Security and Privacy in Projects Supporting At-Risk Populations

From DevSummit
Jump to: navigation, search

Tomas Krag

Privacy and Anonymity in communities that don't have an idea of privacy

Refugees united was a nonprofit that was not too successful at their mission of helping refugees make contact with their families. Tomas worked on the technology and architecture. The official channels (Red Cross, et. al.) weren't efficient so they circumvented them. Process had little to no technology and no information sharing between camps and their participaits. System was developed in WWI and hasn't been developed since then.

They tried to build online tools and came across these intriguiing issues and found interesting challenges around the different cultures. Anonymity was a big issue due to the status of refugees.

Most constitutients had never been on the internet. Some cultures had no idea of privacy in their social structure so how do you describe these concepts to them? The concept of explaining privacy to people who have never been on the internet was large.

The technological challenges included security on mobile phones. Goal was capacity building to help people be found or not found but have some kind of information that was unique enough to help them find their family.

Names can be challenging. The idea of sharing is very familiar to somalians but the idea of a private “user profile” that's not shared among the rest of the tribe sounds ridiculous. The idea of posting messages on a physical public board is understandable whereas posting on the internet was not.

Tried to have a small number of databases for questions from culture to culture. Each set of refugees had different questions that could answer for privacy. They tried to build a threat matrix of all the refugee camp. They tried to figure out why people would flee and make these camps. Most people were afraid of being sent back home.

Some people were falisfing their tribe loyalty so in some countries asking the question of what is your tribe blocked some people from engaging with the system.

A kid understood facebook but not this system. Everyone under 30 in the refugee camps were on facebook.

Liberia had a coup in 1980 and the USA installed a puppet that executed people that didn't fit with his world view. The idea of locality is easy in a place like this but when there is a war and the people disperse identity and connections between people break down. There are deep subcultures within subcultures. People use physical tokens with verbal stories to identity families. This creates evasion from government but not from the local families.

The user interface ended up being adapted to arbitray text fields that each user could fill out on their own. Circumvention of censorship from soviet russia and figuring out how that is still relevant. IT might not be the best system for solving refugee location problems since the oral network of connections is much deeper.

Most African countries have a model for mutual aid among extended family. This doesn't exist in the states. Overfitting your security model is a problem that can happen.

The privacy culture doesn't exist but the risks do. The idea of security didn't stop at ecommerce and it's more complicated now.

Is this problem something that will be solved with time? Probably not. Literacy is something that is a problem. SMS uses less power than talking so people have communal charging stations. African refugee camps are the most extreme example of connectivity and user input problems.

With registration comes a risk. They are saying that the risk is the benefit for registering refugees. The risk can be death in an extreme case but it's in the threat matrix.

The take away was that if you are at risk of state persecution don't use the registration tool. The idea of a risk model including persecution is something that is possible and can use machine learning algorithms to have good prediction of persecuted people in a population.

The success of communicating privacy to refugees depended on the analogies correct so they could understand the computer system.

Most of the threats were non-technological. The risk of using an SMS tool wasn't that someone would attack the database but it was much more likely that someone could bribe the sysadmin for records.

There are no desktop computers in refugee camp because of the power problem. The lack of value due to limited battery life made it ridiculous to have laptops. The large part of security is social.

There are some viable solution to this hard problem but they are still in progress.