In the rush to spread the information revolution, digital development agendas pose an increasing threat to privacy. But are they also unknowingly facilitating new surveillance capabilities?
Humanitarian actors often forsake the right to privacy in favour of promoting programmes utilising phones to deliver services, either through a lack of understanding or wilful ignorance as to the risks involved.
It is clear that the massive uptake of mobile phones in developing countries has played a crucial role in the success of many development interventions over the past decade. As well as aiding communication, mobiles have given people access to a range of services and information and revolutionised information collection and recording in humanitarian disasters.
However, despite being a widely popular development tool, the human rights implications of using mobile phones in development initiatives are not well understood by those funding the projects or using the data of those they purportedly wish to help. Development actors need to think carefully about whether they could be inadvertently undermining the promotion and protection of human rights – in particular rights to privacy and the protection of personal data – and the rule of law in developing countries through programmes involving mobile phones.
In an age of widespread communications surveillance by both state and non-state actors, using mobile networks to transmit sensitive data is inherently risky; disseminating information to beneficiaries by mobile can have unforeseen consequences; and gathering and analysing big data sets of mobile phone activity presents a serious challenge to individuals’ rights.
Mobiles are used in an increasing variety of development initiatives, particularly in relation to health services. mHealth for Development, founded by the UN Foundation and Vodafone, for example, supports the use of mobile phones to send SMS text alerts to enable patients to adhere to their prescriptions, and to train health care workers. In Ghana, the Millennium Villages Project provides diagnosis and treatment support to rural health workers.
Despite all the attention and money being poured into mobile health, it is this area in particular in which serious privacy concerns arise. For starters, health data contains some of the most sensitive pieces of information about us. Consequently, extra care needs to be taken with the transmission and storing of data in mobile health programmes. However, a recent report by TrustLaw, in collaboration with the mHealth Alliance, recognised that the lack of comprehensive data protection and privacy protections in developing countries has impeded the effective expansion of mHealth initiatives. It is startling that the UN would promote these programmes despite knowing how perilous the privacy implications are in countries with limited legal protections.
Further, access to mobile phones is not universal and, where there are mobiles, they may be shared by families. In some contexts, it is the dominant male in the household (usually the father) who ‘owns’ the phone. In this scenario, the use of mobile phones for notifying individuals about, for example, a test result, to report incidents of domestic violence, or to provide reminders about an appointment of which their family members are not previously aware could, to put it lightly, be a complicated affair.
While it may be possible to exclude specifics about a disease or medication in messages, in certain areas the mere fact that one is being contacted by a health actor can be stigmatising. Therefore, some eHealth systems have started obfuscating these messages, using codes such as sport scores or messages from ‘friends’ to communicate sensitive health data, but this is not a universal practice.
Mobile phones can also play a role in improving governance; mobile governance projects such as Mexico’s Citivox and India’s Kerala State IT Mission enable citizens to register to vote or report crime and corruption via their mobile phone. But in the context of poor data protection regimes, the data collected could be misused to persecute individuals who have reported corruption or to monitor political affiliations.
In a context where many developing countries have or are planning to introduce compulsory SIM registration, governments would have phone numbers, tracking data, subscriber information including address and family name. Think about what could be done if the state could pair these data sets with political activity. While communications surveillance systems may help a government improve national security, they are equally likely to enable the surveillance of human rights defenders, political, immigrants, and other groups.
‘Big data’ risks
Outside the dissemination or collection of information from particular individuals, there are a range of initiatives designed to use the data generated or collected by mobiles to conduct analysis about trends and events that might inform future development and humanitarian initiatives. ‘Big data’ – the amassing and analysis of high volumes of digital data to uncover new correlations – is taking the development world by storm.
Crisis mapping, where incidences of violence or disasters are mapped, is one area in which the use of mobile phone data has been lauded. In Haiti, for example, researchers conducted analysis of cell tower data to plot the location of populations fleeing from a cholera outbreak. A prominent example of a crisis mapping platform is Ushahidi in Kenya, funded by, among others, the Ford Foundation and MacArthur.
Big data can also be used to map infrastructure and the use of public services like transport. Telecommunications company Orange recently opened a big dataset of 2.5 billion anonymised text messages and phone calls from Côte d'Ivoire, enabling researchers to analyses and redesign bus routes in the country.
The same data however, could also potentially have been used to identify the movements of particular religious groups, for example, by following phones that were located around mosques at a particular time of day. Additionally, when paired with other data, anonymised data can be deanonymised and used to locate individuals. The problems of anonymisation are enhanced by the lack of safeguards and standards inherent in data for development initiatives.
With the fervour of using and unlocking data sets for development, many people forget one important thing: data is not context free. Developing countries are plagued by violence, conflict and other historical, ethnic, social and cultural fractures that heighten the risk that big and open data will be misused. Discrimination or persecution could easily be the result of de-anonymisation of big data pertaining to, for example, electoral trends, public health issues, political activity or location. The risk of the misuse of personal data is heightened when data is open and thus accessible by any one for any reason.
More critical thought about mobile phones and their rights’ implications is urgently needed; the risk that development initiatives unknowingly create legacy systems to aid impermissible surveillance or other rights-limiting regimes is significant. The New America Foundation’s recent report Dialing Down Risks: Mobile Privacy and Information Security in Global Development Projects outlines core principles to guide development funders and practitioners in incorporating privacy protections into their projects. These principles provide an excellent starting point for a broader discussion around the risks that come along with the opportunities that the use of mobile phones offer for development initiatives and the need to develop more robust practices and standards in this area.
These concerns however, should not be construed as being anti-technology or ignorant of the benefits of mobile phones. If anything, many of the initiatives being backed by western donors in the developing world (biometric databases, electronic voting registration systems, criminal databases and border surveillance initiatives) would raise considerable controversy at home. Despite whatever good intentions development actors may have, the biggest danger is moving forward without thinking of possible collateral damage. The ends sought by the humanitarian community can be reached without instituting mass surveillance regimes in the process. A far more active approach is needed to ensure that the adoption of new technologies like mobile phones promote, rather than imperil, the human rights of those they are purported to benefit.