of Kenya run through some recent research which focused on women and cybercrime and found domestic abuse was moving from the offline to the online world but without there being any corresponding legal protections. There was some debate about whether new or updated legislation was needed to deal with the move to online abuse, with UK Member of Parliament Alun Michael arguing that education and training over legislation may be the answer.

Experience from the Caribbean was given from Bernadette Lewis, Secretary General of the Caribbean Communications Union, who noted that large number of society do not have access to sufficient information they need to use the Internet safely. She also noted that it is often parents, rather than children, that are most unaware of what is happening online – a view agreed with by a number of other panelists and attendees.

In terms of being effective, there was broad agreement that there was a need to tackle it in two ways: from the bottom-up, working with vulnerable groups directly to devise programs to assist them; and from the top-down, engaging directly with government representatives to make them aware of the situation and push for clear and simple reforms.


Conclusions and further comments:
Increased efforts around the world to address the digital divide have lead to an influx of new and vulnerable users on the Internet.

This workshop discussed the concerns of new and inexperienced users regarding the Internet. The audience and panel explored how vulnerable users can be protected, who has a responsibility to deliver this protection and what methods are most effective in building trust and keeping people safe.

The discussion was informed by research into how Internet users and non-users have different perceptions of risk and how they respond to attempted criminal attacks. Panelists looked at different strategies to encourage people to get online and what is being done to help keep them safe.

The workshop aimed to answer the following questions:

• Are new Internet users more vulnerable than experienced users? Are they more likely to have a bad experience online? What are areas of concern for them? Do bad experiences (or the fear of them) make them more reluctant to go online?
• Who has a duty of care to new Internet users and what does this mean?
• What kind of education/training do people need to help them make informed decisions e.g. on privacy settings, protecting their data and accessing information? How do you inform without scaring the new user off?
• What work/strategies are there in different countries to help support new users and tackle online crime: rapid response to criminal activity, awareness programmes, initiatives to educate, build skills and train, user support networks?


Here’s a summary broken out by broad issue.

Research into the most vulnerable and those not online

The session started with Dr Vicki Nash of the Oxford Internet Institute giving a run-through of her department’s latest research. She started out by noting that those individuals people were actively trying to get online are also the hardest to reach as well as the most vulnerable.

There is a strong correlation between income and whether people are online, she noted. Ninety-nine percent of those with incomes over GBP 40,000 are online, compared to just 43 percent of those earning under that. Likewise, 95 percent of people with higher education are online, compared to 54 percent of those with basic or secondary education.

She noted that there is a range of other factors that show similar, clear discrepancies in whether people are online or not. But, she noted, it was important not to lump all of these individuals into one group of “vulnerable users” as they actually represent a number of distinctly different groups with specific needs that need to be addressed if they are to be encouraged effectively. “In this context, for example, we might find that new users with lower levels of education might need different sorts of media literacy support than those perhaps that are highly educated but have some sort of disability and might need physical forms of access to be directed towards them.”

Even though the survey was based on UK users, Vicky Nash noted that the same patterns have been noticed by other researchers worldwide.

As to the risks that people fear and face online, the most common is getting a virus on their computer, with having credit card details stolen and concerns over privacy also significant factors. The risks vary according to people’s age and current lifestyle. Says Nash: “You're much more likely to be asked for your bank details if you are employed or retired. However if you're retired, you're less likely to have received abusive emails.”

One aspect that has been repeatedly demonstrated is that once people are online, their fear of being online diminishes significantly. “The research shows very, very strongly that the Internet is what we call ‘an experience technology’. Basically, once people get online the level of trust in the Internet seems to go up dramatically and in particular non-users show the least trust in the Internet. And this in fact has become much more pronounced since 2003.”

That is despite an actual increase in the number of bad experiences online and has created a Catch 22 situation: “You can only raise their trust levels if you can get them online but if they don't trust the Internet in the first place how do you do that?”

Another factor easily overlooked is that some people go online and then stop using the Internet. “Our data shows us quite clearly it is largely about cost, for example kids who started using the Internet at school, leave school, get a job but can't afford a PC or don't have a job that requires you to have a PC.”

The answer, she argues, is to “to make using the Internet more affordable and get more PCs out there and find more places where people can use the Internet”.

Identifying those most vulnerable and different approaches to take

Following on from Vicki Nash’s comment that there are distinct groups of users that need assistance, Marjolijn Bonthuis-Krijger talked about a project in the Netherlands than bring together business, public organizations and the government during which they identified one clear group: those with learning difficulties.

This was, she noted, a “very small group”. It also encompassed everyone from young to elderly people but came with its own unique challenges. “People with Asperger's -- for them, sometimes they trust the Internet completely. They click on everything. But it's very hard to train them to use the Internet safely.”

