A few weeks ago, Citizen Lab revealed that they had located spyware from FinFisher in South Africa and Nigeria. Along with previous evidence that it was operating in Ethiopia – as well as numerous other low- to middle-income countries outside of Africa – the Citizen Lab report is just the most recent piece of data pointing to the emergence of considerable surveillant capacity in the developing world. Not all of these systems are as obviously troubling as FinFisher; indeed, many are being explicitly and genuinely promoted as development tools.
From surveillance drones in the DRC to national biometric identification databases like India’s Aadhaar, the ambiguity of technologies for collecting, tracking, and managing personal data is on full display. Even the widely-hailed success of mobile phones are deeply ambiguous with regard to surveillance and privacy (as the growth of SIM registration requirements demonstrate).
For a variety of reasons, though, these issues are not being addressed with the seriousness they demand as donors, aid organizations, and humanitarian groups adopt drones, biometrics, and other information technologies. There may certainly be good reasons in some situations to adopt these technologies, but doing so without appropriate safeguards and regulations – as is frequently the case – is, to say the least, irresponsible.
To raise some of these issues, Carly Nyst and I have a piece in Slate, Privacy for the Other 5 Billion:
Humanitarian organizations, development funders, and governments have a responsibility to critically assess these new forms of surveillance, consult widely, and implement safeguards such as data protection, judicial oversight, and the highest levels of security. In much of the world, these sorts of precautions are sorely lacking: For example, despite the success of information technology in Africa, only 10 countries on the continent have some form of data protection law on the books (and even those rarely have the capacity or will to enforce them)…
Given the enormity of the challenge facing these organizations, it is perhaps easy not to prioritize issues like privacy and security of personal data, but the same arguments were once made against gender considerations and environmental protections in development. Aid programs that involve databases of personal information—especially of those most vulnerable and marginalized—must adopt stringent policies and practices relating to the collection, use, and sharing of that data. Best practices should include privacy impact assessments and consider the scope for “privacy by design” methodologies.