Data in international development: How even the best of intentions can pave the road to surveillance
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 126 | |
| Author | ||
| License | CC Attribution - ShareAlike 3.0 Germany: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/33292 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
re:publica 2014115 / 126
15
19
22
26
29
31
33
34
35
41
42
49
50
58
68
71
72
74
78
84
87
88
89
91
93
97
100
102
105
106
107
108
109
110
112
119
121
122
123
125
126
00:00
Data acquisitionLevel (video gaming)Metropolitan area network2 (number)Computer animationLecture/Conference
00:58
InformationProcess (computing)Service (economics)Information privacyInequality (mathematics)Power (physics)AreaSet (mathematics)Process (computing)Software frameworkVideo gameDisk read-and-write headEvent horizonInequality (mathematics)Vector potentialPrice indexAreaData conversionField (computer science)Cycle (graph theory)Information privacyGroup actionInformationGame controllerDecision theoryContext awarenessBitData miningCASE <Informatik>DialectLattice (order)Right angleStandard deviationType theoryProjective planeQuicksortDependent and independent variablesOpen setLine (geometry)Open sourceSelf-organizationTerm (mathematics)GeometryNumberDifferent (Kate Ryan album)Mathematical analysisWordService (economics)Pattern languagePhysical lawRegulator geneTouchscreenDatabaseShared memoryPoint (geometry)Personal digital assistantDataflowMereologyMeasurementTheoryHierarchyBuildingChannel capacityFundamental theorem of algebraComputer animationLecture/Conference
10:30
InformationTelecommunicationMobile WebCivil engineeringService (economics)Data analysisMathematicsNichtkommutative Jordan-AlgebraBiostatisticsIRIS-TFreewareImage registrationProof theoryIdentity managementDigital mediaProjective planeWeb service3 (number)WordQuicksortMetropolitan area networkFormal verificationSystem identificationHeat transferMoment (mathematics)Metric systemNatural numberDifferent (Kate Ryan album)BitGreatest elementWater vaporAsynchronous Transfer ModePort scannerLevel (video gaming)InternetworkingNumberCuboidStaff (military)FamilyPoint (geometry)Computer programmingPhysical systemField (computer science)Vulnerability (computing)Form (programming)CASE <Informatik>Source codeAnalytic setMassActive contour modelAreaFile systemMultiplication signMereologyInformation and communications technologyPredictabilityMatrix (mathematics)Service (economics)Term (mathematics)Pattern languageIdentity managementIRIS-TFreewareSet (mathematics)Reading (process)TwitterData analysisSurface of revolutionComputing platformInformation securitySelf-organizationInformationMappingMessage passingSocial classMobile WebPhysical lawWeb pageBiostatisticsPulse (signal processing)Sound effectStandard deviationDigitizingDigital photography
20:02
BiostatisticsInformation privacyInformation securityInformationSample (statistics)Message passingType theoryEvent horizonState of matterDependent and independent variablesTuring testPhase transitionMultiplication signConservation lawExpert systemWeb serviceNumberValuation (algebra)Projective planeDecision theoryStructural loadTraffic reportingMessage passingFrequencyGroup actionMappingLevel (video gaming)AreaUtility softwareComputing platformInformationSpacetimeCartesian coordinate systemWeb 2.0Electronic mailing listForm (programming)PlastikkarteInformation privacyState of matterComputer fileCircleOrder (biology)Information securityDependent and independent variablesStudent's t-testArchaeological field surveyMobile WebMassData storage deviceRight anglePhysical systemTerm (mathematics)Address spacePRINCE2Functional (mathematics)Axiom of choiceType theoryFormal verificationResultantCASE <Informatik>System identificationLine (geometry)Software frameworkParametrische ErregungBasis <Mathematik>Point (geometry)Thermal conductivityCodeVideo gameQuicksortSelf-organizationIntegrated development environmentBitMetric systemUniform resource locatorBiostatisticsReal numberMaxima and minimaSet (mathematics)IRIS-TInformation technology consultingPressurePerformance appraisalLecture/Conference
29:44
Process (computing)Game controllerLogical constantPlastikkarteOpen setOpen setIdentifiabilityQuicksortInformationDatabaseInformation privacyMereologyMultiplication signPhysical systemPoint (geometry)WordTwitterType theoryGame theoryMetric systemAnnihilator (ring theory)BuildingNeuroinformatikIntegrated development environmentGame controllerMoment (mathematics)3 (number)Template (C++)CASE <Informatik>Virtual machineException handlingSoftware frameworkElement (mathematics)Modal logicMaxima and minimaField (computer science)HorizonOrder (biology)AreaInternetworkingForm (programming)Perturbation theoryPresentation of a groupCalculationPrice indexProjective planeEntire functionComputer programmingDeterminantFrequencyTerm (mathematics)Set (mathematics)Sound effectGroup actionRight angleRamificationArithmetic progressionAdditionPort scannerCodeTheoryOperator (mathematics)BackupTraffic reportingBitRepresentation (politics)Internet service providerMatching (graph theory)Online helpLocal ringIRIS-TBiostatisticsStatisticsDirection (geometry)Limit (category theory)Line (geometry)Context awarenessLecture/ConferenceMeeting/Interview
39:27
