Is privacy (and internet security) on the open development agenda?
One of the main reasons why I participated in both events was to carry forward with some discussions around privacy in open and big data, and also internet security which were started at OKFestival 2014. Because these two events were focussed on open development (open data in development institutions or in developing countries). I was particularly keen to find out the extent to which this community is taking privacy considerations seriously.
I engaged with enough participants and sessions to know that a simple yes or no will not suffice in answering this question. There are so many different factors to consider, and I reflect on some key ones below.
In development, the benefits versus risks debate is amplified
In the development arena, the debate about whether to explore the potential benefits of open (and also big) data or to consider the possible risks is particularly significant. This is due to the fact that the desire to drive meaningful change and impact lives is greater in this area. However, the risks are also significant as many of the actions target particularly vulnerable communities who are in countries that do not have the infrastructure to sufficiently manage these risks. A few of the case studies revealed that while there is a recognition of the possible privacy and security concerns that might be inherent to particular projects, they are not being seriously considered. Not surprisingly, some participants took such presenters to task for being dismissive about the issue, as many of the projects are designed to typically collect so much data without the due privacy considerations.
That said, there are some areas which are seeing these concerns being tackled actively. Mention can be made of the hot off the press Ways to Practice Responsible Development Data handbook which was put together by a group of individuals and organisations (including Open Knowledge). This resource was hailed as necessary to guide development practitioners in their projects. The initiators of the development of this resource (the engine room and Hivos) recognize that several things could go wrong on projects that pose potential privacy risks to individuals. In order to prevent this therefore, they put forward this book to ensure that development actors commit to following some ‘do no harm’ standards.
Having initiated several projects already in the developing world, the World Wide Semantic Web is also now ensuring that privacy safeguard measures are actively built into the project design through a multidisciplinary team that is working on their ‘the Box’ platform. Hence, they are exploring how to use ‘the Box’ to for instance, encrypt and reroute private stores of information to protect the privacy in grassroot information-sharing (on for example, land contracting). If this is done, it will go a long way in ensuring that individuals who share sensitive information are protected.
Further, in some countries (for example Bahrain) where there are significant risks posed to well-known journalists when reporting on sensitive issues, activists are advocating for the use of offline reporting tools such as the StoryMaker. This app allows for anonymous yet interactive storytelling by even non-journalists. WildLeaks also promotes the use of the Tor tool which protects anonymity in wildlife whistle – blowing. In fact, they take confidentiality so seriously at WildLeaks that they are yet to use Facebook and Twitter, although these platforms can greatly enhance the impact of their work.
All these examples are noteworthy, however we need to see more projects and organisations giving this due consideration to privacy protection. As we know, even one risk to an individual is one too many.
Internet security solutions not implementable across board
In a remarkable closing keynote, Malavika Jayaram illustrates the complexities of privacy and internet security in an increasingly technological and open world. In fact, it was also interesting to see the official photographer for ODC14 (in the opening session of day 2), express his reflections on the significant privacy concerns in a world where the digital space is inundated with so many photos and videos. This issue was high on the agenda, i.e. the extent to which participants feel they are able to deal with the challenges posed by internet security, which is usually seen as outside of their realm of control.
We had a very revealing and interesting interactive fishbowl session on this issue where we attempted to hash out the possible solutions. Most of the participants were of the opinion that there was the need to break the hegemony of big Internet Service Providers (ISPs) by having alternatives emerge to challenge them. However, it was noted that this is easier said than done as most people will rather sacrifice privacy and internet security for convenience. Relative to this, another solution that was advanced required that individuals take responsibility for their own internet security by ensuring proper use of encryption, etc. However, once again implementation is not so easy given the identified challenges of using even the more common encryption tools such as PGP. Open for Change was therefore tasked with organising a practical session on encryption at the next ODC. Another possibility that was advanced is the idea that in the future a new kind of digital privacy literacy must emerge, where there’s no distinction between providers and clients. This will require each person to own their own servers and all their data, and manage it themselves. These ‘solutions’ are clearly far-fetched , especially for developing countries where in reality, access to technological infrastructure and capacity is nowhere near the level of western countries.
Looking forward: where will the discussions around privacy take us in the coming year?
So where will these discussions take us in the coming year leading up to Downscale 2015 and ODC2015? Malavika Jayaram’s closing thoughts on big data and big bias certainly gives us a lot to chew on, but more importantly to act upon. However, as suggested we need to have a concrete idea about what is the reality of privacy and internet security in the developing world. This would give us a good foundation upon which to build discussions at next year’s event.
As most of the speakers emphasised, open is not enough, and as a community, the earlier we critically consider and tackle the other (potentially dark) side of open, the better we would be at making meaningful impact on our respective projects.