Artificial Intelligence & Machine Learning

What is AI and ML?

Artificial Intelligence (AI) is a field of computer science dedicated to solving cognitive problems commonly associated with human intelligence, such as learning, problem solving, and pattern recognition. Put another way, AI is a catch-all term used to describe new types of computer software that can mimic human intelligence. There is no single, precise, universal definition of AI.

Machine learning (ML) is a subset of AI. Essentially, machine learning is one of the ways computers “learn.” ML is an approach to AI that relies on algorithms on large datasets trained to develop their own rules. This is an alternative to traditional computer programs, in which rules have to be hand-coded in. Machine Learning extracts patterns from data and places that data into different sets. ML has been described as “the science of getting computers to act without being explicitly programmed.” Two short videos provide simple explanations of AI and ML: What Is Artificial Intelligence? | AI Explained and What is machine learning?

Other subsets of AI include speech processing, natural language processing (NLP), robotics, cybernetics, vision, expert systems, planning systems and evolutionary computation. (See Artificial Intelligence – A modern approach).

artificial intelligence, types

The diagram above shows the many different types of technology fields that comprise AI. When referring to AI, one can be referring to any or several of these technologies or fields, and applications that use AI, like Siri or Alexa, utilize multiple technologies. For example, if you say to Siri, “Siri, show me a picture of a banana,” Siri utilizes “natural language processing” to understand what you’re asking, and then uses “vision” to find a banana and show it to you. The question of how Siri understood your question and how Siri knows something is a banana is answered by the algorithms and training used to develop Siri. In this example, Siri would be drawing from “question answering” and “image recognition.”

Most of these technologies and fields are very technical and relate more to computer science than political science. It is important to know that AI can refer to a broad set of technologies and applications. Machine learning is a tool used to create AI systems.

As noted above, AI doesn’t have a universal definition. There are lots of myths surrounding AI—everything from the notion that it’s going to take over the world by enslaving humans, to curing cancer. This primer is intended to provide a basic understanding of artificial intelligence and machine learning, as well as outline some of the benefits and risks posed by AI. It is hoped that this primer will enable you to a conversation about how best to regulate AI so that its potential can be harnessed to improve democracy and governance.

Definitions

Algorithm:An algorithm is defined as “a finite series of well-defined instructions that can be implemented by a computer to solve a specific set of computable problems.” Algorithms are unambiguous, step-by-step procedures. A simple example of an algorithm is a recipe; another is that of a procedure to find the largest number in a set of randomly ordered numbers. An algorithm may either be created by a programmer or generated automatically. In the latter case, it is generated using data via ML.

Algorithmic decision-making/Algorithmic decision system (ADS): A system in which an algorithm makes decisions on its own or supports humans in doing so. ADSs usually function by data mining, regardless of whether they rely on machine learning or not. Examples of a fully automated ADSs are the electronic passport control check-point at airports, and an online decision made by a bank to award a customer an unsecured loan based on the person’s credit history and data profile with the bank. An example of a semi-automated ADS are the driver-assistance features in a car that control its brake, throttle, steering, speed and direction.

Big Data: Extremely large data sets that may be analyzed computationally to reveal patterns, trends, and associations, especially relating to human behavior and interactions. Data is classified as Big Data based on its volume, velocity, variety, veracity and value. This video provides a short explainer video with an introduction to big data and the concept of the 5Vs.

Class label: The label applied after the ML system has classified its inputs, for example, Is a given email message spam or not spam?

Data mining: The practice of examining large pre-existing databases in order to generate new information.” Data mining is also defined as “knowledge discovery from data.

Deep model, also called a “deep neural network” is a type of neural network containing multiple hidden layers.

Label: A label is what the ML system is predicting.

Model: The representation of what a machine learning system has learned from the training data.

Neural network: A biological neural network (BNN) is a system in the brain that enables a creature to sense stimuli and respond to them. An artificial neural network (ANN) is a computing system inspired by its biological counterpart in the human brain. In other words, an ANN is “an attempt to simulate the network of neurons that make up a human brain so that the computer will be able to learn things and make decisions in a humanlike manner.” Large-scale ANNs drive several applications of AI.

Profiling: Profiling involves automated data processing to develop profiles that can be used to make decisions about people.

Robot: Robots are programmable, artificially intelligent automated devices. Fully autonomous robots, e.g., self-driving vehicles, are capable of operating and making decisions without human control. AI enables robots to sense changes in their environments and adapt their responses/ behaviors accordingly in order to perform complex tasks without human intervention. – Report of COMEST on robotics ethics (2017).

Scoring: ¨Scoring is also called prediction, and is the process of generating values based on a trained machine-learning model, given some new input data. The values or scores that are created can represent predictions of future values, but they might also represent a likely category or outcome.” When used vis-a-vis people, scoring is a statistical prediction that determines if an individual fits a category or outcome. A credit score, for example, is a number drawn from statistical analysis that represents the creditworthiness of an individual.

Supervised learning: ML systems learn how to combine inputs to produce predictions on never-before-seen data.

Unsupervised learning: Refers to training a model to find patterns in a dataset, typically an unlabeled dataset.

Training: The process of determining the ideal parameters comprising a model.

 

How do artificial intelligence and machine learning work?

Artificial Intelligence

Artificial Intelligence is a cross-disciplinary approach that combines computer science, linguistics, psychology, philosophy, biology, neuroscience, statistics, mathematics, logic and economics to “understanding, modeling, and replicating intelligence and cognitive processes by invoking various computational, mathematical, logical, mechanical, and even biological principles and devices.”

AI applications exist in every domain, industry, and across different aspects of everyday life. Because AI is so broad, it is useful to think of AI as made up of three categories:

  • Narrow AI or Artificial Narrow Intelligence (ANI) is an expert system in a specific task, like image recognition, playing Go, or asking Alexa or Siri to answer a question.
  • Strong AI or Artificial General Intelligence (AGI) is an AI that matches human intelligence.
  • Artificial Superintelligence (ASI) is an AI that exceeds human capabilities.

Modern AI techniques are developing quickly, and AI applications are already pervasive. However, these applications only exist presently in the “Narrow AI” field. Narrow AI, also known as weak AI, is AI designed to perform a specific, singular task, for example, voice-enabled virtual assistants such as Siri and Cortana, web search engines, and facial-recognition systems.

Artificial General Intelligence and Artificial Superintelligence have not yet been achieved and likely will not be for the next few years or decades.

Machine Learning

Machine Learning is an application of Artificial Intelligence. Although we often find the two terms used interchangeably, machine learning is a process by which an AI application is developed. The machine-learning process involves an algorithm that makes observations based on data, identifies patterns and correlations in the data, and uses the pattern/correlation to make predictions about something. Most of the AI in use today is driven by machine learning.

Just as it is useful to break-up AI into three categories, machine learning can also be thought of as three different techniques: Supervised Learning; Unsupervised Learning; and Deep Learning.

Supervised Learning

Supervised learning efficiently categorizes data according to pre-existing definitions embodied in a labeled data set. One starts with a data set containing training examples with associated labels. Take the example of a simple spam-filtering system that is being trained using spam as well as non-spam emails. The “input” in this case is all the emails the system processes. After humans have marked certain emails as spam, the system sorts spam emails into a separate folder. The “output” is the categorization of email. The system finds a correlation between the label “spam” and the characteristics of the email message, such as the text in the subject line, phrases in the body of the message, or the email address or IP address of the sender. Using the correlation, it tries to predict the correct label (spam/not spam) to apply to all the future emails it gets.

“Spam” and “not spam” in this instance are called “class labels”. The correlation that the system has found is called a “model” or “predictive model.” The model may be thought of as an algorithm the ML system has generated automatically by using data. The labelled messages from which the system learns are called “training data.” The “target variable” is the feature the system is searching for or wants to know more about — in this case, it is the “spaminess” of email. The “correct answer,” so to speak, in the endeavor to categorize email is called the “desired outcome” or “outcome of interest.” This type of learning paradigm is called “supervised learning.”

Unsupervised Learning

Unsupervised learning involves having neural networks learn to find a relationship or pattern without having access to datasets of input-output pairs that have been labelled already. They do so by organizing and grouping the data on their own, finding recurring patterns, and detecting a deviation from the usual pattern. These systems tend to be less predictable than those with labeled datasets and tend to be deployed in environments that may change at some frequency and/or are unstructured or partially structured. Examples include:

  1. an optical character-recognition system that can “read” handwritten text even if it has never encountered the handwriting before.
  2. the recommended products a user sees on online shopping websites. These recommendations may be determined by associating the user with a large number of variables such as their browsing history, items they purchased previously, their ratings of those items, items they saved to a wish list, the user’s location, the devices they use, their brand preference and the prices of their previous purchases.
  3. detection of fraudulent monetary transactions based on, say, their timing and locations. For instance, if two consecutive transactions happened on the same credit card within a short span of time in two different cities.

A combination of supervised and unsupervised learning (called “semi-supervised learning”) is used when a relatively small dataset with labels is available, which can be used to train the neural network to act upon a larger, un-labelled dataset. An example of semi-supervised learning is software that creates deepfakes – photos, videos and audio files that look and sound real to humans but are not.

Deep Learning

Deep learning makes use of large-scale artificial neural networks (ANNs) called deep neural networks, to  create AI that can detect financial fraud, conduct medical image analysis, translate large amounts of text without human intervention and automate moderation of content of social networking websites . These neural networks learn to perform tasks by utilizing numerous layers of mathematical processes to find patterns or relationships among different data points in the datasets. A key attribute to deep learning is that these ANNs can peruse, examine and sort huge amounts of data, which enables them, theoretically, to find new solutions to existing problems.

Although there are other types of machine learning, these three – Supervised Learning, Unsupervised Learning and Deep Learning – represent the basic techniques used to create and train AI systems.

Bias in AI and ML

Artificial intelligence doesn’t come from nowhere; it comes from data received and derived from its developers and from you and me.

And humans have biases. When an AI system learns from humans, it may inherit their individual and societal biases. In cases where it does not learn directly from humans, the “predictive model” as described above may be biased because of the presence of biases in the selection and sampling of data that train the AI system, the “class labels” identified by humans, the way class labels are “marked” and any errors that may have occurred while identifying them, the choice of the “target variable,” “desired outcome” (as opposed to an undesired outcome), “reward”, “regret” and so on. Bias may also occur because of the design of the system; its developers, designers, investors or makers may have ended up baking their own biases into it.

There are three types of biases in computing systems:

  • Pre-existing bias has its roots in social institutions, practices, and attitudes.
  • Technical bias arises from technical constraints or considerations.
  • Emergent bias arises in a context of use.

Bias may affect, for example, the political advertisements one sees on the Internet, the content pushed to the top of the pile in the feeds of social media websites, the amount of insurance premium one needs to pay, if one is screened out of a recruitment process, or if one is allowed to go past border-control checks in another country.

Bias in a computing system is a systematic and repeatable error. Because ML deals with large amounts of data, even a small error rate gets compounded or magnified and greatly affects the outcomes from the system. A decision made by an ML system, especially one that processes vast datasets, is often a statistical prediction. Hence, its accuracy is related to the size of the dataset. Larger training datasets are likely to yield decisions that are more accurate and lower the possibility of errors.

Bias in AI/ ML systems may create new inequalities, exacerbate existing ones, reproduce existing biases, discriminatory treatment and practices, and hide discrimination. See this explainer related to AI bias.

Back to top

How are AI and ML relevant in civic space and for democracy?

Elephant tusks pictured in Uganda. In wildlife conservation, AI/ ML algorithms and past data can be used to predict poacher attacks. Photo credit: NRCN.

The widespread proliferation, rapid deployment, scale, complexity and impact of AI on society is a topic of great interest and concern for governments, civil society, NGOs, human-rights bodies, businesses and the general public alike. AI systems may require varying degrees of human interaction or none at all. AI/ML when applied in design, operation and delivery of services offers the potential to provide new services, and improve the speed, targeting, precision, efficiency, consistency, quality or performance of existing ones. It may provide new insights by making apparent previously undiscovered linkages, relationships and patterns, and offer new solutions. By analyzing large amounts of data, ML systems save time, money and effort. Some examples of the application of AI/ ML in different domains include using AI/ ML algorithms and past data in wildlife conservation to predict poacher attacks  and discovering new species of viruses.

TB Microscopy Diagnosis in Uzbekistan. AI/ML systems aid healthcare professionals in medical diagnosis and easier detection of diseases. Photo credit: USAID.

The predictive abilities of AI and the application of AI and ML in categorizing, organizing, clustering and searching information have brought about improvements in many fields and domains, including healthcare, transportation, governance, education, energy, security and safety, crime prevention, policing, law enforcement, urban management and the judicial system. For example, ML may be used to track the progress and effectiveness of government and philanthropic programs. City administrations, including those of smart cities , use ML to analyze data accumulated over time, about energy consumption, traffic congestion, pollution levels, and waste, in order to monitor and manage them and identify patterns in their generation, consumption and handling.

Digital maps created in Mugumu, Tanzania. Artificial intelligence can support planning of infrastructure development and preparation for disaster. Photo credit: Bobby Neptune for DAI.

AI is also used in climate monitoring, weather forecasting, prediction of disasters and hazards, and planning of infrastructure development. In healthcare, AI systems aid healthcare professionals in medical diagnosis, robot-assisted surgery, easier detection of diseases, prediction of disease outbreaks, tracing the source(s) of disease spread, and so on. Law enforcement and security agencies deploy AI/ML-based surveillance systems, face recognition systems, drones , and predictive policing for the safety and security of the citizens. On the other side of the coin, many of these applications raise questions about individual autonomy, personhood, privacy, security, mass surveillance, reinforcement of social inequality and negative impacts on democracy (See the Risks section ).

Fish caught off the coast of Kema, North Sulawesi, Indonesia. Facial recognition is used to identify species of fish to contribute to sustainable fishing practices. Photo credit: courtesy of USAID SNAPPER.

The full impact of the deployment of AI systems on the individual, society and democracy is not known or knowable, which creates many legal, social, regulatory, technical and ethical conundrums. The topic of harmful bias in artificial intelligence and its intersection with human rights and civil rights has been a matter of concern for governments and activists. The EU General Data Protection Regulation (GDPR) has provisions on automated decision-making, including profiling. The European Commission released a whitepaper on AI in February 2020 as a prequel to potential legislation governing the use of AI in the EU, while another EU body has released recommendations on the human rights impacts of algorithmic systems. Similarly, Germany, France, Japan and India have drafted AI strategies for policy and legislation. Physicist Stephen Hawking once said, “…success in creating AI could be the biggest event in the history of our civilization. But it could also be the last, unless we learn how to avoid the risks.”

Back to top

Opportunities

Artificial intelligence and machine learning can have positive impacts when used to further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about artificial intelligence and machine learning in your work.

Detect and overcome bias

Humans come with individual and cognitive biases and prejudices and may not always act or think rationally. By removing humans from the decision-making process, AI systems potentially eliminate the impact of human bias and irrational decisions, provided the systems are not biased themselves, and that they are intelligible, transparent and auditable. AI systems that aid traceability and transparency can be used to avoid, detect or trace human bias (some of which may be discriminatory) as well as non-human bias, such as bias originating from technical limitations. Much research has shown how automated filtering of job applications reproduces multiple biases; however research has also shown that AI can be used to combat unconscious recruiter biases in hiring. For processes like job hiring where many hidden human biases go undetected,  responsibly-designed algorithms can act as a double check for humans and bring those hidden biases into view, and in some cases even nudge people into less-biased outcomes, for example by masking candidates’ names and other bias-triggering features on a resume.

Improve security and safety

Automated systems based on AI can be used to detect attacks, such as credit card fraud or a cyberattack on public infrastructure. As online fraud becomes more advanced, companies, governments, and individuals need to be able to identify fraud even more quickly, even before it occurs. It is like a game of cat and mouse. Computers are creating more complex, unusual patterns to avoid detection, the human understanding of these patterns is limited— humans need to use equally agile and unusual patterns too, that can adapt and iterate in real time, and Machine Learning can provide this.

Moderate harmful online content

Enormous quantities of content uploaded every second to the social web (videos on YouTube and TikTok, photos and posts to Instagram and Facebook, etc.). There is simply too much for human reviewers to examine themselves. Filtering tools like algorithms and machine-learning techniques are used by many social media platforms to screen through every post for illegal or harmful content (like child sexual abuse material, copyright violations, or spam). Indeed, artificial intelligence is at work in your email inbox, automatically filtering unwanted marketing content away from your main inbox. Recently, the arrival of deepfake and other computer-generated content requires similarly advanced approaches to identify it. Deepfakes take their name from the deep learning artificial-intelligence technology used to make them. Fact-checkers and other actors working to diffuse the dangerous, misleading power of these false videos are developing their own artificial intelligence to identify these videos as false.

Web Search

Search engines run on algorithmic ranking systems. Of course, search engines are not without serious biases and flaws, but they allow us to locate information from the infinite stretches of the internet. Search engines on the web (like Google and Bing) or within platforms (like searches within Wikipedia or within The New York Times) can enhance their algorithmic ranking systems by using machine learning to favor certain kinds of results that may be beneficial to society or of higher quality. For example, Google has an initiative to highlight “original reporting.”

Translation

Machine Learning has allowed for truly incredible advances in translation. For example, Deepl is a small machine-translation company that has surpassed even the translation abilities of the biggest tech companies. Other companies have also created translation algorithms that allow people across the world to translate texts into their preferred languages, or communicate in languages beyond those they know well, which has advanced the fundamental right of access to information, as well as the right to freedom of expression and the right to be heard.

Back to top

Risks

The use of emerging technologies can also create risks in civil society programming. Read below on how to discern the possible dangers associated with artificial intelligence and machine learning in DRG work, as well as how to mitigate for unintended – and intended – consequences.

Discrimination against marginalized groups

There are several ways in which AI may make decisions that can lead to discrimination, including  how the “target variable” and the “class labels” are defined; during the process of labeling the training data; when collecting the training data;  during the feature selection; and when proxies are identified. It is also possible to intentionally set up an AI system to be discriminatory towards one or more groups. This video explains how commercially available facial recognition systems trained on racially biased data sets discriminate against people of dark skin, women and gender-diverse people.

The accuracy of AI systems is based on how ML processes Big Data , which in turn depends on the size of the dataset. The larger the size, the more accurate the system’s decisions are likely to be. However, women, Black people and people of color (PoC), disabled people, minorities, indigenous people, LGBTQ+ people, and other minorities, are less likely to be represented in a dataset because of structural discrimination, group size, or attitudes that prevent their full participation in society. Bias in training data reflects and systematizes existing discrimination. Because an AI system is often a black box, it is hard to conclusively prove or demonstrate that it has made a discriminatory decision, and why it makes certain decisions about some individuals or groups of people. Hence, it is difficult to assess whether certain people were discriminated against on the basis of their race, sex, marginalized status or other protected characteristics. For instance, AI systems used in predictive policing, crime prevention, law enforcement and the criminal justice system are, in a sense, tools for risk-assessment. Using historical data and complex algorithms, they generate predictive scores that are meant to indicate the probability of the occurrence of crime, the probable location and time, and the people who are likely to be involved. When relying on biased data or biased decision-making structures, these systems may end up reinforcing stereotypes about underprivileged, marginalized or minority groups.

A study by the Royal Statistical Society notes that “…predictive policing of drug crimes results in increasingly disproportionate policing of historically over‐policed communities… and, in the extreme, additional police contact will create additional opportunities for police violence in over‐policed areas. When the costs of policing are disproportionate to the level of crime, this amounts to discriminatory policy.” Likewise, when mobile applications for safe urban navigation, software for credit-scoring, banking, housing, insurance, healthcare, and selection of employees and university students rely on biased data and decisions, they reinforce social inequality and negative and harmful stereotypes.

The risks associated with AI systems are exacerbated when AI systems make decisions or predictions involving minorities such as refugees or “life and death” matters such as medical care. A 2018 report by The University of Toronto and Citizen Lab notes, “Many [asylum seekers and immigrants] come from war-torn countries seeking protection from violence and persecution. The nuanced and complex nature of many refugee and immigration claims may be lost on these technologies, leading to serious breaches of internationally and domestically protected human rights, in the form of bias, discrimination, privacy breaches, due process and procedural fairness issues, among others. These systems will have life-and-death ramifications for ordinary people, many of whom are fleeing for their lives.” For medical and healthcare uses, the stakes are especially high because an incorrect decision made by the AI system could potentially put lives at risk or drastically alter the quality of life or wellbeing of the people affected by it.

Security vulnerabilities

Malicious hackers and criminal organizations may use ML systems to identify vulnerabilities in and target public infrastructure or privately-owned systems such as IoT devices and self-driven cars, for example.

If malicious entities target AI systems deployed in public infrastructure, such as smart cities , smart grids, and nuclear installations as well as healthcare facilities and banking systems, among others, they  “will be harder to protect, since these attacks are likely to become more automated and more complex and the risk of cascading failures will be harder to predict. A smart adversary may either attempt to discover and exploit existing weaknesses in the algorithms or create one that they will later exploit.” Exploitation may happen, for example, through a poisoning attack, which interferes with the training data if machine learning is used. Attackers may also “use ML algorithms to automatically identify vulnerabilities and optimize attacks by studying and learning in real time about the systems they target.”

Privacy and data protection

The deployment of AI systems without adequate safeguards and redress mechanisms may pose many risks to privacy and data protection (See also the Data Protection . Businesses and governments collect immense amounts of personal data in order to train the algorithms of AI systems that render services or carry out specific tasks and activities. Criminals, rogue states/ governments/government bodies, and people with malicious intent often try to target these data for various reasons ranging from carrying out monetary fraud to commercial gains to political motives. For instance, health data captured from smartphone applications and Internet-enabled wearable devices, if leaked, can be misused by credit agencies, insurance companies, data brokers, cybercriminals, etc. The breach or abuse of non-personal data, such as anonymized data, simulations, synthetic data, or generalized rules or procedures, may also affect human rights.

Chilling effect

AI systems used for surveillance, policing, criminal sentencing, legal purposes, etc. become a new avenue for abuse of power by the state to control citizens and political dissidents. The fear of profiling, scoring, discrimination and pervasive digital surveillance may have a chilling effect on citizens’ ability or willingness to exercise their rights or express themselves. Most people will modify their behavior in order to obtain the benefits of a good score and to avoid the disadvantages that come with having a bad score.

Opacity (Black box nature of AI systems)

Opacity may be interpreted as either a lack of transparency or a lack of intelligibility. Algorithms, software code, ‘behind-the-scenes’ processing and the decision-making process itself may not be intelligible to those who are not experts or specialized professionals. In legal/judicial matters, for instance, the decisions made by an AI system do not come with explanations, unlike those of judges which are required to state the reasons on which their legal order or judgment is based. The legal order or judgment is quite likely to be on public record.

Technological unemployment

Automation systems, including AI/ML systems, are increasingly being used to replace human labor in various domains and industries, eliminating a large number of jobs and causing structural unemployment (known as technological unemployment). With the introduction of AI/ML systems, some types of jobs will be lost, some others will be transformed, and new jobs will appear. The new jobs are likely to require specific or specialized skills that are amenable to AI/ML systems.

Loss of individual autonomy and personhood

Profiling and scoring in AI raise apprehensions that people are being dehumanized and reduced to a profile or score. Automated decision-making systems may impact the wellbeing, physical integrity, quality of life of people, the information they find or are targeted with, the services and products they can or cannot avail, among other things. This affects what constitutes an individual’s consent (or lack thereof), the way consent is formed, communicated and understood, and the context in which it is valid. “[T]he dilution of the free basis of our individual consent – either through outright information distortion or even just the absence of transparency – imperils the very foundations of how we express our human rights and hold others accountable for their open (or even latent) deprivation”. – Human Rights in the Era of Automation and Artificial Intelligence

Back to top

Questions

If you are trying to understand the implications of artificial intelligence and machine learning in your work environment, or are considering using aspects of these technologies as part of your DRG programming, ask yourself these questions:

  1. Is artificial intelligence or machine learning an appropriate, necessary, and proportionate tool to use for this project and with this community?
  2. Who is designing and overseeing the technology? Can they explain to you what is happening at different steps of the process?
  3. What data are being used to design and train the technology? How could these data lead to biased or flawed functioning of the technology?
  4. What reason do you have to trust the technology’s decisions? Do you understand why you are getting a certain result, or might there be a mistake somewhere? Is anything not explainable?
  5. Are you confident the technology will work as it is claimed when it is used with your community and on your project, as opposed to in a lab setting (or a theoretical setting)? What elements of your situation might cause problems or change the functioning of the technology?
  6. Who is analyzing and implementing the AI/ML technology? Do these people understand the technology, and are they attuned to its potential flaws and dangers? Are these people likely to make any biased decisions, either by misinterpreting the technology or for other reasons?
  7. What measures do you have in place to identify and address potentially harmful biases in the technology?
  8. What regulatory safeguards and redress mechanisms do you have in place, for people who claim that the technology has been unfair to them or abused them in any way?
  9. Is there a way that your AI/ML technology could perpetuate or increase social inequalities, even if the benefits of using AI and ML outweigh these risks? What will you do to minimize these problems and stay alert to them?
  10. Are you certain that the technology abides with relevant regulations and legal standards, including GDPR?
  11. Is there a way that this technology may not discriminate against people by itself, but that it may lead to discrimination or other rights violations, for instance when it is deployed in different contexts or if it is shared with untrained actors? What can you do to prevent this?

Back to top

Case Studies

“Preventing echo chambers: depolarising the conversation on social media”

“Preventing echo chambers: depolarising the conversation on social media” 

“RNW Media’s digital teams… have pioneered moderation strategies to support inclusive digital communities and have significantly boosted the participation of women in specific country settings. Through Social Listening methodologies, RNW Media analyses online conversations on multiple platforms across the digital landscape to identify digital influencers and map topics and sentiments in the national arena. Using Natural Language Processing techniques (such as sentiment and topic detection models), RNW Media can mine text and analyze this data to unravel deep insights into how online dialogue is developing over time. This helps to establish the social impact of the online moderation strategies while at the same time collecting evidence that can be used to advocate for young people’s needs.”

Forecasting climate change, improving agricultural productivity

In 2014, the International Center for Tropical Agriculture, the Government of Colombia, and Colombia’s National Federation of Rice Growers, using weather and crop data collected over the prior decade, predicted climate change and resultant crop loss for farmers in different regions of the country. The prediction “helped 170 farmers in Córdoba avoid direct economic losses of an estimated $ 3.6 million and potentially improve productivity of rice by 1 to 3 tons per hectare. To achieve this, different data sources were analyzed in a complementary fashion to provide a more complete profile of climate change… Additionally, analytical algorithms were adopted and modified from other disciplines, such as biology and neuroscience, and were used to run statistical models and compare with weather records.”

Doberman.io developed an iOS app

Doberman.io developed an iOS app that employs machine learning and speech recognition to automatically analyze speech in a meeting room. The app determines the amount of time each person has spoken and tries to identify the sex of each speaker, using a visualization of the contribution of each speaker almost in real time with the relative percentages of time during which males and females have spoken. “When the meeting starts, the app uses the mic to record what’s being said and will continuously show you the equality of that meeting. When the meeting has ended and the recording stops, you’ll get a full report of the meeting.”