Information securityDigital signalProcess (computing)Cartesian coordinate systemWave packetProjective planeForm (programming)Self-organizationState of matterProcedural programmingLattice (order)Different (Kate Ryan album)NumberField (computer science)Point (geometry)Real numberCASE <Informatik>Computer programmingGreatest elementLocal ringEndliche ModelltheorieCommunications protocolContext awarenessBuildingTerm (mathematics)InformationSet (mathematics)Type theoryCivil engineeringSystem callDigitizingInformation securityRight angleFrame problemLine (geometry)Open sourceoutputWeb 2.0Position operatorDegree (graph theory)MereologyPower (physics)Integrated development environmentSingle-precision floating-point formatRegulator geneLatent heatMultiplication signLecture/Conference
49:09
Physical systemOffenes KommunikationssystemSystem callProjective planeOpen sourceWordArithmetic meanIndependence (probability theory)InformationCausalityLecture/Conference
51:07
Data acquisitionComputer animation
Transcript: English(auto-generated)
00:15
a good start, to start with applause, huh? So we are here at stage three with our third
00:22
session, and it is about data and international development, and how even the best of intentions can pave the road to surveillance. And the both ladies over here are Zaha Rahman from UK and Becky Kaczynski from New York, and I'm very happy to have them here on stage three,
00:49
and yeah, I'm really looking forward to your session, and I think you do also. Okay, thank you. Oh, can we have the second microphone? Hello? Yeah. Mistake! I'm sorry.
01:11
Okay. Can you hear me? Yes. Yes, okay. Right, just checking. So yeah, my name is Zara, and we're going to be talking about data in international development, how even the
01:22
best of intentions can pave the road to surveillance. So we kind of started with this premise, information is a more effective tool in the hands of the strong than in the hands of the weak. So in this case of international development, that's the weak, the vulnerable communities
01:43
from the poorest regions of the world, the strong being the rich countries that are carrying out the international development projects. So how we came to this, I work in open development, so that's kind of between the open movement and international development. I worked for the
02:01
Open Knowledge Foundation in development initiatives, and earlier this year I went to the international steering meeting of the global standard around aid transparency called the International Aid Transparency Initiative, and throughout the three days I was amazed that these are the people who set the standard for how rich government should be publishing their
02:24
aid data, so how they're giving money to poorer countries, and throughout the whole three days there was one panel on privacy and ethics, and I asked a few people about this, like why aren't we talking about the kind of risks that could be coming from this, and most people's response was that's not our problem to deal with, that's not what we should be talking about,
02:42
we should be opening up data and making sure it's all available for people to deal with, and that was kind of flagged up in my head as a potential risk. And my name is Becky, and in my work I mostly focus on privacy issues as they relate to all of the other issues in the world, which include development, and recently we have noticed that
03:02
there's been a lot of great conversation and brainstorming within the development field that has begun to ask fundamental questions about the ethics of data collection, data which we all need for various purposes, how can it be misused, how does it open up roads to unintended consequences, and for me this work becomes meaningful when we assess it within
03:26
an important area of work like this. So I guess we should start with this fundamental question which we often take for granted in this day and age, we often assume that more information is
03:41
better, on the other hand data and information are not exactly the same thing, data is the raw things that we collect through various devices and processes, and information is meaningful things that we use to glean insights and do our work, and it seems like we should
04:03
still ask this fundamental question why are we collecting data in the first place, and if we are talking about data collection maybe we should start by establishing this overall framework, which we can call the data life cycle. The first part of this life cycle begins with
04:24
collection, so collection takes place in a number of various ways, it can be because a researcher is out in the field and they are doing primary field work, it can happen through the passive collection from devices of people who don't even know that it's happening to them,
04:40
it happens through all sorts of different kinds of capacity building work out in the field. Processing refers to what happens to the data once it has been collected initially, and so this includes basically anything that happens from the point that this data enters a database, does it stay in the database, does it get analyzed and correlated with other databases,
05:03
does this data then get passed on to third parties, and finally dissemination, this is the sharing of the data, so those third parties, how are they using the data and as you open up this life cycle to further uses, what could possibly happen down the line.
