Wag the Dog, or How Falsifying Crowdsourced Data Can Be a Pain

I had the pleasure of finally meeting Robert Scoble in person at Where 2.0 last week. We had a great chat about validating crowdsourced information, which he caught on camera below. In the conversation, I used Wag the Dog as an analogy for Ushahidi‘s work on Swift River. I’d like to expand on this since open platforms are obviously susceptible to “information vandalism”, ie, having false data deliberately entered.

The typical concern goes something like this: what if a repressive regime (or non-state group) feeds false information to an Ushahidi deployment? As I’ve noted on iRevolution before (here, here and here), Swift River collects information from sources across various media such as SMS, Twitter, Facebook Groups, Blogs, Online News, Flickr and YouTube. In other words, Swift River pulls in visual and text based information.

So where does Wag the Dog come in? Have a look at this scene from the movie if you haven’t watched it yet:

If an authoritarian state wanted to pretend that rioters had violently attacked military police and submit false information to this effect in an Ushahidi deployment, for example, then what would that effort entail? Really gaming the system would probably require the following recipe:

  1. Dozens of  pictures of different quality from different types of phones of fake rioters taken from different angles at different times.
  2. Dozens of text messages from different phone using similar language to describe the fake riots.
  3. Several dozens of Tweets to this same effect. Not just retweets.
  4. Several fake blog posts and Facebook groups.
  5. Several YouTube videos of fake footage.
  6. Hacking national and international media to plant fake reports in the mainstream media.
  7. Hundreds of (paid?) actors of different ages and genders to play the rioters, military police, shopkeepers, onlookers, etc.
  8. Dozens of “witnesses” who can take pictures, create video footage, etc.
  9. A cordoned off area in the city where said actors can stage the scene. Incidentally, choreographing a fight scene using hundreds actors definitely needs time and requires rehearsals. A script would help.
  10. Props including flags, banners, guns, etc.
  11. Ketchup, lots of ketchup.
  12. Consistent weather. Say a repressive state decides to preemptively create this false information just in case it might become useful later in the year. If it was raining during the acting, it better be raining when the state wants to use that false data.

Any others you can think of? I’d love to expand the recipe. In any case, I think the above explains why I like using the analogy of Wag the Dog. If a repressive state wanted to fabricate an information ecosystem to game an Ushahidi install, they’d have to move to Hollywood. Is Swift River a silver bullet? No, but the platform will make it more of pain for states to game Ushahidi.

Patrick Philippe Meier

22 responses to “Wag the Dog, or How Falsifying Crowdsourced Data Can Be a Pain

  1. as a serious repressive dictator I would actually burn down the police station without tellng them and cause actual injuries

    or/and I would pay some local gangsters etc dressed as real police to provoke the locals so they had a real riot

    send fake mobile phone messages to the local activists so they got grumpy and really did attack the police station

  2. Many thanks for sharing your thoughts. I don’t understand your first comment. The point of the blog post is about fabricating evidence.

    Re second comment, of course, but onlookers/activists could also snap pictures of local gangsters inciting violence, or send SMS/Tweets to that effect.

    Re third comment, again not related to the subject of the blog post.

  3. I think I see Quinny’s point – that a real fake would involve much more – such as actually carrying out certain acts and blaming them on others, etc. But in that case, the falsification is not really due to social media/crowdsourcing. Traditional media and people in general could be fooled by that type of tactic as well.

    Great post, Patrick, as this is usually the first question I get when introducing FrontlineSMS and Ushahidi to a group. It will be helpful in addressing these kinds of concerns.

  4. If not to defeat Ushahdi the above scenarios have been successfully implemented by dectator meles zenawi of Ethiopia many times to decive the western onlookers.
    Ushahidi can not even challange the Ethiopian dectator. He wil block every avenue where people can reach Ushahidi.
    In about a month and half time there will be an election in Ethiopia. I challenge the Ushahidi crew to create an instance of Ushahidi and test it. Meles Zenawi will break Ushahidi.

    • Thanks for your comments, Beles. I do understand the challenges of using Ushahidi in non-permissive environments as this is the topic of my applied dissertation research. But my blog post was not on this subject. But the topic of this blog post on ways that falsification of information can be countered. Two different issues. Please also note that the Ushahidi team does not typically take the lead on deployments. We are not experts in Ethiopia, that is not our comparative advantage. As you know, Ushahidi is both free and open source, so please feel free to use the platform if you’d like.

  5. This is really interesting. However, I don’t think it’s as complicated as the 12-step plan outlined above. Presumably, a government would do this during an existing crisis period, in order to sway public/international opinion towards their role as the only legitimate defender of the population.