Food security: Detecting diseases in crops using image analysis (2016)

Food security: Detecting diseases in crops using image analysis (2016) 

“Using a public dataset of 54,306 images of diseased and healthy plant leaves collected under controlled conditions, we train a deep convolutional neural network to identify 14 crop species and 26 diseases (or absence thereof). The trained model achieves an accuracy of 99.35% on a held-out test set, demonstrating the feasibility of this approach.”

Can an ML model potentially predict the closure of civic spaces more effectively than traditional approaches? The USAID-funded INSPIRES project is testing the proposition that machine learning can help identify early flags that civic space may shift and generate opportunities to evaluate the success of interventions that strive to build civil society resilience to potential shocks.

Back to top

References

Find below the works cited in this resource.

Additional Resources

Back to top

Categories

5G Technology

What is 5G technology?

Digital inclusion project in the Peruvian Amazon. Rural areas with less existing infrastructure are likely to be left behind in 5G development. Photo credit: Jack Gordon for USAID / Digital Development Communications.
Digital inclusion project in the Peruvian Amazon. Rural areas with less existing infrastructure are likely to be left behind in 5G development. Photo credit: Jack Gordon for USAID / Digital Development Communications.

5G refers to the fifth generation of cellular network technology. It is the next iteration in mobile technology, but there is not yet an official, finalized standard for it. Therefore, 5G refers to a handful of different technologies that are anticipated, but not guaranteed, to emerge in the next decade and will form a web of “super connectivity” for specific use cases and contexts. 5G aims above all to connect devices to one another (the Internet of Things ). However, currently there is a large gap between marketing and reality that this resource will explain. This video by Engadget is an excellent introduction to 5G technology and the excitement and caution around it.

As of 2020, there is not yet an official 5G standard from the overseeing authority, the United Nations International Telecommunications Union (ITU), and telecommunications carriers do not yet agree on what 5G means. Once 5G is fully standardized and when the infrastructure necessary for it is in place, 5G will further enable “smart homes”, “smart cities ”, autonomous vehicles, and other internet-related automation . As opposed to previous cellular technology, 5G is not designed primarily to connect people, but rather to connect devices.

What do we mean by “G?”

“G” refers to generation. “G” indicates a threshold, when a significant shift has finally been achieved in capability, architecture, and technology. These titles are given by the telecommunications industry through the standards authority known as 3GPP. 3GPP creates technical specifications every ten years or so, hence the use of the word “generation”. The acronym IMT is also used, which stands for International Mobile Telecommunications, along with the year that standard became official: For example, 3G is also called IMT 2000.

1GAllowed analogue phone calls; brought mobile devices (mobility)
2GAllowed digital phone calls and messaging; allowed for mass adoption, and eventually enabled mobile data (2.5G)
3GAllowed phone calls, messaging, and internet access
3.5GAllowed stronger internet
4GAllowed faster internet, (better video streaming)
5G“The internet of things”

Will allow devices to connect to one another
6G“The internet of senses”

Little is yet known

This video gives a simplified overview of 1G-4G.

Cellphone shop in Tanzania. 5G technology requires access to 5G-compatible smartphones and devices. Photo credit: Riaz Jahanpour for USAID Tanzania / Digital Development Communications.
Cellphone shop in Tanzania. 5G technology requires access to 5G-compatible smartphones and devices. Photo credit: Riaz Jahanpour for USAID Tanzania / Digital Development Communications.

There is a gap in many developing countries between the cellular standard that users subscribe to and the standard they actually use: many subscribe to 4G but, because it does not perform as advertised, they switch back to 3G. This switching is not always evident to the consumer, and it may be harder for the consumer to notice this “fallback” than with previous networks.

Even once the official standard of 5G is decided on, the infrastructure is in place and users have access to it through appropriate devices, the product is not guaranteed to work as promised: in fact, chances are it will not. 5G will still rely on 3G and 4G technologies, and carriers will still be operating their 3G and 4G networks in parallel.

How does 5G technology work?

There are several key performance indicators (KPIs) that 5G hopes to achieve. Basically, 5G will strengthen cellular networks by using more radio frequencies  along with new techniques to strengthen and multiply connection points. This means faster connection: cutting down the time between a command click on your device and the time it takes the phone to execute that function. This also will allow more devices to connect to one another.

Understanding Spectrum

To understand 5G, it is important to understand a bit about the electromagnetic radio spectrum. This video gives an overview to how cellphones use spectrum.

5G will bring faster speed and stronger services by using more spectrum. To establish a 5G network, it is necessary to secure spectrum for that purpose in advance. Governments and companies have to negotiate spectrum – usually through auctioning off bands, sometimes for huge sums. Spectrum allocation can be a very complicated and political process. Many experts fear that 5G, which requires lots of spectrum, threatens so-called ‘network diversity’ — the idea that spectrum should be used for a variety of purposes across government, business, and society — and may require allocating too much spectrum for this one purpose.

For more reading on spectrum allocation, see the Internet Society’s publication Innovations in Spectrum Management (2019).

Millimeter Waves

5G hopes to tap into new, unused bands at the top of the radio spectrum, known as millimeter waves (mmwaves). They are much less crowded than the lower bands and so they allow faster data transfers. But millimeter waves are tricky: they only travel a range of about 1.6 km when there is nothing in their way, and mmwaves can be absorbed by trees, by walls, and even by the air; and rain and fog can reduce the signal down to a distance of 1km. As a result, 5G will require many cell towers, rather than a few massive towers like we have with 4G. 5G will need towers every 100 meters outside, and every 50 meters inside. As will be detailed later, this is why 5G is really best suited for select parts of dense urban centers. The theoretical potential of millimeter waves is exciting, but in reality, most 5G carriers are trying to deploy 5G back down in the lower parts of the spectrum. Different carriers are experimenting now with different bands.

Don’t forget about fiber!

5G technology needs to run on fiber infrastructure. Fiber can be understood as the nervous system of a mobile network, connecting data centers to cell towers.

5G requires data centers, fiber, cell towers, and small cells

Investment in fiber is critical for 5G deployment and for broadband more generally, but fiber is expensive to install initially. (A 2017 Deloitte study estimated that 5G deployment in the United States would require at least $130 billion investment in fiber). At the moment, fiber is relatively scarce even in industrially developed countries, but it is especially scarce in industrially developing countries and in rural areas. Mobile operators, including the International Telecommunications Union, believe fiber is the best “backhaul” (connective material) due to its long life, high capacity, high reliability and ability to support very high traffic. But the initial investment is expensive and often cost-prohibitive to suppliers and operators, especially in less densely populated areas. 5G is sometimes advertised as a replacement for fiber; however, fiber and 5G are complementary technologies, and fiber cannot be ignored: if anything, fiber is a more secure investment that works with many other technologies, far beyond 5G.

The triangular chart below, from the International Telecommunications Union, is often used to explain the primary features that make up 5G technology (enhanced capacity, low latency, and enhanced connectivity) and the potential applications of these features.

Features that make up 5G technology: enhanced capacity, low latency, and enhanced connectivity, and the potential applications of these features

Who supplies 5G technology?

The market of 5G providers is very concentrated, even more so than previous generations. A handful of companies are capable of supplying telecommunications operators with the necessary technology. As of July 2020, the main suppliers are Huawei (based in China), Ericsson (based in Sweden), and Nokia (based in Finland. Many other carriers are working on developing their 5G technology; for example in the United States, Sprint and T-Mobile merged to work on 5G, raising competition concerns.

In 2019, the United States government passed a defense authorization spending act, NDAA Section 889, that essentially prohibits US agencies from using telecommunications equipment made by Chinese suppliers (for example, Huawei and ZTE). The restriction was put in place over fears that the Chinese government may use its telecommunications infrastructure for espionage (see more in the Risks section). NDAA Section 889 could apply to any contracts made with the US government, and so it is critical for organizations considering partnerships with Chinese suppliers to keep in mind the legal challenges of trying to engage with both the US and Chinese governments in relation to 5G.

Of course, this means that the choice of 5G manufacturers suddenly becomes much more limited. Chinese companies have by far the largest market share of 5G technology. Huawei has the most patents filed, and the strongest lobbying presence within the International Telecommunications Union.

The 5G playing field is fiercely political, with strong tensions between China and the United States. Because 5G technology is closely connected to chip manufacturing, it is important to keep an eye on “the chip wars”. Suppliers reliant on American and Chinese companies are likely to get caught in the crossfire as the trade war gets worse between these countries, because supply chains and manufacturing of equipment is often dependent on both countries. Peter Bloom, founder of Rhizomatica, points out that the global chip market is projected to grow to $22.41 billion by 2026 (from approximately $2.03 billion in 2020). Bloom cautions: “The push towards 5G encompasses a plethora of interest groups, particularly governments, financing institutions and telecommunications companies, that demands to be better analyzed in order to understand where things are moving, whose interests are being served and the possible consequences of these changes.”

 

Back to top

How is 5G relevant in civic space and for democracy?

Mobile money agency in Ghana. Roughly 50% of the world’s population is still not connected to the internet. Photo credit: Credit: John O'Bryan/ USAID.
Mobile money agency in Ghana. Roughly 50% of the world’s population is still not connected to the internet. Photo credit: Credit: John O’Bryan/ USAID.

5G is the first generation that does not prioritize access and connectivity for humans. 5G is a kind of ‘race-car’ technology — a super-connectivity for luxury use cases and specific environments, for instance, for enhanced virtual reality experiences and massively multiplayer video games. Many of the use cases advertised are theoretical or experimental and do not yet exist widely in our society, like remote surgery. (Indeed, telesurgery is one of the most often cited examples of the benefits of 5G, but it remains a prototype technology with many technical and legal issues to work out, that would also necessitate global network development.)

Access to education, health and information are fundamental rights; but multiplayer video games, virtual reality, and autonomous vehicles—all of which would rely on 5G – are not. 5G is a distraction from the critical infrastructure needed to get people online to fully enjoy their fundamental rights and to allow for democratic functioning. The focus on 5G actually diverts attention away from immediate solutions to improving access and bridging the digital divide.

Roughly 50% of the world’s population is still not connected to the internet, and they are primarily living in developing contexts. Unfortunately, 5G will not address this divide. What is needed to improve internet access in industrially developing contexts is more fiber, more internet access points (IXPs), more cell towers, more Internet routers, more wireless spectrum, and reliable electricity. In an industry white paper, only 1 page of 125 discusses a “scaled down” version of 5G that will address the needs of areas with extremely low average revenue per user (ARPU). These solutions include further limiting the geographic areas of service.

Digital trainers in Mugumu, Tanzania. 5G is not designed primarily to connect people, but rather to connect devices. Photo credit: Photo by Bobby Neptune for DAI.
Digital trainers in Mugumu, Tanzania. 5G is not designed primarily to connect people, but rather to connect devices. Photo credit: Photo by Bobby Neptune for DAI.

This presentation by the American corporation INTEL at an ITU regional forum in 2016, “5G for Developing Countries” advertises the usual aspirations for 5G: autonomous vehicles (labeled as “smart transportation”), virtual reality (labeled as “e-learning”), remote surgery (labeled as “e-health”), and sensors that can be placed for water management and agriculture. The Kenya ICT Action Network hosted a webinar in the spring of 2020 in partnership with HUAWEI. The presentation summary and slides are available here. Similar highly specific and theoretical future use-cases are advertised here as well: autonomous vehicles, industrial automation , smart homes, smart cities, smart logistics.

In both presentations, the emphasis is on connecting objects: showing how 5G is really adapted for big industries, not for individuals. Even if 5G were accessible in remote rural areas, individuals would likely have to purchase the most expensive, unlimited data plans to access 5G. This cost comes on top of having to acquire 5G-compatible smartphones and devices. Telecommunications companies themselves estimate that only 3% of Sub Saharan Africa will use 5G. It is estimated that by 2025, most people will still be using 3G (roughly 60%), and 4G (roughly 40%), which is a technology that has existed for 10 years.


5G Broadband / Fixed Wireless Access (FWA)

Because most people in industrially developing contexts connect to the internet via cellphone infrastructure and mobile broadband, what would be most useful to them would be “5G broadband”, also called 5G Fixed Wireless Access, or FWA. FWA is designed to replace “last mile” infrastructure with a wireless 5G network. Indeed, that “last mile” — that final distance to the end user — is often the biggest barrier to internet access across the world. But because the vast majority of these 5G networks will rely on physical fiber connection, FWA without fiber won’t be of the same quality. These FWA networks will also be more expensive for network operators to maintain than traditional infrastructure or “standard fixed broadband.”

This article by one of the top 5G providers, Ericsson, asserts that FWA will be one of the main uses of 5G, but the article shows that the operators will have a wide ability to adjust their rates, and also admits that many markets will still be addressed with 3G and 4G.

5G will not replace other kinds of internet connectivity for citizens

While 5G requires enormous investment in physical infrastructure, new generations of cellular Wi-Fi access are becoming more accessible and affordable. There is also an increasing variety of Community Network solutions, including Wi-Fi meshnets, and sometimes even community-owned fiber. For further reading see: 5G and the Internet of EveryOne: Motivation, Enablers, and Research Agenda, IEEE (2018). These are important alternatives to 5G that should be considered in any context (developed and developing, urban and rural).

“…if we are talking about thirst and lack of water, 5g is mainly a new type of drink cocktail, a new flavor to attract sophisticated consumers, as long as you live in profitable places for the service and you can pay for it. Renewal of communications equipment and devices is a business opportunity for manufacturers mainly, but not just the best “water” to the unconnected, rural, … (non-premium clients), even a problem as investment from operators gets first pushed by the trend towards satisfying high paying urban customers and not to spread connectivity to low pay social/universal inclusion customers…” – IGF Dynamic Coalition on Community Networks, in communication with the author of this resource.

It is critical not to forget about previous generation networks. 2G will continue to be important for providing broad coverage. 2G is already very present (around 95% in low- and middle- income countries), requires less data, and carries voice and SMS traffic well, which means that it is a safe and reliable option for many situations. Also, upgrading existing 2G sites to 3G or 4G is less costly than building new sites.

5G and the private sector

The technology that 5G facilitates (the Internet of Things , smart cities , smart homes) will encourage the installation of chips and sensors in an increasing number of objects. The devices 5G proposes to connect are not primarily phones and computers, but sensors, vehicles, industrial equipment, implanted medical devices, drones, cameras, etc. Linking these devices raises a number of security and privacy concerns, as will be explored in the Risks section .

The actors that stand to benefit most from 5G are not citizens or democratic governments, but corporate actors. The business model powering 5G is around industry access to connected devices: in manufacturing, in the auto industry, in transport and logistics, in power generation and efficiency monitoring, etc. Consider the automotive industry. 5G can be used for everything from tracking components to the supply chain and in the manufacturing process, all the way to providing mobile connectivity for passengers and the vehicles themselves,” explains Freddy Boom, Chief Country Officer at Greensill. 5G will boost the economic growth of those actors able to benefit from it, particularly those invested in automation, but it would be a leap to assume the distribution of these benefits across society.

The introduction of 5G will bring the private sector massively into public space through the network carriers, operators and other third parties behind the many connected devices. This overtaking of public space by private actors (usually foreign private actors), should be carefully considered from the lens of democracy and fundamental rights. Though the private sector has already entered our public spaces (streets, parks, shopping malls) with previous cellular networks, 5G’s arrival, bringing with it more connected objects and more frequent cell towers, will increase this presence.

Back to top

Opportunities

The advertised benefits of 5G usually fall into three areas outlined below. A fourth area of benefit will also be explained—though less often cited in the literature, it would be the most directly beneficial for citizens. It should be noted that these benefits will not be available soon, and perhaps never available widely. Many of these will remain elite services, only available under precise conditions and for high cost. Others will require standardization, legal and regulatory infrastructure, and widespread adoption before they can become a social reality.

The chart below, taken from a GSMA report, shows the generally listed benefits of 5G. The benefits in the white section could be achieved on previous networks like 4G, and those in the brown section would require 5G. This further emphasizes the fact that many of the objectives of 5G are actually possible without it.

Benefits of 5G

Augmented Reality & Tactile Internet

5G has many potential uses in entertainment, especially in gaming. Low latency will allow massively multiplayer games, higher quality video conferencing, faster downloading of high-quality videos, etc. Augmented and virtual reality are advertised as ways to create immersive experiences in online learning. 5G’s ability to connect devices will allow for wearable medical devices that can be controlled remotely (though not without cybersecurity risks). Probably the most exciting example of “tactile internet” is the possibility of remote surgery: an operation could be performed by a robot that is remotely controlled by a surgeon somewhere across the world. The systems necessary for this are very much in their infancy and will also depend on the development of other technology, as well as regulatory and legal standards and a viable business model.

Autonomous Vehicles

The major benefit of 5G will come in the automobile sector. It is hoped that the high speed of 5G will allow cars to coordinate safely with one another and with other infrastructure. For self-driving vehicles to be safe, they will need to be able to communicate with one another and with everything around them within milliseconds. The super speed of 5G is important for achieving this. (At the same time, 5G raises other security concerns for autonomous vehicles).

Machine-to-machine connectivity (IoT/smart home/smart city)

Machine-to-machine connectivity, or M2M, already exists in many devices and services , but 5G would further facilitate this. This stands to benefit industrial players (manufacturers, logistics suppliers, etc.) most of all, but could arguably benefit individuals or cities who want to track their use of certain resources like energy or water. Installed sensors can be used to collect data which can be analyzed for efficiency and the system can then be optimized towards a goal. Typical M2M applications in the smart home include thermostats and smoke detectors, consumer electronics and healthcare monitoring. It should be noted that many such devices can operate on 4G, 3G, and even 2G networks.

5G-based Fixed-Wireless Access (FWA) Can Provide Gigabit Broadband to Homes

Probably the most relevant benefit of 5G to industrially developing contexts will be the potential of FWA. FWA is less often cited in the marketing literature, because it does not allow the industrial benefits promised in full: because it allows breadth of connectivity rather than the revolutionary strength/intensity, it should be thought of as a different kind of “5G”. (See the 5G Broadband / Fixed Wireless Access section). As explained, FWA will still require infrastructure investments, and will not necessarily be more affordable than broadband alternatives due to the increasing power given to the carriers.

Back to top

Risks

The use of emerging technologies can also create risks in civil society programming. Read below on how to discern the possible dangers associated with 5G in DRG work, as well as how to mitigate for unintended – and intended – consequences.

Personal Privacy

With 5G connecting more and more devices, the private sector will be moving further into public space through sensors, cameras, chips, etc. Many of the connected devices will be things we never expected to be connected to the internet before: washing machines, toilets, cribs, etc. Some will even be inside our bodies, like smart pacemakers. The placement of devices with chips into our homes and environments eases the process of collecting data about us and other forms of surveillance.

A growing number of third-party actors have sophisticated methods for collecting and analyzing data related to us. Some devices may only ultimately collect meta-data, but this can still seriously reduce privacy. Meta-data is information connected to our communications that does not include the content of those communications: for example, numbers called, websites visited, geographical location or the time and date a call was made, etc. The EU’s highest court has ruled that this kind of information can be considered just as sensitive as the actual contents of communications because of insights that the data can offer into our private lives. 5G will allow telecommunications operators and other actors access to meta-data that can be assembled for insights about us that reduce our privacy.

Last, 5G requires many small cell base stations, so the presence of these towers will be much closer to people’s homes and workplaces, on streetlights, lamp posts, etc. This will make location tracking much more precise and make location privacy nearly impossible.

Espionage

For most, 5G will be supplied by foreign companies — in the case of Huawei and ZTE, governments that do not uphold human rights obligations or hold democratic values. For this reason, some governments are concerned about the potential of abuse of data and even about foreign spying. Several countries, including the United States, Australia and the United Kingdom, have taken actions to limit the use of Chinese equipment in their 5G networks due to fears of potential spying. The US has perhaps taken the strongest stance, through NDAA Section 889 mentioned above. However, a 2019 report on the security risks of 5G by the European Commission and European Agency for Cybersecurity warns against using a single supplier to provide 5G infrastructure because of espionage risks. The general argument against a single supplier (usually made against the Chinese supplier Huawei), is that if the supplier provides the core network infrastructure for 5G, the supplier’s government (China) will gain immense surveillance capacity, through meta-data, or even through a “back door” or intentionally installed vulnerability. Government spying through private sector and telecom equipment is commonplace, and China is not the only culprit. But the massive network capacity of 5G and the many connected devices collecting personal information will enhance the information at stake and the risk.

Cybersecurity Risks

As a general rule, the more digitally connected we are, the more vulnerable to cyber threats; 5G aims to make us and our devices ultra-connected. With 5G and the Internet of Things, the attack surface will be truly enormous. If a self-driving car on a smart grid is hacked or breaks down, this could bring immediate physical danger, not just information leakages. 5G centralizes infrastructure around a core, which makes it especially vulnerable. The complex supply chain also multiples risks: according to an EU coordinated cybersecurity risk assessment, “[t]he deployment of 5G networks is taking place in a complex global cybersecurity threat landscape, notably characterized by an increase in supply-chain attacks.” Because of the wide application of 5G based networks, 5G brings the increased possibility of internet shutdowns, endangering large parts of the network.

5G infrastructure can simply have technical deficiencies. Because 5G technology is still in pilot phases, many of these deficiencies are not yet known. 5G advertises some enhanced security functions, but security holes remain because devices will still be connected to older networks.

Massive Investment Costs and Questionable Returns

As A4AI explains, “The rollout of 5G technology will demand significant investment in infrastructure, including in new towers capable of providing more capacity, and bigger data centres running on efficient energy.” These costs will likely be passed on to consumers, who will have to purchase compatible devices and sufficient data.  5G requires massive infrastructure investment — even in places with strong 4G infrastructure, existing fiber-optic cables, good last-mile connections, and reliable electricity. Estimates for the total cost of 5G deployment — including investment in technology and spectrum — are as high as $2.7 trillion USD. There is a high cost of deploying dense clusters of 5G cells. Due to the many security risks, regulatory uncertainties, and generally untested nature of the technology, 5G is not necessarily a safe investment even in wealthy urban centers. The high cost of introducing 5G will be an obstacle for expansion and prices are unlikely to fall enough to make 5G widely affordable.

Because this is such a complex new product, there is a risk of purchasing low-quality equipment. 5G is heavily reliant on software and services from third-party suppliers, which multiplies the chance of defects in parts of the equipment (poorly written code, poor engineering, for example). The process of patching these flaws can be long, complicated, and costly. Some vulnerabilities may go unidentified for a long time but can suddenly cause severe security problems. Lack of compliance to industry or legal standards could cause similar problems. In some cases, new equipment may not be flawed or faulty, but it may simply be incompatible with existing equipment or with other purchases from other suppliers. With so many third- party suppliers in the mix, this may result in incompatible parts. Moreover, there will be large costs just to running the 5G network properly: securing it from cyberattacks, patching holes/addressing flaws, and keeping up the material infrastructure. Skilled and trusted human operators are needed for these tasks.

Foreign Dependency and Geopolitical Risks

Installing new infrastructure means dependency on private sector actors, usually from foreign countries. Over-reliance on foreign private actors raises multiple concerns as mentioned, related to cybersecurity, privacy, espionage, excessive cost, compatibility, etc. Because there are only a handful of actors that are fully capable of supplying 5G, there is also the risk of becoming dependent on a foreign country. With current geopolitical tensions between the US and China, countries trying to install 5G technology may get caught in the crossfire of a trade war. As Jan-Peter Kleinhans, security and 5G expert at Stiftung Neue Verantwortung (SNV) explains “The case of Huawei and 5G is part of a broader development in information and communications technology (ICT). We are moving away from a unipolar world with the US as the technology leader, to a bipolar world in which China plays an increasingly dominant role in ICT development”. The financial burdens of this bipolar world will be passed onto suppliers and customers.

Class/Wealth & Urban/Rural Divides

“Without a comprehensive plan for fiber infrastructure, 5G will not revolutionize Internet access or speeds for rural customers. So anytime the industry is asserting that 5G will revolutionize rural broadband access, they are more than just hyping it, they are just plainly misleading people.” Ernesto Falcon, the Electronic Frontier Foundation.

5G is not a lucrative investment for carriers in more rural areas and developing contexts, where the density of potentially connected devices is lower. There is industry consensus, supported by the ITU itself, that the initial deployment of 5G will be in dense urban areas, particularly wealthy areas with industry presence. Rural and poorer areas with less existing infrastructure are likely to be left behind because it is not a good commercial investment for the private sector. For rural and even suburban areas, millimeter waves and cellular networks that require dense cell towers are not going to be the solution. As a result, 5G will not bridge the digital divide for lower income and urban areas. It will reinforce it, by giving better, super-connectivity to those who already have access and can afford even more expensive access and devices, while making the cost of connectivity high for others.

Energy Use and Environmental Impact

Huawei has shared that the typical 5G site has power requirements over 11.5 kilowatts, almost 70% more than sites deploying 2G, 3G and 4G. Some estimate 5G technology will use two to three times more energy than previous mobile technologies. All agree It will require more infrastructure, which means more power supply, and more battery capacity, all of which will have environmental consequences. The most significant environmental issues associated with implementation will come from manufacturing the many component parts, along with the proliferation of new devices that will use the 5G network. 5G will encourage more demand and consumption of digital devices, and therefore the creation of more e-waste, which will also have serious environmental consequences. According to Peter Bloom, founder of Rhizomatica, most environmental damages of 5G will take place in the global south. This will include damage to the environment and to communities where the mining of materials and minerals takes place, as well as pollution from the electronic waste. In the United States, the National Oceanic and Atmospheric Administration and NASA reported last year that the decision to open up high spectrum bands (24 gigahertz spectrum) would affect weather forecasting capabilities for decades.

Back to top

Questions

To understand the potential of 5G for your work environment or community, ask yourself these questions to try to assess if 5G is the most appropriate, secure, cost effective and human-centric solution:

  1. Are people already able to connect to the internet sufficiently? Is the necessary infrastructure in place for people to connect to the internet, through 3 or 4G, or through Wi-Fi (fiber, internet access points, electricity)?
  2. Are the conditions in place to effectively deploy 5G? That is, is there sufficient fiber backhaul and 4G infrastructure (recall that 5G is not yet a standalone technology).
  3. What specific use case(s) do you have for 5G that would not be achievable using a previous generation network?
  4. What other plans are being made to address the digital divide, through Wi-Fi deployment and mesh networks, digital literacy and digital training, etc.?
  5. Who stands to benefit from 5G deployment? Who will be able to access 5G? Do they have the appropriate devices and sufficient data? Will access be affordable?
  6. Who is supplying the infrastructure? How much can they be trusted regarding quality, pricing, security, data privacy , and espionage?
  7. Do the benefits of 5G outweigh the costs and risks (in relation to security, financial investment, potential geopolitical consequences)
  8. Are there sufficient skilled human resources to maintain the 5G infrastructure? How will failures and vulnerabilities be dealt with?

Back to top

Case Studies

South Korea, China, and the United States are the countries with the most 5G technology deployed to date. Still, 5G infrastructure is mainly in its pilot stages and far from achieving the advertised potential.

