Abstract
Many organizations in the developing world (e.g., NGOs), include digital data collection in their workflow. Data collected can include information that may be considered sensitive, such as medical or socioeconomic data, and which could be affected by computer security attacks or unintentional mishandling. The attitudes and practices of organizations collecting data have implications for confidentiality, availability, and integrity of data. This work, a collaboration between computer security and ICTD researchers, explores security and privacy attitudes, practices, and needs within organizations that use Open Data Kit (ODK), a prominent digital data collection platform. We conduct a detailed threat modeling exercise to inform our view on potential security threats, and then conduct and analyze a survey and interviews with technology experts in these organizations to ground this analysis in real deployment experiences. We then reflect upon our results, drawing lessons for both organizations collecting data and for tool developers.
Highlights
Technology has become an important tool for many nongovernmental organizations (NGOs) and groups collecting data in the developing world
We find that data availability and data integrity are prominent goals for Open Data Kit (ODK) deployment architects, whereas confidentiality is not; when prompted to threat model, ODK deployment architects do identify reasons for which confidentiality can be important in Information and Communication Technology for Development (ICTD) contexts
As in other ICTD contexts, our results surface the importance of considering the full spectrum of stakeholders, who may each have different perspectives on computer security. We summarize several previous examples to underscore the importance of considering this diversity
Summary
Technology has become an important tool for many nongovernmental organizations (NGOs) and groups collecting data in the developing world. There have been some efforts to study and address computer security and privacy risks with technologies in an ICTD environment, both on a case-by-case basis for specific technologies and from an academic perspective, e.g., (Ben-David et al, 2011; Corrigan-Gibbs and Chen, 2014; Reaves et al, 2015), the space of “computer security meets ICTD” is still in its infancy. Hussain (2013) gives a broad overview of the potential risks of mobile phone use in global development projects She describes the sensitive types of data that organizations collect and references the legal code of several countries to argue that it is worth securing. Our work investigates how organizations already engaged in data collection approach and understand security, as well as the threats they have encountered and considered
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
