In 2017, the Unique Identification Authority of India (UIDAI) revealed that 210 government websites had accidentally exposed the private information of more than one billion Indian citizens, stored on the Aadhaar digital identity system. It took Internet users a simple Google search to extract information on a person’s unique Aadhaar 12-digit number, their names, the names of friends and families, their religion, mobile phone numbers, bank account numbers, and the status of loan applications. This data then went on to be sold to a third-party marketing firm or the Aadhaar digital cards were duplicated and sold for Rs 500, a mere $6.65.
| Dive into Data Justice at GDDF 2022 |
| Global Digital Development Forum on May 4-5 will feature multiple lightning talks, breakout sessions, and interactive workshops on data collection, management, analysis, and presentation. |
| Don’t miss out – RSVP today! |
Following anti-government protests instigated by its ethnic Oromo and Amhara populations in 2015, the Ethiopian government took over almost all control of internet access, social media use, and communications in the country, with widespread internet shutdowns between 2015 and 2016 costing the economy $9 million. Freedom of speech, expression, and association became conditional on being supportive of government policies and beliefs.
While Mark Zuckerberg piloted Free Basics – a zero-rating system providing Internet access without costs but only under certain conditions and with access to certain websites or services – in India, powerful civil society campaigns led to its ban there but didn’t hinder its branching out to 65 countries by 2019, 30 of which are in Africa. Free Basics was banned in India due to concerns of surveillance and a lack of data privacy regulations.
These cases share a common theme: the reality of security and oversight lagging behind in a rapidly digitalising world, particularly in the ‘developing’ world, leading to a range of issues threatening identities, personal privacy, national and digital systems security, and even physical and ‘offline’ security. Cyberspace renders national borders and boundaries futile. Threats encountered online can occur in both ‘developed’ and ‘developing’ countries, across many virtual platforms, and can be instigated by both state and non-state actors.
The Need for Cyber Capacity Building
Currently, many countries receiving aid and development assistance lack national data privacy, legal capacity, and cybersecurity frameworks, making them more vulnerable to threats in the online or cyber domain such as cybercrime, fraud, hate speech, disinformation, and surveillance.
A huge issue within digital development has been a lack of symbiosis between this community and the cyberspace ‘capacity building’ community, or in other words those working to keep online spaces open and secure. Bridging this gap in cyber capacity building is important because both communities share the long-term goals of improving access and use of digital spaces, ensuring that “citizens remain safe, protected, and productive online”.
The benefits of integrating a cybersecurity framework into digital development are huge: greater efficiency, responsiveness to citizens’ needs, government transparency and accountability, strong organisational capabilities, improved infrastructure, and data justice. ‘Building capacity’ encapsulates everything from broadband access and Internet connection, to digitalising industries, infrastructures, and services, to meeting the skills and oversight requirements for the sustainability and longevity of a ‘digital society’.
Protecting people offline and online is a key responsibility of our time. It’s time to do better. Risk assessments and security regulations must be factored into digital design and development to ensure data justice.
Digital Identities Make the Invisible Visible
While digital development has enabled people in less developed countries to “leapfrog” into financial and social stability, there are several things that can be compromised in the digital space. Introducing digital identities in countries that have less developed economies and infrastructures, or in regions where minority communities are suppressed has made the ‘invisible visible’.
A ‘digital identity’ refers to any piece of information about an individual being placed online or in the digital space, for example a fingerprint, birth and address details, or the Aadhaar system’s use of iris imaging. The digitalisation of identity has helped more people around the world achieve socio-economic development goals through securing access to financial, healthcare, education, housing, and employment services, especially in regions that are vulnerable to conflicts and wars or environmental disasters. In this light, having a digital identity empowers people to achieve basic human rights which is what India’s Aadhaar system attempted to do by standardising and digitalising the government’s social benefit system.
Many less developed countries in the sub-Saharan and South Asian region lack robust birth registration systems which results in many children being unregistered at birth, lacking certificates or legal identification. Digital identity systems in such countries have more relaxed requirements, allowing many more people to be legally recognised on online systems so that they may participate in and fully reap the benefits of society.
In Tanzania and Cote d’Ivoire, a combination of high trust in network operators and a high value ascribed to identity-linked services has ingrained the use of digital identities in everyday life across all sectors. Social and cultural contexts where there is trust in digital systems and their use are crucial in helping people feel safe when using technology.
While in Tanzania having a digital identity is tied to pride in both the individual and for the fact that the country has such a digital platform, the issues that come with an absence of paper documents amongst refugee communities have been resolved by international organisations like the United Nations High Commission for Refugees (UNHCR) that use a biometric data system to register refugees’ identities.