Nigeria

Nigeria had plans to roll out 5G in multiple major cities before 2020. The Nigerian Telecommunications Commission held a three-month trial period in November 2019, but the planned installation was then decommissioned. One of the purposes of the trial was to study health and security challenges, and security agencies and other relevant stakeholders were invited to participate. After the government called off the installation, the NCC explained that it is prioritizing a policy of “technology neutrality” and that it encourages the continued development of secure technology. Data depletion issues were also a concern: users quickly replete data at 4G levels, and it was expected that 5G would magnify this problem.

Brazil

Ericsson (based in Sweden) is investing 1 billion reais (or $238.30 million) in Brazil to create its first 5G assembly line in Latin American. The company argues that this will create jobs and attract investment, but it is also pressuring Brazil to auction its spectrum quickly, which should raise red flags. Like the UK and many other countries, Brazil is cautious about allowing Chinese company Huawei too big of a role in their infrastructure. The head of the country’s Institutional Security Cabinet, General Augusto Heleno, said the government is gathering information, but not going to entirely ignore Huawei’s bid: “We can’t pretend we’re not watching… The big threat in all this 5G discussion is about the fact that it will allow whoever owns the technology to know who you are, how much do you earn and what’s in your bank account.”

Latin America and the Caribbean

A recent publication by the InterAmerican Development Bank and the Government of South Korea on 5G in Latin American and Caribbean (LAC) countries encourages them to adopt 5G, but cautions on the many challenges these countries will face: high implementation costs, the need to secure spectrum, the need to develop institutions and regulatory systems, need for financial support, etc.

The United Kingdom

In the United Kingdom, a dedicated Commission was established within the Department of Culture, Media, and Sport (DCMS) to grant the authority and responsibility to build 5G infrastructure with DCMS, and digital infrastructure groups were organized to promote the exchange of views and cooperation among ministries. Even with all this coordination, 5G has caused fear, confusion, and violence in the country as we have seen during the pandemic. The UK is also in a tricky spot because of tensions between China and the United States – in January of 2020, they ignored pressure from the US administration and allowed Huawei to build “non-core” parts of their 5G network. The US government warned that they could end intelligence sharing with allies that use Huawei’s equipment, which could be a blow to the UK. Meanwhile, this Guardian article from June 2019 describes the experience of 5G connection for users who bought a 5G phone to access it.

Back to top

References

Find below the works cited in this resource.

Additional Resources

Back to top

Categories

Automation

What is automation?

Worker at the assembly line of car-wiring factory in Bizerte, Tunisia. The automation of labor disproportionately affects women, the poor and other vulnerable members of society. Photo credit: Alison Wright for USAID, Tunisia, Africa

Automation involves techniques and methods applied to enable machines, devices and systems to function with minimal or no human involvement. Automation is used, for example, in applications for managing the operation of traffic lights in a city, navigating aircrafts, running and configuring different elements of a telecommunications network, in robot-assisted surgeries, and even for automated storytelling (which uses an artificial intelligence software to create verbal stories). Automation can improve efficiency and reduce error, but it also creates new opportunities for error and introduces new costs and challenges for government and society.

How does automation work?

Processes can be automated by programming certain procedures to be performed without human intervention (like a recurring payment for a credit card or phone app) or by linking electronic devices to communicate directly with one another (like self-driving vehicles communicating with other vehicles and with road infrastructure). Automation can involve the use of temperature sensors, light sensors, alarms, microcontrollers, robots, and more. Home automation, for example, may include home assistants such as Amazon Echo, Google Home and OpenHAB. Some automation systems are virtual, for example, email filters that automatically sort incoming email into different folders, and AI-enabled moderation systems for online content .

The exact architecture and functioning of automation systems depend on their purpose and application. However, automation should not be confused with artificial intelligence in which an algorithm-led process ‘learns’ and changes over time: for instance, an algorithm that reviews thousands of job applications and studies and learns from patterns in the applications is using artificial intelligence, while a chatbot that replies to candidates’ questions is using automation.

For more information on the different components of automation systems, read also the resources about the Internet of Things and sensors, robots and drones, and biometrics.

Back to top

How is automation relevant in civic space and for democracy?

Automated processes can be built to increase transparency, accuracy, efficiency, and scale. They can help minimize effort (labor) and time; reduce errors and costs; improve the quality and/or precision in tasks/processes; carry out tasks that are too strenuous, hazardous or beyond the physical capabilities of humans; and generally free humans of repetitive, monotonous tasks.  

From a historical perspective, automation is not new: the first industrial revolution in the 1700s harnessed the power of steam and water; the technological revolution of the 1880s relied on railways and telegraphs; and the digital revolution in the 20th century saw the beginning of computing. Each of these transitions brought fundamental changes not only to industrial production and the economy, but to society, government, and international relations.  

Now, the fourth industrial revolution, or the automation revolution as it is sometimes called, promises to once again disrupt work as we know it as well as relationships between people, machines, and programmed processes.  

When used by governments, automated processes promise to deliver government services with greater speed, efficiency, and coverage. These developments are often called e-government, e-governance, or digital government. E-government includes the government communication and information sharing on the web (sometimes even the publishing of government budgets and agendas), facilitation of financial transactions online such as electronic filing of tax returns, digitization of health records, electronic voting, and digital IDs  

A health worker receives information on disease outbreak in Brewerville, Liberia. Automated processes promise to deliver government services with greater speed, efficiency, and coverage. Photo credit: Sarah Grile.

The benefits of automating government services are numerous, as the UK’s K4D helpdesk explains, by lowering the cost of service delivery, improving quality and coverage  (for example, through telemedicine or drones ); strengthening communication, monitoring, and feedback, and in some cases by encouraging citizen participation at the local level. In Indonesia, for example, the Civil Service Agency (BKN) introduced a computer-assisted testing system (CAT) to disrupt the previously long-standing manual testing system that created rampant opportunities for corruption in civil service recruitment by line ministry officials. With the new system, the database of questions is tightly controlled, and the results are posted in real time outside the testing center.  

In India, an automated system relying on a specifically designed computer (an Advanced Virtual RISC) and the common telecommunications standard GSM (Global System for Mobile) is used to inform farmers about exact field conditions and to point to the necessary next steps with command functions such as irrigating, ploughing, deploying seeds and carrying out other farming activities. 

Drone used for irrigation scheduling in southern part of Bangladesh. Automated systems have vast applications in agriculture. Photo credit: Alanuzzaman Kurishi.

As with previous industrial revolutions, automation changes the nature of work, and these changes could bring unemployment in certain sectors if not properly planned. The removal of humans from processes also brings new opportunities for error (such as ‘automation bias’) and raises new legal and ethical questions. See the Risks section below. 

Back to top

Opportunities

Islamabad Electric Supply Company’s (IESCO) Power Distribution Control Center (PDC), Pakistan. Smart meters enable monitoring of power demand, supply and load shedding in real-time. Photo credit: USAID.

Automation can have positive impacts when used to further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about automation in your work.
Increase in productivity

Automation may improve output while reducing the time and labour required, thus increasing the productivity of workers and the demand for other kinds of work. For example, automation can streamline document review, cutting down on the time that lawyers need to search through documents or academics through sources, etc. In Azerbaijan, the government partnered with the private sector in the use of an automated system to reduce the backlog of relatively simple court cases, such as claims for unpaid bills. In instances where automation increases quality of services or goods and/or brings down their cost, a larger demand for the goods or services can be served.  

Improvements in processes and outputs

Automation can improve the speed, efficiency, quality, consistency and coverage of service delivery and reduce human error, time spent, and costs. It can therefore allow activities to scale up. For example, the UNDP and the government of the Maldives used automation to create 3-D maps of the islands and chart their topography. Having this information on record would speed up further disaster relief and rescue efforts. The use of drones also reduced the time and money required to conduct this exercise: while mapping 11 islands would normally take almost a year, using a drone reduced the time to one day. See the Robots and Drones resource for additional examples. 

Optimizing an automated task generally requires trade-offs among cost, precision, the permissible margin of error, and scale. Automation may sometimes require tolerating more errors in order to reduce costs or achieve greater scale. For more, see the section “Knowing when automation offers a suitable solution to the challenge at hand” in Automation of government processes. 

Increase transparency

Automation may increase transparency by making data and information easily available to the public, thus building public trust and aiding accountability. In India, the State Transport Department of Karnataka has automated driving test centers hoping to eliminate bribery in the issuing of driver’s licenses. A host of high-definition cameras and sensors placed along the test track captured the movement of the vehicle while a computerised system decides if the driver has passed or failed the test. See also Are emerging technologies helping win the fight against corruption in developing countries? 

Back to top

Risks

The use of emerging technologies can also create risks in civil society programming. Read below on how to discern the possible dangers associated with automation in DRG work, as well as how to mitigate for unintended – and intended – consequences.
Labor issues


When automation is used to replace human labor, the resulting loss of jobs causes structural unemployment known as “technological unemployment.” Structural unemployment disproportionately affects women, the poor and other vulnerable members of society, unless they are re-skilled and provided with adequate protections. Automation also requires skilled labor that can operate, oversee or maintain automated systems, eventually creating jobs for a smaller section of the population. But the immediate impact of this transformation of work can be harmful for people and communities without social safety nets or opportunities for finding other work.

Discrimination towards marginalized groups and minorities and increasing social inequality

Automation systems equipped with artificial intelligence (AI) may produce results that are discriminatory towards some marginalized and minority groups when the system has learned from biased learning patterns, from biased datasets or biased human decision making. The outputs of AI-equipped automated systems may reflect real-life societal biases, prejudices and discriminatory treatment towards some demographics. Biases can also occur from the human implementation of automated systems, for instance, when the systems do not function in the real world as they were able to function in a lab or theoretical setting, or when the humans working with the machines misinterpret or misuse the automated technology.  

There are numerous examples of racial and other types of discrimination being either replicated or magnified by automation. To take an example from the field of predictive policing, ProPublica reported after conducting an investigation in 2016 that COMPAS, a data-driven AI tool meant to assist judges in the United States, was biased against Black people while determining if a convicted offender would commit more crimes in the future. For more on predictive policing see How to Fight Bias with Predictive Policing and A Popular Algorithm Is No Better at Predicting Crimes Than Random People.  

These risks exist in other domains as well. The University of Toronto and Citizen Lab report titled “Bots at the gate: A human rights analysis of automated decision-making in Canada’s immigration and refugee system notes that[m]any [asylum seekers and immigrants] come from war-torn countries seeking protection from violence and persecution. The nuanced and complex nature of many refugee and immigration claims is lost on these technologies, leading to serious breaches of internationally and domestically protected human rights, in the form of bias, discrimination, privacy breaches, due process and procedural fairness issues, among others. These systems will have life-and-death ramifications for ordinary people, many of whom are fleeing for their lives.” 

Insufficient Legal Protections

Existing laws and regulations may not be applicable to automation systems and, in cases where they are, the application may not be well-defined. Not all countries have laws that protect individuals against these dangers. Under the GDPR (the European General Data Protection Regulation), individuals have the right not to be subject to a decision based only on automated processing, including profiling. In other words, humans must oversee important decisions that affect individuals. But not all countries have or respect such regulations, and even the GDPR is not upheld in all situations. Meanwhile, individuals would have to actively claim their rights and contest these decisions, usually by seeking legal assistance, which is beyond the means of many. Groups at the receiving end of such discrimination tend to have fewer resources and limited access to human-rights protections to contest such decisions.

Automation Bias

People tend to have faith in automation and tend to believe that technology is accurate, neutral and non-discriminating. This can be described as “automation bias”: when humans working with or overseeing automated systems tend to give up responsibility to the machine and trust the machine’s decisionmaking uncritically. Automation bias has been shown to have harmful impacts across automated sectors, including leading to errors in healthcare. Automation bias also plays a role in the discrimination described above.
Uncharted ethical concerns

The ever-increasing use of automation brings ethical questions and concerns that may not have been considered before the arrival of the technology itself. For example, who is responsible if a self-driving car gets into an accident? How much personal information should be given to health-service providers to facilitate automated health monitoring? In many cases, further research is needed to even begin to address these dilemmas.
Issues related to individual consent

When automated systems make decisions that affect people’s lives, they blur the formation, context and expression of an individual’s consent (or lack thereof) as described in this quote: “…[T]he dilution of the free basis of our individual consent – either through outright information distortion or even just the absence of transparency – imperils the very foundations of how we express our human rights and hold others accountable for their open (or even latent) deprivation. See additional information about informed consent in the Data Protection resource . 

High capital costs

Large-scale automation technologies require very high capital costs, which is a risk in case the use of the technology becomes unviable in the long term or does not otherwise guarantee commensurate returns or recovery of costs. Hence, automation projects funded with public money (for example, some “smart city ” infrastructure) require thorough feasibility studies for assessing needs and ensuring long-term viability. On the other hand, initial costs also may be very high for individuals and communities. An automated solar-power installation or a rainwater-harvesting system is a large investment for a community. However, depending on the tariffs for grid power or water, the expenditure may be recovered in the long run.

Back to top

Questions

If you are trying to understand the implications of automation in your work environment, or are considering using aspects of automation as part of your DRG programming, ask yourself these questions:

  1. Is automation a suitable method for the problem you are trying to solve?
  2. What are the indicators or guiding factors that determine if automation is a suitable and required solution to a particular problem or challenge?
  3. What risks are involved regarding security, potential for discrimination, etc? How will you minimize these risks? Do the benefits of using automation or automated technology outweigh these risks?
  4. Who will work with and oversee these technologies? What is their training and what are their responsibilities? Who is liable legally in case of an accident?
  5. What are the long-term effects of using these technologies in the surrounding environment or community? What are the effects on individuals, jobs, salaries, social welfare, etc.? What measures are necessary to ensure that the use of these technologies does not aggravate or reinforce inequality through automation bias or otherwise?
  6. How will you ensure that humans are overseeing any important decision made about individuals using automated processes? (How will you abide by the GDPR or other applicable regulations?)
  7. What privacy and security safeguards are necessary for applying these technologies in a given context regarding, for example, cybersecurity, protection or personal privacy, protecting operators from accidents, etc.? How will you build in these safeguards?

Back to top

Case studies

Automated Farming Vehicles

Automated Farming Vehicles

“Forecasts of world population increases in the coming decades demand new production processes that are more efficient, safer, and less destructive to the environment. Industries are working to fulfill this mission by developing the smart factory concept. The agriculture world should follow industry leadership and develop approaches to implement the smart farm concept. One of the most vital elements that must be configured to meet the requirements of the new smart farms is the unmanned ground vehicles (UGV).”

Automated Mining in South Africa

Automated Mining in South Africa

“Spiraling labour and energy costs are putting pressure on the financial performance of gold mines in South Africa, but the solution could be found in adopting digital technologies. By implementing automation operators can remove underground workers from harm’s way, and that is going to become an ever-bigger imperative if gold miners are to remain investable by international capital. This increased emphasis for the safety of the workforce and mines is motivating the development of the mining automation market. Earlier, old-style techniques of exploration and drilling compromised the security of mine labour force. Such examples have forced operators to develop smart resolutions and tools to confirm security of workers.”

Automating Processing of Uncontested Civil Cases to Reduce Court Backlogs in Azerbaijan, Case Study 14

Automating Processing of Uncontested Civil Cases to Reduce Court Backlogs in Azerbaijan, Case Study 14

“In Azerbaijan, the government developed a new approach to dealing with their own backlog of cases, one which addressed both supply side and demand side elements. Recognizing that much of the backlog stemmed from relatively simple civil cases, such as claims for unpaid bills, the government partnered with the private sector in the use of an automated system to streamline the handling of uncontested cases, thus freeing up judges’ time for more important cases.”

Reforming Civil Service Recruitment through Computerized Examinations in Indonesia, Case Study 6

Reforming Civil Service Recruitment through Computerized Examinations in Indonesia, Case Study 6

“In Indonesia, the Civil Service Agency (BKN) succeeded in introducing a computer-assisted testing system (CAT) to disrupt the previously long-standing manual testing system that created rampant opportunities for corruption in civil service recruitment by line ministry officials. Now the database of questions is tightly controlled, and the results are posted in real time outside the testing center. Since its launch in 2013, CAT has become the de facto standard for more than 62 ministries and agencies.”

Hiring Tech Has Potential but Beware Automation Bias

Hiring Tech Has Potential but Beware Automation Bias

“Are we getting to the point where technology can nearly replace humans in the hiring process? It can screen applicants’ resumes and conduct prescreening outreach—and much more. But beware the misconceptions and risks involved in having tech take over for HR professionals, particularly in decision-making processes…. When deciding how to use technology appropriately in the talent acquisition process, avoid “automation bias”—the tendency to believe that technology is better than humans in performing various functions. Is it OK to automate rote tasks such as scheduling interviews with candidates? Sure. Conducting initial interviews with candidates? Maybe. Making hiring decisions? Probably not. ”

Real Time Automation of Indian Agriculture

Real Time Automation of Indian Agriculture

“Real time automation of Indian agricultural system’ using AVR (Advanced Virtual RISC) microcontroller and GSM (Global System for Mobile) is focused on making the agriculture process easier with the help of automation. The set up consists of processor which is an 8-bit microcontroller. GSM plays an important part by controlling the irrigation on field. GSM is used to send and receive the data collected by the sensors to the farmer. GSM acts as a connecting bridge between AVR microcontroller and farmer. Our study aims to implement the basic application of automation of the irrigation field by programming the components and building the necessary hardware. In our study different type of sensors like LM35, humidity sensor, soil moisture sensor, IR sensor used to find the exact field condition. GSM is used to inform the farmer about the exact field condition so that [they] can carry necessary steps. AT(Attention) commands are used to control the functions like irrigation, ploughing, deploying seeds and carrying out other farming activities.”

Back to top

References

Additional resources

Back to top

Categories

Big Data

What are big data?

“Big data” are also data, but involve far larger amounts of data than can usually be handled on a desktop computer or in a traditional database. Big data are not only huge in volume, but they grow exponentially with time. Big data are so large and complex that none of the traditional data- management tools are able to store them or process them efficiently. If you have an amount of data that you can process on your computer or the database on your usual server without it crashing, “big data” are likely not what you are working with.

How do big data work?

The field of big data has evolved as technology’s ability to constantly capture information has skyrocketed. Big data are usually captured without being entered into a database by a human being, in real time: in other words, big data are “passively” captured by digital devices.

The internet provides infinite opportunities to gather information, ranging from so-called meta-information or metadata (geographic location, IP address, time, etc.) to more detailed information about users’ behaviors. This is often from online social media or credit-card-purchasing behavior. Cookies are one of the principle ways that web browsers gather information about users: they are essentially tiny pieces of data stored on a web browser, or little bits of memory about something you did on a website. (For more on cookies, visit this resource).

Data sets can also be assembled from the Internet of Things (IoT), which involve sensors tied into other devices and networks. For example, censor-equipped streetlights might collect traffic information that can then be analyzed to optimize traffic flow. The collection of data through sensors is a common element of smart city infrastructure.

Healthcare workers in Indonesia. The use of big data can improve health systems and inform public health policies. Photo credit: courtesy of USAID EMAS.

Big data can also be medical or scientific data, such as DNA information or data related to disease outbreaks. This can be useful to humanitarian and development organizations. For example, during the Ebola outbreak in West Africa between 2014 and 2016, UNICEF combined data from a number of sources, including population estimates, information on air travel, estimates of regional mobility from mobile phone records and tagged social media locations, temperature data, and case data from WHO reports to better understand the disease and predict future outbreaks.

Big data are created and used by a variety of actors. In data-driven societies, most actors (private sector, governments, and other organizations) are encouraged to collect and analyze data to notice patterns and trends, to measure success or failure, to optimize their processes for efficiency, etc. Not all actors will create datasets themselves, often they will collect publicly available data or even purchase data from specialized companies. For instance, in the advertising industry, Data Brokers specialize in collecting and processing information about internet users, which they then sell to advertisers. Other actors will create their own datasets, like energy providers, railway companies, ride-sharing companies, and governments. Data are everywhere, and the actors capable of collecting them intelligently and analyzing are numerous.

Back to top

How are big data relevant in civic space and for democracy?

In Tanzania, an open source platform allows government and financial institutions to record all land transactions to create a comprehensive dataset. Photo credit: Riaz Jahanpour for USAID / Digital Development Communications.

From forecasting presidential elections to helping small-scale farmers deal with changing climate to predicting disease outbreaks, analysts are finding ways to turn Big Data into an invaluable resource for planning and decision-making. Big data are capable of providing civil society with powerful insights and the ability to share vital information. Big data tools have been deployed recently in civic space in a number of interesting ways, for example, to:

  • monitor elections and support open government (starting in Kenya with Ushahidi in 2008)
  • track epidemics like Ebola in Sierra Leone and other West African nations
  • track conflict-related deaths worldwide
  • understand the impact of ID systems on refugees in Italy
  • measure and predict agricultural success and distribution in Latin America
  • press forward with new discoveries in genetics and cancer treatment
  • make use of geographic information systems (GIS mapping applications) in a range of contexts, including planning urban growth and traffic flow sustainably, as has been done by the World Bank in various countries in South Asia, East Asia, Africa, and the Caribbean

The use of big data that are collected, processed, and analyzed to improve health systems or environmental sustainability, for example, can ultimately greatly benefit individuals and society. However, a number of concerns and cautions have been raised about the use of big datasets. Privacy and security concerns are foremost, as big data are often captured without our awareness and used in ways to which we may not have consented, sometimes sold many times through a chain of different companies we never interacted with, exposing data to security risks such as data breaches. It is crucial to consider that anonymous data can still be used to “re-identify” people represented in the dataset – achieving 85% accuracy using as little as postal code, gender, and date of birth – conceivably putting them at risk (see discussion of “re-identification” below).

There are also power imbalances (divides) in who is represented in the data as opposed to who has the power to use them. Those who are able to extract value from big data are often large companies or other actors with the financial means and capacity to collect (sometimes purchase), analyze, and understand the data.

This means the individuals and groups whose information is put into datasets (shoppers whose credit card data is processed, internet users whose clicks are registered on a website) do not generally benefit from the data they have given. For example, data about what items shoppers buy in a store is more likely used to maximize profits than to help customers with their buying decisions. The extractive way that data are taken from individuals’ behaviors and used for profit has been called “surveillance capitalism“, which some believe is undermining personal autonomy and eroding democracy.

The quality of datasets must also be taken into consideration, as those using the data may not know how or where they were gathered, processed, or integrated with other data. And when storing and transmitting big data, security concerns are multiplied by the increased numbers of machines, services, and partners involved. It is also important to keep in mind that big datasets themselves are not inherently useful, but they become useful along with the ability to analyze them and draw insights from them, using advanced algorithms, statistical models, etc.

Last but not least, there are important considerations related to protecting the fundamental rights of those whose information appears in datasets. Sensitive, personally identifiable, or potentially personally identifiable information can be used by other parties or for other purposes than those intended, to the detriment of the individuals involved. This is explored below and in the Risks section, as well as in other primers.

Protecting anonymity of those in the dataset

Anyone who has done research in the social or medical sciences should be familiar with the idea that when collecting data on human subjects, it is important to protect their identities so that they do not face negative consequences from being involved in research, such as being known to have a particular disease, voted in a particular way, engaged in stigmatized behavior, etc. (See the Data Protection resource ). The traditional ways of protecting identities – removing certain identifying information, or only reporting statistics in aggregate – can and should also be used when handling big datasets to help protect those in the dataset. Data can also be hidden in multiple ways to protect privacy: methods include encryption (encoding), tokenization, and data masking. Talend identifies the strengths and weaknesses of the primary strategies for hiding data using these methods.

One of the biggest dangers involved in using big datasets is the possibility of re-identification: figuring out the real identities of individuals in the dataset, even if their personal information has been hidden or removed. To give a sense of how easy it could be to identify individuals in a large dataset, one study found that using only three fields of information—postal code, gender, and date of birth—it was possible to identify 87% of Americans individually, and then connect their identities to publicly-available databases containing hospital records. With more data points, researchers have demonstrated near-perfect ability to identify individuals in a dataset: four random pieces of data credit card records could achieve 90% identifiability, and researchers were able to re-identify individuals with 99.98% accuracy using 15 data points.

Ten simple rules for responsible big data research, quoted from a paper of the same name by Zook, Barocas, Boyd, Crawford, Keller, Gangadharan et al, 2017

  1. Acknowledge that data are people and that data can do harm. Most data represent or affect people. Simply starting with the assumption that all data are people until proven otherwise places the difficulty of disassociating data from specific individuals front and center.
  2. Recognize that privacy is more than a binary value. Privacy may be more or less important to individuals as they move through different contexts and situations. Looking at someone’s data in bulk may have different implications for their privacy than looking at one record. Privacy may be important to groups of people (say, by demographic) as well as to individuals.
  3. Guard against the reidentification of your data. Be aware that apparently harmless, unexpected data, like phone battery usage, could be used to re-identify data. Plan to ensure your data sharing and reporting lowers the risk that individuals could be identified.
  4. Practice ethical data sharing. There may be times when participants in your dataset expect you to share (such as with other medical researchers working on a cure), and others where they trust you not to share their data. Be aware that other identifying data about your participants may be gathered, sold, or shared about them elsewhere, and that combining that data with yours could identify participants individually. Be clear about how and when you will share data and stay responsible for protecting the privacy of the people whose data you collect.
  5. Consider the strengths and limitations of your data; big does not automatically mean better. Understand where your large dataset comes from, and how that may evolve over time. Don’t overstate your findings and acknowledge when they may be messy or have multiple meanings.
  6. Debate the tough, ethical choices. Talk with your colleagues about these ethical concerns. Follow the work of professional organizations to stay current with concerns.
  7. Develop a code of conduct for your organization, research community, or industry and engage your peers in creating it to ensure unexpected or under-represented perspectives are included.
  8. Design your data and systems for auditability. This both strengthens the quality of your research and services and can give early warnings about problematic uses of the data.
  9. Engage with the broader consequences of data and analysis practices. Keep social equality, the environmental impact of big data processing, and other society-wide impacts in view as you plan big data collection.
  10. Know when to break these rules. With debate, code of conduct, and auditability as your guide, consider that in a public health emergency or other disaster, you may find there are reasons to put the other rules aside.

Gaining informed consent

Those providing their data may not be aware at the time that their data may be sold later to data brokers who may then re-sell them.

Unfortunately, data privacy consent forms are generally hard for the average person to read, even in the wake of General Data Protection Regulation (GDPR ) expansion of privacy protections. Terms of Service (ToS documents) are so notoriously difficult to read that one filmmaker even made a documentary on the subject. Researchers who have studied terms of service and privacy policies have found that users generally accept them without reading them, because they are too long and complex. Otherwise, users that need to access a platform or service for personal reasons (for example to get in contact with a relative) or for their livelihood (to deliver their products to customers) may not be able to simply reject the ToS when they have no viable or immediate alternative.

Important work is being done to try to protect users of platforms and services from these kinds of abusive data-sharing situations. For example, Carnegie Mellon’s Usable Privacy and Security laboratory (CUPS) has developed best practices to inform users about how their data may be used. These take the shape of data privacy “nutrition labels” that are similar to FDA-specified food nutrition labels and are evidence-based.

In Chipata, Zambia, a resident draws water from well. Big data offer invaluable insights for the design of climate change solutions. Photo credit: Sandra Coburn.