05:22
So some of the ways in which data is collected in international development include to deliver services more efficiently to vulnerable communities, so you can see this clearly in for example refugee camps, it helps a lot to know how many people are there, what their needs are, how many are coming in and patterns that are emerging around that, so increasingly there are transparency and accountability requirements and laws,
05:44
regulations in donor countries such as the aid transparency initiative that I mentioned earlier, and again increasingly big data that is becoming quite a buzzword within development, and there's things such as for example climate change analysis, various development issues that
06:04
are trying to be addressed by analyzing huge amounts of data. So as we're coming through this life cycle of data, we ask how are things currently being handled on the ground by various
06:20
groups, whether it's NGOs, large aid agencies, governments, anyone who's working on the ground, we come to a number of different questions from there, currently it seems like many recipients of aid projects can often be portrayed as passive data subjects, data subject is a term within the
06:44
EU framework for data protection, it sort of alludes to this relationship where you become data through some process outside of yourself, outside of your own agency perhaps, and this can in some ways perpetuate the traditional relationship and aid where you have
07:02
a recipient and then the organization that is bestowing services upon the recipient. So in all these situations consent, there's no clear guideline for what it means to say yes, you can take this data, you can take a picture of me, you can record this fundamental information
07:21
about me, in some cases data is implicit, in some cases it's explicit, in some cases it's continued active consent, in other cases there was no consent whatsoever but then it was applied somewhere down the line in a donor's report that they did in fact obtain consent. So privacy rights, there's no universal framework, yes the UN has enshrined privacy as a human
07:46
right, on the other hand the way that privacy is interpreted is highly contextual and varies from both by geography as well as other types of context. Finally this is a bit more fundamental, so data and privacy are fairly difficult sets of issues to understand for anyone
08:06
and if you look at the whole world there's still a fairly small privileged group that does have all of the knowledge and skills required to make them informed decision makers about data and so basically we would say that there is still a fairly broad lack of knowledge
08:23
about how data and privacy work together or don't. So just to kind of contextualize this a bit, when we talk about international development we're broadly talking about efforts made in the world to alleviate poverty and inequality and generally this is measured through economic
08:41
indicators such as GDP per head per capita or social indicators such as inequality. So when we're talking through all this this is international development efforts that are in theory have this primary aim but as we'll see sometimes they don't always do that very well.
09:01
In international development as Becky mentioned earlier there's in traditional in the way that development's been carried out traditionally there's this kind of quite strong hierarchy of rich countries or development actors coming to a community a poorer community and they are the beneficiaries of aid so it's a very one-way flow of resources of money of knowledge
09:25
as far as things have been going and this kind of relates to the way that Becky was talking about the data subject so not only are they the data subject they're also the the aid subject or the aid beneficiary as we call it in international development. An example of this
09:42
is a really good example of this can be seen from a project that was carried out in 2002 between 2002 and 2006 called the listening project and it was it it involved a group of people traveling around the world to over 20 aid recipient countries just listening to people
10:01
who had been on the receiving side of aid they weren't doing it with a motive they didn't have to collect things to satisfy funders or to to measure impact or anything like that it was just the first project where that kind of thing has happened and they talked to over 6 000 people who've received international assistance and one of the main things that they one of the main
10:23
themes that I got from this book was that people people were telling stories of aid agencies that came to their area asked lots of questions and then disappeared this was clearly the aid beneficiaries becoming data subjects and then you know they were trusting the people who came to their communities who in some cases promised them that projects would take place that their
10:43
lives would get better in certain ways and then they disappeared or they came and they took photos and then they saw these photos on the front pages of international organizations reports a year later and this is just just one example of that within international development data is largely used within the ICT4D movement information and communication technologies
11:07
for development and there's lots and lots and lots of examples of this just a few there mobile technologies banking getting health advice from you know other countries from doctors that are far away civic mapping so sending in information about your community via text
11:24
message to a standard platform like usahidi for example delivery of services by biometrics collection data collection that's one we'll be going into a bit more later and as we mentioned already big data analysis on development issues so big data as already kind of mentioned
11:47
it's very generalized it's a an imprecise term referring to large data sets and data science and yeah so the international development over the past 15 years has been
12:01
largely framed around the millennium development goals which are have 2015 as their target year so at the moment lots of people are talking about the post 20 like what's going to happen post 2015 what what will the new goals be and there's a there's recently been a un panel that focuses on the data revolution and there's lots of talk around the post 2015 data revolution
12:24
so this term big data is something we've probably heard a bit too many times at this point but if we were to try to give it a definition it's basically the collection of lots and lots of sets of data pieces that are then aggregated and correlated often with the goal of
12:45
