First published: 13th July 2009
In the June 2009 issue of his corporation's newsletter, Jonathan SHEA (CEO of the Hong Kong Internet Registration Corporation Limited (HKIRC)) advocates every Hong Kong person being given an online identifier that includes access to a virtual file folder and a personal email address in the .idv.hk domain, and linked to their mobile phone number. He envisages that it could be used as an instant notification system during an emergency, such as a typhoon, without extra effort in collecting personal data or email addresses. He writes, "Whenever an incident occurs, all government departments, public or private organisations or institutions, and schools, could send their messages to everybody’s virtual file folders. Messages would then be instantly broadcastedsic via mobile phone text message reminders."
Although such a scheme would be immensely beneficial to the HKIRC (full disclosure: I am the voting representative of Yui Kee Computing, which is a Member of the HKIRC in the Demand class), as it would guarantee a large number (about 7 million) of domain registrations and make necessary Government expenditure to support HKIRC in the management of those domains, the benefits for Hong Kong are less clear. Some points that should be more fully discussed are:
- Which department would be responsible for allocating the domains? The Immigration Department would be the obvious choice, as only they have a complete list of Hong Kong people.
- How would domain names be chosen or allocated? Mr. Shea gives the example of "firstname.lastname@example.org", but Sammy is a common name, so there would be a lot of competition for it. Using ID card numbers would be reusing an identifier that is already over-used (inadvisedly) as a supposed "shared secret".
- Who would be responsible for ensuring that the phone numbers are up-to-date?
- Text Messaging
- Capacity. Can the mobile phone providers cope with 7 million simultaneous messages?
- Timeliness. On occasion (though not recently - I changed service provider) SMS messages to me took four days to arrive. Even a delay of four hours could make an emergency message redundant.
- Charging. Who pays for the messages? Who pays for roaming charges when recipients are overseas?
- Access and Applicability. Who decides which, "government departments, public or private organisations or institutions, and schools" are permitted to send messages to everyone? Does one school have any message that should be broadcast to every Hong Kong person? The obvious solution would be to create a list of affiliations, but who collects and updates the list, and where is is stored?
- How will the vast amount of personal data needed for the scheme to be effective be protected? It will be a very attractive target for marketers, but many organisations will need access to update their part of it.
- If the email addresses are predictable, they will be an easy target for spammers, if they are unpredictable they will be difficult for people to remember and use.
- The virtual file folders provided for each person will be another attractive target for data thieves. If the security is made strong, then it will be difficult for the digitally-inexperienced, the main target of the scheme, to use.
There is merit in encouraging more people to benefit from using digital communications, and there is merit in utilising digital communications to disseminate emergency communications. However, combining the two ideas in this massive scheme generates a host of difficulties and inefficiencies. We are better served by ad hoc alert mechanisms for different incidents, that we can choose to subscribe to with the relevant organisation.