Back to top

Opportunities

Big data can have positive impacts when used to further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about big data in your work.

Greater insight

Big datasets can present some of the richest, most comprehensive information that has ever been available in human history. Researchers using big datasets have access to information from a massive population. These insights can be much more useful and convenient than self-reported data or data gathered from logistically tricky observational studies. One major trade-off is between the richness of the insights gained through self-reported or very carefully collected data, versus the ability to generalize the insights from big data. Big data gathered from social-media activity or sensors also can allow for the real-time measurements of activity at a large scale. Big-data insights are very important in the field of logistics. For example, the United States Postal Service collects data from across its package deliveries using GPS and vast networks of sensors and other tracking methods, and they then process these data with specialized algorithms. These insights allow them to optimize their deliveries for environmental sustainability.

Increased access to data

Making big datasets publicly available can begin to take steps toward closing divides in access to data. Apart from some public datasets, big data often ends up as the property of corporations, universities, and other large organizations. Even though the data produced are about individual people and their communities, those individuals and communities may not have the money or technical skills needed to access those data and make productive use of them. This creates the risk of worsening existing digital divides.

Publicly available data have helped communities understand and act on government corruption, municipal issues, human-rights abuses, and health crises, among other things. Though again, when data are made public, they are of particular importance to ensure strong privacy for those whose data is in the dataset. The work of the Our Data Bodies project provides additional guidance for how to engage with communities whose data is in the datasets. Their workshop materials can support community understanding and engagement in making ethical decisions around data collection and processing, and about how to monitor and audit data practices.

Back to top

Risks

The use of emerging technologies to collect data can also create risks in civil society programming. Read below on how to discern the possible dangers associated with big data collection and use in DRG work, as well as how to mitigate for unintended – and intended – consequences.

Surveillance

With the potential for re-identification as well as the nature and aims of some uses of big data, there is a risk that individuals included in a dataset will be subjected to surveillance by governments, law enforcement, or corporations. This may put the fundamental rights and safety of those in the dataset at risk.  

The Chinese government is routinely criticized for the invasive surveillance of Chinese citizens through gathering and processing big data. More specifically, the Chinese government has been criticized for their system of social ranking of citizens based on their social media, purchasing, and education data, as well as the gathering of DNA of members of the Uighur minority (with the assistance of a US company, it should be noted). China is certainly not the only government to abuse citizen data in this way. Edward Snowden’s revelations about the US National Security Agency’s gathering and use of social media and other data was among the first public warnings about the surveillance potential of big data. Concerns have also been raised about partnerships involved in the development of India’s Aadhar biometric ID system, technology whose producers are eager to sell it to other countries. In the United States, privacy advocates have raised concerns about companies and governments gathering data at scale about students by using their school-provided devices, a concern that should also be raised in any international context when laptops or mobiles are provided for students. 

It must be emphasized that surveillance concerns are not limited to the institutions originally gathering the data, whether governments or corporations. When data are sold or combined with other datasets, it is possible that other actors, from email scammers to abusive domestic partners, could access the data and track, exploit, or otherwise harm people appearing in the dataset. 

Data security concerns

Because big data are collected, cleaned, and combined through long, complex pipelines of software and storage, it presents significant challenges for security. These challenges are multiplied whenever the data are shared between many organizations. Any stream of data arriving in real time (for example, information about people checking into a hospital) will need to be specifically protected from tampering, disruption, or surveillance. Given that data may present significant risks to the privacy and safety of those included in the datasets and may be very valuable to criminals, it is important to ensure sufficient resources are provided for security.

Existing security tools for websites are not enough to cover the entire big data pipeline. Major investments in staff and infrastructure are needed to provide proper security coverage and respond to data breaches. And unfortunately, within industry there are known shortages in big data specialists, particularly security personnel familiar with the unique challenges big data presents. Internet of Things sensors present a particular risk if they are part of the data-gathering pipeline; these devices are notorious for having poor security. For example, a malicious actor could easily introduce fake sensors into the network or fill the collection pipeline with garbage data in order to render your data collection useless.

Exaggerated expectations of accuracy and objectivity

Big data companies and their promoters often make claims that big data can be more objective or accurate than traditionally-gathered data, supposedly because human judgment does not come into play and because the scale at which it is gathered is richer. This picture downplays the fact that algorithms and computer code also bring human judgment to bear on data, including biases and data that may be accidentally excluded. Human interpretation is also always necessary to make sense of patterns in big data; so again, claims of objectivity should be taken with healthy skepticism.

It is important to ask questions about data-gathering methods, algorithms involved in processing, and the assumptions or inferences made by the data gatherers/programmers and their analyses to avoid falling into the trap of assuming big data are “better.” For example, while data about the proximity of two cell phones tells you the fact that two people were near each other, only human interpretation can tell you why those two people were near each other. How an analyst interprets that closeness may differ from what the people carrying the cell phones might tell you. For example, this is a major challenge in using phones for “contact tracing” in epidemiology. During the COVID-19 health crisis, many countries raced to build contact tracing cellphone apps. The precise purposes and functioning of these apps varies widely (as has their effectiveness) but it is worth noting that major tech companies have preferred to refer to these apps as “exposure-risk notification” apps rather than contact tracing: this is because the apps can only tell you if you have been in proximity with someone with the coronavirus, not whether or not you have contacted the virus.

Misinterpretation

As with all data, there are pitfalls when it comes to interpreting and drawing conclusions. Because big data are often captured and analyzed in real-time, it may be particularly weak in providing historical context for the current patterns it is highlighting. Anyone analyzing big data should also consider what its source or sources were, whether the data was combined with other datasets, and how it was cleaned. Cleaning refers to the process of correcting or removing inaccurate or extraneous data. This is particularly important with socialmedia data, which can have lots of “noise” (extra information) and are therefore almost always cleaned 

Back to top

Questions

If you are trying to understand the implications of big data in your work environment, or are considering using aspects of big data as part of your DRG programming, ask yourself these questions:

  1. Is gathering big data the right approach for the question you’re trying to answer? How would your question be answered differently using interviews, historical research, or a focus on statistical significance?
  2. Do you already have these data, or are they publicly available? Is it really necessary to acquire these data yourself?
  3. What is your plan to make it impossible to identify individuals through their data in your dataset? If the data come from someone else, what kind of de-anonymization have they already performed?
  4. How could individuals be made more identifiable by someone else when you publish your data and findings? What steps can you take to lower the risk they will be identified?
  5. What is your plan for getting consent from those whose data you are collecting? How will you make sure your consent document is easy for them to understand?
  6. If your data come from another organization, how did they seek consent? Did that consent include consent for other organizations to use the data?
  7. If you are getting data from another organization, what is the original source of these data? Who collected them, and what were they trying to accomplish?
  8. What do you know about the quality of these data? Is someone inspecting them for errors, and if so, how? Did the collection tools fail at any point, or do you suspect that there might be some inaccuracies or mistakes?
  9. Have these data been integrated with other datasets? If data were used to fill in gaps, how was that accomplished?
  10. What is the end-to-end security plan for the data you are capturing or using? Are there third parties involved whose security propositions you need to understand?

Back to top

Case Studies

Village resident in Tanzania. Big data analytics can pinpoint strategies that work for small-scale farmers. Photo credit: Riaz Jahanpour for USAID / Digital Development Communications.
Digital Identity in the Migration and Refugee Context

Digital Identity in the Migration and Refugee Context

For migrants and refugees in Italy, identity data collection processes can “exacerbate existing biases, discrimination, or power imbalances.” One key challenge is obtaining meaningful consent. Often, biometric data are collected as soon as migrants and refugees arrive in a new country, at a moment when they may be vulnerable and overwhelmed. Language barriers exacerbate the issue, making it difficult to provide adequate context around rights to privacy. Identity data are collected inconsistently by different organizations, all of whose data protection and privacy practices vary widely.

Big Data for climate-smart agriculture

Big Data for climate-smart agriculture

“Scientists at the International Center for Tropical Agriculture (CIAT) have applied Big Data tools to pinpoint strategies that work for small-scale farmers in a changing climate…. Researchers have applied Big Data analytics to agricultural and weather records in Colombia, revealing how climate variation impacts rice yields. These analyses identify the most productive rice varieties and planting times for specific sites and seasonal forecasts. The recommendations could potentially boost yields by 1 to 3 tons per hectare. The tools work wherever data is available, and are now being scaled out through Colombia, Argentina, Nicaragua, Peru and Uruguay.”

School Issued Devices and Student Privacy

School Issued Devices and Student Privacy, particularly the Best Practices for Ed Tech Companies section. “Students are using technology in the classroom at an unprecedented rate…. Student laptops and educational services are often available for a steeply reduced price and are sometimes even free. However, they come with real costs and unresolved ethical questions. Throughout EFF’s investigation over the past two years, [they] have found that educational technology services often collect far more information on kids than is necessary and store this information indefinitely. This privacy-implicating information goes beyond personally identifying information (PII) like name and date of birth, and can include browsing history, search terms, location data, contact lists, and behavioral information…All of this often happens without the awareness or consent of students and their families.”

Big Data and Thriving Cities: Innovations in Analytics to Build Sustainable, Resilient, Equitable and Livable Urban Spaces.

Big Data and Thriving Cities: Innovations in Analytics to Build Sustainable, Resilient, Equitable and Livable Urban Spaces.

This paper includes case studies of big data used to track changes in urbanization, traffic congestion, and crime in cities. “[I]nnovative applications of geospatial and sensing technologies and the penetration of mobile phone technology are providing unprecedented data collection. This data can be analyzed for many purposes, including tracking population and mobility, private sector investment, and transparency in federal and local government.”

Battling Ebola in Sierra Leone: Data Sharing to Improve Crisis Response.

Battling Ebola in Sierra Leone: Data Sharing to Improve Crisis Response.

“Data and information have important roles to play in the battle not just against Ebola, but more generally against a variety of natural and man-made crises. However, in order to maximize that potential, it is essential to foster the supply side of open data initiatives – i.e., to ensure the availability of sufficient, high-quality information. This can be especially challenging when there is no clear policy backing to push actors into compliance and to set clear standards for data quality and format. Particularly during a crisis, the early stages of open data efforts can be chaotic, and at times redundant. Improving coordination between multiple actors working toward similar ends – though difficult during a time of crisis – could help reduce redundancy and lead to efforts that are greater than the sum of their parts.”

Tracking Conflict-Related Deaths: A Preliminary Overview of Monitoring Systems.

Tracking Conflict-Related Deaths: A Preliminary Overview of Monitoring Systems.

“In the framework of the United Nations 2030 Agenda for Sustainable Development, states have pledged to track the number of people who are killed in armed conflict and to disaggregate the data by sex, age, and cause—as per Sustainable Development Goal (SDG) Indicator 16. However, there is no international consensus on definitions, methods, or standards to be used in generating the data. Moreover, monitoring systems run by international organizations and civil society differ in terms of their thematic coverage, geographical focus, and level of disaggregation.”

Balancing data utility and confidentiality in the US census.

Balancing data utility and confidentiality in the US census.

Describes how the Census is using differential privacy to protect the data of respondents. “As the Census Bureau prepares to enumerate the population of the United States in 2020, the bureau’s leadership has announced that they will make significant changes to the statistical tables the bureau intends to publish. Because of advances in computer science and the widespread availability of commercial data, the techniques that the bureau has historically used to protect the confidentiality of individual data points can no longer withstand new approaches for reconstructing and reidentifying confidential data. … [R]esearch at the Census Bureau has shown that it is now possible to reconstruct information about and reidentify a sizeable number of people from publicly available statistical tables. The old data privacy protections simply don’t work anymore. As such, Census Bureau leadership has accepted that they cannot continue with their current approach and wait until 2030 to make changes; they have decided to invest in a new approach to guaranteeing privacy that will significantly transform how the Census Bureau produces statistics.”

Back to top

References

Find below the works cited in this resource.

Additional Resources

Back to top

Categories

Blockchain

What is Blockchain?

A blockchain is a distributed database existing on multiple computers at the same time, with a detailed and un-changeable transaction history leveraging cryptography. Blockchain-based technologies, perhaps most famous for their use in “cryptocurrencies ” such as Bitcoin, are also referred to as “distributed ledger technology (DLT).”

How does Blockchain work?

Unlike hand-written records, like this bed net distribution in Tanzania, data added to a blockchain can’t be erased or manipulated. Photo credit: USAID.
Unlike hand-written records, like this bed net distribution in Tanzania, data added to a blockchain can’t be erased or manipulated. Photo credit: USAID.

Blockchain is a constantly growing database as new sets of recordings, or ‘blocks,’ are added to it. Each block contains a timestamp and a link to the previous block, so they form a chain. The resulting blockchain is not managed by any particular body; instead, everyone in the network has access to the whole database. Old blocks are preserved forever, and new blocks are added to the ledger irreversibly, making it impossible to erase or manipulate the database records.

Blockchain can provide solutions for very specific problems. The most clear-cut use case is for public, shared data where all changes or additions need to be clearly tracked, and where no data will ever need to be redacted. Different uses require different inputs (computing power, bandwidth, centralized management), which need to be carefully considered based on each context. Blockchain is also an over-hyped concept applied to a range of different problems where it may not be the most appropriate technology, or even in some cases, a responsible technology to use.

There are two core concepts around Blockchain technology: the transaction history aspect and the distributed aspect. They are technically tightly interwoven, but it is worth considering them and understanding them independently as well.

'Immutable' Transaction History

Imagine stacking blocks. With increasing effort, one can continue adding more blocks to the tower, but once a block is in the stack, it cannot be removed without fundamentally and very visibly altering—and in some cases destroying—the tower of blocks. A blockchain is similar in that each “block” contains some amount of information—information that may be used, for example, to track currency transactions and store actual data. (You can explore the bitcoin Blockchain, which itself has already been used to transmit messages and more, to learn about a real life example.).

This is a core aspect of the blockchain technology, generally called immutability, meaning data, once sored, cannot be altered. In rare cases, a 100% consensus among users can permit changes although it is incredibly tedious.

Blockchain is at its simplest, a valuable digital tool that replicates online the value of a paper-and-ink logbook. While this can be valuable to track a variety of sequential transactions or events (ownership of a specific item / parcel of land / supply chain) and could even be theoretically applied to concepts like voting or community ownership and management of resources, it comes with an important caveat. Mistakes can never be truly unmade, and changes to data tracked in a blockchain can never be updated.

Many of the potential applications of blockchain would naturally want one of the pieces of data tracked to be the identity of a person or legal organization. If that entity changes, their previous identity will be forever, immutably tracked and linked to the new identity. On top of being damaging to a person fleeing persecution or legally changing their identity, in case of transgender individuals, for example, this is also a violation of the right to privacy established under international human rights law.

Distributed and Decentralized

The second core tenet of blockchain technology is the absence of a central authority or oracle of “truth.” By nature of the unchangeable transaction records, every stakeholder contributing to a blockchain tracks and verifies the data it contains. At scale, this provides powerful protection against problems common not only to NGOs but to the private sector and other fields that are reliant on one service to maintain a consistent data store. This feature can protect a central system from collapsing or being censored, corrupted, lost, or hacked — but at the risk of placing significant hurdles in the development of the protocol and requirements for those interacting with the data.

A common misconception is that blockchain is completely open and transparent. Blockchains may be private, with various forms of permissions applied. In such cases, some users have more control over the data and transactions than others. Privacy settings for blockchain can make for easier management, but also replicate some of the specific challenges that blockchains, in theory, are solving.

Back to top

How is blockchain relevant in civic space and for democracy?

Blockchain technology has the potential to provide substantial benefits in the development sector broadly, as well as specifically for human rights programs. By providing a decentralized, verifiable source of data, blockchain technology can be a more transparent, efficient form of information and data management for improved governance, accountability, financial transparency, and even digital identities. While blockchain can be effective when used strategically on specific problems, practitioners who choose to use it must do so fastidiously. The decisions to use DLTs should be based on a detailed analysis and research on comparable technologies, including non-DLT options. . The decisions to use DLTs should be based on a detailed analysis and research on comparable technologies, including non-DLT options.

By providing a decentralized, verifiable source of data, blockchain technology can enable a more transparent, efficient form of information and data management. Practitioners should understand that blockchain technology can be applied to humanitarian challenges, but it is not a separate humanitarian innovation in itself.

Blockchain for the Humanitarian Sector – Future Opportunities

Blockchains lend themselves to some interesting tools being used by companies, governments, and civil society. Examples of how blockchain technology may be used in civic space include: land titles, digital IDs (especially for displaced persons), health records, voucher-based cash transfers, supply chain, censorship resistant publications and applications, digital currency , decentralized data management , crowdfunding and smart contracts. Some of these examples are discussed below. Specific examples of the use of blockchain technology may be found below under case studies.

A USAID-funded project used a mobile app and software to track the sale and transfer of land rights in Tanzania. Blockchain technology may also be used to record land titles. Photo credit: Riaz Jahanpour for USAID / Digital Development Communications.
A USAID-funded project used a mobile app and software to track the sale and transfer of land rights in Tanzania. Blockchain technology may also be used to record land titles. Photo credit: Riaz Jahanpour for USAID / Digital Development Communications.

Blockchain technology has the potential to provide substantial benefits in the humanitarian sector, such as protected data sharing, supply chain, donor financing, cash programmes and crowdfunding. By providing a decentralized, verifiable source of data, blockchain technology can enable a more transparent, efficient form of information and data management. Practitioners should understand that blockchain technology can be applied to humanitarian challenges, but it is not a separate humanitarian innovation in itself.

Blockchain for the Humanitarian Sector – Future Opportunities

Blockchain’s core tenets – an immutable transaction history and its distributed and decentralize nature – lend themselves to some interesting tools being used by companies, governments, and civil society. These will be explored more fully in the Case Studies section, below; but at a high level, many actors are looking at leveraging blockchain in the following ways:

Smart Contracts

Smart contracts are agreements that provide automatic payments on the completion of a specific task or event. For example, in civic space, smart contracts could be used to execute agreements between NGOs and local governments to expedite transactions, lower costs, and reduce mutual suspicions. However, since these contracts are “defined” in code, any software bugs become potential loopholes in which the contract could be exploited. Once case of this happened when an attacker exploited a software bug in a smart contract-based firm called The DAO for approximately $50M.

Innovative Currency and Payment Systems
Many new cryptocurrencies are considering ways to leverage blockchain for transactions without the volatility of bitcoin, and with other properties, such as speed, cost, stability and anonymity, at the forefront. Cryptocurrencies are also occasionally combined with smart contracts, to establish shared ownership through funding of projects.
Potential for fund-raising
In addition, the digital currency subset of blockchain is being used to establish shared ownership (not dissimilar to stocks / shares of large companies) of projects.
Censorship-resistant technology

The decentralized, immutable nature of blockchain provides clear benefits to protecting speech, but not without significant risks. There have been high-visibility uses of blockchain to publish censored speech in China, Turkey, and Catalonia. Article 19 has written an in-depth report specifically on the interplay between freedom of expression and blockchain technologies, which provides a balanced view of the potential benefits and risks, and guidance for stakeholders considering engaging in this facet.

Decentralized computation and storage

Ethereum is a cryptocurrency focused on using the blockchain system to help manage decentralized computation and storage through smart contracts and digital payments. Ethereum encourages the development of “distributed apps” which are tied to transactions on the Ethereum Blockchain. Examples include automated auctions, voting, a Twitter-like tool, and apps that pay for content creation/sharing. See case studies in the cryptocurrencies primer for more detail.

The vast majority of these solutions presume some form of micro-payment as part of the transaction. This transfer formalizes and records the action in the blockchain, but the design element has obvious challenges for equal access.

Back to top

Opportunities

Blockchain can have positive impacts when used to further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about blockchain in your work.

Proof of Digital Integrity

Data stored or tracked using blockchain technologies have a clear, sequential, and unalterable chain of verifications. Once data is added to the blockchain, there is ongoing mathematical proof that it has not been altered. This does not provide any assurance that the original data is valid or true, and it means that any data added cannot be deleted or changed – only appended to. Working in civil society, this benefit has been applied to concepts such as creating records for land titles/ownership; to improve voting, to ensure one person matches with one unchangeable vote; or to prevent fraud and corruption and enhance transparency in international philanthropy. It has been used for digital identities to help people retain ownership over their identity and documents, and in humanitarian contexts to make voucher-based cash transfers more efficient. As an enabler for digital currency, blockchain increases the sources of philanthropic wealth and, in some circumstances, facilitates cross-border funding of civil society.

A function such as this can provide a solution to the legal invisibility most often borne by refugees and migrants. Rohingya refugees in Bangladesh, for example, are often at risk of discrimination and exploitation, because they are stateless. Proponents of blockchain argue that its distributed system can grant individuals with “self-sovereign identity,” a process through which they create and register their identity themselves and can therefore control and share that information.  However, if blockchain architects do not secure transaction permissions and public/private state variables, governments could use machine-learning algorithms to monitor public blockchain activity and gain insight into whatever daily, lower- level activity of their citizens are linkable to their blockchain identities. This might include interpersonal and business payments, timing, and any other locations or businesses where citizens need to “show their ID” for services, be they health, financial, or other. Furthermore, such a use of blockchain assumes that individuals would be prepared and able to adopt that technology, an unlikely possibility due to the financial insecurity many vulnerable groups, such as refugees, face.

The importance of legal identity has been recognised by international bodies. “Legal invisibility” is a major problem for various groups, placing them at risk of discrimination and exploitation, such as migrants often given fake ID documents for transport across borders, or people without proof of identity. Some argue that the decentralised nature of blockchain can provide a remedy to this by granting individuals with “self-sovereign identity” where they are the ones to create and register identity and the only ones to control what to do with it and with whom to share it” […] If blockchain architects aren’t careful in the way they align transaction permissions and public/private state variables, governments could use state-sponsored machine learning algorithms to monitor public blockchain activity and gain insight into the lower level activity of their citizens

Blockchain and freedom of expression

Decentralized Store of data

Around the world, blockchain technology helps displaced people regain IDs and access to other social services. Here, a CARD agent in the Philippines tracks IDs by hand. Photo credit: Brooke Patterson/USAID.
Around the world, blockchain technology helps displaced people regain IDs and access to other social services. Here, a CARD agent in the Philippines tracks IDs by hand. Photo credit: Brooke Patterson/USAID.

Blockchain is resistant to traditional problems of one central authority or data store being attacked or experiencing outages. In a blockchain, data are constantly being shared and verified across all members—although a blockchain requires large amounts of energy, storage and bandwidth to maintain a shared data store. This decentralization is most valued in digital currencies, which rely on the scale of their blockchain to balance not having a country or region “owning” and regulating the printing of the currency. Blockchain has also been explored to distribute data and coordinate resources without a reliance on a central authority and simultaneously being resistant to censorship.

Blockchains promise anonymity, or at least pseudonymity, because limited information regarding individuals is stored in transaction logs. However, this does not make the underlying access platforms resistant to protecting blockchain and freedom of expression. For instance, the central internet regulator in China proposed regulations that would require local blockchain companies to register users with their real names and national identification card numbers.
Blockchain and freedom of expression

Back to top

Risks

The use of emerging technologies can also create risks in civil society programming. Read below on how to discern the possible dangers associated with blockchain in DRG work, as well as how to mitigate for unintended – and intended – consequences.

Unequal Access

Blockchain presents multiple barriers to engaging with it. Connectivity, reliable and robust bandwidth and local storage are all needed. Therefore, mobile phones are often an insufficient device to host or download blockchains. The infrastructure it requires can serve as a barrier to access in areas where Internet connectivity primarily occurs via mobile devices. Because every full node (host of a blockchain) stores a copy of the entire transaction log, blockchains only grow longer and larger with time, and thus can be extremely resource-intensive to download on a mobile device. For instance, over the span of a few years, the blockchains underlying Bitcoin grew from several gigabytes to several hundred. While the use of blockchain offline is possible, offline components are among the most vulnerable to cyberattacks, and this could put the entire system at risk.

Blockchains — whether they are fully independent are part of existing blockchains — require some percentage of actors to lend processing power to the blockchain, which — especially as they scale — itself becomes either exclusionary or creates classes of privileged users.

Another problem that can undermine the intended benefits of the system is the unequal access to possibilities to convert blockchain-based currencies to traditional currency, for example in relation to philanthropy or to support civil society organizations in restrictive regulatory environments, as for cryptocurrencies to have actual value, someone has to be willing to pay money for it.

Lack of digital literacy

Beyond these technical challenges, blockchain technology requires a strong baseline understanding of technology and its use in situations where digital literacy itself is a challenge.

There are paths around some of these problems, but any blockchain use needs to reflect on what potential inequalities could be exacerbated by or with this technology.

Further, these technologies are inherently complex, and outside the atypical case where individuals do possess the technical sophistication and means to install blockchain software and set up nodes; the question remains as to how the majority of individuals can effectively access them. This is especially true of individuals who may have added difficulty interfacing with technologies due to disability, literacy or age. Ill-equipped users are at increased risk of their investments or information being exposed to hacking and theft.

Blockchain and freedom of expression

Breaches of Privacy

Account Ledgers for Nepali Savings and Credit Cooperatives shows the burden of paper. Blockchain replicates online the value of a paper-and-ink records. Photo credit: Brooke Patterson/USAID.
Account Ledgers for Nepali Savings and Credit Cooperatives shows the burden of paper. Blockchain replicates online the value of a paper-and-ink records. Photo credit: Brooke Patterson/USAID.

Storing sensitive information on a blockchain – such a biometrics or gender – combined with the immutable aspects of the system, can lead to considerable risks for individuals when this information is accessed by others with the intention to harm. Even when specific personally identifiable information is not stored on a blockchain, pseudonymous accounts are difficult to protect from being mapped to real-world identities, especially if they are connected with financial transactions, services, and/or actual identities. This can erode rights to privacy and protection of personal data, as well as exacerbate the vulnerability of already marginalized populations and persons who change fundamental aspects of their person (gender, name). Explicit consent, modification and deletion of one’s own data are often protected through data protection and privacy legislation, such as the General Data Protection Regulation in the EU that serves as example for many other laws around the world. An overview of legislation in this area around the world is kept up to date by the United Nations Conference on Trade and Development.

For example, in September 2017, concerns surfaced about the Bangladeshi government’s plans to create a ‘merged ID’ that would combine citizens’ biometric, financial and communications data (Rahman, 2017). At that time, some local organizations had started exploring a DLT solution to identify and serve the needs of local Rohingya asylum-seekers and refugees. Because aid agencies are required to comply with national laws, any data recorded on a DLT platform could be subject to automatic data-sharing with government authorities. If these sets of records were to be combined, they would create an indelible, uneditable, untamperable set of records of highly vulnerable Rohingya asylum-seekers, ready for cross-referencing with other datasets. “As development and humanitarian donors and agencies rush to adopt new technologies that facilitate surveillance, they may be creating and supporting systems that pose serious threats to individuals’ human rights.”