gleaning particular patterns from this new amazing exciting amount of information that wouldn't have been possible in a different day and age without these technologies that we have now and so there's a lot of excitement and interest around this idea that we can now not only
13:03
determine patterns based on what we have now but actually make predictions and therefore this has spawned this field of predictive analytics and predictive analytics does definitely hold some interesting promise there is a un a un body that focuses on this issue it's called
13:23
un global pulse and the idea is that if they can collect and use some of the data that they already have together they could prevent certain crises in the future they could predict what the effects of a drought might be in a certain geographic area they can do pretty
13:42
important work with this if they figure out how to glean insights from this new mass of data so not just the un is interested in this possibility there's lots of other agents in the field that are involved in taking this promise of more data and seeing what it can be applied to
14:05
palantir is just one company for example whose premise is that with the use of this aggregated and correlated data they can build a more resilient and secure society this is something that they repeat many times and so one area for example that they're very active in
14:25
is in human trafficking and we will talk more about human trafficking later in the talk if we're talking about principles that can carry across all of these projects do no harm is one that comes up over and over again it's this premise that not only is it enough to think
14:46
about how you can mitigate harms once you're out in the field and carrying out a program it's it requires you to think through all of this before you actually go out into the field so basically taking all of the considerations of what it means to work with a marginalized
15:02
population that has very vulnerable forms of data being put through different systems and really ask what it would require to use this data ethically and this goes beyond simple digital security or collection practices it's a bit larger than that i already alluded to the problematic
15:29
nature of consent in all of this work but basically there are many different levels of consent and i would argue that almost no one who uses the internet these days is ever really
15:42
expressing substantive active consent we all know consent as a little checkbox that you click at the bottom of a service before you decide to use it and then from that point forward whatever happens to your data you leave to the fates or to the company or hopefully to a body of law that will then take that and make sure that it is being used appropriately but in any case
16:08
in many of these cases that we discuss there may be no notion of consent at all or it'll be implicit so one area that is seeing a lot of data use at the moment is biometrics
16:27
so biometrics are generally a technology that allows for a greater precision and verification than was ever before possible this is the premise and we do that by collecting iris scans or thumbprints and this is being used in many different parts of the world both in the global
16:44
south and areas where development agencies are very active as well as in the the north and societies where we would think that such invasive forms of identification aren't necessary
17:00
so this is just an example the UN HDR is the UN body that deals with refugees and they're very active on social media so i saw this in in january and i was a little bit shocked that they were using it on 590 000 refugees but this was actually really welcomed on twitter and people retweeted it and said congratulations that's that's awesome news that you're
17:23
you know collecting so much data on on refugees and it's true that in lots of cases it does enable more efficient delivery of services and one of these cases is in jordan so when syrian refugees initially crossed over to jordan when they were crossing into refugee camps they were
17:41
asked to give up their identity documents like paper documents to show that they had registered in the camp and as the number of refugees continued and continued the the filing system in the refugee camp was completely overwhelmed and it meant that there were 180 000 documents belonging to members of more than 76 000 families held at this refugee camp which
18:05
is a huge number and it took 50 staff members months and months to make sure it was sorted through and accurately managed and then given back to the right people so now what they do is when when the syrian refugees get to the refugee camp their iris scans are taken
18:23
and with that they are given access to food to water to free health care and they can even access cash at the atm in the refugee camp so they just stand their iris is scanned and they get the cash that they are entitled to and this is great because it avoids risk of
18:43
theft of their documents it means if they left their houses and if they have to leave things in a hurry they don't have to rely on paper documents that could be lost it reduces fraud um it say it helped in a lot of ways on the other hand of course a pretty interesting moment in this is that
19:03
not only are the biometrics being used for verification and identification within the camp but now there's this great service available where the refugee can go and take out money which in a way is empowering for that individual on the other hand an interesting
19:21
transfer of data took place between the primary holder and now this bank and so you have now opened up a whole new road to third-party consequences which are not written out anywhere and are not kept track of in any sort of accountable manner so lots of refugees themselves
19:45
are at least on social media being touted as seeing this as a as a very positive move they're identifying their own identity with the fact that they are registered in a global body such as the un at least i have an identity now i exist um which is uh slightly worrying
20:05
so the biometrics example that was described now was simply using irises as a form of identification verification but there are actually a lot of new systems that are being experimented on constantly which bring more and more information into one place for this
20:22
biometric form of identification and so increasingly what we're going to see is trying to store not just thumbprints for example but combining the thumbprints with the iris combining it with credit card information and so what we see on the right right now is something that's called
20:44
