On Thursday 16 January 2020, I did a presentation on the “Privacy Aspects of ICT Projects” during a conference organised by the Data Protection Office of the Ministry of Technology, Communication and Innovation. A few days prior to the conference, while I was reflecting on what I was going to say, I had an intuition: Mauritius will have to undergo a profound digital transformation at all levels: government, companies, schools and individuals, if we want to attain Vision 2030.
This is why I decided to start my presentation by explaining to the audience what Vision 2030 means. I am always quite amazed, during the various talks I make, that only a few people know about this vision of the Government which was first mentioned by the then Prime Minister on 22 August 2015. Today, Vision 2030, which is about making Mauritius an inclusive high-income country well before 2030, is what dictates the various strategies and actions being done by Government.
For me, the best way to be a high-income country and thus reach the status of Smart Mauritius is by our business entities, the conglomerates but also the SMEs including startups, getting more revenue. Given the limited size of the Mauritian market, this needs to be done through the development of new products and new services for new markets (especially the African market). This is why Government is investing massively in Smart Infrastructure, Smart Mobility and Smart Education, etc.
Now, to create new products and new services (in any field) and conquer new markets, one has to use technology to the full whether one requires a tried-and-trusted technology like Linux or the latest fashionable thing such as Artificial Intelligence.
A lot of organisations have realised that technology in 2020 is about software. Software is eating the world after all. Our organisation, be it in Government or our companies, will have to either implement or develop software. It’s no wonder that 2/3 of the job offers on the LinkedIn website in 2018 were for software engineers (15% for IT people and 15% for data science people).
Now, the software needs to be trusted by all users, especially the ones giving their personal data. Therefore, making sure that the software respects the requirement of the Mauritian Data Protection Act or the European General Data Protection Regulations is key for the organisation to be trusted. Privacy has become so important that an organisation which acquires a reputation of not protecting the data of its clients or users is essentially moribund…
How can we implement or develop software which collects and processes personal data (as provided by users and clients) and which offers all guarantees that the privacy of the individual is going to be protected? This is quite a challenge and two technical avenues can be explored: computer security and information security.
Computer security is about the hardware and software aspects: making sure that the principle of security by design is followed from the very beginning (i.e. users only have to have access to the subset of data which they really require and this can be done through the principle of least privilege and proper access control). Then, security measures such as two-factor authentication, encryption, firewalls and intrusion detection mechanisms can be used to secure the infrastructure further. I am quite confident that using something like the Linux operating system for deployment is a great idea (ask Google, Amazon and Facebook!). Interestingly, the last time I used Windows for anything serious was around 2006, 14 years ago. Since then, I’ve been on Linux and macOS and I’m very happy. Of course, it is also important to train users to identify threats and to respond correctly when there is an incident.
I then spoke about information security which, interestingly, is more about the most vulnerable point in IT, the human. The best way to protect the information within an organisation is through the establishment of a good security policy (which needs to be fully understood and followed to the letter by all). It is also important to have physical security for the people and the equipment. This can be a challenge because people move. Laptops and smartphones today contain valuable information, and being so easy to steal, it is important to have a proper asset management system for business continuity. Of course, data needs to be protected (backups, mirroring, etc.) as well as the network.
Underlying everything is making sure that all layers, including all software, respect the requirements of laws such as our own Data Protection Act which mandates that users giving their data can also modify or erase the data afterwards. The law also mandates that the user be informed whenever his data is being collected so that he can give his consent or not. This is quite a challenge from a software development point of view.
Adhering to everything in computer security and in information security is quite difficult, costly and can be a lengthy process. But the reward is more trust and this is only way to get more business and, hence, more income and profit.
As I had been given 20 minutes for the presentation, I could not go into details in everything. I was telling a friend, after the presentation, that, if I was still at Knowledge Seven, I would have maybe created a 30 hour long training on this important topic.
By the way, I didn’t reinvent the wheel. A lot of my presentation was based on what I read online, most notably on Wikipedia which I love.
Thanks to everyone who came to the presentation and I hope you learned a few things. I definitely did while preparing it and doing it. Thanks to @yurit0s for the photo where I am visible.
It’s all nice and well to have ambition for the future but Mauritius cannot even get the basics right when it comes to IT.
Before I start citing examples, a short disclaimer to say that though I am Mauritian, I now live in the UK, so my “facts” about Mauritius may not be very accurate.
First example, why are you and other Mauritian bloggers not using the mu CC TLD? Even the gov failed to secure the gov.mu. Talk about humiliation!
How many government services are online? Genuine question actually.
The ID database fiasco. I even read that it was going to cost millions of rupees to delete a database. I have no IT expertise but how can it cost so much to delete data? Just wipe it clean? Destroy it? Throw bleach, acid, etc on it?
Ebene Cyber City – poor planning causing lack of parking. Unlike Port-Louis which just grew bigger and got squeezed between mountains and sea, you had the chance to get it right at planning stage but failed.
There was an incident a few years ago about racists comments made on Facebook and the police swooped down like a ton of bricks. It seems to me a bit heavy-handed. There have also been frequent mentions of politicians wanting to ban Facebook. I’ve just read such comments on your blog regarding the HSC leaked papers many years back.
As I survey Mauritius from afar, I also note a lack of innovation on the internet. In the UK, you have sites like My Builder to find a tradesman, Gumtree to find anything, anyone, Freecycle.org to give away things, nextdoor.co.uk for your local neighbourhood, and so on. I can cite jobs.mu and molakaz.mu for Mauritius but no more. I’m sure there are other sites I don’t know because I’m not there but the couple I mentioned have quite a basic concept.
On one hand, it may be that the island is small and doesn’t need the power of the internet to spread information. For instance I don’t think ecommerce will ever work well in the country, simply because of the small size – it’s easy to cover the island to buy or pick up something so why buy online? On the other hand, I believe sites like jobs.mu are doing quite well, so there must be a demand for the right info.
I recommend Mauritians look at Estonia and learn from this small country with a similar population. Skype was invented there, Estonians were among the first in the world to vote online in elections. They are pioneers when it comes to the internet. Their concept of ID cards and data privacy is revolutionary. They’ve come up with e-Estonia which encompasses not just all of their online services but their approach to it, their mindset. They’re trying to export this concept and their online infrastructure to other countries. Maybe Mauritius could sign up?
Here’s an idea. Why not offer free internet to all, using WAN for instance, rather than free tablets at school? Estonians have been offered free wifi since 2002.
I remember my computer classes at school many, many years back. I was being taught “what is a computer”, “the history of computers”, Charles Babbage, his mechanical calculators, even starting way back with the abacus, computer peripherals, having to describe all of them, dot matrix printers, etc. Yet I didn’t know how to turn on a PC and used the computer room twice in the 1st year and none over the next 2 years. Yet there was a computer games club where members got to use the PCs every lunchtime. It now seems like this is what the computers were for…
Dear Gropoy (great name!), I agree 100% with you. Our fundamentals are not right. We’re lucky that we have private ICT companies which have done a lot and ICT is now the 3rd pillar of our economy. Unfortunately, our schools and universities are not innovating quickly enough and our youth are not being empowered as they should be. We need more foreigners and members of the diaspora to come to Mauritius to help us get our fundamentals right.
As for the specifics you mentioned, there are many explanations (excuses?) but they all boil down to a lack of quality people. This has been the major problem for decades now.
Any idea how we can start solving this problem?
Easy, get the right people to do the job.
Mauritians are a clever bunch, I’m sure the skills are there, it’s just a matter of putting the right people in the right places instead of the ti copains.