Computer security for data collection technologies☆

Many organizations in the developing world (e.g., NGOs), include digital data collection in their workflow. Data collected can include information that may be considered sensitive, such as medical or socioeconomic data, and which could be affected by computer security attacks or unintentional mishandling. The attitudes and practices of organizations collecting data have implications for confidentiality, availability, and integrity of data. This work, a collaboration between computer security and ICTD researchers, explores security and privacy attitudes, practices, and needs within organizations that use Open Data Kit (ODK), a prominent digital data collection platform. We conduct a detailed threat modeling exercise to inform our view on potential security threats, and then conduct and analyze a survey and interviews with technology experts in these organizations to ground this analysis in real deployment experiences. We then reflect upon our results, drawing lessons for both organizations collecting data and for tool developers.

[1]  Selma Sabanovic,et al.  The effect of monitoring by cameras and robots on the privacy enhancing behaviors of older adults , 2012, 2012 7th ACM/IEEE International Conference on Human-Robot Interaction (HRI).

[2]  William Thies,et al.  Computer viruses in urban Indian telecenters: characterizing an unsolved problem , 2011, NSDR '11.

[3]  Federico Mancini,et al.  Secure data storage for mobile data collection systems , 2012, MEDES.

[4]  Alan Borning,et al.  Parenting from the pocket: value tensions and technical directions for secure and private parent-teen mobile safety , 2010, SOUPS.

[5]  Tara Matthews,et al.  Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse , 2017, CHI.

[6]  Tadayoshi Kohno,et al.  Computer security for data collection technologies☆ , 2016, ICTD.

[7]  Nicola Dell,et al.  Digital Technologies and Intimate Partner Violence , 2017, Proc. ACM Hum. Comput. Interact..

[8]  Joyojeet Pal,et al.  Computing security in the developing world: a case for multidisciplinary research , 2011, NSDR '11.

[9]  Ka-Ping Yee,et al.  Aligning Security and Usability , 2004, IEEE Secur. Priv..

[10]  Patrick Traynor,et al.  Mo(bile) Money, Mo(bile) Problems , 2017, ACM Trans. Priv. Secur..

[11]  Engin Kirda,et al.  A Look at Targeted Attacks Through the Lense of an NGO , 2014, USENIX Security Symposium.

[12]  Benjamin E. Birnbaum,et al.  Automated quality control for mobile data collection , 2012, ACM DEV '12.

[13]  Anna R. Karlin,et al.  Using behavioral data to identify interviewer fabrication in surveys , 2013, CHI.

[14]  Edward Cutrell,et al.  Balancing burden and benefit: non-prescribed use of employer-issued mobile devices , 2013, ICTD '13.

[15]  Gaetano Borriello,et al.  Open data kit: tools to build information services for developing regions , 2010, ICTD.

[16]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[17]  Ishita Ghosh,et al.  The persistence of paper: a case study in microfinance from Ghana , 2015, ICTD.

[18]  Jeremy Clark,et al.  Panic Passwords: Authenticating under Duress , 2008, HotSec.

[19]  F. Mancini,et al.  Adding security to mobile data collection , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.

[20]  Henry Corrigan-Gibbs,et al.  FlashPatch: spreading software updates over flash drives in under-connected regions , 2013, ACM DEV-4 '13.

[21]  Federico Mancini,et al.  Secure cloud storage for remote mobile data collection , 2013, NordiCloud '13.

[22]  Tapan S. Parikh Using mobile phones for secure, distributed document processing in the developing world , 2005, IEEE Pervasive Computing.

[23]  Franziska Roesner,et al.  Investigating the Computer Security Practices and Needs of Journalists , 2015, USENIX Security Symposium.

[24]  Gaetano Borriello,et al.  Open data kit 2.0: expanding and refining information services for developing regions , 2013, HotMobile '13.

[25]  Abhishek Gupta,et al.  Simplifying and improving mobile based data collection , 2013, ICTD.