    So, you wouldn’t need to stage any events with actors or ketchup, I think you’d only need some well placed folks on your side, taking fuzzy cellphone pictures of ambiguous riot/fighting scenes and posting them as evidence of opposition hooliganism.

    Really the best way to do this would just be to hijack an Ushahidi (or similar) system that’s been set up to monitor the crisis. Then the Ministry of the Interior just sends out its officers to file fake reports. You only need just enough to make it plausible.

    For example, I’m pretty sure a small group of dedicated fraudsters could have easily hijacked the Post’s Snowmaggedon deployment of Ushahidi. You just need maybe a couple dozen people to post pictures of unplowed streets along with messages that say “Fenty hasn’t plowed here, either, despite the fact that he announced he did.” Pretty soon you’ve got doubt in people’s mind about who’s telling the truth and the organizers are on the defensive instead of moving the effort forward.

    • Thanks Ari, good points.

      Still though, you’d need to organize those well placed folks and then have them take fuzzy celphone pictures of ambiguous scenes. That takes time and planning. It’s not automatic. Lets not forget the possibility of having video footage (like in Iran) that could serve to discredit fake/ambiguous pictures.

      The same would be true if a regime were to use an Ushahidi or similar system. They’d need to coordinate their officers. And wouldn’t activists ultimately find out that the reports posted on said platform are government propaganda?

      For Snowmaggeddon, yes, a couple dozen folks could post pictures of unplowed streets. But what if I happen to live on one of those streets and clearly see the pictures are wrong? I could post a new picture or short 10 second video to show that the picture is wrong. It could be corrective, perhaps like Wikipedia?
      People tend to feel ownership of their neighborhoods, so I could see how folks would “reclaim” their neighborhoods and “wash away the graffiti”, like a neighborhood watch program online. I haven’t claimed that Swift River is the silver bullet. But I do believe that people will tolerate some reports being off if the majority are accurate. Who knows, this is still new territory with little to know empirical evidence to support the arguments one way or another. At least as far as I know.

  6. Jessica Heinzelman

    Patrick – excited to see the first version of Swift River coming along!

    I have one recipe to offer and one question…

    RECIPE: Low-tech environment with most feeds coming from mobile phone. Organized gang of political thugs are stealing ballot boxes and intimidating voters. A few people report this via mobile phone. Gang leader instructs the dozens of thugs to text in false information about calm election conditions at various polling sites or maybe even trying to delegitimize previous posts by texting something about a few trouble-makers trying to stir things up. They overwhelm the data flow and collaborate each other’s story. How does swift river know who to trust when it is all a bunch of unrecognized numbers?

    Brings me to my QUESTION: One of the things I find so exciting about Ushahidi is its ability to collect information with the most basic technology – the mobile phone – which allows the crowdsourced information to reflect what’s happening on the ground no matter how high tech or low tech the environment. Swift River (thus far) seems to be fairly dependent on determining veracity scores through an Internet-based platform. Can we expect a later version to address this? In places where civil society groups have the luxury/foresight to use ushahidi proactively ( i.e. http://burundi.friendsobserve.org/ or http://bit.ly/9ooZSS) could trained and verified volunteers play a role on the ground in answering verification requests for their area (perhaps just on conflicting reports or data provided by users with rising veracity sources to keep it manageable)? Or perhaps matches with pre-verified users would automatically raise veracity scores…something like Scoble suggested in his video (although this could be gamed too, it would be much harder). I think we talked about this (or something like it) a few months ago and would be interested in your updated thoughts.

    • Thanks Jessica. Good points! Swift allows you to mark which sources you trust. So if you’re an org using Ushahidi & Swift and you have your network of trusted reporters, then the reports they submit would discredit others. You’d have to organize those thugs, etc. Again though, I didn’t claim that Swift was the silver bullet. All I’m saying is that falsifying crowdsourced information can be a pain.

      On your question, yes definitely. This is very much core to Swift and partly inspired by Al-Jazeera’s approach in Gaza. The current release of Swift is the very first version. Lots of good stuff in the pipeline, so stay tuned!

  7. First… Ha!

    Second, I’d like to state that I think Ushahidi, combined with the rapid spread of personal communication channels, has already set in motion truly seismic shifts in the landscape when it comes to reporting / validating / falsifying emergent events. (Actually I guess it’s more correct to say that the shifts have been in the works for about 30 years and we’re just witnessing the ‘tipping point’ with respect to crisis mapping.) And to those who actually think that tools like Ushahidi may represent an opportunity to increase the manipulation of facts, well the truth of the matter is that falsifying events has been fairly commonplace and inexpensive (I explain that choice of adjective later) up to now. Ushahidi & Swift represent the first glimpse into the future field of critical information aggregation and validation.

