Every other week, I hear of a new cellphone project intended to help people in the developing world. Most of these initiatives are incredibly promising: They aim to leverage cellphones to give African farmers access to price information via text messages, connect new mothers to maternal health information, and let citizens report government corruption. Given the fact that most people in the developing world have cellphones, this trend makes a great deal of sense.
Here’s the problem: Cellphones raise pressing privacy and security issues that can put users in the developing world in serious danger, and even as a much-needed debate about privacy is finally taking place in the West, these issues aren’t being addressed by the majority of development practitioners and funders.
Cellphones are highly insecure. In order to function, all cellphones must constantly communicate with cell sites such as towers or mounted base stations, making it impossible to obscure the location of the user. When a phone is used, the nearest cell site logs the phone’s ID number along with communications details. Regardless of whether cell network operators are independent commercial entities or under government control (as many are in the developing world), service providers have full access to user information, including location, communications logs, and some stored information. Many of these providers are legally obligated to retain this information for extended periods of time, and it is increasingly easy for third parties to use inexpensive equipment to intercept information transmitted over mobile networks.
The communities targeted by mobile development projects face an additional layer of privacy and security risks. Mobile networks are often monitored closely by the state, and SIM registration and biometric initiatives make it easy to tie a phone to a specific citizen. All of this is compounded by high levels of political instability, low literacy rates, phone sharing, government corruption, unreliable legal systems, and social unrest. Given the sensitivity of the information being transmitted by mobile-oriented development initiatives, there are serious consequences when cellphone data falls into wrong hands. Data from a corruption whistle-blower app could easily be used to punish political opponents, for example. Even seemingly neutral platforms such as mobile banking apps raise financial redlining and profiling risks.
Mobile health (or mHealth) projects form a popular category of cellphone-based development projects. Lauded for their ability to provide medical care to remote and poor users, track epidemics, and monitor long-term diseases, these mobile health apps are being deployed throughout the developing world. In addition to promoting general best practices for a healthy lifestyle, the majority of mHealth applications have a specific area of focus, such as maternal health or specific infectious diseases. This ability to provide medical care to vulnerable populations is promising, but it is accompanied by incredible risks. Recently, for example, the Haitian government demanded that the public health organizations working in the country hand over the medical records of all patients infected with HIV (PDF). This information was to be used to create a national database that would track the prevalence of HIV among Haitian citizens. There are, however, no guidelines on how the database might be used, which raises possibilities of discrimination or violence. Furthermore, human and mechanical errors present formidable problems: A recent research survey on mobile AIDS platform users reports that one-fifth of users reported that someone else had accidentally received their AIDS and HIV information.
Most users of these technologies are among the poorest and most vulnerable people in developing countries. In addition to lacking the means required to make important decisions about the technology they use, they are denied avenues to recourse in cases of privacy harm and breaches of personal data. Fully addressing the privacy and security issues raised by cellphones will require significant action and collaboration between a variety of global actors, but development practitioners and funders need to take steps to ensure their mobile-oriented projects address pressing privacy and security issues.
It is time to stop assuming that technology will automatically aid the developing world and start thinking about how we can incorporate privacy and security safeguards into development projects and platforms. Otherwise, cellphone-based development projects run the risk of creating more problems than they solve.
For more information, read the Open Technology Institute’s new paper on privacy and cellphones in the developing world.