While agreeing and recognizing that small distinct groups of users need to be approached different, Bonthuis-Krijger noted that “because it's a small target group it's not easy to get money” for the specialized training programmes.

UK Member of Parliament Alun Michael identified what may become an increasing problem over time for vulnerable users – the more of more and more essential services to the Internet. “And at a time of cuts, the encouragement is for public services to look at new ways of delivering those services. That's fine for those who are online. But do the savings from doing things online take into account those who are never going to be online?... I can see a really big problem rushing up against us in two, three, four years time from the acceleration of the provision of services online.”

As a legislator, Michael largely ruled out the use of legislation: “It seems to me that legislation is not the answer. It's actually a more sophisticated approach to our responsibility as a whole community to vulnerable individuals.”

Alice Munyua from the Communication Commission of Kenya identified women as a particularly vulnerable group and used recent research into women and cybercrime to illustrate the problem.

The research was carried out between the Kenyan government and business and one of the most striking conclusions was that domestic violence in the offline world was being extended to the online world, particularly when it came to mobile phones.

“Although ICTs and the Internet in have been hailed as democratising and empowering tools, our research suggests that ICTs are not gender-neutral and in fact continue to marginalise women.

There is a gender divide that continues to exist in most of our developing countries. Research demonstrates that women’s use of the Internet do not automatically rise with rates of Internet penetration. This is due to a range of issues, which include socio-economic and cultural issues, among them low literacy levels, women still make up the majority of the rural poor and unemployed urban dwellers, in addition socialisation and preconceptions about the ability of women to understand and appropriate technology all contribute to reducing women's use of ICT and to further marginalising them”.

The solution was three-fold, she argued. One, to create courses for women using the Internet for the first time (women are typically more concerned about getting online due to safety concerns); second, an updating of laws to account for online behaviour: “The law… acknowledges cybercrime but looks at it from a technology perspective not from a human perspective, so there's still no law yet that addresses abuse that addresses violence against women and children using ICT tools.”

And third, coming up with solutions beyond simply technological that provide women with “policy social skills and development and create increased access to women at a very young age so they can understand how to use it.”

Alun Michael questioned whether new or updated legislation was the answer to the problem, arguing that crimes should be neutral when it comes to technology. Alice Munyua counter-argued that abuse laws only account for physical abuse and that the laws needed to be updated to reflect modern realities e.g. abusive text messages. The discussion continued over whether it was therefore a matter of education of the police, or whether there was the need to provide a new legal basis for police to investigate online abuse.

Bernadette Lewis, Secretary General of the Caribbean Communications Union (CCU), highlighted some of the experiences her team had had in raising awareness and educating people about the Internet, as well as the dangers that exist online.

“We have embarked on a systematic program of education and public awareness across our 20 member countries in the Caribbean… And we have you know come to the realisation that there are huge swaths of our societies that really do not have the information. And this information needs to be made available to all of our citizens.”

In that sense, she felt it was a “collective responsibility” to address the issue: “It isn't just the public services. It's the operators. It's the regulators. It is a collaborative concerted strategic undertaking in terms of bringing the information that is necessary to the vulnerable, to the children.”

She also highlighted that, contrary of common expectation, it is often parents who are most clueless and hence most vulnerable about the Internet, so the CCU had specifically targeted parents to teach them about the dangers of cyberspace for children.

Barriers to effective programs and solutions to them

Broadly, the panel and audience identified three main barriers to creating and running effective programs for vulnerable users: getting policy buy-in, identifying the best solutions for different groups, and funding.

Marjolijn Bonthuis-Krijger noted toward the end of the workshop that most of those in the room had worked on the issue of vulnerable users and many of the issues identified and discussed were already well know to them. “We know a lot of stuff, and we know what should be done: but how? What are the best ways? Where do you get the money? We know that action results in greater achievements but how do we get this concerted action?” She urged practitioners to listen to their target groups about what they felt were the barriers and to work with them from that point.

Bernadette Lewis noted that getting governments ministers on board paid dividends: “One of the things we have found exceedingly useful is actually spending time with the Government ministers and explaining the issues in terms, in language, that they understand. So reductions of expenditures, that's the language that they understand. And once we have our ministers on board, they work tremendously in removing obstacles, in bringing parties to the stakeholders. They will mandate that the operators work with us in a particular area.”

Marjolijn Bonthuis-Krijger agreed with that approach but also stressed the bottom-up approach – working closely with target groups – as well the top-down political route. “I think both ways: start at the top, make them understand; and start at the bottom. Go to the small target groups and help them with their specific problems. Listen to them: what are their fears? What are the needs and problems?”

She gave an example where unemployed people coming to collect their benefit were sent to the library where a program was run to help get people online. When there, they met others with the same fears and difficulties.