a smart card and that is bringing together all these types of data into one place which once again this is framed as being new enhanced and actually more secure therefore in some ways more enabling for people in terms of how they are identified and how they make their way
21:03
through society and actually what has really struck me about this new development is the way that it is framed as being privacy and privacy enhancing not just a new form of securing but a way to get beyond what is seen in some circles as this problematic zero-sum debate
21:26
this debate is so should our society have surveillance and data collection and it's imagined that on one side you have people saying no we should have no surveillance and on the other side you have law enforcement and government agencies who say yeah actually we need all of
21:42
the surveillance we could possibly ever imagine and more in order to create a secure society in order to deal with all of the threats that we face on an everyday level and so traditionally there has been this framework called privacy by design which many people are well not many
22:02
but many more people are familiar with than other obscure frameworks for how to handle privacy within systems and privacy by design takes as its basis this idea that privacy needs to be built in from the beginning in a system that involves both people and technology and on the one hand privacy by design has been very valuable and has been there for 20 years
22:24
as a reference point but now in some cases biometric smart cards are said to be in line with this framework because they are allowing a middle way that doesn't ask us to choose between either more surveillance or less surveillance they say that with this system of enhanced verification
22:45
and enhanced collection of data we are also securing it in a way that wasn't possible before and therefore we are protecting it therefore the data protection that is enabled through this
23:00
makes it an adequate and ethical choice so this is what i just described this concept of getting beyond either more surveillance or less surveillance is called full functionality so let's make everyone happy with one system and there are a lot of important things that are
23:27
attempted with this decision to try to bridge between the privacy camp and the national security camp but on the other hand in my opinion there's an elephant in the room that doesn't get addressed which is we actually need data minimization if we're always arguing that
23:46
with more protection around the data we keep then that's going to be great as long as we can protect and collect at the same time on the other hand that means we're never talking about the fact that we shouldn't actually necessarily collect all of that to begin with
24:03
so one area in which surveillance could be seen as taking place is the mobile ICT4D movement that happens there's lots of real world examples around this so yes a research survey was done on mobile aids platform users which reported that
24:25
a fifth or eighteen percent of participants reported that someone else had inadvertently received their SMS containing aids or HIV information this is just one example then there are examples where a government will come in and ask for this information
24:43
and they now have a perfect simple easy place to go to get it because another body either a mapping project or a small NGO has collected it already so the types of data that gets collected in mobile ICT4D can include something directly
25:05
from the user and their the device that they're using so their phone this can be their name their address their date of birth the IMEI or the UDID information gathered about their behavior such as location data web browsing etc etc etc the list goes on about what can be collected
25:30
so one way in which mobile ICT4D takes place is through participatory mapping one example of this has been through the platform Ushahidi and lots of others but
25:42
basically crowd mapping so people can send in reports via SMS to a centralized platform and enables other people to see what's going on in that community so the first major use of the Ushahidi project for crisis mapping was in back in 2010 after the Haiti earthquake
26:04
so this was a kind of voluntary volunteer driven effort to produce this map that showed what was going on where people were where people were being found what was happening so and it happened with a group called missions for mission 4636 which was set up as a the
26:21
number 4636 was set up as an emergency number to text if you had if you wanted to send in a report to the Haiti project so they have received over 10,000 SMS's miss messages just during the search and response period of trying to find people during the earthquake and there was
26:44
an independent evaluation that took place afterwards because it was really big a really big deal in the crowd mapping world and so during the project during the earthquake the search itself the decision was taken after 24 hours of deliberation consultations with lawyers
27:03
whether or not to publish the SMS's that were received online so they had people like the U.S. Marines using it the U.S. Secretary of State announced that this was the main platform through which you could get information so there were other international organizations
27:20
that were relying upon this volunteer driven collection of data so the lawyers that were consulted said that consent was implied vis-a-vis the publishing of personal identifying information so during the project itself some of the SMS's were published however afterwards they were taken down and this was kind of it was I think it's still a bit of a thorny
27:45
issue as to whether it should have been or not but they couldn't be completely sure that there weren't any there wasn't any harm being done to the communities in question which is why they took it down one the reason I'm I like this story is because as a result of that because they spent these 24 hours in a really crucial time pressured environment considering what
28:04
they should do and then they realized that there was a need for a code of conduct or a set of guidelines to advise people on what they what they should do so for future for future reference so after this the SMS code of conduct for disaster response was drawn up as a result of their realizing that they had this data and they didn't know what to do with it so this
28:23
was a crowd sourced drawing upon expertise from loads of loads and loads of experts and it's as a result of of what happened in Haiti so now we get into a slightly different area
28:43