    Narrowly speaking, in terms of big “G-P” global politics, near-future large-scale ‘wag the dog’ type scenarios are likely to play out in ways we’ve already seen i.e. “The War on Terror”, “The Cold War”, etc. – but even these dynamics are out of synchrony with the emerging information ecosystem (or ‘information economy’ depending on your preferred terminology) and are too rapidly approaching their tipping point (I suspect that point may be a generational one)… Ushahidi’s direct or indirect impact on the global political stage is unclear to me, but it’ll be interesting to track from a historical perspective.

    In terms of crisis type events a well-used instance of Ushahidi/Swift (or an Ushahidi-like aggregator) makes the economic cost of a ‘wag the dog’ scenario highly asymmetric when compared to the traditional landscape- regardless of how one executes the scenario, be it bullets and fire or actors and ketchup. (Ha!)

    In brief, if you look at it from the standpoint of the ‘economics of security’ the rough equation used by US military think tanks says that in general it takes about 110% of the cost of a security measure to overcome it. If you view falsifying an event in these terms, combined with the valuation of all of the unpaid “prosuming” (ref: Toffler) done by the Ushahidi contributors to an event, the ‘countermeasure price tag’ i.e. the price of “wagging the dog” quickly goes into the millions of dollars (actually with some help form a clever economics guy we could probably formulate an equation, as a function of the number of people involved, city vs. rural, etc. to estimate the actual ballpark values) … which isn’t to say that it’s now impossible to convincingly fake an event, just that it now becomes a lot more expensive to the ‘bad guy.’

    This brings me to my next thought; once the equation becomes as asymmetric as this, I see innovation (ill-innovation) taking hold and the pendulum swinging the other way a bit. I suspect that a more likely scenario to the ‘gaming Ushahidi’ one proposed above would be a cheaper DOS (denial of service) not unlike the one in Tibet.

    From a technical standpoint there are several ways this could be accomplished, some stealthier than others. An EM static generator (my personal favorite, being a Physicist) can be constructed cheaply and with materials found anywhere you find a car. A handful of these could blackout an entire city’s cell, TV and radio transceivers (probably satellite phones too), moved around in the back of a car/truck and be turned on/off with a switch. A slightly less sledgehammer approach (i.e. what happened in Tibet) is to simply to shut off cell phone reception at the cell tower level, filter all internet at the trunk-level, and then of course prevent reporters from entering. And in our 24-hour (or less) news cycle this effectively makes this a lame duck story- no pictures, no reports, and no scenery – our attention drifts.

    There are a few other ways one could go about denying service, the one I’m personally most concerned about, is attacking the Ushahidi server(s) directly. With the advent of commoditized distributed bot-nets, complete with instruction manuals, any dictator-du jure with a ‘bit torrent’-savvy lackey could theoretically bring things to a screeching halt. What makes this DOS most concerning to me is two fold: one, that it’s so cheap and two, that it’s virtually anonymous.

    Anyway, it may or may not ever get to that point, but it couldn’t hurt to at least have it in the back of our minds moving forward. New problems are the same as new opportunities after all.

    • Wow, Sean. You and I need to grab a drink soon! I relished reading your reply. Very well put re the asymmetry. And totally agreed re the pendulum swinging back (very much core to the hypothesis of my dissertation research). In other words, this may be a game of cat-and-mouse until further notice. But is one side slowly gaining the upper-hand? On Tibet, pictures/video were still coming out (smuggled across the border using USB sticks). I don’t think a total information blockade is entirely feasible–the one exception, of course, being North Korea. But I do think imposing info blockades are going to be more and more difficult to achieve. Not least because shutting of an ecosystem of information does have some economic costs associated.

      Would love to get your thoughts on how to counter distributed bot-nets.

      Thanks for your comments, Sean, truly a pleasure to read yours!

  8. Pingback: My TEDx Talk: From Photosynth to ALLsynth « iRevolution

  9. Pingback: Learning about Ushahidi | the hope and the hype of technology

  10. Pingback: Learning about Ushahidi | the hope and the hype of technology

  11. Pingback: Think before you act! | the hope and the hype of technology

  12. Pingback: How to Verifying Social Media Content: Some Tips and Tricks on Information Forensics | iRevolution

  13. Pingback: Answer to Matthew Levinger and TechChange | Diary of a Crisis Mapper

  14. Pingback: Trails of Trustworthiness in Real-Time Streams | iRevolution

  15. Pingback: Innovation and Counter-Innovation: Digital Resistance in Russia | iRevolution

  16. Pingback: The Best of iRevolution: Four Years of Blogging | iRevolution

  17. Pingback: Truth in the Age of Social Media: A Social Computing and Big Data Challenge | iRevolution

  18. Pingback: Could CrowdOptic Be Used For Disaster Response? | iRevolution

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s