These issues raise questions about meaningful, informed consent – how and to what extent do aid recipients understand DLTs and their implications when they receive assistance? […] Most experts agree that data protection needs to be considered not only in the realm of privacy, empowerment and dignity, but also in terms of potential physical impact or harm (ICRC and Brussels Privacy Hub, 2017; ICRC, 2018a)

Blockchain and distributed ledger technologies in the humanitarian sector

Environmental Impact

As blockchains scale, they require increasing amounts of computational power to stay in sync. In most digital currency blockchains, this scale problem is balanced by rewarding people who contribute to the processing power required with currency. The University of Cambridge estimated in fall 2019 that Bitcoin alone currently uses .28% of global electricity consumption, which, if Bitcoin were a country, would place it as the 41st most energy-consuming country, just ahead of Switzerland. Further, the negative impact is demonstrated by research showing that each Bitcoin transaction takes as much energy as needed to run a well-appointed house and all the appliances in it for an entire week.

Regulatory Uncertainty

As is often the case for emerging technology, the regulations surrounding blockchain are either ambiguous or nonexistent. In some cases, such as when it can publish censored speech, regulators overcorrect and block access to the entire system or remove pseudonymous protections of the system in country. In Western democracies, there are evolving financial regulations as well as concerns around the immutable nature of the records stored in a blockchain. Personally-Identifiable Information (see Privacy, above) in a blockchain cannot be removed or changed as required by the European Union’s General Data Protection Regulation (GDPR) and widely illegal content has already been inserted into the bitcoin blockchain.

Trust, Control, and Management Issues

While a blockchain has no “central database” which could be hacked, it also has no central authority to adjudicate or resolve problems. A lost or compromised password is almost guaranteed to result in the loss of ability to access funds or worse, digital identities. Compromised passwords or illegitimate use of the blockchain can harm individuals involved, especially when personal information is accessed or when child sexual abuse images are stored forever. Building mechanisms to address this problem undermines other key features of the blockchain.

That said, an enormous amount of trust is inherently placed in the software-development process around blockchain technologies, especially those using smart contracts. Any flaw in the software, and any intentional “back door”, could enable an attack that undermines or subverts the entire goal of the project.

Where is trust being placed: whether it is in the coders, the developers, those who design and govern mobile devices or apps; and whether trust is in fact being shifted from social institutions to private actors. All stakeholders should consider what implications does this have and how are these actors accountable to human rights standards

Blockchain and freedom of expression

Back to top

Questions

If you are trying to understand the implications of blockchain in your work environment, or are considering using aspects of blockchain as part of your DRG programming, ask yourself these questions:

  1. Does blockchain provide specific, needed features that existing solutions with proven track records and sustainability do not?
  2. Do you really need blockchain, or would a database be sufficient?
  3. How will this respect data privacy and control laws such as the GDPR?
  4. Do your intended beneficiaries have the internet bandwidth needed to use the product you are developing with blockchain?
  5. What external actors/partners will control critical aspects of the tool or infrastructure this project will rely on?
  6. What external actors/partners will have access to the data this project creates? What access conditions, limits, or ownership will they have?
  7. What level of transparency and trust do you have with these actors/partners?
  8. How you are you conducting and measuring informed consent processes for any data gathered?
  9. How will this project mitigate technical, financial, and/or infrastructural inequalities and ensure they are not exacerbated?
  10. Will the use of blockchain in your project comply with data protection and privacy laws?
  11. Do other existing laws and policies address the risks and offer mitigating measures related to the use of blockchain, such as anti-money-laundering regulation?
  12. Do existing laws enable the benefits you have identified for the blockchain-enabled project?
  13. Are these laws aligned with international human rights law such as the right to privacy, to freedom of expression and opinion and to enjoy the benefits of scientific progress?

Back to top

Case Studies

Blockchain in the humanitarian sector

The 2019 report “Blockchain and distributed ledger technologies in the humanitarian sector” provides multiple examples of humanitarian use of DLTs, including for financial inclusion, land titling, donation transparency, fraud reduction, cross-border transfers, cash programming, grant management and organizational governance, among others.

  • The World Food Programme’s Building Blocks project uses blockchain technology (Ethereum, four nodes and one controlling entity) to make its voucher-based cash transfers more efficient, transparent and secure, and to improve collaboration across the humanitarian system.
  • The Start Network and its member organisations Dorcas Aid International and Trócaire partnered with Disberse, a for-profit financial institution for the aid sector, on pilot programmes using DLT (Ethereum-based, two and three nodes and one controlling entity) to increase the humanitarian community’s comfort with the technology.
  • Helperbit uses the Bitcoin public network to create a decentralised, parametric peer-to-peer insurance service and donation system (multi-signature e-wallet) to change practices of humanitarian assistance both before and after an emergency.
  • Sikka, a digital-assets transfer platform (Ethereum, one node and one controlling entity), was created by World Vision International Nepal Innovation Lab to address the challenge of financial access during times of crises for financially marginalised and in-need communities.
  • The IFRC and Kenya Red Cross implemented the Blockchain Open Loop Payments Pilot Project (Multichain, four nodes with three controlling entities), through Red Rose, to explore how blockchain could increase the transparency and accountability of cash transfer programmes, including in relation to self-sovereign digital identities.”

Blockchain to permanently keep news articles
Civil.co is a journalism-supporting organization that has harnessed the blockchain to permanently keep news articles online in the face of censorship. Civil’s blockchain aims to encourage community trust of the news in different ways. First, the blockchain itself is used to publish articles, meaning a user with sufficient technical skills can theoretically verify that the articles came from where they say they did. Civil also supports this with two non-blockchain “technologies”: a “constitution” which their newsrooms must adopt, and a ranking system through which their community of readers and journalists can vote up news and newsrooms they find trustworthy. By publishing on a peer-to-peer blockchain, their publishing has additional resistance to censorship. Readers can also pay journalists for articles using Civil’s tokens. It is worth noting that Civil’s initial fundraising fell flat and its model is still struggling to prove itself.
Blockchain and Impact
In “Blockchain: Can We Talk About Impact Yet?”, Shailee Adinolfi, John Burg and Tara Vassefi respond to a MERLTech blog post that not only failed to find successful applications of bockchain in international development, but was unable to identify companies willing to talk about the process. This article highlights three case studies of in-progress projects with discussion and links to project information and/or case studies.
Digital Currencies and Blockchain in the Social Sector
Digital Currencies and Blockchain in the Social Sector,” David Lehr and Paul Lamb summarize work in international development leveraging blockchain for philanthropy, international development funding, remittances, identity, land rights, democracy and governance, and environmental protection.
Alas, the Blockchain Won’t Save Journalism After All
In “Alas, the Blockchain Won’t Save Journalism After All,” Jonah Engel Bromwich describes Civil.co’s initial attempts adapting blockchain to a media funding strategy.
Successful case studies by Consensys
Consensys, a company building and investing in blockchain solutions, including some in the civil sector, summarizes (successful) use cases in “Real-World Blockchain Case Studies.”
Blockchain to prevent child trafficking
UN Blockchain4Humanity Global Challenge considers the use of blockchain to help prevent child trafficking in Moldova. This use is also discussed in the Reuters article, “Scan on exit: can blockchain save Moldova’s children from traffickers?
Blockchain in a refugee camp in Jordan
The MIT Technology Review presents a case study of the use of biometrics and blockchain in a refugee camp in Jordan, that presents challenges to the right to data protection of the vulnerable individuals involved “Inside the Jordan refugee camp that runs on Blockchain.”

Back to top

References

Find below the works cited in this resource.

Additional Resources

Back to top

Categories

Cryptocurrency

What are cryptocurrencies?

Cryptocurrency is a form of digital money. It was created in the wake of the 2008 global financial crisis to decentralize the system of financial transactions. Cryptocurrency is almost a direct contrast to the global financial system: no currency is attached to a state authority, it is unbound by geographic regulations, and most importantly, the maintenance of the system is community driven by a network of users. All transactions are logged anonymously on a public ledger, such as the Bitcoin’s blockchain .

Definitions

Blockchain: Blockchain is a type of technology used in many digital currencies as a bank ledger. Unlike a normal bank ledger, copies of that ledger are distributed digitally, among computers all over the world, automatically updating with every transaction.

Currency: A currency is a widely accepted system of money in circulation, usually designated by a nation or group of nations. Currency is commonly found in the form of paper and coins, but can also be digital (as this primer explores).

Fiat money: Government-issued currency, such as the USD. Sometimes referred to as Fiat currency.

Hashing: The process through which cryptocurrency transactions are verified. When one person pays another using Bitcoin, for example, computers on the blockchain automatically check that the transaction is accurate.

Hash: The mathematical problem computers must solve to add transactions to the blockchain.

Initial Coin Offering (ICO): The process by which a new cryptocurrency or digital “token” invites investment.

Mining: The process by which a computer solves a hash. The first computer to solve the hash permanently stores the transaction as a block on the blockchain. When a computer successfully adds a block to the blockchain, it is rewarded with a coin. Arriving at the right answer for a hash before another miner relates to how fast a computer can produce hashes. In the early years of bitcoin, for example, mining could be performed effectively using open-source software on standard desktop computers. More recently, only special-purpose machines known as application-specific integrated circuit (ASIC) miners can mine bitcoin cost-effectively, because they are optimized for the task. Mining pools (groups of miners) and companies now control most bitcoin mining activity.

How do cryptocurrencies work?

Money transfer agencies in Nepal. Cryptocurrencies potentially allow users to send and receive remittances and access foreign financial markets. Photo credit: Brooke Patterson/USAID.

Users purchase cryptocurrency with a credit card, debit card, bank account or through mining. They then store the currency in a digital “wallet,” either online, on a computer, or offline, on a portable storage device, such as USB sticks. These wallets are used to send and receive money through “public addresses” or keys that link the money to a specific type of cryptocurrency. These  addresses are strings of characters that signify a wallet’s identity for transactions. A user’s public address can be shared with anyone to receive funds and can also be represented as a QR code. Anyone with whom a user makes a transaction can see the balance in the public address that he or she uses.

While transactions are publicly recorded, identifying user information is not. For example, on the Bitcoin blockchain, only a user’s public address appears next to a transaction—making transactions confidential but not necessarily anonymous.

Cryptocurrencies have increasingly struggled with intense periods of volatility, most of which stem from the decentralized system of which they are part. The lack of a central body means that cryptocurrencies are not legal tender, they are not regulated, there is little to no insurance if an individual’s digital wallet is hacked, and most payments are not reversible. As a result, cryptocurrencies are inherently speculative.  In 2017, Bitcoin peaked at a price of nearly $20,000 per coin, but on average, it has been valued at about $7,000 per coin. Newer cryptocurrencies, such as Tether, have attempted to offset volatility by tying their market value to an external currency like USD or gold. However, the industry overall has not yet reconciled how to maintain an autonomous, decentralized system with overall stability.

Types of Cryptocurrencies

The value of a certain cryptocurrency is heavily dependent on the faith of its investors, its integration into financial markets, public interest in using it, and its performance compared to other cryptocurrencies. Bitcoin, founded in 2008, was the first and only cryptocurrency until 2011 when “altcoins” began to appear. Estimates for the number of cryptocurrencies vary, but as of August 2018, there were about 1,600 different types of cryptocurrencies.

  • Bitcoin
    It has the largest user base and a market capitalization in the hundreds of billions. While Bitcoin initially attracted financial institutions like Goldman Sachs, the collapse of Bitcoin’s value (along with other cryptocurrencies) in 2018 has since increased skepticism towards its long-term viability.
  • Ethereum
    Ethereum is a decentralized software platform that enables Smart Contracts and Decentralized Applications (DApps) to be built and automated without interference from a third party (like Bitcoin: they both run on Blockchain technology). Ethereum launched in 2015 and is currently the second largest cryptocurrency based on market capitalization after Bitcoin.
  • Ripple (XRP)
    Ripple is a real-time payment-processing network that offers both instant and low-cost international payments, to compete with other transaction systems such as SWIFT or VISA. It is the third largest cryptocurrency.
  • Tether (USDT)
    Tether is one of the first and most popular of a group of “stablecoins” — cryptocurrencies that peg their market value to a currency or other external reference point to reduce volatility.
  • Libra
    Libra is Facebook’s cryptocurrency due to be released in late 2020 or later. The company faced regulatory backlash: US and European regulators and legislators raised competition concerns, seeing as Facebook is one of the most powerful companies in the world. There were also fears that Libra would disrupt financial markets in smaller countries.Facebook has since rebranded its associated digital wallet as “Novi”, a standalone app. When Novi launches, it will include access to several stablecoins — each of them backed by a single fiat currency, such as USD, EUR, GBP or SGD. Facebook’s entry into cryptocurrency is expected to significantly alter the industry. Only a limited set of countries will be able to access it when it is launched.
  • Monero
    Monero is the largest of what are known as privacy coins. Unlike Bitcoin, Monero transactions and account balances are not public by default.
  • Zcash
    Another anonymity-preserving cryptocurrency, Zcash, is operated under a foundation of the same name. It is branded as a mission-based, privacy-centric cryptocurrency that enables users “to protect their privacy on their own terms”, regarding privacy as essential to human dignity and to the healthy functioning of civil society.

Fish vendor in Indonesia. Women are most of the unbanked, and financial technologies can provide tools to address this gap. Photo credit: Afandi Djauhari/NetHope.

Back to top

How are cryptocurrencies relevant in civic space and for democracy?

Cryptocurrencies are, in many ways, ideal for the needs of NGOs, humanitarians and other civil society actors. Civic space actors who require blocking-resistant, low-fee transactions might find cryptocurrencies both convenient and secure. The use of cryptocurrencies in the developing world reveals their role as not just vehicles for aid, but also tools that facilitate the development of small- to medium-sized enterprises (SMEs) looking to enter international trade. For example, UNICEF created a cryptofund in 2019 in order to receive and distribute funding in cryptocurrencies (ether and bitcoin).  In June of 2020, UNICEF announced its largest investment yet in startups located in developing and economies, who are helping respond to the Covid-19 pandemic.

However, regarding cryptocurrencies through only a traditional development lens – i.e. that they may only be useful for refugees or countries with unreliable fiat currencies – simplifies the economic landscape of such developing countries. Many countries are home to a significant youth population who are poised to harness cryptocurrency in innovative ways, for instance to send and receive remittances, to access foreign financial markets and investment possibilities, and even to encourage ecological or ethical purchasing behaviors (see the Case Studies section ). During the Coronavirus lockdown in India, and after the country’s reserve bank lifted a ban it had on cryptocurrencies, many young people started trading in Indian cryptocurrencies and using cryptocurrencies to transfer money to one another. Still, the future of crypto in India and elsewhere is uncertain. The frontier nature of cryptocurrencies poses significant risks to users when it comes to insurance and, in some cases, security.

Moreover, as will be discussed below, the distributed technology (blockchain) underlying cryptocurrencies is seen as offering resistance to censorship, as the data are distributed over a large network of computers. Cryptocurrencies could also give a broader range of people access to banking.

Back to top

Opportunities

Cryptocurrencies can have positive impacts when used to further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about cryptocurrencies in your work.

Accessibility

Cryptocurrencies are more accessible to a broader range of users than regular cash currency transactions are; they are not subject to government regulation and they don’t have high processing fees. Cross-border transactions in particular benefit from the features of cryptocurrencies; international banking fees and poor exchange rates can be extremely costly (See the BitPesa case study , below). In some cases, the value of cryptocurrencies may even be more stable than the local currency. Cryptocurrencies that require participants to log in (on “permissioned” systems) necessitate that an organization controls participation in its system. In some cases, certain users also help run the system in other ways, like operating servers. When this is the case, it is important to understand who those users are, how they are selected, and how their ability to use the system could be taken away if they turn out to be bad actors.

Additionally, Initial Coin Offerings (ICOs) lower the entry barrier to investing, cutting venture capitalists and investment banks out of the investing process. While similar to Initial Public Offering (IPO)s, ICOs differ significantly in that they allow companies to interact directly with individual investors. This also poses a risk to investors, as the safeguards offered by investment banks for traditional IPOs do not apply. (See Lack of Governance and Regulatory Uncertainty ). The lack of regulatory bodies has also spurred the growth of scam ICOs. When an ICO or cryptocurrency does not have a legitimate strategy for generating value, they are typically a scam ICO.

Anonymity and Censorship Resistance

The decentralized, peer-to-peer nature of cryptocurrencies may be of great comfort to those seeking anonymity, such as human rights defenders working in closed spaces or people simply seeking an equivalent to “cash” for online purchases (see the Cryptocurrencies in Volatile Markets case study , below). Cryptocurrencies can be useful for someone who wishes to donate anonymously to a foundation or organization, when that donation could put them at risk if their identity were known.

Since the data that supports the currency is distributed over a large network of computers, it is more difficult for a bad actor to locate and target a transaction or system operation. But a currency’s ability to protect anonymity largely depends on the specific goal of the cryptocurrency. Zcash, for example, was specifically developed to hide transaction amounts and user addresses from public view. Cryptocurrencies with a large number of participants are also resistant to more benign, routine, system outages because some data stores in the network can operate if others are breached.

Back to top

Risks

User in the Philippines received transaction confirmation. Users purchase cryptocurrency with a credit card, debit card, bank account or through mining. Photo credit: Brooke Patterson/USAID.

The use of emerging technologies can also create risks in civil society programming. Read below on how to discern the possible dangers associated with cryptocurrencies in DRG work, as well as how to mitigate for unintended – and intended – consequences.

Anonymity

While no central authority records cryptocurrency transactions, the public nature of the transactions does not prevent governments from recording them. Identity that can be associated with records on a blockchain is particularly a problem under totalitarian surveillance regimes. The central internet regulator in China, for example,  proposed regulations that would require local blockchain companies to register users with their real names and national identification card numbers. In order to trade or exchange a cryptocurrency into an established fiat currency, a new digital currency would need to incorporate Know Your Customer (KYC), Anti-Money Laundering (AML), and Combating the Financing of Terrorism (CFT) regulations into its process for signing up new users and validating their identities. These processes pose a high barrier to undocumented migrants and anyone else not holding a valid government ID.

As described in the case study below, the partially anarchical environment of cryptocurrencies can also foster criminal activity.

Case Study: The Dark Side of the Anonymous User Bitcoin and other cryptocurrencies are praised for supporting financial transactions that do not reveal a user’s identity. But this has made them popular on “dark web” sites like Silk Road, where cryptocurrency can be exchanged for illegal goods and services like drugs, weapons, or sex work. Silk Road was eventually taken down by the U.S. Federal Bureau of investigation, when its founder, Ross Ulbricht, used the same name to advertise the site and seek employees in another forum, linking to a Gmail address. Google provided the contents of that address to the authorities when subpoenaed.

The lessons to take from the Silk Road case are that anonymity is rarely perfect and unbreakable, and cryptocurrency’s identity protection is not an ironclad guarantee. On a public blockchain, a single identity slip (even in some other forum) can tie all of the transactions of that cryptocurrency account to one user. The owner of that wallet can then be connected to their subsequent purchases, as easily as a cookie tracks a user’s web browsing activity.

Lack of Governance

The lack of a central body greatly increases the risk of investing in a cryptocurrency. There is little to no recourse for users if the system is attacked digitally and their currency is stolen. In 2016, criminals hacked the Ethereum blockchain and stole $50 million worth of that currency, known as the DAO (Decentralized Autonomous Organization) Bailout. It resulted in a major division in the Ethereum community, leading to a total split in governance where some participants wanted to see the value of that $50 million returned to holders, and others wanted to continue treating that value as permanently lost.

Regulatory Uncertainty

The legal and regulatory frameworks for blockchain are developing at a slower pace than the technology. Each jurisdiction – whether within a country or a financial zone, such as the 26 European countries known as the Schengen area that have abolished passports and border controls – regulate cryptocurrencies differently, and there is yet to be a global financial standard for regulating them. The seven Arab nations bordering the Persian Gulf  (Gulf States) , for example, have enacted a number of different laws on cryptocurrencies: they face an outright ban in the United Arab Emirates while they are partially banned in Saudi Arabia and Qatar.  Other countries have developed tax laws, anti-money-laundering laws, and anti-terrorism laws to regulate cryptocurrencies. In many places, cryptocurrency is taxed as a property, instead of as a currency.

Cryptocurrency’s commitment to autonomy – that is, its separation from a fiat currency – has pitted it as an antagonist to many established regulatory bodies. Observers note that eliminating the ability of intermediaries (e.g., governments or banks) to claim transaction fees, for example, alters existing power balances and may trigger prohibitive regulations even as it temporarily decreases financial costs. Thus, there is always a risk that governments will develop policies unfavorable to financial technologies (fintech), rendering cryptocurrency and mobile money useless within its borders. The constantly evolving nature of laws around fintech proves difficult for any new digital currency.

Environmental Inefficiency

The larger a blockchain grows, the more computational power it requires. In late 2019, the University of Cambridge estimated that Bitcoin uses .28% of the global electricity consumption. If Bitcoin were a country, it would be ranked the 41st most energy-consuming country, just ahead of Switzerland.

Digital Literacy and Access Requirements

Blockchain technology underlaying cryptocurrencies requires access to the Internet, and areas with inadequate infrastructure or capacity would not be usable contexts for cryptocurrencies, although limited possibilities of using cryptocurrency without Internet access do exist. “This digital divide also extends to technological understanding between those who know how to ‘operate securely on the Internet, and those who do not’”, as noted by the DH Network. Cryptocurrency apps are not usable on lower-end devices, which requires users to use a smartphone or computer. The apps themselves involve a steep learning curve. Additionally, the slow speed of transactions — which can take minutes or up to an hour — are a significant disadvantage, especially when compared to the seconds-fast speed of standard Visa transactions.

Back to top

Questions

If you are trying to understand the implications of cryptocurrencies in your work environment, or are considering using cryptocurrencies as part of your DRG programming, ask yourself these questions:

  1. Do the issues you or your organization are seeking to address require cryptocurrency? Can more traditional currency solutions apply to the problem?
  2. Is cryptocurrency an appropriate currency for the populations you are working with? Will it help them access the resources they need? Is it accepted by the other relevant stakeholders?
  3. Do you or your organization need an immutable database distributed across multiple servers? Would it be ok to have the currency and transactions connected to a central server?
  4. Is the cryptocurrency you wish to use viable? Do you trust the currency and have good reason to assume it will be sufficiently stable in the future?
  5. Is the currency legal in the areas where you will be operating? If not, will this pose problems for your organization?
  6. How will you obtain this currency? What risks are involved? What external actors will you be reliant on?
  7. Will the users of this currency be able to benefit from it easily and safely? Will they have the required devices and knowledge?

Back to top

Case Studies

Mobile money agency in Ghana. The use of cryptocurrencies in the developing world can facilitate the development of small- to medium-sized enterprises looking to enter international trade. Photo credit: John O’Bryan/ USAID.
BitPesa Proves Cost-Effective SMEs

To many humanitarian actors, the ideal role for cryptocurrencies would be to facilitate the provision of remittances to families. But in a number of cases, cryptocurrency has been shown to be used not as a remittance channel, but for people to send money to themselves. For example, in Kenya, many of the international money transfers conducted on the Nairobi-based bitcoin exchange, BitPesa, are from an individual’s foreign account to a Kenyan one, or vice versa. Many cite the use of BitPesa as a tool to save money on bank transfer fees and high foreign exchange rates. Young Kenyans sometimes use the site to access global trading markets that they otherwise would not be able to access in Kenya, where many trading sites are not available. Increasingly, BitPesa is highly useful for upper-middle-class entrepreneurs who are building international businesses through trade and online commerce. However, the largest telecommunications company in Kenya – Safaricom – recently banned the use of Bitcoin on its mobile-money-exchange system, mPesa. When companies hold a monopoly or a significant majority of the market that relates to mobile and internet connectivity, the use of cryptocurrencies may be significantly curbed.

Cryptocurrencies in Volatile Markets

Between August 2014 and November 2016, the number of Bitcoin users in Venezuela rose from 450 to 85,000. The financial crisis in the country has prompted many of its citizens to search for new options. Bitcoin has been used to purchase medicine (in short supply there), Amazon gift cards, and to send remittances. There are no laws regulating Bitcoin in Venezuela, which has emboldened people further. Countries with financial markets that have experienced similar rates of inflation to Venezuela- such as South Sudan, Zimbabwe, and Argentina – all have relatively active cryptocurrency markets.

Cryptocurrencies for Social Impact

Many new cryptocurrencies have attempted to monetize the social impacts of their users. SolarCoin rewards people for installing solar panels. Tree Coin gathers resources for planting trees in the developing world (as one way to fight climate change) and rewards local people for maintaining those trees. Impak Coin is “the first app to reward and simplify responsible consumption” by helping users find socially responsible businesses. The coin it offered is intended to be used to buy products and services from these businesses, and to support users in microlending and crowdlending. It was part of an ecosystem of technologies that included ratings based on the UN’s Sustainable Development Goals and the Impact Management Project. True to its principles, Impak has proposed to begin assessing its impact.

Back to top

References

Find below the works cited in this resource.

Additional Resources

Back to top

Categories

Data Protection

What is data protection?

Data protection refers to practices, measures and laws that aim to prevent certain information about a person from being collected, used or shared in a way that is harmful to that person.

Interview with fisherman in Bone South Sulawesi, Indonesia. Data collectors must receive training on how to avoid bias during the data collection process. Photo credit: Indah Rufiati/MDPI – Courtesy of USAID Oceans.

Data protection isn’t new. Bad actors have always sought to gain access to individuals’ private records. Before the digital era, data protection meant protecting individuals’ private data from someone physically accessing, viewing or taking files and documents. Data protection laws have been in existence for more than 40 years.

Now that many aspects of peoples’ lives have moved online, private, personal and identifiable information is regularly shared with all sorts of private and public entities. Data protection seeks to ensure that this information is collected, stored and maintained responsibly and that unintended consequences of using data are minimized or mitigated.

What are data?

Data refer to digital information, such as text messages, videos, clicks, digital fingerprints, a bitcoin, search history and even mere cursor movements. Data can be stored on computers, mobile devices, in clouds and on external drives. It can be shared via e-mail, messaging apps and file transfer tools. Your posts, likes and retweets, your videos about cats and protests, and everything you share on social media is data.

Metadata are a subset of data. It is information stored within a document or file. It’s an electronic fingerprint that contains information about the document or file. Let’s use an email as an example. If you send an email to your friend, the text of the email is data. The email itself, however, contains all sorts of metadata like, who created it, who the recipient is, the IP address of the author, the size of the email, etc.

Large amounts of data get combined and stored together. These large files containing thousands or millions of individual files are known as datasets. Datasets then get combined into very large datasets. These very large datasets, referred to as to big data , are used to train machine-learning systems.

Personal Data and Personally Identifiable Information

Data can seem to be quite abstract, but the pieces of information are very often reflective of the identities or behaviors of actual persons. Not all data require protection, but some data, even metadata, can reveal a lot about a person. This is referred to as Personally Identifiable Information (PII). PII is commonly referred to as personal data. PII is information that can be used to distinguish or trace an individual’s identity such as a name, passport number or biometric data like fingerprints and facial patterns. PII is also information that is linked or linkable to an individual, such as date of birth and religion.

Personal data can be collected, analyzed and shared for the benefit of the persons involved, but they can also be used for harmful purposes. Personal data are valuable for many public and private actors. For example, they are collected by social media platforms and sold to advertising companies. They are collected by governments to serve law-enforcement purposes like prosecution of crimes. Politicians value personal data to target voters with certain political information. Personal data can be monetized by people with criminal purposes such as selling false identities.