and we chose to talk about human trafficking because this presents a really kind of edge example where you deal with vulnerable populations that have very personal data that can bring them into harm's way and they are also people who tend to be displaced
29:03
and may need a service at a certain time but would want to some at some point after they have been displaced come back to where their original country of origin was and so the great challenge with human trafficking is to create a system that allows for people to
29:22
receive care when they need it and thus requires for them to be identified in certain ways but then also allows for them to step out of that and not be stamped a certain way for the rest of their life as someone who was a victim of slavery of some sort and so in this world
29:42
NGOs and various intermediaries have been hard at work for the last 10 years trying to come up with a code of ethics that makes sense for this field of work these types of NGOs face the challenges as anyone doing this type of work where they must report back to funders and government agencies who want to see that progress has been made in addition to those players
30:08
often a case will end up in court around slavery and in that case the local law enforcement will want to get involved and in order to bring this to court you will need certain types of information so in this case these the people doing this work are faced with a difficult set of considerations
30:28
where they want to provide care and represent actual help on the other hand they are still obligated to collect information and they themselves are actually curious about how that
30:40
information can be used to map trends around the world for example and so what has happened is that these groups have been taking they have been spending a very long period of time in the do no harm sort of brainstorm privacy impact assessment before they begin any sort of care
31:03
program and within that they hone in on the indicators as this is called in development the indicators are forms of information that they feel are most essential in order to track who they're actually helping and report back to people outside so they have become much smarter
31:22
about their indicators and this has allowed them to collect both the really truly necessary information while following the data minimization principles that often are missed in this field
31:42
so a lot of what has been used to help them come up with this framework has been helped along by the EU data protection directive specifically around how sensitive data is handled for ethnicities in most normal circumstances it's actually not okay to collect information about religious and philosophical beliefs trade union membership political opinions
32:06
ethnic origin this is all considered off limits in the standard practices within the EU data protection directive of course some exceptions have been made and this is that if a data subject has given their explicit consent that they understand what it means to have certain
32:24
pieces of information collected about them and also that they understand what will happen to it down the line another exception is if so if there are some sort of legal obligations involved either with law enforcement then there are some some loopholes in there as well when the vital
32:48
interests of the data subject are presupposed to be in danger in which you can argue fairly easily in a case like data trafficking pardon then this is also grounds for exception
33:05
so in any case this is a case where a long framework with lots and lots of clauses has actually ended up being practical and at least something to start from okay so now we come to our ways forward kind of drawn between things that have already been mentioned within the
33:25
international development community things that are being worked on at the moment and recommendations from the privacy community this is you might recognize this from the british sitcom little britain computer says no we're building we need to make sure that we're not building systems where
33:44
computer says no puts people's livelihoods at risk there are some examples of how biometrics data has been used and there's such blind faith put in the system and put in the fact that this technology will be 100 correct all the time that no matter if someone says you know
34:01
so for example it's used when people are crossing borders to check whether they're crossing more than once to get double the amount of kind of the repatriation package that they might be offered from refugee agencies and the systems that some of the projects that have been developed so far mean that if a refugee crosses for the first time genuinely for the first time
34:23
but that iris is somehow there's a false match within the system they don't get to have that cash repatriation package because the aid workers that are operating that technology have really such a lot of faith in the technology and there's there's some amazing quotes from people who are operating it saying now we like the machines can never be wrong now we know who to
34:44
trust which is also a little bit scary being aware of the third-party risks and what this what this means so for example with the the example of the syrian refugees having their data shared with banks in jordan being aware of what the the environment is in which this is being shared
35:04
and also especially being aware now there is a trend currently where more and more players are getting into the big data game which means at some point that they will be sharing or receiving certain parts of a database from someone else that potentially held
35:22
personally identifiable identifiable or sensitive information so really hashing out what it means for a third party on the outside to be either sharing now or receiving that data becomes crucially important yeah and i guess another part of the the people who are so when
35:41
you're designing a project that's using technology making sure that there's a a backup in case the project goes wrong so the example that i just mentioned iris scans were taken from refugees but they weren't taken with any other backup with any other data points and this was done in theory with the the privacy concerns of the refugee in mind but it meant that if
36:03
there was a false match they had nothing to fall back on so it was just it was all reliant on on this machinery being completely 100 right all the time so now we get to this issue of
36:21
data collection looks like if we are being if we are putting much more time into thinking through the ethical ramifications so this involves of course the awareness of the long-term and downstream effects of the initial point at which the data was taken from someone of course this also means data minimization as a basic principle in order to do data
