Mobile Development Projects Carry Big Privacy Risks for Developing World

Mobile phones raise pressing privacy and security issues that must be addressed by development practitioners and funders, NAF said
Mobile phones raise pressing privacy and security issues that must be addressed by development practitioners and funders, NAF said

Over the past decade, mobile phones have become increasingly prominent features of global development projects, as international organizations and nonprofits aim to spur social and economic development and address challenges in public health, financial inclusion, transparent governance, and more. But the New America Foundation posits in a paper that at the same time, political, social and economic instability in the developing world heightens the impact of privacy breaches and personal data leaks.

Mobile phones raise pressing privacy and security issues that must be addressed by development practitioners and funders, NAF said, because they lack any sort of model for best practices, guidelines, frameworks or discussions about the privacy and security risks raised by mobile development projects.

“As technologists and mobile security researchers are keenly aware, mobile phones are highly insecure: in order to function, all mobile devices must constantly communicate with cell sites such as towers or mounted base stations, making it impossible to obscure the location of the user,” reads the paper. When a phone is used, the nearest cell site logs the phone’s ID number along with communications details (call length, etc.). Many of these networks are legally obligated to retain this information for extended periods of time, and it is increasingly easy for third parties using inexpensive equipment to intercept information transmitted over mobile networks.

Regardless of whether or not mobile network operators are under government control (as many are) or independent commercial entities, the service providers that run these networks have full access to user information, including location, communications logs and some stored information, NAF pointed out. And that has potentially enormous privacy ramifications.

“In an increasingly digital world, the ability to know and control how information about oneself is collected, used and shared with the world is a crucial component of self-determination,” NAF noted. “Noting that governments are increasingly relying on digital data from private corporations to categorize citizens based on their political leanings, minority status, economic backgrounds, health information and more, privacy-oriented advocacy groups have linked concerns about privacy to fundamental development and human rights issues.”

For example, privacy breaches and surveillance have been linked to social and economic discrimination. Cited in the report, Privacy International noted that digital surveillance “often amounts to a form of social sorting, whereby governments use controls to create and reinforce social differences and other forms of discrimination, or undermine the enjoyment of other human rights.”

This sorting could easily be enhanced by health information collected by well-meaning development agencies, which could be leaked or intercepted and be used to illicitly monitor abortions, pregnancies, HIV statuses and more, NAF said. This information can then have a wide range of social, economic, and political effects, impacting an individual’s ability to get a job, vote, get a loan or even continue living in his/her community.

With risks looming large, NAF offers a set of best practices: Projects should first and foremost take steps to ensure that user data is secure from third-party surveillance. If that can’t be fully achieved, mobile ICT4D projects should limit data collection to what is absolutely necessary for the project’s goals, and they should be transparent about what data is collected, how it is shared and how it might be used in the future. In addition to addressing user questions and concerns, mobile ICT4D projects should give users the ability to access, amend, and/or delete their data. Finally, they should assume accountability for potential risks and harms incurred via their projects and platforms.

These are clearly broad recommendations, but they’re meant to be umbrellas under which development organizations can organize their fuller efforts. “We can no longer assume that technology will automatically aid the developing world and start thinking about how we can incorporate privacy and security safeguards into development projects and platforms,” NAF said. “Otherwise, privacy and security challenges may overshadow the many benefits that mobile ICT4D initiatives have to offer.”

What’s Hot on Infosecurity Magazine?