SMS disaster alert and warning systems - don't do it !
The techie end of the so called "blogosphere" is full of suggestions, following the Indian Ocean tsunami disaster along the lines of: "wouldn't it be a good idea if we set up an GSM Mobile phone Short Message Service (SMS) Disaster Warning Alert System ?"
e.g.
James Cascio at WorldChanging
Howard Rheingold at Smartmobs,
Leaving aside the whole question of actually getting enough warning data and disseminating it at the international or governmental level, in time to evacuate thousands or millions of people, the discussion is touching upon the suggested use of SMS as a mechanism for distributing pre-disaster emergency alerts, in the hope that some lives could have been saved.
There are lots of problems with this whole concept - do not do it!
Some people have even set up such a system, in the aftermath of the disaster in Sri Lanka e.g. the Alert Retrieval Cache, which illustrates exactly how not to create such an SMS warning system by publishing people's private mobile phone numbers on the world wide web which can then be abused by spammers and other criminals.
The "filtering" of "too many test requests" is simply based on the +94 prefix for Sri Lanka, or the +66 prefix for Thailand, which can be easily forged in an SMS message. There can be no way for the operators of this "do it yourself" SMS warning system, since they are not actually telecomms operators, to get real Cell ID Location Based Data to verify the approximate physical locations of these handsets.
However, even mobile phone companies seem to have a hard enough time keeping their own Cell ID location maps up to date, let alone having access to those of other mobile phone networks in foreign countries. A lot of (but not necessarily all, depending on roaming agreements sometimes between subsidiaries of the same multinational telecomms company) this location data gets filtered out of the Call Detail Records for international roaming calls. The commercial priority is to grab a chunk of the hugely inflated prices that are usually charged for such calls, at the country/roaming agreement partner level. The picture gets even more complicated where there are several local telecomms companies with roaming agreements with a foreign one, and where the customer's handset switches not just between different cells, but different companies as they move around, sometimes every few metres.
The Sri Lankan telecom authorities did, apparently, send SMS messages to foreign "roaming" phones belonging to tourists, asking them to phone or SMS the authorities. This is a legitimate and useful use of SMS, after a disaster, although it does somewhat imply preferential treatment for foreign tourists over the local population.
There have been plenty of reports of the further victimisation of the tsunami survivors and their property by the human predators who emerge wherever the rule of law has broken down in the disaster zone.
There are even reports of the homes of foreign tourists presumed lost being burgled back in their home countries once their personal details have been published.
Ther have been email hoaxes sent to tsunami victims' families, and no doubt there are several "419", "phishing" and premium rate phone numbers scams involving bogus disaster relief "charities".
Look at the statistics for hoax 999 emergency service calls in the United Kingdom alone, there are tens of thousands of deliberately malicious calls every year, let alone the accidental or misinformed ones.
SMS has a potential for use in the disaster recovery phase, where individuals alert the emergency and relief agencies with location reports about groups of survivors, the need for particular supplies or medicines etc.
A question that needs to be asked of the people proposing SMS as a pre-disaster warning and alert system is, would you believe an email spam claiming that a Disaster (natural or terrorist etc.) is likely to happen in your location in, say the next hour ? Would you believe it ? Even if the "From" address was apparently from a Disaster Warning Service to which you had voluntarily or commercially subscribed ? Would you believe the warning and act upon it i.e. evacuate your children and yourself, shut down your business etc ?
You would be foolish to do this on the basis of an unauthenticated email.
What is different with SMS messages ? Nothing !
These too can be easily forged, the only major difference is the cost of doing so. Email spam can be sent by the million essentially free of charge. SMS spam costs a spammer money to the GSM Mobile phone networks, unless they are prepared to skip on the next monthly invoice and to shut down their business operations. This is unlikely for commercial spam, but not a problem for lunatics, fanatics and terrorists.
Neither is it a problem for organised criminals who want to cause a panic which ties up the local "first responder" emergency services especially the local police forces, whilst they conduct, say a bank raid or a major smuggling operation in an area now denuded of police resources.
For relatively slow moving disasters, like hurricanes (the winds may circulate and gust at up to 200mph, but the storm as a whole might be moving at only a few tens of miles an hour) or forest fires, then SMS and landline phone trees are a valuable resource in giving a final evacuation warning to householders who are almost certainly already prepared by news media reports to evacuate at a moments notice, depending on the direction of the wind.
This is not the same as an out of the blue volcano, earthquake, tsunami or threatened terrorist or military attack.
Why would an SMS Emergency Alert system not be subjected to malicious attacks and attempts to subvert or spoof it, into causeing panic for various reasons ?
Even if an SMS emergency disaster alert system were to be restricted to self selected or government nominated local people,unless the central systems are secure to the highest possible standards, any such system will come under prolonged and frequent attack and attempts to hoax and subvert it.