36:43
minimization that's not something you can do after you've collected the data actually that is a consideration that needs to be present in the design of the entire research or program or aid initiative from the very beginning and from beforehand because data minimization
37:01
doesn't mean taking a database and shaving off part of it it means actually deciding that less data will go in in the first place but that that data will be more valuable to begin with um one other huge issue that comes up especially around big data is oftentimes a body will claim
37:23
that oh we are using anonymized data it has been de-identified and therefore we are taking precautions and therefore there is nothing to worry about it has been proven over and over in experiments and statistical calculations that re-identifying something that was anonymized
37:41
to begin with is really not that hard and this is something that we will hopefully see more examples of so that we can point out the fact that just anonymization is not enough and it's probably worth mentioning within the ICT4D movement lots of funders do request or do require lots of indicators to show how successful the project was and in some cases
38:04
the the information that they require to be collected might not necessarily be in the best interests of the population at heart so that's something to think about again in the project design why are you collecting this information and who is it benefiting and is it actually doing any active harm or could it do harm in the future to these already very vulnerable people
38:28
so yes a general guiding principle is building for unforeseen circumstances and consequences what can you do now with the anticipation that the reason you thought you were collecting the data now is only one reason or one purpose or use for the data
38:45
currently the internet industry runs on the premise that we will always find a new use for one piece of data that seem to only serve one purpose and therefore we should keep the horizon open in order in order to see all the different uses for it on the other hand
39:04
if we keep this usage open in this way then we can get into some really problematic areas and then I guess this is kind of based on what what my work is kind of around so a movement
39:21
away from traditional international development in the way I've been describing of the kind of development actors parachuting into communities carrying out a development project without that much input from communities affected and then leaving towards open development and this is a more inclusive way of thinking about development projects so it's building upon
39:46
it's a new framing of development projects essentially it's framing projects based on building upon local knowledge including much more inclusive processes of going to communities and asking you know what do they need how can they how can this be how can this happen in the
40:04
best way for this particular community it's getting rid of the one model for all so there's not going to be you know projects that are rolled out across countries regardless of their local cultures or customs it's participatory forms of for example participatory budgeting
40:21
community meetings that decide upon the priorities of the project in question um and yeah so it's using data in a not just data but the processes around international development in a more open and participatory manner and the hope that the hope is that by making it more participatory you are actually opening more room for people to provide you
40:44
with active informed explicit consent when they do then decide to enter into a relationship that become a data subject and finally the uh so throughout all of this the people that we've
41:02
been speaking to i've been kind of astonished at the fact that they get they receive so much training the humanitarian workers um they receive so much training before they go out into the field on how they should behave what they should do what they shouldn't do and i haven't found a single person who's received any training on digital security or on data literacy or on what
41:24
data might mean they're told um you know this is being carried out in a secure way and that's it like it's being kind of uh pushed to the the tech person on that project and it entire trust is being put into the fact that that will be managed and that has been managed in an inappropriate way yeah and this whole concept of whether something is secure or not
41:44
is in itself false because there are always degrees um to which you can depend upon the fact that that a piece of information has been protected correctly and aside from what we might label hardcore digital security which is whether something was encrypted in the correct way
42:00
there are also all of the information practices of people out in the field which influence how the data will be used so if someone is out in the field and they are collecting certain types of data but then they don't understand that a certain type of thing that they're collecting can be harmful down the line for a particular reason
42:22
that itself can be part of what you consider an information uh security practice yeah and then on the other side is uh the communities from whom the data is being taken obviously it's kind of unrealistic to to expect really vulnerable communities who might you know be in the worst of situations in the entire world to expect them to to take data use and data literacy as a
42:43
priority when they clearly have others but there are intermediaries within those communities that could be educated to know enough to ask the right questions like other civil society organizations working in those countries like journalists that could could learn about data literacy so
43:01
understanding what the data means together with the context so if they if they see all the state these data sets they would know hey that's not right that you're collecting data on ethnicities of populations for example or be able to contextualize it appropriately to to hold donor agencies or the people hold carrying out these projects to account
43:23
um yeah and then uh as we said digital security training for for people who are working with vulnerable communities and those who are in charge of um using technologies thanks that's it do we have time for questions are there any questions when you guys talk about
44:00
active consent when in terms of how people use each other's data i get kind of confused because the truth of the matter is when you collect data sets more often than not you don't know when it's going to be valuable but oftentimes it becomes valuable at a later date like you guys have said um i've heard of processes like um data