“Sharing data is a regular practice that is becoming increasingly ubiquitous as society moves online. Sharing data does not only bring users benefits, but is often also necessary to fulfill administrative duties or engage with today’s society. But this is not without risk. Your personal information reveals a lot about you, your thoughts, and your life, which is why it needs to be protected.”

Access Now’s ‘Creating a Data Protection Framework’, November 2018.

How does data protection relate to the right to privacy?

The right to protection of personal data is closely interconnected to, but distinct from, the right to privacy. The understanding of what “privacy” means varies from one country to another based on history, culture, or philosophical influences. Data protection is not always considered a right in itself. Read more about the differences between privacy and data protection here.

Data privacy is also a common way of speaking about sensitive data and the importance to protect it against unintentional sharing and undue or illegal  gathering and use of data about an individual or group. USAID recently shared a resource about promoting data privacy in COVID-19 and development, which defines data privacy as ‘the  right  of  an  individual  or  group  to  maintain  control  over  and  confidentiality  of  information  about  themselves’.

How does data protection work?

Participant of the USAID WeMUNIZE program in Nigeria. Data protection must be considered for existing datasets as well. Photo credit: KC Nwakalor for USAID / Digital Development Communications

Personal data can and should be protected by measures that protect from harm the identity or other information about a person and that respects their right to privacy. Examples of such measures include determining which data are vulnerable based on privacy-risk assessments; keeping sensitive data offline; limiting who has access to certain data; anonymizing sensitive data; and only collecting necessary data.

There are a couple of established principles and practices to protect sensitive data. In many countries, these measures are enforced via laws, which contain the key principles that are important to guarantee data protection.

“Data Protection laws seek to protect people’s data by providing individuals with rights over their data, imposing rules on the way in which companies and governments use data, and establishing regulators to enforce the laws.”

Privacy International on data protection

A couple of important terms and principles are outlined below, based on The European Union’s General Data Protection Regulation (GDPR).

  • Data Subject: any person whose personal data are being processed, such as added to a contacts database or to a mailing list for promotional emails.
  • Processing data means that any operation is performed on the personal data, manually or automated.
  • Data Controller: the actor that determines the purposes for, and means by which, personal data are processed.
  • Data Processor: the actor that processes personal data on behalf of the controller, often a third-party external to the controller, such as a party that offers mailing list or survey services.
  • Informed Consent: individuals understand and agree that their personal data are collected, accessed, used and/or shared and how they can withdraw their consent.
  • Purpose limitation: personal data are only collected for a specific and justified use and the data cannot be used for other purposes by other parties.
  • Data minimization: that data collection is minimized and limited to essential details.

 

Healthcare provider in Eswatini. Quality data and protected datasets can accelerate impact in the public health sector. Photo credit: Ncamsile Maseko & Lindani Sifundza.

Access Now’s guide lists eight data-protection principles that come largely from international standards, in particular the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (widely known as Convention 108) and the Organization for Economic Development (OECD) Privacy Guidelines and are considered to be “minimum standards” for the protection of fundamental rights by countries that have ratified international data protection frameworks. 

A development project that uses data, whether establishing a mailing list or analyzing datasets, should comply with laws on data protection. When there is no national legal framework, international principles, norms and standards can serve as a baseline to achieve the same level of protection of data and people. Compliance with these principles may seem burdensome, but implementing a few steps related to data protection from the beginning of the project will help to achieve the intended results without putting people at risk. 

common practices of civil society organizations relate to the terms and principles of the data protection framework of laws and norms

The figure above shows how common practices of civil society organizations relate to the terms and principles of the data protection framework of laws and norms.  

The European Union’s General Data Protection Regulation (GDPR)

The data-protection law in the EU, the GDPR, went into effect in 2018. It is often considered the world’s strongest data-protection law. The law aims to enhance how people can access their information and limits what organizations can do with personal data from EU citizens. Although coming from the EU, the GDPR can also apply to organizations that are based outside the region when EU citizens’ data are concerned. GDPR therefore has a global impact.

The obligations stemming from the GDPR and other data protection laws may have broad implications for civil society organizations. For information about the GDPR- compliance process and other resources, see the European Center for Not-for-Profit Law ‘s guide on data-protection standards for civil society organizations.

Notwithstanding its protections, the GDPR also has been used to harass CSOs and journalists. For example, a mining company used a provision of the GDPR to try to force Global Witness to disclose sources it used in an anti-mining campaign. Global Witness successfully resisted these attempts.

Personal or organizational protection tactics

How to protect your own sensitive information or the data of your organization will depend on your specific situation in terms of activities and legal environment. A first step is to assess your specific needs in terms of security and data protection. For example, which information could, in the wrong hands, have negative consequences for you and your organization 

Digitalsecurity specialists have developed online resources you can use to protect yourself. Examples are the Security Planner, an easy-to-use guide with expert-reviewed advice for staying safer online with recommendations on implementing basic online practices. The Digital Safety Manual offers information and practical tips on enhancing digital security for government officials working with civil society and Human Rights Defenders (HRDs). This manual offers 12 cards tailored to various common activities in the collaboration between governments (and other partners) and civil society organizations. The first card helps to assess the digital security

Digital Safety Manual

  1. Assessing Digital Security Needs
  2. Basic Device Security
  3. Passwords and Account Protection
  4. Connecting to the Internet Securely
  5. Secure Calls, Chat, and Email
  6. Security and Social Media Use
  7. Secure Data Storage and Deletion
  8. Secure File Transfer
  9. Secure Contract Handling
  10. Targeted Malware and Other Attacks
  11. Phone Tracking and Surveillance
  12. Security Concerns Related to In-Person Meetings

 

The Digital First Aid Kit is a free resource for rapid responders, digital security trainers, and tech-savvy activists to better protect themselves and the communities they support against the most common types of digital emergencies. Global digital safety responders and mentors can help with specific questions or mentorship, for example, The Digital Defenders Partnership and the Computer Incident Response Centre for Civil Society (CiviCERT) . 

Back to top

How is data protection relevant in civic space and for democracy?

Many initiatives that aim to strengthen civic space or improve democracy use digital technology. There is a widespread belief that the increasing volume of data and the tools to process them can be used for good. And indeed, integrating digital technology and the use of data in democracy, human rights and governance programming can have significant benefits; for example, they can connect communities around the globe, reach underserved populations better, and help mitigate inequality.

“Within social change work, there is usually a stark power asymmetry. From humanitarian work, to campaigning, documenting human rights violations to movement building, advocacy organisations are often led by – and work with – vulnerable or marginalised communities. We often approach social change work through a critical lens, prioritising how to mitigate power asymmetries. We believe we need to do the same thing when it comes to the data we work with – question it, understand its limitations, and learn from it in responsible ways.”

What is Responsible Data?

When quality information is available to the right people when they need it, the data are protected against misuse and the project is designed with protection of its users in mind, it can accelerate impact.

  • USAID’s funding of improved vineyard inspection using drones and GPS-data in Moldova, allowing farmers to quickly inspect, identify, and isolate vines infected by a ​phytoplasma disease of the vine. 
  • Círculo is a digital tool for female journalists in Mexico to help them create strong networks of support, strengthen their safety protocols and meet needs related to protection of themselves and their data. The tool was developed with the end-users through chat groups and in-person workshops to make sure everything built in the app was something they needed and could trust.

At the same time, data-driven development brings a new responsibility to prevent misuse of data, when designing,  implementing or monitoring development projects. When the use of personal data is a means to identify people who are eligible for humanitarian services, privacy and security concerns are very real.  

  • Refugee camps In Jordan have required community members to allow scans of their irises to purchase food and supplies and take out cash from ATMs. This practice has not integrated meaningful ways to ask for consent or allow people to opt-out. Additionally, the use and collection of highly sensitive personal data like biometrics to enable daily purchasing habits is disproportionate, because other less personal digital technologies are available and used in many parts of the world.  

Governments, international organizations, private actors can all – even unintentionally – misuse personal data for other purposes than intended, negatively affecting the wellbeing of the people related to that data. Some examples have been highlighted by Privacy International: 

  • The case of Tullow Oil, the largest oil and gas exploration and production company in Africa, shows how a private actor considered extensive and detailed research by a micro-targeting research company into the behaviors of local communities in order to get ‘cognitive and emotional strategies to influence and modify Turkana attitudes and behavior’ to the Tullow Oil’s advantage.
  • In Ghana, the Ministry of Health commissioned a large study on health practices and requirements in Ghana. This resulted in an order from the ruling political party to model future vote distribution within each constituency based on how respondents said they would vote, and a negative campaign trying to get opposition supporters not to vote.  

There are resources and experts available to help with this process. The Principles for Digital Development  website offers recommendations, tips and resources to protect privacy and security throughout a project lifecycle, such as the analysis and planning stage, for designing and developing projects and when deploying and implementing. Measurement and evaluation are also covered. The Responsible Data website offers the Illustrated Hand-Book of the Modern Development Specialist with attractive, understandable guidance through all steps of a data-driven development project: designing it, managing data, with specific information about collecting, understanding and sharing it, and closing a project. 

NGO worker prepares for data collection in Buru Maluku, Indonesia. When collecting new data, it’s important to design the process carefully and think through how it affects the individuals involved. Photo credit: Indah Rufiati/MDPI – Courtesy of USAID Oceans.

Back to top

Opportunities

Data protection measures further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about data protection in your work.

Privacy respected and people protected

Implementing dataprotection standards in development projects protects people against potential harm from abuse of their data. Abuse happens when an individual, company or government accesses personal data and uses them for purposes other than those for which the data were collected. Intelligence services and law enforcement authorities often have legal and technical means to enforce access to datasets and abuse the data. Individuals hired by governments can access datasets through hacking the security of software or clouds. This has often led to intimidation, silencing and arrests of human rights defenders and civil society leaders criticizing their government. Privacy International maps examples of governments and private actors abusing individuals’ data.  

Strong protective measures against data abuse ensure respect for the fundamental right to privacy of the people whose data are collected and used. Protective measures allow positive development such as improving official statistics, better service delivery, targeted early warning mechanisms and effective disaster response. 

It is important to determine how data are protected throughout the entire life cycle of a project. Individuals should also be ensured of protection after the project ends, either abruptly or as intended, when the project moves into a different phase or when it receives funding from different sources. Oxfam has developed a leaflet to help anyone handling, sharing or accessing program data to properly consider responsible data issues throughout the data lifecycle, from making a plan to disposing data. 

Back to top

Risks

The collection and use of data can also create risks in civil society programming. Read below on how to discern the possible dangers associated with collection and use of data in DRG work, as well as how to mitigate for unintended – and intended – consequences.

Unauthorized access to data

Data need to be stored somewhere. On a computer or an external drive, in a cloud or on a local server. Wherever the data are stored, precautions need to be taken to protect the data from unauthorized access and to avoid revealing the identities of vulnerable persons. The level of protection that is needed depends on the sensitivity of the data, i.e. to what extent it could have negative consequences if the information fell into the wrong hands.

Data can be stored on a nearby and well-protected server that is connected to drives with strong encryption and very limited access, which is a method to stay in control of the data you own. Cloud services offered by well-known tech companies often offer basic protection measures and wide access to the dataset for free versions. More advanced security features are available for paying customers, such as storage of data in certain jurisdictions with data- protection legislation. The guidelines on how to secure private data stored and accessed in the cloud help to understand various aspects of clouds and to decide about a specific situation.

Every system needs to be secured against cyberattacks and manipulation. One common challenge is finding a way to protect identities in the dataset, for example, by removing all information that could identify individuals from the data, i.e. anonymizing it. Proper anonymization is of key importance and harder than often assumed.

One can imagine that a dataset of GPS-locations of People Living with Albinism across Uganda requires strong protection. Persecution is based on the belief that certain body parts of people with albinism can transmit magical powers, or that they are presumed to be cursed and bring bad luck. A spatial-profiling project mapping the exact location of individuals belonging to a vulnerable group can improve outreach and delivery of support services to them. However, hacking of the database or other unlawful access to their personal data might put them at risk by people wanting to exploit or harm them.

One could also imagine that the people operating an alternative system to send out warning sirens for air strikes in Syria run the risk of being targeted by authorities. While data collection and sharing by this group aims to prevent death and injury, it diminishes the impact of air strikes by the Syrian authorities. The location data of the individuals running and contributing to the system needs to be protected against access or exposure.

Another risk is that private actors who run or cooperate in data-driven projects could be tempted to sell data if they are offered large sums of money. Such buyers could be advertising companies or politicians that aim to target commercial or political campaigns at specific people.

The Tiko system designed by social enterprise Triggerise rewards young people for positive health-seeking behaviors, such as visiting pharmacies and seeking information online. Among other things, the system gathers and stores sensitive personal and health information about young female subscribers who use the platform to seek guidance on contraceptives and safe abortions, and it tracks their visits to local clinics. If these data are not protected, governments that have criminalized abortion could potentially access and use that data to carry out law-enforcement actions against pregnant women and medical providers.

Unsafe collection of data

When you are planning to collect new data, it is important to carefully design the collection process and think through how it affects the individuals involved. It should be clear from the start what kind of data will be collected, for what purpose, and that the people involved agree with that purpose. For example, an effort to map people with disabilities in a specific city can improve services. However, the database should not expose these people to risks, such as attacks or stigmatization that can be targeted at specific homes. Also, establishing this database should answer to the needs of the people involved and not driven by the mere wish to use data. For further guidance, see the chapter Getting Data in the Hand-book of the Modern Development Specialist and the OHCHR Guidance to adopt a Human Rights Based Approach to Data, focused on collection and disaggregation. 

If data are collected in person by people recruited for this process, proper training is required. They need to be able to create a safe space to obtain informed consent from people whose data are being collected and know how to avoid bias during the data-collection process. 

Unknowns in existing datasets

Data-driven initiatives can either gather new data, for example, through a survey of students and teachers in a school, or use existing datasets from secondary sources, for example by using a government census or scraping social media sources. Data protection must also be considered when you plan to use existing datasets, such as images of the Earth for spatial mapping. You need to analyze what kind of data you want to use and whether it is necessary to use a specific dataset to reach your objective. For third-party datasets, it is important to gain insight into how the data that you want to use were obtained, whether the principles of data protection were met during the collection phase, who licensed the data and who funded the process. If you are not able to get this information, you must carefully consider whether to use the data or not. See the Hand-book of the Modern Development Specialist on working with existing data. 

Back to top

Questions

If you are trying to understand the implications of lacking data protection measures in your work environment, or are considering using data as part of your DRG programming, ask yourself these questions:

  1. Are data protection laws adopted in the country or countries concerned?
    Are these laws aligned with international human rights law, including provisions protecting the right to privacy?
  2. How will the use of data in your project comply with data protection and privacy standards?
  3. What kind of data do you plan to use? Are personal or other sensitive data involved?
  4. What could happen to the persons related to that data if the government accesses these data?
  5. What could happen if the data are sold to a private actor for other purposes than intended?
  6. What precaution and mitigation measures are taken to protect the data and the individuals related to the data?
  7. How is the data protected against manipulation and access and misuse by third parties?
  8. Do you have sufficient expertise integrated during the entire course of the project to make sure that data are handled well?
  9. If you plan to collect data, what is the purpose of the collection of data? Is data collection necessary to reach this purpose?
  10. How are collectors of personal data trained? How is informed consent generated when data are collected?
  11. If you are creating or using databases, how is anonymity of the individuals related to the data guaranteed?
  12. How is the data that you plan to use obtained and stored? Is the level of protection appropriate to the sensitivity of the data?
  13. Who has access to the data? What measures are taken to guarantee that data are accessed for the intended purpose?
  14. Which other entities – companies, partners – process, analyze, visualize and otherwise use the data in your project? What measures are taken by them to protect the data? Have agreements been made with them to avoid monetization or misuse?
  15. If you build a platform, how are the registered users of your platform protected?
  16. Is the database, the system to store data or the platform auditable to independent research?

Back to top

Case Studies

People Living with HIV Stigma Index and Implementation Brief

The People Living with HIV Stigma Index is a standardized questionnaire and sampling strategy to gather critical data on intersecting stigmas and discrimination affecting people living with HIV. It monitors HIV-related stigma and discrimination in various countries and provides evidence for advocacy in countries. The data in this project are the experiences of people living with HIV. The implementation brief provides insight in data protection measures. People living with HIV are at the center of the entire process, continuously linking the data that is collected about them to the people themselves, starting from research design, through implementation, to  using the findings for advocacy. Data are gathered through a peer-to-peer interview process, with people living with HIV from diverse backgrounds serving as trained interviewers. A standard  implementation  methodology has been developed, including the establishment if a steering committee with key  stakeholders and population groups. 

RNW Media’s Love Matters Program Data Protection

RNW Media’s Love Matters Program offers online platforms to foster discussion and information-sharing on love, sex and relationships to 18-30 year-olds in areas where information on sexual and reproductive health and rights (SRHR) is censored or taboo. RNW Media’s digital teams introduced creative approaches to data processing and analysis, Social Listening methodologies and Natural Language Processing techniques to make the platforms more inclusive, create targeted content and identify influencers and trending topics. Governments have imposed restrictions such as license fees or registrations for online influencers as a way of monitoring and blocking “undesirable” content, and RNW Media has invested in security of its platforms and literacy of the users to protect them from access to their sensitive personal information. Read more in the publication 33 Showcases – Digitalisation and Development – Inspiration from Dutch development cooperation’, Dutch Ministry of Foreign Affairs, 2019, p 12-14. 

The Indigenous Navigator

The Indigenous Navigator is a framework and set of tools for and by indigenous peoples to systematically monitor the level of recognition and implementation of their rights. The data in this project are experiences of indigenous communities and organizations and tools facilitate indigenous communities’ own generation of quality data. One objective of the navigator is that this quality data can be fed into existing human rights and sustainable development monitoring processes at local, national, regional and international levels. The project’s page about privacy shows data protection measures such as the requirement of community consent and how to obtain it and an explanation about how the Indigenous Navigator uses personal data.  

Girl Effect

Girl Effect, a creative non-profit working where girls are marginalized and vulnerable, uses media and mobile tech to empower girls. The organisation embraces digital tools and interventions and acknowledge that any organisation that uses data also has a responsibility to protect the people it talks to or connects online. Their ‘Digital safeguarding tips and guidance’ provides in-depth guidance on implementing data protection measures while working with vulnerable people. Referring to Girl Effect as inspiration, Oxfam has developed and implemented a Responsible Data Policy and shares many supporting resources online. The publication ‘Privacy and data security under GDPR for quantitative impact evaluation’ provides detailed considerations of the data protection measures Oxfam implements while doing quantitative impact evaluation through digital and paper-based surveys and interviews.  

The LAND (Land Administration for National Development) Partnership

The LAND (Land Administration for National Development) Partnership led by Kadaster International aims to design fast and affordable land administration to meet people’s needs. Through the processing and storage of geodata such as GPS, aerial photographs and satellite imagery (determining general boundaries instead of fixed boundaries), a digital spatial framework is established that enables affordable, real-time and participatory registration of land by its owners. Kadaster is aware of the sensitive nature of some of the data in the system that needs to be protected, in view of possible manipulation and privacy violation, and the need to train people in the digital processing of data. Read more in the publication 33 Showcases – Digitalisation and Development – Inspiration from Dutch development cooperation’, Dutch Ministry of Foreign Affairs, 2019, p. 25-26.

Back to top

References

Find below the works cited in this resource.

Additional Resources

Back to top

Categories

Digital Gender Divide

What is the digital gender divide?

The digital gender divide refers to the gap in access and use of the internet between women* and men, which can perpetuate and exacerbate gender inequalities and leave women out of an increasingly digital world. Despite the rapid growth of internet access around the globe (97% of people now live within reach of a mobile cellular network), women are still 17% less likely to use the internet compared to men; a gap that is actually widening in many low- and middle-income countries (LMICs) where women are 8% less likely than men to own a mobile phone and 20% less likely to actually access the internet on a mobile device.

Civil society leader in La Paz, Honduras. The gender digital divide affects every aspect of women’s lives. Photo credit: Honduras Local Governance Activity / USAID Honduras.

Though it might seem like a relatively small gap, because mobile phones and smartphones have surpassed computers as the primary way people access the internet, that statistic translates to 390 million fewer women online in LMICs than men. Without access to the internet, women cannot fully participate in different aspects of the economy, join educational opportunities, and fully utilize legal systems.

The digital gender divide does not just stop at access to the internet however; it is also the gap in how women and men use the internet once they get online. Studies show that even when women own mobile phones, they tend to use them less frequently and intensively than men, especially for more sophisticated services, including searching for information, looking for jobs, or engaging in civic and political spaces. Additionally, there is less locally relevant content available to women internet users, because women themselves are more often content consumers than content creators.

The digital gender divide is also apparent in the exclusion of women from leadership or development roles in the information and communications technology (ICT) sector. In fact, the proportion of women working in the ICT sector has been declining over the last 20 years. In the United States alone, women only hold around 18% of programming and software development jobs, down from 37% in the 1980s. This helps explain why software, apps, and tools do not often reflect the unique needs that women have, further alienating them. Apple, for instance, whose tech employees are 77% male, did not include a menstrual cycle tracker in its Health app until 2019, five years after it was launched (though it did have a sodium level tracker and blood alcohol tracker during that time).

Ward nurses providing vaccines in Haiti. Closing the gender digital divide is key to global public health efforts. Photo credit: Karen Kasmauski / MCSP and Jhpiego

A NOTE ON GENDER TERMINOLOGY
All references to “women” (except those that reference specific external studies or surveys, which has been set by those respective authors) is gender-inclusive of girls, women, or any person or persons identifying as a woman.

Why is there a digital gender divide?

At the root of the digital gender divide are entrenched traditional gender inequalities, including gender bias, socio-cultural norms, lack of affordability and digital literacy, digital safety issues, and women’s lower (compared to men’s) confidence levels navigating the digital world. While all of these factors play a part in keeping women from achieving equity in their access to and use of digital technologies, the relative importance of each factor depends largely on the region or country.

Affordability

In developing countries especially, the biggest barrier to access is simple: affordability. While the costs of internet access and of devices have been decreasing, they are often still too expensive for many people. While this is true for both genders, women tend to face secondary barriers that keep them from getting access, such as not being financially independent, or being passed over by family members in favor of a male relative. In Rwanda, an evaluation of The Digital Ambassador Programme pilot phase found that the costs of data bundles and/or access to devices were prohibitively expensive for a large number of potential women users, especially in the rural areas.

Education

Education is another major barrier for women all over the world. According to the Web Foundation, women who have some secondary education or have completed secondary school are six times more likely to be online than women with primary school or less.

Further, digital skills are also required to meaningfully engage with the Internet. While digital education varies widely by country (and even within countries), girls are still less likely to go to school over all, and those that do tend to have “lower self-efficacy and interest” in studying Science, Technology, Engineering and Math (STEM) topics, according to a report by UNICEF and the ITU. While STEM subjects are not strictly required to use digital technologies, these subjects can help to expose girls to ICTs and build skills that help them be confident in their use of new and emerging technologies. Without encouragement and confidence in their digital skills, women may shy away or avoid opportunities that are perceived to be technologically advanced, even when they do not actually require a high level of digital knowledge.

Social Norms

Social norms have an outsized impact on many aspects of the digital gender divide because they can also be a driving factor vis-à-vis other barriers. Social norms look different in different communities; in places where women are round-the-clock caregivers, they often do not have time to spend online, while in other situations women are discouraged pursuing STEM careers. In other cases, the barriers are more strictly cultural. For example, a report by the OECD indicated that in India and Egypt around one-fifth of women considered that the Internet “was not an appropriate place for them” due to cultural reasons.

Online Violence

Scarcity of content that is relevant and empowering for women and other barriers that prevent women from speaking freely and safely online are also fundamental aspects of the digital gender divide. Even when women access online environments, they face a disproportionate risk of gender-based violence (GBV) online: digital harassment, cyberstalking, doxxing, and the nonconsensual distribution of images (e.g., “revenge porn”). Gender minorities are also targets of online GBV. Trans activists, for example, have experienced increased vulnerability in digital spaces, especially as they have become more visible and vocal. Cyber harassment of women is so extreme that the UN’s High Commissioner for Human Rights has warned, “if trends continue, instead of empowering women, online spaces may actually widen sex and gender-based discrimination and violence.

“…if trends continue, instead of empowering women, online spaces may actually widen sex and gender-based discrimination and violence.”

UN’s High Commissioner for Human Rights

Back to top

How is the digital gender divide relevant in civic space and for democracy?

The UN understands the importance of women’s inclusion and participation in a digital society. The fifth Sustainable Development Goal (SDG) calls to “enhance the use of enabling technology, in particular information and communications technology, to promote the empowerment of women.” Moreover, women’s digital inclusion and technological empowerment are relevant to achieving quality education, creating decent work and economic growth, reducing inequality, and building peaceful and inclusive institutions. While digital technologies offer unparalleled opportunities in areas ranging from economic development to health improvement, education, cultural development and political participation, gaps in the access to and use of these technologies and heightened safety concerns hinder women’s ability to access resources and information that are key to improve their lives and the wellbeing of their communities, and exacerbate gender inequalities.

Further, the ways in which technologies are designed and employed, and how data are collected and used impact men and women differently. Whether using technologies to develop artificial intelligence systems and implement data protection frameworks or just for the everyday uses of social media, gender considerations should be at the center of decision–making and planning in the democracy, rights and governance space.

Students in Zanzibar. Without access to the internet, women and girls cannot fully engage in economies, participate in educational opportunities or access legal systems. Photo credit: Morgana Wingard / USAID.

Initiatives that ignore gender disparities in access to the Internet and ownership and use of mobile phones will exacerbate the gender inequalities already experienced by the most vulnerable and marginalized populations. In the context of the Covid-19 pandemic and increasing GBV during lockdown, millions of women and non-binary individuals have been left with limited access to help, whether via instant messaging services, calls to domestic abuse hotlines, or discreet apps that provide disguised support and information to survivors in case of surveillance by abusers.

Most importantly, initiatives in the civic space must recognize women’s agency and knowledge and be gender-inclusive from the design stage. Women must participate as co-designers of programs and engaged as competent members of society with equal potential to devise solutions rather than perceived as passive victims.

Back to top

Opportunities

There are a number of different areas to engage in that can have a positive impact in closing the digital gender divide. Read below to learn how to more effectively and safely think about some areas that your work may already touch on (or could include).