Which power mad lunatic or terrorist intent on causing panic, or organised criminal wanting to divert the police etc. away from his activities, would not be willing to devote considerable resources for the chance of controlling an army of "zombies" ready to clog the roads , airports, telecomms bandwidth etc. at a moment's notice, once he has managed to subvert the SMS Panic Button ?
Given that there are over a billion GSM phones out there at the moment, and that the 3GPP replacements just coming on stream are no better in this respect, it could easily take 20 years or more before enough mobile phones and devices are fitted with the requisite strong authentication mechanisms, to appear on the market. Even then, if the usual "backwards compatability" commercial pressures apply, even the new devices will still be able to be hoaxed using the old insecure SMS protocols.
Even the suggestions to limit an Emergency Disaster Warning to the physical locations where it is expected to strike is fraught with difficulties. In the USA the E911 system of compulsory Location Based tracking of Emergency Phone Calls to the nearest 200 metres or so is slowly rolling out throughout the country. However this is designed to help tracing someone who calls the Emergency Services in a remote area or at night etc where they themselves are unsure of their location. It does not seem to include a strong authentication mechanism for alerts from the Emergency Services. US E911 equipped mobile phone handsets were of no use in the Indian Ocean, where the requisite network infrastructure is not installed, and is likely to be technically incompatible even if one were to be.
Inevitably there are also huge privacy problems associated with being tracked and monitored by your mobile phone: a technology currently being tested for the electronic tagging of criminals, which is a further barrier of a lack of trust of central governments, which would need to be overcome if such a system were to become more widespread.
Can you trust your Government if it issues an Emergency Alert or even if it issues an "Official Denial" in order to prevent panic being spread by informal SMS message trees ? This was a major issue during the inept handling of the SARS epidemic in China
A self selected SMS flash mob "warning" system is no substitute for a proper Civil Defence and Emergency Services system, and tempting though it is to some people to create one, you should be kicking your government for proper resources for the latter and not be wasting time and lives on the former.
Unless and until, the next generation of mobile phones standards, (not 3GPP, and it may even be too late to include in the 4th Generation standards) include a mandatory strong authentication mechanism for SMS messages, then SMS disaster/emergency warning systems will be worse than useless - don't do it !
Comments
The role of ARC was never to publish numbers on the web. It's a closed system. The fact that one person took it upon themselves to post the number to the SMS server we were using was simply a mistake. It's been remedied.
Don't do it? No. I'd say be more careful with what is made public. The project team suffered a bit because one individual couldn't restrain themself, but we have NOT published anyone's phone number on the web.
Perhaps you should allow discussion instead of issuing commands. :-)
Posted by: Taran | January 8, 2005 7:23 PM
Taran:
Well, the test page is *still* online betraying mobile phone numbers, so I am not sure what has been "remedied".
Nothing that has been made public about the ARC project seems to suggest any viable human organisational strategies or technological techniques which address the fundamental weakness of the whole concept of using unreliable (under heavy traffic load), unathenticated, easily forged protocols like SMS for disaster or emergency warning systems.
The ARC concept of some kind of automated back end, similar to the google pagerank algorithm or some sort of artificial intelligence classifier system, for allocating scarce resources to unauthenticated requests for help, in the aftermath of a disaster, also seems to be fundamentally flawed.
Feel free to discuss this here or on your own weblog or any other public forum.
I still say "SMS disaster alert and warning systems - don't do it !"
Posted by: wtwu | January 8, 2005 11:06 PM
The BBC reports a tsunami false alarm panic in Chile
http://news.bbc.co.uk/1/hi/world/americas/4183073.stm
"Tsunami rumour sparks Chile panic
Thousands of panicking people in southern Chile have fled their homes after a false tsunami alarm.
*One woman died of a heart attack* and others were wounded as they tried to flee coastal areas near the towns of Concepcion and Talcahuano.
The exodus began as reports that fishermen had spotted apparent signs of an impending tsunami spread through the densely populated area.
Several hours after the alert, some people still stayed in the hills."
Posted by: wtwu | January 18, 2005 4:16 AM
A personal passcode or phrase could be used to ensure the message was from a legitimate source. Much like a password, this would be shared only between you and the emergency notification agency. Any messages sent lacking your personal passcode in the text could easily be recognized as a hoax.
Posted by: Ryan | August 7, 2005 6:57 PM
@ Ryan - Just like Internet banking, what is to stop people from falling for "phishing" attacks "e.g. please SMS text your Emergency Authentication Code to nnnn" etc, ?
Hardly anybody knows how to set up or use an m-commerce digital certificate which could be used , on some of the more advanced mobile phones, to authenticate the source of the message.
SMS (or Internet) rumours also spread through family, friends and aquaintances, at second or third hand, rather than directly from "the authorities".
Given the delays caused by bureacracies, it is hard to see how they can ever react swiftly enough
e.g. The initial reports from the "official" London Underground and Metropolitan Police about the July 7th terrorist bomb explosions were wrong in many important details e.g. blaming a power failure, exaggerating the number of Tube stations affected etc.
Posted by: wtwu | August 7, 2005 7:15 PM