44:23
data consent protocols where in context um when they feel like they have the data and they feel like it could be appropriately used they request for people to consent to sign off and give consent to use that data um while that process works in very civilized not necessarily
44:42
civilized societies but very western societies it doesn't work everywhere i don't know how how would you solve this problem when you know that you eventually will need that data when you know you eventually will have the appropriate context for it um do you base it on people requesting
45:00
to use the data or do you base that on we're only going to collect this because we see this as appropriate now that causes two problems because if you collect from the bottom up and that instead of from the top down you miss a lot of things that will become valuable in the future but if you collect from the bottom if you collect from the top down and not from the
45:22
bottom up you neglect a lot of societal issues yeah and of course um there's there's no easy answer to that i think you're asking all the right questions um i i would wonder if you can tell now that you don't need this data at this moment but that you will in the future
45:41
then i assume if you can tell that now then the collection of that data fits within some mission that you're working under whatever this greater premise for the work is would then carry over if you're already able to anticipate that you'll need something in the future and so in that case you would want to evaluate this along the priorities of the program
46:01
in place for the data collection and while continuing to be aware that you are now opening up this road to unintended uses in the future yes but unfortunately when you trim your data from a collection point you limit its ability to work in conjunction with other data sets that other companies have collected because data does not work particularly well singularly but it
46:24
works incredibly well in conjunction with other data sets and if you trim one data set and another person trims his data set or starts from starts by only collecting certain points it loses its malleability to be applied in real world situations um i think requesting the
46:42
data as a major company requesting using specific data sets and asking each specific company do you have a particular data set on this do you have a particular data set on this and then requesting these datas and all these companies then send out send out um consent requests to the users of that data and if these users give consent they can use that appropriate portion of
47:05
the users who gave consent on that data in the first place um this isn't a perfect answer to question but i feel like trimming data to begin with is not the appropriate way to go i feel like contextually applying the data is the is the right way to go i think you're making as
47:23
you said i mean you're making a lot of assumptions that you can go back to these users and you can ask them that kind of thing so we had a quote up earlier from someone that i spoke to who's been working a lot in in syrian refuge in refugee camps in jordan with syrian um and he's worked in a lot of countries and he said the one thing that struck him
47:42
is the different way in which the same agency or the same organization will carry out procedures in different countries so when when we when they come to the uk or the us or europe or somewhere um they have to follow a certain number of regulations they have to ask they have to make sure that the person they're collecting the data from understands what the data will be used for how they can access it how they can delete it um and lots of other considerations
48:05
whereas when it's carried out for example in these refugee camps or in other development projects they don't they skip that entire process out so um the assumptions that you're making that you could go and you could request again that kind of thing it's it's
48:20
uh you could request consent from people i mean consider the the environments in which people are working um the fact that people are moving there's huge populations that they won't they won't have they might not have ever been explained the process they might have just been said told you know we need to have this and this and this and then you can have these benefits and that no one is going to say no it's not it's not a fair kind of consent
48:45
procedure um but there are some examples of how kind of how information campaigns have happened around communities so they'll get to the community together they'll work with the community leaders already to explain what consent means to them in a way that they understand rather than uh people who are in positions of power i mean by definition explaining
49:05
in a in a way that people might not understand so well um thank you um i'm sorry for being really finicky and asking a lot of questions but i feel like if we take a one-sided approach where we only try to appropriate for the people using the data and not for the people giving
49:21
the data it causes problems so maybe in the future when um we have the ability and we have many people online giving this information we can teach them what their data means maybe as far from the ground up teaching people what their data means and making better systems in which they do give consent or do choose to not give consent
49:42
yeah no thank thank you for that question thank you um i think we're also making a very fundamental assumption here and that is that there is a we that collects this data and that there is a they that maybe at most give us consent so
50:02
why are we not even considering systems where they own the data where we create systems or they create systems we were where we create systems together that then give the tools to them as well so why is there a we who are operating on this and then if we come up with new uses we can just extend that free and open system that they have and they can choose whether
50:25
or not to run that intelligence on their own data yeah this is kind of what i was talking about with open development making this whole system a lot less hierarchical and more participatory so so people design their own systems they own what they what they're doing they design their projects themselves and they know what they need to do it in other words what i would
50:44
call independent technology or open development as we like to call it but yeah i think that's it for questions thank you all right well thank you very much everyone