Widening job opportunities


According to the ITU, 90% of future jobs will require ICT skills. As traditional analog jobs in which women are overrepresented (such as in the manufacturing, service, and agricultural sectors) are replaced by automation, it is more vital than ever that women learn ICT skills to be able to compete for jobs. While digital literacy is becoming a requirement for many sectors, new, more flexible job opportunities are also becoming more common, and are eliminating traditional barriers to entry, such as age, experience, or location. Digital platforms can enable women in rural areas to connect with cities, where they can more easily sell goods or services. And part-time, contractor jobs in the “gig economy” (such as ride sharing, food delivery, and other freelance platforms) allow women more flexible schedules that are often necessitated by familial responsibilities.
Increasing access to financial services

The majority of the world’s unbanked population is comprised of women. Women are more likely than men to lack credit history and the mobility to go to the bank. As such, financial technologies can play a large equalizing role, not only in terms of access to tools but also in terms of how financial products and services could be designed to respond to women’s needs. In the MENA region, for example, where 52% of men but only 35% of women have bank accounts, and up to 20 million unbanked adults in the region send or receive domestic remittances using cash or an over-the-counter service, opportunities to increase women’s financial inclusion through digital financial services are promising.
Policy change for legal protections

There are few legal protections for women and gender-diverse people who seek justice for the online abuse they face. According to the UN Broadband Commission, only one in five women live in a country where online abuse is likely to be punished. In many countries, perpetrators of online violence act with impunity, as laws have not been updated for the digital world, even when online harassment results in real-world violence. In the Democratic Republic of Congo (DRC), for instance, there are no laws that specifically protect women from online harassment, and women who have brought related crimes to the police risk being prosecuted for “ruining the reputation of the attacker.” Sometimes cyber legislation even results in the punishment of victimized women: women in Uganda have been arrested under the Anti-Pornography Act after ex-partners released nude photos of them online. As many of these laws are new, and technologies are constantly changing, there is a need for lawyers and advocates to understand these laws and gaps in legislation to propose policies and amend existing laws that allow women to be truly protected online and safe from abuse.
Digital security education and digital literacy training

Digital-security education can help women (especially those at higher risk, like HRDs and journalists) stay safe online and attain critical knowledge to survive and thrive politically, socially, and economically in an increasingly digital world. However, there are not enough digital-safety trainers that understand the context and the challenges at-risk women face; there are few digital-safety resources that provide contextualized guidance around the unique threats that women face or have usable solutions for the problems they need to solve; and social and cultural pressures can prevent women from attending digital- safety trainings. Women can and will be content creators and build resources for themselves and others, but they first must be given the chance to learn about digital safety and security as part of a digital- literacy curricula. Men and boys, too, need training on online harassment and digital-safety education.
Connecting and campaigning on issues that matter

Digital platforms enable women to connect with each other, build networks and organize on justice issues. For example, the #MeToo movement against sexual misconduct in the media industry, which became a global movement, has allowed a multitude of people to participate in activism previously bound to a certain time and place. Read more about digital activism in the Social Media primer.

Back to top

Risks

Young women at a digital inclusion center in the Peruvian Amazon. Cost remains the greatest barrier for women to access the Internet and own a mobile phone. Photo credit: Jack Gordon / USAID / Digital Development Communications.

There are many ways in which the digital gender divide is widening, even with external intervention. Read below to learn about some of the factors that are accelerating this gap, as well as how to mitigate for unintended – and intended – consequences.

Considering the gender digital divide as “women’s issue”


It is fundamental to consider the gender digital divide as a cross-cutting and holistic issue, affecting countries, societies, communities, and families, and not just as a “women’s issue.” As such, closing the gender gap in access, use and development of technology demands the involvement of societies as a whole. Approaches to close the divide must be holistic and take into account context-specific power and gender dynamics and include active participation of men in the relevant communities to make a sustained difference.

Further, the gender digital divide should not be understood as restricted to the technology space, but as a social, political, and economic issue with far-reaching implications.

National disasters intensify the education gap for women

Lockdowns and school closures due to the Covid-19 pandemic are contributing to the gender gap in education, especially in the most vulnerable contexts. According to UNESCO, more than 111 million girls who were forced out of school in March 2020 live in the world’s least-developed countries where gender disparities in education are already the highest. In Mali, Niger and South Sudan, countries with some of the lowest enrolment and completion rates for girls, closures left over 4 million girls out of school. Increasing domestic and caregiving responsibilities, a shift towards income generation, and gaps in digital-literacy skills mean that many girls will stop receiving an education, even where access to the Internet and distance-learning opportunities are available. In Ghana, for example, 16% of adolescent boys have digital skills compared to only 7% of girls.
Online violence increases self-censorship

Online GBV has proven an especially powerful tool for undermining women and women-identifying human-rights defenders, civil society leaders and journalists, leading to self-censorship, weakening women’s political leadership and engagement, and restraining women’s self-expression and innovation. According to UNESCO, 73% of women have been or will be exposed to some form of cyber violence in their lifetimes, and 52% of women feel the internet is not a safe place to express their opinions. If these trends are not addressed, closing the digital divide will never be possible, as many women who do get online will be pushed off because of the threats they face there. Women journalists, activists, politicians, and other female public figures receive the brunt of online harassment, through threats of sexual violence and other intimidation tactics. Online violence against journalists leads to journalistic self-censorship, affecting the quality of the information environment and democratic debate.

Solutions include education (training women to use computers and men and boys on how not to behave in online environments), policy change (advocating for the adoption of policies that address online harassment and protect women’s rights online), and technology change (encouraging more women to be involved in the creation of tech will help ensure that the tools and software that are available serve their needs, as women).

Artificial intelligence systems exacerbate biases

Reduced participation of women in leadership of development, coding and design of AI and machine-learning systems leads to reinforcement of gender inequalities through the replication of stereotypes and maintenance of harmful social norms. For example, groups of predominantly male engineers have designed digital assistants such as Apple’s Siri and Amazon’s Alexa, which use women-sounding voices, reinforcing entrenched gender biases, such as women being more caring, sympathetic, cordial and even submissive.

In 2019, UNESCO released “I’d blush if I could”, a research paper whose title was based on the response given by Siri when a human user addressed “her” in an extremely offensive manner. The paper noted that although the system was updated in April 2019 to reply to the insult more flatly (“I don’t know how to respond to that”), “the assistant’s submissiveness in the face of gender abuse remain[ed] unchanged since the technology’s wide release in 2011.” UNESCO suggested that by rendering the voices as women-sounding by default, tech companies were preconditioning users to rely on antiquated and harmful perceptions of women as subservient and failed to build in proper safeguards against abusive, gendered language.

Further, machine-learning systems rely on data that reflect larger gender biases. A group of researchers from Microsoft Research and Boston University trained a machine learning algorithm on Google News articles, and then asked it to complete the analogy: “Man is to Computer Programmer as Woman is to X.” The answer was “Homemaker,” reflecting the stereotyped portrayal and the deficit of women’s authoritative voices in the news. (Read more about bias in artificial intelligence systems in the Artificial Intelligence and Machine Learning Primer section on Bias in AI and ML).

In addition to expanding job opportunities, higher participation of women in tech leadership and development can help add a gender lens to the field and enhance the ways in which new technologies can be used to improve women’s lives.

New technologies allow for the increased surveillance of women

Research conducted by Privacy International shows that there is a uniqueness to the surveillance faced by women and gender non-conforming individuals. From data privacy implications related to menstrual-tracker apps, which might collect data without appropriate informed consent, to the ability of women to privately access information about sexual and reproductive health online, to stalkerware and GPS trackers installed on smartphones and internet of things (IoT) devices by intimate partners, pervasive technology use has exacerbated privacy concerns and the surveillance of women.

Research conducted by the CitizenLab, for example, highlights the alarming breadth of commercial software that exists for the explicit purpose of covertly tracking another mobile device activities, remotely and in real-time. This could include monitoring someone’s text messages, call logs, browser history, personal calendars, email accounts and/or photos.

Increased technological unemployment

Job losses caused by the replacement of human labor with automated systems lead to “technological unemployment,” which disproportionately affects women, the poor and other vulnerable groups, unless they are re-skilled and provided with adequate protections. Automation also requires skilled labor that can operate, oversee and/or maintain automated systems, eventually creating jobs for a smaller section of the population. But the immediate impact of this transformation of work can be harmful for people and communities without social safety nets or opportunities for finding other work.

Back to top

Questions

Consider these questions when developing or assessing a project proposal that works with women or girls:

  1. Have women been involved in the design of your project?
  2. Have you considered the gendered impacts and unintended consequences of adopting a particular technology in your work?
  3. How are differences in access and use of technology likely to affect the outcomes of your project?
  4. Are you employing in your project technologies that could reinforce harmful gender stereotypes or fail the needs of women participants?
  5. Are women and/or non-binary people exposed to additional safety concerns brought about by the use of the tools and technologies adopted in your project?
  6. Have you considered gaps in sex- or gender-disaggregated data in the dataset used to inform the design and implementation of your project? How could these gaps be bridged through additional primary or secondary research?
  7. How can your project meaningfully engage men and boys to address the gender digital divide?
  8. How can your organization’s work help mitigate and eventually close the gender digital divide?

Back to top

Case studies

There are many examples of programs that are engaging with women to have a positive effect on the digital gender divide. Find out more about a few of these below.

USAID’s WomenConnect Challenge

In 2018, USAID launched the WomenConnect Challenge to enable women’s access to, and use of, digital technologies. The first call for solutions brought in more than 530 ideas from 89 countries, and USAID selected nine organizations to receive $100,000 awards. In the Republic of Mozambique, the development-finance institution GAPI is lowering barriers to women’s mobile access by providing offline Internet browsing, rent-to-own options, and tailored training in micro-entrepreneurship for women by region. Another awardee, AFCHIX, creates opportunities for rural women in Kenya, Namibia, and Sénégal and Morocco to become network engineers and build their own community networks or Internet services. The entrepreneurial and empowerment program helps women establish their own companies, provides important community services, and positions these individuals as role models.
Safe Sisters – Empowering women to take on digital security
In 2017, Internews and DefendDefenders piloted the Safe Sisters program in East Africa to empower women to protect themselves against online GBV. Safe Sisters is a digital-safety training-of-trainers program that provides female human rights defenders and journalists who are new to digital safety with techniques and tools to navigate online spaces safely, assume informed risks, and take control of their lives in an increasingly digital world. Through the program, which was created and run entirely by women, for women, participants learn digital-security skills and get hands-on experience by training their own at-risk communities.

In building the Safe Sisters model, Internews has verified that women will dive into improving their understanding of digital safety and share this information in their communities and get new job opportunities—if given the chance. Women can also create context- and language-specific digital-safety resources and will fight for policies that protect their rights online and deter abuse. There is strong evidence of the lasting impact of the Safe Sisters program: two years after the pilot cohort of 13 women, 80% are actively involved in digital safety; 10 have earned new professional opportunities because of their participation; and four have changed careers to pursue digital security professionally.

Internet Saathi
In 2015, Google India and Tata Trusts launched Internet Saathi, a program designed to equip women (known as Internet Saathis) in villages across the country with basic Internet skills and provide them with Internet-enabled devices. The Saathis then train other women in digital literacy skills, based on ‘train the trainer’ model. As of April 2019, there were more than 81,500 Internet Saathis who helped over 28 million women learn about the Internet across 289,000 villages. Read more about the Saathis here.

Back to top

References

Find below the works cited in this resource.

Additional Resources

Back to top

 
*A NOTE ON GENDER TERMINOLOGY
All references to “women” (except those that reference specific external studies or surveys, which has been set by those respective authors) is gender-inclusive of girls, women, or any person or persons identifying as a woman.

Categories

Digital IDs

What are digital IDs?

Families displaced by Boko Haram violence in Maiduguri, Northeast Nigeria. Implementation of a digital ID system requires informed consent from participants. Photo credit: USAID.
Families displaced by Boko Haram violence in Maiduguri, Northeast Nigeria. Implementation of a digital ID system requires informed consent from participants. Photo credit: USAID.

Digital IDs are identification systems that rely on digital technology. Biometric technology is one kind of tool often used for digital identification: biometrics allow people to prove their identity based on a physical characteristic or trait (biological data). Other forms of digital identification include cards and mobile technologies. This resource, which draws on the work of The Engine Room, will look at different forms and implications of digital IDs, with a particular focus on biometric IDs, including their integration with health systems and their potential for e-participation.

“Biometrics are not new – photographs have been used in this sector for years, but current discourse around ‘biometrics’ commonly refers to fingerprints, face prints and iris scans. As technology continues to advance, capabilities for capturing other forms of biometric data are also improving, such that voice prints, retinal scans, vein patterns, tongue prints, lip movements, ear patterns, gait, and of course, DNA, can be used for authentication and identification purposes.”

The Engine Room

Definitions

Biometric Data: automatically measurable, distinctive physical characteristics or personal traits used to identify or verify the identity of an individual.

Consent: Article 4(11) of the General Data Protection Regulation (GDPR) defines consent: “Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” See also the Data Protection resource .

Data Subject: the individual whose data are collected.

Digital ID:  an electronic identity-management system used to prove an individual’s identity or their right to access information or services.

E-voting: an election system that allows a voter to record their secure and secret ballot electronically.

Foundational Biometric Systems: systems that supply general identification for official uses, like national civil registries and national IDs.

Functional Biometric Systems: systems that respond to a demand for a particular service or transaction, like voter IDs, health records, or financial services.

Identification/One-to-Many Authentication: using the biometric identifier to identify the data subject from within a database of other biometric profiles.

Immutability: the quality of a characteristic that does not change over time (for example, DNA).

Portable Identity: an individual’s digital ID credentials may be taken with them beyond the initial issuing authority, to prove official identity for new user-relationships/entities, without having to repeat verification each time.

Self-Sovereign Identity: a digital ID that gives the data subject full ownership over their digital identity, guaranteeing them lifetime portability, independent from any central authority.

Uniqueness: a characteristic that sufficiently distinguishes individuals from one another. Most forms of biometric data are singularly unique to the individual involved.

Verification/One-to-One Authentication: using the biometric identifier to confirm that the data subject is who they claim to be.

How do digital IDs work?

Young Iraq woman pictured at the Harsham IDP camp in Erbil, Iraq. Digital IDs and biometrics have potential to facilitate the voting process. Photo credit: Jim Huylebroek for Creative Associates International.
Young Iraq woman pictured at the Harsham IDP camp in Erbil, Iraq. Digital IDs and biometrics have potential to facilitate the voting process. Photo credit: Jim Huylebroek for Creative Associates International.

There are three primary categories of technology used for digital identification: biometrics, cards, and mobile. Within each of these areas, a wide range of technologies may be used.

The NIST (National Institute of Standards and Technology, one of the primary international authorities on digital IDs) identifies three parts in how the digital ID process works.

Part 1: Identity proofing and enrollment

This is the process of binding the data on the subject’s identity to an authenticator, which is a tool that is used to prove their identity.

  • With a biometric ID, this involves collecting the data (through an eye scan, fingerprinting, submitting a selfie, etc.), verifying that the person is who they claim to be, and connecting the individual to an identity account (profile).
  • With a non-biometric ID, this involves giving the individual a tool (an authenticator) they can use for authentication, like a password, a barcode, etc.

Part 2: Authentication

This is the process of using the digital ID to prove identity or access services.

Biometric authentication: There are two different types of biometric authentication.

  • Biometric Verification (or One-to One Authentication) confirms that the person is who they say they are. This allows organizations to determine, for example, that a person is entitled to certain food, vaccine or housing.
  • Biometric Identification (or One-to-Many Authentication) is used to identify an individual from within a database of biometric profiles. Organizations may use biometrics for identification to prevent fraudulent enrollments and to “de-duplicate” lists of people. One-to-many authentication systems pose more risks than one-to-one systems because they require a larger amount of data to be stored in one place and because they lead to more false matches. (Read more in the Risks section ).

The chart below synthesizes the advantages and disadvantages of different biometric authentication tools. For further details, see the World Bank’s “Technology Landscape for Digital Identification (2018).”

Biometric ToolAdvantages Disadvantages
FingerprintsLess physically/personally invasive; advanced and relatively affordable method Not fully inclusive: some fingerprints are harder to capture than others
Iris Scan Fast, accurate, inclusive, and secure More expensive technology; verification requires precise positioning of data subject; can be misused for surveillance purposes (verification without data subject’s permission)
Face Recognition Relatively affordable Prone to error; can be misused for surveillance purposes (verification without data subject’s permission); not enough standardization among technology suppliers, which could lead to vendor lock-in
Voice Recognition Relatively affordable; no concerns about hygiene (unlike some other biometrics that involve touch) Collection process can be difficult and time-consuming; technology is difficult to scale
Behavior Recognition, also known as “Soft Biometrics” (i.e., a person’s gait, how they write their signature) Can be used in real time Prone to error; not yet a mature technology; can be misused for surveillance purposes (verification without data subject’s permission)
Vascular Recognition

(A person’s distinct pattern of veins)
Secure, accurate, and inclusive technology More expensive; not yet a mature technology and not yet widely understood; not interoperable/data are not easily portable
DNA Profiling Secure; accurate; inclusive; useful for large populations Collection process is long; technology is expensive; involves extremely sensitive information which can be used to identify race, gender, and family relationships, etc. that could put the individual at risk

Non-biometric authentication: There are two common forms of digital ID that are not based on physical characteristics or traits, which also have authentication methods. Digital ID cards and digital ID applications on mobile devices can also be used to prove identity or to access services or aid (much like a passport, residence card, or drivers’ license).

  • Cards: These are a common digital identifier, which can rely on many kinds of technology, from microchips to barcodes. Cards have been in use for a long time which makes them a mature technology, but they are also less secure because they can be lost or stolen. “Smart cards” exist in the form of an embedded microchip combined with a password. Cards can also be combined with biometric systems. For example, Mastercard and Thales began offering cards with fingerprint sensors in January of 2020.
  • Apps on mobile devices: Digital IDs can be used on mobile devices by relying on a password, a “cryptographic” (specially encoded) SIM card, or a “Smart ID” app. These methods are fairly accurate and scalable, but they have security risks and also risks over the long term due to reliance on technology providers: the technology may not be interoperable or may become outdated (see Privatization of ID and Vendor Lock-In in the Risks section ).

Part 3: Portability and interoperability
Digital IDs are usually generated by a single issuing authority (NGO, government entity, health provider, etc.) for an individual. However, portability means that digital ID systems can be designed to allow the person to use their ID elsewhere than with the issuing authority — for example with another government entity or non-profit organization.

To understand interoperability, consider different email providers, for instance Gmail and Yahoo mail: these are separate service providers, but their users can send emails to one another. Data portability and interoperability are critical from a fundamental rights perspective, but it is first necessary that different networks (providers, governments) be interoperable with one another to allow for portability. Interoperability is increasingly important for providing services within and across countries, as can be seen in the European Union and Schengen community, the East African community, and the West African ECOWAS community.

Self-Sovereign Identity (SSI) is an important, emerging type of digital ID that gives a person full ownership over their digital identity, guaranteeing them lifetime portability, independent from any central authority. The Self-Sovereign Identity model aims to remove the trust issues and power imbalances that generally accompany digital identity, by giving a person full control over their data.

Back to top

How are digital IDs relevant in civic space and for democracy?

People across the world who are not identified by government documents face significant barriers to receiving government services and humanitarian assistance. Biometrics are widely used by donors and development actors to identify individuals and connect them with services. Biometric technology can increase access to finance, healthcare, education, and other critical services and benefits. It can also be used for voter registration and in facilitating civic participation.

Resident of the Garin Wazam site in Niger exchanges her e-voucher with food. Biometric technology can increase access to critical services and benefits. Photo credit: Guimba Souleymane, International Red Cross Niger.

The United Nations High Commissioner for Refugees (UNHCR) began its global Biometric Identity Management System (“BIMS”) in 2015, and the following year the World Food Program began using biometrics for multiple purposes, including refugee protection, cash-based interventions and voter registration. In recent years, a growing preference in aid delivery for cash-based interventions has been part of the push towards digital IDs and biometrics, as these tools can facilitate monitoring and reporting of assistance distribution.

The automated nature of digital IDs brings many new challenges, from gathering meaningful informed consent, to guaranteeing personal security and organization-level security, to potentially harming human dignity and increasing exclusion. These technical and societal issues are detailed in the Risks section .

Ethical Principles for Biometrics

Founded in July 2001 in Australia, the Biometrics Institute is an independent and international membership organization for the biometrics community. In March of 2019, they released seven “Ethical Principles for Biometrics.”

  1. Ethical behaviour: We recognise that our members must act ethically even beyond the requirements of law. Ethical behaviour means avoiding actions which harm people and their environment.
  2. Ownership of the biometric and respect for individuals’ personal data: We accept that individuals have significant but not complete ownership of their personal data (regardless of where the data are stored and processed) especially their biometrics, requiring their personal data, even when shared, to be respected and treated with the utmost care by others.
  3. Serving humans: We hold that technology should serve humans and should take into account the public good, community safety and the net benefits to individuals.
  4. Justice and accountability: We accept the principles of openness, independent oversight, accountability and the right of appeal and appropriate redress.
  5. Promoting privacy-enhancing technology: We promote the highest quality of appropriate technology use including accuracy, error detection and repair, robust systems and quality control.
  6. Recognising dignity and equal rights: We support the recognition of dignity and equal rights for all individuals and families as the foundation of freedom, justice and peace in the world, in line with the United Nations Universal Declaration of Human Rights.
  7. Equality: We promote planning and implementation of technology to prevent discrimination or systemic bias based on religion, age, gender, race, sexuality or other descriptors of humans.

Back to top

Opportunities

Biometric voter registration in Kenya. Collection and storage of biometric data require strong data protection measures. Photo credit: USAID/Kenya Jefrey Karang’ae.

If you are trying to understand the implications of digital IDs in your work environment, or are considering using aspects of digital IDs as part of your DRG programming, ask yourself these questions:
Potential fraud reduction

Biometrics are frequently cited for their potential to reduce fraud and more generally manage financial risk by facilitating due diligence oversight and scrutiny of transactions. According to The Engine Room, these are frequently-cited justifications for the use of biometrics among development and humanitarian actors, but The Engine Room also found a lack of evidence to support this claim. It should not be assumed that fraud only occurs at the beneficiary level: the real problems with fraud may occur elsewhere in an ecosystem.

Facilitate E-Voting

Beyond the distribution of cash and services, the potential of digital IDs and biometrics is to facilitate the voting process. The right to vote, and to participate in democratic processes more broadly, is a fundamental human right. Recently, the use of biometric voter registration and biometric voting systems has become more widespread as a means of empowering civic participation and of securing electoral systems and protecting against voter fraud and multiple enrollments.

Advocates claim that e-voting can reduce costs to participation and make the process more reliable. Meanwhile, critics claim that digital systems are at risk of failure, misuse, and security breach. Electronic ballot manipulation, poorly written code, or any other kind of technical failure could compromise the democratic process, particularly when there is not a back-up paper trail. For more, see “Introducing Biometric Technology in Elections” (2017) by the International Institute for Democracy and Electoral Assistance, which includes detailed case studies on e-voting in Bangladesh, Fiji, Mongolia, Nigeria, Uganda, and Zambia.

Health Records

Securing electronic health records, particularly when care services are provided by multiple actors, can be very complicated, costly, and inefficient. Because biometrics link a unique verifier to a single individual, they are useful for patient identification, allowing doctors and health providers to connect someone to their health information and medical history. Biometrics have potential in vaccine distribution, for example, by being able to identify who has received specific vaccines (see the case study by The New Humanitarian about Gavi technology).

Access to healthcare can be particularly complicated in conflict zones, for migrants and displaced people, or for other groups without their documented health records. With interoperable biometrics, when patients need to transfer from one facility to another for whatever reason, their digital information can travel with them. For more, see the World Bank Group ID4D, “The Role of Digital Identification for Healthcare: The Emerging Use Cases” (2018).

Increased access to cash-based interventions

Digital ID systems have the potential to include the unbanked or those underserved by financial institutions in the local or even global economy. Digital IDs grant people access to regulated financial services by enabling them to prove their official identity. Populations in remote areas can benefit especially from digital IDs that permit remote, or non-face-to-face, identity proofing/enrollment for customer identification/verification. Biometrics can also make accessing banking services much more efficient, reducing the requirements and hurdles that beneficiaries would normally face. The WFP provides an example of a successful cash-based intervention: in 2017, it launched its first cash-based assistance for secondary school girls in northwestern Pakistan using biometric attendance data.

According to the Financial Action Task Force, by bringing more people into the regulated financial sector, biometrics further reinforce financial safeguards.

Improved distribution of aid and social benefits

Biometric systems can reduce much of the administrative time and human effort behind aid assistance, liberating human resources to devote to service delivery. Biometrics permit aid delivery to be tracked in real time, which allows governments and aid organizations to respond quickly to beneficiary problems.

Biometrics can also reduce redundancies in social-benefit and grant delivery. For instance, in 2015, the World Bank Group found that biometric digital IDs in Botswana achieved a 25 percent savings in pensions and social grants by identifying duplicated records and deceased beneficiaries. Indeed, the issue of “ghost” beneficiaries is a common problem. In 2019, the Namibian Government Institutions Pension Fund (GIPF) began requiring pension recipients to register their biometrics at their nearest GIPF office and return to verify their identity three times a year. Of course, social-benefit distribution can be aided by biometrics, but it also requires human oversight, given the possibility of glitches in digital service delivery and the critical nature of these services (see more in the Risks section ).

Proof of identity

Migrants, refugees, and asylum seekers often struggle to prove and maintain their identity when they relocate. Many lose the proof of their legal identities and assets — for example, degrees and certifications, health records, financial assets — when they flee their homes. Responsibly-designed biometrics can help these populations reestablish and maintain proof of identity. For example in Finland, a blockchain startup called MONI has been working since 2015 with the Finnish Immigration Service to provide refugees in the country with a prepaid credit card backed by a digital identity number stored on a blockchain . The design of these technologies is critical: data should be distributed rather than centralized to prevent security risks and misuse or abuse that come with centralized ownership of sensitive information.

Back to top

Risks

The use of emerging technologies can also create risks in civil society programming. Read below on how to discern the possible risks associated with use of digital ID tools in DRG work.
Dehumanization of beneficiaries

The way that biometrics are regarded — bestowing an identity on someone as if they did not have an identity previously — can be seen as problematic and even dehumanizing.

As The Engine Room explains, “the discourse around the ‘identifiability’ benefits of biometrics in humanitarian interventions often tends to conflate the role that biometrics play. Aid agencies cannot ‘give’ a beneficiary an identity, they can only record identifying features and check those against other records. Treating the acquisition of biometric data as constitutive of identity risks dehumanising beneficiaries, most of whom are already disempowered in their relationship with humanitarian entities upon whom they rely for survival. This attitude is evident in the remarks of one Burmese refugee undergoing fingerprint registration in Malaysia in 2006 — ‘I don’t know what it is for, but I do what UNHCR wants me to do’ — and of a Congolese refugee in Malawi, who upon completing biometric registration told staff, ‘I can be someone now.’”

Lack of informed consent

It is critical to obtain the informed consent of individuals in the process of biometric enrollment. But it’s rarely the case in humanitarian and development settings, given the many confusing technical aspects of the technology, language and cultural barriers, etc. An agreement that is potentially coerced, as illustrated by the case of the biometric registration program in Kenya, which was challenged in court after many Kenyans felt pressured into it, does not constitute consent. It is difficult to guarantee and even to evaluate consent when the power imbalance between the issuing authority and the data subject is so great. “Refugees, for instance, could feel they have no choice but to provide their information, because they are in a vulnerable situation.”

Minors also face a similar risk of coerced or uninformed consent. As the Engine Room pointed out in 2016, “UNHCR has adopted the approach that refusal to submit to biometric registration amounts to refusal to submit to registration at all. If this is true, this constrains beneficiaries’ right to contest the taking of biometric data and creates a considerable disincentive to beneficiaries voicing opposition to the biometric approach.”