Sami Mubarak from MADA (Qatar Assistive Technology Center), a non-profit that helps people with ICTs, agreed with the top and bottom approach and noted that they did the same in Qatar. In particular he focused on the disabled community. “One of the most significant or large growing communities now is the disabled community and we're talking about reporting issues of concern - that's an issue for them.”

He noted that education about issues such as cybercrime were made harder since it is typically done through websites or social media webpages but disabled people have accessibility problems with reaching those places online. Similarly with those who are dyslexic or have learning disabilities.

As well as learning that issue first-handed by talking to the group itself, part of the problem is then at the policy level, he noted. “There's many, many things that have to do disability and accessibility especially in policy making stage… we are setting ground rules for government entities, for companies, for private sector people to actually embed accessibility in their system.”

Jutta Croll, Managing Director of the Digital Opportunities Foundation in Germany, also agreed with the top-and-bottom approach and added: “I would stress that you can't allocate the whole responsibility to the users themselves. We also need responsibility of the providers of content on the Internet also of the providers of websites, of platforms, of social networking sites.”

A number of people spoke in favour of open standards and finding ways to oblige or encourage companies building websites to follow them as a way of make it easier for vulnerable users online.


The vulnerability or otherwise of children

There is a frequent assumption that the most vulnerable users online are children and that they need to strongly protected. The panelists and audience questioned that assumption, and even the use of the term ‘vulnerable’.

Vicki Nash argued: “We shouldn't label people as vulnerable… It could be perceived as being a bit patronizing and we need to make sure we're not just talking about users but we're talking about all people who need help understanding and using the Internet…. But I think we should bear that word in mind because there may be situations where people's skill outpaces their ability to make judgments about what they should be doing.”

When it came to protecting children, she felt that they needed to be allowed to be exposed to the risks online: “I'm against the idea of filtering out all of the potentially harmful content at the school of the door or home. I think people have to make their own decisions… these aren't intrinsically vulnerable users because their skill opens up opportunities to them.”

She noted that “some governments unfortunately do use the language of ‘protecting against harm’, ‘protecting against risk’ as an excuse to maybe censor or filter out more than is needed… We can't really talk about vulnerable users or users in need of protection without working out what peoples communication rights are.”

In the case of children, she argued for education over restriction: “We want to educate children about the dangers so they can autonomously learn to use it for themselves as a tool for free expression and communication.”

David Wright from the UK Safer Internet Centre noted the same points: “This issue around the term ‘vulnerability’… I think with an uneducated or uninformed audience ‘vulnerable’ actually becomes a bit of a problem. It can mean those that society considers most vulnerable. Perhaps those around social care or in social care… But we work with schools across the UK, and we find teachers are particularly vulnerable when they might not actually be users or online users.”

Marjolijn Bonthuis-Krijger noted in her experience of going to schools, “when the filtering point comes up, children are aware that most of the inappropriate content, whatever you would call it is blocked. But again they are also aware of software that can break the filtering and have access to it although they said they don't actually use the software.”

Mina Nagy Takla, a social media specialist at the Supreme Council of Information and Communication Technology in Qatar, also tackled the issue of how vulnerable children really were. “Part of our work was going to schools and doing focus groups with the students in order to know how digitally literate they are and how they deal with technology.

“We discovered that students are very aware to the extent they can hack the websites on their own. They know coding and all of these things. So I would like to shift the current view we have… you always say children are the ones that are vulnerable but I think parents are the most vulnerable groups and not children because they have no idea on what their children are doing. And children are aware of dangers.”

Alun Michael noted that through the ChildNet charity in the UK, children had spoken to members of Parliament on this issue and noted that they wanted unfiltered access to the Internet but at the same time has an expectation of safety. That may seem contradictory, he noted, but “what we took out of that [was that] there ought to be responsibility in terms of the wider community… It’s a challenge back to all of us to think through what we mean by safety online… You know it's what kids wanted when they went out into the woods as teenagers. You want to feel free and you want to feel safe.”

The moderator, Liesyl Franz of TechAmerica, closed the workshop by highlighted what she saw as four main themes that had come out. “I think one that was the most resounding for me was the need for an effort to be collaborative. [Another] was not to be alarmist about the risk or vulnerability that we see and look toward being pragmatic about what the problems might actually be here from the users themselves.

“[Third,] look at the issue from a top-down and a bottom-up issue. Getting the buy-in and the understanding of political leaders but also understanding the needs and challenges and opportunities at a very grassroots level, the users themselves or the potential users.

“And lastly, the Internet user community is hugely diverse. And therefore, you can't look at it all as sort of one block of a kind of people. So you need to find ways to address each community, and look for ways to empower them and enable them to demand from providers what they need.”