For consent to be given truly, the individual must have an alternative method available to them so they feel they can refuse the procedure without being disproportionately penalized. Civil society organizations could play an important role in helping to remedy this power imbalance.

Security risks

Digital ID systems provide many important security features, but they increase other security risks, like the risk of data leakage, data corruption or data use/misuse by unauthorized actors. Digital ID systems can involve very detailed data about the behaviors and movements of vulnerable individuals, for example, their financial histories and their attendance at schools, health clinics, and religious establishments. This information could be used against them, if in the hands of other actors (corrupt governments, marketers, criminals).

The loss, theft or misuse of biometric data is one of the greatest risks for organizations deploying these technologies. By collecting and storing their biometric data in centralized databases, aid organizations could be putting their beneficiaries at serious risk, particularly if their beneficiaries are people fleeing persecution or conflict. In general, because digital IDs rely on the Internet or other open communications networks, there are multiple opportunities for cyberattacks and security breaches. The Engine Room also cites anecdotal accounts of humanitarian workers losing laptops, USB keys and other digital files containing beneficiary data. See also the Data Protection resource .

Data Reuse and Misuse

Because biometrics are unique and immutable, once biometric data are out in the world, people are no longer the only owners of their identifier. The Engine Room describes this as the “non-revocability” of biometrics. This means that biometrics could be used for other purposes than those originally intended. For instance, governments could require humanitarian actors to give them access to biometric databases for political purposes, or foreign countries could obtain biometric data for intelligence purposes. People cannot easily change their biometrics as they would a driver’s license or even their name: for instance, with facial recognition, they would need to undergo plastic surgery in order to remove their biometric data.

There is also the risk that biometrics will be put to use in future technologies that may be more intrusive or harmful than current usages. “Governments playing hosts to large refugee populations, such as Lebanon, have claimed a right to access to UNHCR’s biometric database, and donor States have supported UNHCR’s use of biometrics out of their own interest in using the biometric data acquired as part of the so-called ongoing “war on terror”

The Engine Room

For more on the potential reuse of biometric data for surveillance purposes, see also “Aiding surveillance: An exploration of how development and humanitarian aid initiatives are enabling surveillance in developing countries,” I&N Working Paper (2014).

Malfunctions and inaccuracies

Because they are so technical and rely on multiple steps and mechanisms, digital ID systems can experience many errors. Biometrics can return false matches, linking someone to the incorrect identity, or false negatives, failing to link someone to their actual identity. Technology does not always function as it does in the laboratory setting when it is deployed within real communities. Furthermore, some populations are at the receiving end of more errors than others: for instance, as has been widely proven, people of color are more often incorrectly identified by facial recognition technology.

Some technologies are more error prone than others, for example, soft biometrics like a person’s gait are less mature and accurate technologies than iris scans. Even fingerprints, though relatively mature and widely used, still have a high error rate. The performance of some biometrics can also diminish over time: aging can change a person’s facial features and even their irises in a way that can impede biometric authentication. Digital IDs can also suffer from connectivity issues: lack of reliable infrastructure can reduce the system’s functioning in a particular geographic area for a significant period of time. To mitigate this, it is important that digital ID systems be designed to support both offline and online transactions.

When it comes to providing life-saving aid services, even a small mistake or malfunction during a single step in the process can cause severe harm. Unlike manual processes where humans are involved and can intervene in the case of error, automated processes bring the possibility that no one will notice a seemingly small technicality until it is too late.

Exclusionary potential

Biometrics may exclude individuals for several reasons, according to The Engine Room: “Individuals may be reluctant to submit to providing biometric samples because of cultural, gender or power imbalances. Acquiring biometric samples can be more difficult for persons of darker skin color or persons with disabilities. Fingerprinting, in particular, can be difficult to undertake correctly, particularly when beneficiaries’ fingerprints are less pronounced due to manual and rural labor. All of these aspects may inhibit individuals’ provision of biometric data and thus exclude them from the provision of assistance.”

The kinds of errors mentioned in the section above are more frequent with respect to minority populations who tend to be underrepresented in training data sets, for example, people of color, persons with disabilities.

Lack of access to technology or lower levels of technology literacy can compound exclusion: for example, lack of access to smartphones or lack of cellphone data or coverage may increase exclusion in the case of smartphone-reliant ID systems. As mentioned, manual laborers’ typically have worn fingerprints which can be difficult when using biometric readers; similarly, the elderly may experience match failure due to changes in their facial characteristics like hair loss or other signs of aging or illness — all increasing risk of exclusion.

The World Bank ID4D program explains that they often note differential rates in coverage for the following groups and their intersections: women and girls; orphans and vulnerable children; poor people; rural dwellers; ethnolinguistic minorities; migrants and refugees; stateless populations or populations at risk of statelessness; older people; persons with disabilities; non-nationals. It bears emphasizing that these groups tend to be the most vulnerable populations in society — precisely those that biometric technology and digital IDs aim to include and empower. When considering which kind of ID or biometric technology to deploy, it is critical to assess all of these types of potential errors in relation to the population, and in particular how to mitigate against the exclusion of certain groups.

Insufficient regulation

“Technology is moving so fast that laws and regulations are struggling to keep up… Without clear international legislation, businesses in the biometrics world are often faced with the dilemma, ‘Just because we can, should we?’”

Isabelle Moeller, Chief Executive of the Biometrics Institute

Digital identification technologies exist in a continually evolving regulatory environment, which presents challenges to providers and beneficiaries alike. There are many efforts to create international standards for biometrics and digital IDs — for example, by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). But beyond the GDPR, there is not yet sufficient international regulation to enforce these standards in many of the countries where they are being implemented.

Privatization of ID and Vendor Lock-In

The technology behind digital identities and biometrics is almost always provided by private-sector actors, often in partnership with governments and international organizations and institutions. The major role played by the private sector in the creation and maintenance of digital IDs can put both the beneficiaries and aid organizations and governments at risk of vendor lock-in: if the cost of switching to a new service provider is too expensive or onerous, the organization/actor may be forced to stay with their original supplier. Overreliance on a private-sector supplier can also bring security risks (for instance, when the original supplier’s technology is insecure) and can pose challenges to partnering with other services and providers when the technology is not interoperable. For these reasons it is important for technology to be interoperable and to be designed with open standards.

IBM’s Facial Recognition Ban
In June of 2020, IBM decided to withdraw its facial-recognition technology from use by law enforcement in the U.S. These one-off decisions by private actors should not replace legal judgments and regulations. Debbie Reynolds, data privacy officer for Women in Identity, believes that facial recognition will not soon disappear, and so, considering the many flaws in the technology today, companies should focus on further improving the technology rather than on banning it. International regulation and enforcement are necessary first and foremost, as this will provide private actors with guidelines and incentives to design responsible, rights respecting technology over the long term.

Back to top

Questions

If you are considering using digital ID tools as part of your programming, ask yourself these questions to understand the possible implications for your work and for your community and partners.

  1. Has the beneficiary given their informed consent? How were you able to check their understanding? Was consent coerced in any way, perhaps due to a power dynamic or lack of alternative option?
  2. How does the community feel about the technology? Does the technology fit with cultural norms and uphold human dignity?
  3. How affordable is the technology for all stakeholders, including the data subjects?
  4. How mature is the technology? How long has the technology been in use, where, and with what results? How well is it understood by all stakeholders?
  5. Is the technology accredited? When and by whom? Is the technology based on widely accepted standards? Are these standards open?
  6. How interoperable is the technology with the other technologies in the identity ecosystem?
  7. How well does the technology perform? How long does it take to collect the data, to validate identity, etc. What is the error rate?
  8. How resilient is the digital system? Can it operate without internet access or without reliable internet access?
  9. How easy is the technology to scale and use with larger or other populations?
  10. How secure and accurate is the technology? Have all security risks been addressed? What methods to you have in terms of back-up (for example, a paper trail for electronic voting)
  11. Is the collection of biometric data proportional regarding the task at hand? Are you collecting the minimal amount of data necessary to achieve your goal?
  12. Where are all data being stored? What other parties might have access to this information? How are the data protected?
  13. Are any of the people who would receive biometric or digital IDs part of a vulnerable group? If digitally recording their identity could put them at risk, how could you mitigate against this? (for instance, avoiding a centralized data base, minimizing the amount of data collected, taking cybersecurity precautions, etc.).
  14. What power does the beneficiary have over their data? Can they transfer their data elsewhere? Can they request that their data be erased, and can the data in fact be erased?
  15. If you are using digital IDs or biometrics to automate the fulfillment of fundamental rights or the delivery of critical services, is there sufficient human oversight?
  16. Who is technological error most likely to exclude or harm? How will you address this potential harm or exclusion?

Back to top

Case studies

Aadhaar, India, the world’s largest national biometric system

Aadhaar is India’s national biometric ID program, and the largest in the world. It is an essential case study for understanding the potential benefits and risks of such a system. Aadhaar is controversial. Many have attributed hunger-related deaths to failures in the Aadhaar system, which does not have sufficient human oversight to intervene when the technology malfunctions and prevents individuals from accessing their benefits. However, in 2018, the Indian Supreme Court  upheld the legality of the system, saying it does not violate Indians’ right to privacy and could therefore remain in operation. “Aadhaar gives dignity to the marginalized,” the judges asserted, and “Dignity to the marginalized outweighs privacy.”
WFP Iris Scan Technology in Zaatari Refugee Camp
In 2016, the World Food Program introduced biometric technology to the Zataari Refugee camp in Jordan. “WFP’s system relies on UNHCR biometric registration data of refugees. The system is powered by IrisGuard, the company that developed the iris scan platform, Jordan Ahli Bank and its counterpart Middle East Payment Services. Once a shopper has their iris scanned, the system automatically communicates with UNHCR’s registration database to confirm the identity of the refugee, checks the account balance with Jordan Ahli Bank and Middle East Payment Services and then confirms the purchase and prints out a receipt – all within seconds.” As of 2019, the program, which relies in part on blockchain technology, was supporting more than 100,000 refugees.
Kenya’s Huduma Namba
In January 2020, the New York Times reported that Kenya’s Digital IDs may exclude millions of minorities. In February, the Kenyan ID Huduma Namba was suspended by a High Court ruling, halting the $60 million Huduma Namba scheme until adequate data protection policies are implemented. The panel of three judges ruled in a 500-page report that the National Integrated Identification Management System (NIIMS) scheme is constitutional, reports The Standard, but current laws are insufficient to guarantee data protection. […] Months after biometric capture began, the government passed its first data protection legislation in late November 2019, after the government tried to downgrade the role of data protection commissioner to a ‘semi-independent’ data protection agency with a chairperson appointed by the president. The data protection measures have yet to be implemented. The case was brought by civil rights groups including the Nubian Rights Forum and Kenya National Commission on Human Rights (KNCHR), citing data protection and privacy issues, that the way in which data protection legislation was handled in parliament prevented public participation, and how the NIIMs scheme is proving ethnically divisive in the country, particularly in border areas.”
E-voting terminated in Kazakhstan
A study published in May 2020 on the discontinuation of e-voting in Kazakhstan highlights some of the political challenges around e-voting. Kazakhstan used e-voting between 2004 and 2011 and was considered a leading example. See Kazakhstan: Voter registration Case Study (2006) produced by the Ace Project Electoral Knowledge Network. However, the country returned to a traditional paper ballot due to lack of confidence from citizens and civil society in the government’s ability to ensure the integrity of e-voting procedures. See Politicization of e-voting rejection: reflections from Kazakhstan, by Maxat Kassen. It is important to note that Kazakhstan did not employ biometric voting, but rather electronic voting machines that operated via touch screens. 
Biometrics for child vaccination
As explored in The New Humanitarian, 2019: “A trial project is being launched with the underlying betting that biometric identification is the best way to help boost vaccination rates, linking children with their medical records. Thousands of children between the ages of one and five are due to be fingerprinted in Bangladesh and Tanzania in the largest biometric scheme of its kind ever attempted, the Geneva-based vaccine agency, Gavi, announced recently. Although the scheme includes data protection safeguards – and its sponsors are cautious not to promise immediate benefits – it is emerging during a widening debate on data protection, technology ethics, and the risks and benefits of biometric ID in development and humanitarian aid.”
Financial Action Task Force Case Studies
See also the case studies assembled by the Financial Action Task Force (FATF), the intergovernmental organization focused on combating terrorist financing. They released a comprehensive resource on Digital Identity in 2020, which includes brief case studies.

Back to top

References

Find below the works cited in this resource.

This primer draws from the work of The Engine Room, and the resource they produced in collaboration with Oxfam on Biometrics in the Humanitarian Sector, published in March 2018.

Back to top

Categories

IoT & Sensors

What is the IoT and what are sensors?

The Internet of Things (IoT) refers to a network of objects connected over the internet. IoT-connected devices include everyday items such as phones, doorbells, cars, watches, and washing machines. The IoT links these devices for a range of tasks, processes and environments – from streetlights on a “smart” urban grid to refrigerators in a “smart home” and even to “smart” pacemakers inside human bodies, which belong to the category of so-called “wearable” smart technology. Once installed and connected, these devices can communicate to one another with reduced human involvement.

Scientific diver in Indonesia. Autonomous reef monitoring structure uses sensors to support conservation efforts. Photo credit: Christopher Meyer.

An integral component of the IoT are sensors, devices that detect and respond to changes in an environment from a variety of sources — such as light, temperature, motion and pressure. When placed on devices and linked to an IoT network, sensors can share data in real time with other connected devices and management systems.

It is important to note that the IoT is an evolving concept, continually expanding to include more devices and to increase the level of connection and communication between devices.

How does IoT work and how do sensors work?

IoT devices connect wirelessly to an internet network. They are provided with unique identifiers (UIDs) and have the ability to transmit data to one another over the network without human intervention. IoT systems may combine the use of wearable devices, sensors, robots, data analytics, artificial intelligence, and many other technologies.

Sensors generally work by taking an input — such as light, heat, pressure, motion or another other physical stimulus— and converting this into an output that can then be communicated to a human user through some kind of signal or interface (for example, the display on a digital thermometer or the noise of a fire alarm). The output could also be forwarded directly into a larger, extended system such as an industrial plant. Usually, devices will have multiple sensors: for example, a smart phone has a touchscreen, a camera, a GPS, and an accelerometer to measure acceleration.

Sensors can be “smart” or “non-smart,” meaning that they may connect to the Internet or not. Smart sensors accept an input from their surroundings and convert it into digital data using in-built computing capabilities. These data are then passed on for further processing. Take for example a “smart” irrigation system: an Internet-connected water meter might be used to continually measure the quantity and quality of the water in a reservoir. These data would be transmitted in real time to a water- management interface that a human could interpret to adjust the water delivery, or alternately, the irrigation system could be programmed to self-adjust without human intervention, shutting off automatically when the water is below a certain quality or quantity.

Smart sensors may be considered IoT devices themselves. The sensor in a mobile phone that automatically adjusts the brightness of its screen based on ambient lighting is an example of a smart sensor. Remote sensing involves the use of sensors in applications in which the sensing instrument does not make physical contact with the object or phenomenon being measured and recorded, for example, satellite imaging, radar, and aerial photography or videography by drones. The US National Aeronautics and Space Administration has a list of the types of sensors used in remote sensing instruments. This short video provides a basic introduction to the different types of sensors.

Back to top

How is the IoT and how are sensors relevant in civic space and for democracy?

The IoT has been harnessed for a range of civic, humanitarian and development purposes, for example, as part of smart cities infrastructure, urban traffic management and crowd-control systems, and for disaster risk reduction by remote-sensing environmental dangers. The city of London has been using the IoT and big data systems to improve public transportation systems. These systems handle unexpected delays and breakdowns, inform passengers directly regarding delays, create maps of common routes via anonymized data, offer personalized updates to travelers, and make it possible to identify areas for improvement or increased efficiency. Transportation via autonomous vehicles represents one of the domains where the IoT is anticipated to bring important advancements.

In the Boudry community, Burkina Faso, smartphones and GPS are connected to identify land parcel boundaries. Photo credit: Anne Girardin.

Many uses of the IoT are being explored in relation to health care and assistance. For instance, wearable  glucose monitors in the form of skin patches can continuously and automatically monitor the blood glucose levels of diabetic persons and administer insulin when required.

Device systems equipped with sensors are frequently used by researchers, development workers and community leaders for gathering and recording data on the environment— for example, air and soil quality, water quality and levels, radiation levels, and even the migration of animals.

Sensor datasets may also reveal new and unexpected information, enabling people to tell evidence-backed stories that serve the public interest.

Finally, the use of the IoT is also being explored in relation to human rights defenders. IoT systems equipped with sensors can be used to document human-rights violations and collect data about them. A bracelet developed by the Natalia Project automatically triggers an alert when forcibly removed or activated by the wearer. The bracelet uses GPS and mobile networks to send a pre-defined distress message, along with the location of the device and a timestamp, to volunteers present nearby and to the headquarters of Civil Rights Defenders, a Swedish NGO.

However, along with these exciting applications come serious concerns. Digital devices have inherent vulnerabilities, and linking devices to the Internet and to one another magnifies security threats. These concerns and other implications of a vast and pervasive network of data-collecting devices are explored in the Risks section.

Back to top

Opportunities

Biological investigators in Madidi, Bolivia, set up a camera to photograph jaguars using a sensor that detects body heat. Photo credit: Julie Larsen Maher, Wildlife Conservation Society

The IoT and sensors can have positive impacts when used to further democracy, human rights and governance issues. Read below to learn how to more effectively and safely think about IoT and sensors in your work.
Monitoring and Evaluation

IoT systems can facilitate the continuous monitoring of small and intricate details, transmitting these data to systems that can analyze and evaluate it in real time. This kind of monitoring has many implications for resource efficiency and sustainability. In Mongolia, inexpensive temperature sensors have been used in the monitoring and evaluation of a subsidy program that offered energy-efficient stoves for home heating. The stoves aimed to reduce air pollution and fuel expenditure. Information obtained from the sensors led to the conclusion that fuel efficiency had indeed been achieved even though the coal consumption of the surveyed households had remained constant. Other examples of sensor-enabled monitoring include the Riffle (Remote, Independent Field Friendly Logger Electronics), a set of open-source instrument designs that enables communities to collect data and monitor their water quality. The designs deploy different types of sensors for measuring parameters such as the temperature, depth, turbidity and conductivity of water. Riffle is a part of Public Lab’s Open Water Project.

Safety and security systems

IoT systems, when installed legally in private homes and workplaces, can provide security. Smart locks, video cameras and motion detectors can be used to alert to or prevent against possible intrusion, while smart smoke detectors and thermostats can alert to and react to fire, dangerous air quality, etc. “Smart homes” advertise these security benefits. For instance, a video doorbell can send an alert to your smartphone when motion is detected and record a video of who or what triggered it for later viewing. Smart locks allow you to lock and unlock your doors remotely, or to grant access to guests through an app or keypad. Of course, these home-security conveniences come with their own concerns. Amazon’s Ring home security system has been in the headlines multiple times after stories of hacking and vulnerabilities surfaced.

Early Warning Systems

IoT systems, when paired with data analytics and artificial intelligence, can help with early warnings about environmental or health risks, for example about the possibility of floods, earthquakes, or even spread of infectious diseases like Covid-19. The company Kinsa Health has been able to leverage data gathered from its Bluetooth-connected thermometers to produce daily maps of which US counties are seeing an increase in high fevers, thereby offering real-time indications of where the disease may be clustering. Sensor networks combined with data analytics can be used by governments and ecologists to detect environmental changes that may indicate an emerging threat — for instance a dangerous rise in water level or change in air quality — information which can be analyzed and shared rapidly to better understand, respond to, and alert others to the threat.

Autonomous Vehicles

By allowing vehicles to communicate with one another and with road infrastructure — like traffic lights, charging stations, roadside assistance, and even sensor-lined highway lanes — the IoT could improve the safety and efficiency of road transport. Autonomous vehicles have a long way to go (both in terms of the technology and safety and the legal frameworks necessary for proper functioning); but the IoT is making self-driving vehicles a possibility, bringing new opportunities for car sharing, urban transport, and service delivery.

Back to top

Risks

The use of IoT and sensors can also create risks in civil society programming. Read below on how to discern the possible risks associated with use of these technologies in DRG work.
Mass surveillance and stalking

IoT systems generate large amounts of data, which in the absence of adequate protections, may be used by governments, commercial entities, or other actors for mass surveillance. IoT systems collecting data from their environments may collect personal data about humans without their knowledge or consent, or process and combine these data in an invasive, nonconsensual manner. IoT systems — when coupled with monitoring capabilities, AI systems (for example, face recognition and emotion recognition) and big data analysis — present opportunities for mass surveillance and potentially for repressive purposes that harm human and civil rights.

Concerns about privacy, data protection and security

The United States Federal Trade Commission (FTC) identified three key challenges the IoT poses to consumer privacy (2015): ubiquitous data collection, potential for unexpected uses of consumer data, and heightened security risks. IoT systems generate immense amounts of data and create large datasets. Meanwhile, IoT applications, especially consumer applications, are known to have privacy and security vulnerabilities, the risks of which are magnified given the quantity and potentially sensitive nature of data involved. Seemingly harmless information, or information collected without the full awareness of the people involved, can bring serious threats. For example, a visualization of exercise routes of users published by a fitness tracker app exposed the location and staffing of US military bases and secret outposts inside and outside the country.

Commercial entities may use data obtained from IoT systems to influence the behavior of consumers, for example through targeted advertising. Indeed, sensors in stores are increasingly being used to leverage data about users based on their in-store shopping behavior.

See also the Data Protection, Big Data and Artificial Intelligence resources for additional information on privacy, data protection and security concerns.

Increased risk of cyberattacks

The hardware and software of IoT devices are known to be highly vulnerable to cyberattacks, and cybercriminals actively try to exploit these security vulnerabilities. Increasing the number of devices on an IoT network means increasing the surface area for cyberattack. Common devices such as Internet-connected printers, web cameras, network routers and television sets are used by cybercriminals for malicious purposes, such as executing coordinated distributed denial of service (DDoS) attacks against websites, distributing malware, and breaching the privacy of individuals. There have been numerous incidents of hackers gaining access to feeds from home security cameras and microphones, including from monitors that enable parents to keep an eye on their infant while they are away. These incidents have led to a demand to regulate entities that design, manufacture and deploy commercial IoT devices and systems.

Uncharted ethical concerns

The ever-increasing use of automation brings ethical questions and concerns that may not have been considered before the arrival of the technology itself. Here are just a few examples: Would smart devices in the home recognize voice commands given by people who speak different languages, dialects and in different accents? Would it be appropriate to collect voice recording data in these other dialects and accents— in a fully consensual and ethical way — in order to improve the quality of the device and its ability to serve more people?

Data obtained from IoT devices are also increasingly being used as digital evidence in courtrooms or for other law enforcement purposes, raising questions about the ethics and even the legality of such use, as well as about accuracy and appropriateness of such data as evidence.

Vendor lock-in, insufficient interoperability between networks, and the challenge of obtaining informed consent from data subjects must also be taken into account. See more about these risks in the Digital IDs and Data Protection resources.

Back to top

Questions

If you are trying to understand the implications of IoT and sensors in your work environment, or are considering using some aspects of IoT and related technologies as part of your DRG programming, ask yourself these questions:

  1. Are IoT-connected devices suitable tools for the problem you are trying to solve? What are the indicators or guiding factors that determine if the use of IoT or sensor technology is a suitable and required solution to a particular problem or challenge?
  2. What data will be collected, analyzed, shared, and stored? Who else will have access to this information? How are these data protected? How can you ensure that you collect the minimum amount of data needed?
  3. Are any personal or sensitive data being collected? How are you obtaining informed consent in this case? Is there the possibility that devices on your network will combine datasets that together create sensitive or personally identifying information?
  4. Are the technologies and networks you are using sufficiently interoperable for you to bring new technologies and even new providers into the network? Are they designed with open standards and portability in mind? Is there any risk of becoming locked into a particular technology provider?
  5. How are you addressing the risk of vulnerabilities or flaws in the software? How can you mitigate against these risks from the start? For instance, is it necessary for these devices to connect to the internet? Can they connect to a private intranet or a peer internet network instead?

Back to top

Case studies

Instructor pictured in Tanzania, where GPS-captured data can be used to map and assign land titles. Photo credit: Riaz Jahanpour for USAID / Digital Development Communications

IoT to enhance the process of fortifying flour with key nutrients

IoT to enhance the process of fortifying flour with key nutrients

Sanku (Project Healthy Children), an organization that aims to end malnutrition around the world, is equipping small flour mills across Africa with IoT technology to provide nutritious fortified flour to millions of people. Daily production data are sent in real time, via the cellular link, to a dashboard that allows the organization to monitor the mills’ performance. Data collected include flour produced, nutrients dispensed, people reached, and any technical issues with the machine performance. “The IoT is enabling us to completely automate our operations and how we run our business.… It’s no longer a struggle trying to determine which mills need to be visited, which dosifiers need maintenance, and when products need to be delivered to avoid stock-outs.”

The Guardian Project develops apps for human rights defenders
The Guardian Project’s Proof Mode is an open-source camera application for mobile devices designed for activists, human rights defenders and journalists. When a photo or video is shot using the device, the app gathers as much metadata as possible, such as a timestamp, the device’s identity and location from different sensors present in the device. The app also adds a publicly verifiable digital signature to the metadata file, all of which ultimately provides the user with secure and verifiable digital evidence.

Another app by the Guardian Project, Haven, uses the sensors present in a mobile device, such as the accelerometer, camera, microphone, proximity sensor and battery (power-on status) for monitoring changes to a phone’s surroundings. These changes are a) stored as images and sound files, b) registered in an event log that can be accessed remotely or anytime later, and c) used to trigger an alarm or to send secure notifications about intrusions or suspicious activity. The app developers explain that Haven is designed for journalists, human rights defenders, and people at risk of forced disappearance.

Temperature sensors to measure stove use behaviors in Ulaanbaatar
Temperature sensors to measure stove use behaviors in Ulaanbaatar

“…[I]n an impact evaluation of the [subsidy program]…, which aimed to reduce air pollution and decrease fuel expenditures through the subsidized distribution of more fuel-efficient heating stoves….[t]o gather unbiased and precise measurements of stove use behavior, small temperature sensors (stove use monitors or SUMs) were placed in a sub-set of surveyed households… The SUMs data on ambient temperature also indicated that homes with [subsidy program] stoves were kept warmer than those with traditional stoves, although the fuel used was the same on average. This suggests that households were utilizing fuel efficiency to increase home temperatures, whether knowingly or not. Ultimately, inexpensive temperature sensors were critical for collecting accurate outcome data on and explaining unexpected results.” 

Motion sensors to monitor hand-pump functionality in Rwanda, Case study 3
Motion sensors to monitor hand-pump functionality in Rwanda,  Case study 3

“In the featured pilot project in Rwanda, more than 200 censors were installed at water pumps, with data from each sensor transmitted wirelessly through the cellular network to a dashboard for the operations and maintenance team. The dashboard displays the real-time status of each pump equipped with a sensor. This enables operations and maintenance teams to employ an “ambulance” model, dispatching teams only to water points flagged for repair or check-up.”

Back to top

References

Find below the works cited in this resource.

Additional resources

Back to top

Categories

Digital Development in the time of COVID-19