Finally, digital identities have given women and girls the ability to connect to the world, education, and information which has helped build their capital, provided a platform for them to voice their needs, and expanded women’s civic participation.
Digital Identity Downsides
Unfortunately, things are not always so rosy. To begin with, the digitalisation of our identities has triggered a huge rise in identity-theft, fraud, data breaches, minority targeting, and other cybercrimes. In fact, in 2021 Shufti Pro, the global identity verification service provider caught around 33% of digital identity fraud attempts, with the primary targets being Sudan, Kenya, Cameroon, and Ethiopia. Similarly, the Aadhaar case showed that digital spaces are not as safe as they should be.
Security breaches, identity and information theft, and fraud are compounded in the digital space due to the ability to perfectly copy digital information, the multiple points of potentially capturing data online in the digital ‘web’, the immortal nature of data once it is placed online, and the ability to master high confidentiality online, making it harder to catch fraudsters and cybercriminals.
While a 2018 Africa Cybersecurity Report stated that in 2017 cybercrime cost African economies $3.5 billion, as of 2021 only half of Africa’s 54 countries have data protection or privacy laws. In Uganda, research has found that 45% of female Internet users reported online abuse, showing that offline gender-based violence and insecurity manifests in the online domain when people remain unprotected.
Another common issue not factored in across digital development initiatives is the lack of digital literacy that means users are unaware of cyber threats or risks brought by sharing their private information and passwords. What these cases show is that the digitalisation of identity has numerous benefits; however, a lack of robust cybersecurity measures and effective sanctions for cybercrime, in conjunction with digital development jeopardises people’s digital data, private information, and trust.
Digital Web & States, Systems, and Structures
So where does the responsibility to protect lie? Digital identities as a case study for digital development show that some form of regulation, oversight, and security is necessary to protect people’s information online.
As Dolan and his colleagues at Future State write, data security is an issue that must be tackled through concerted effort from the public and private sectors: design decisions made by companies like Facebook or Google, and products approved by aid organisations like USAID are building or contributing to a web of digital infrastructure and technology that potentially compromises user safety when data can be stolen, monetised, and misused by other individuals, governments, or non-state actors.
This conviction is captured in the ‘Principles for Development’ that champion designing with the user, understanding the social, cultural, and digital context, designing for scale, being sustainable, data-drive, transparent, and addressing security.
Central to this is the fact that any broadband access or systems that digitalise products and services have the potential to be maliciously used through viruses or surveillance. Many organisations have worked towards promoting ‘digital public goods’ – universal tools that enable the sharing of best practices and assessments regarding cyber capacity building and security – such as the Bill and Melinda Gates Foundation, the African Union-GFCE Collaboration, the CREST Cybersecurity Maturity Model Assessment, the Digital Impact Alliance, and the World Bank.
This has proved beneficial in terms of bridging the digital development and cybersecurity communities, ensuring security is factored in before, during, and after design, and educating and raising awareness of risks faced online.
Digital Government Dark Sides
But this doesn’t solve the issue of weak technological environments and the absence of an open and inclusive Internet space. Particularly where governments lack the legal and institutional frameworks to support their cyberspace domains such as in Botswana and Rwanda, or where there are minimal resources to build such an infrastructure in the first place, a lack of education and awareness on what constitutes as a ‘cyberthreat’, and the absence of cooperation between public and private sectors, questions regarding accountability, transparency, and responsibility are often left unanswered or are undermined.
Digital surveillance, ‘authoritarian surveillance’, and ‘digital authoritarianism’ are concepts increasingly being used to characterise the worrying growth of governments and private sector companies using technology and digital platforms to spy on people or specifically target minorities. Ethiopia is one of many countries that has engaged in digital surveillance to suppress opposition and control its people.
Instances of Chinese companies meddling with digital development abroad have surfaced recently, for example with companies like CloudWalk undertaking widespread facial recognition programmes in Zimbabwe, or Huawei installing 83 monitoring centres, 522 operators, and 50 commanders as part of its national CCTV system design for Uganda.
In Bangladesh, government requirements for digital identity have only exacerbated the social exclusion of Rohingya communities due to the inaccessibility of SIM cards that require certain forms of identification. In Pakistan and Morocco, using encrypted messages is illegal in the former and will cost a user $10,000 in fines in the latter.
A review of these cases prompts us to challenge the role the government and private sector play in ensuring citizens’ digital safety, especially as new technologies become available to developing countries. Not only are citizens not informed correctly on their privacy and data rights but are also not being protected ‘after access’ and are instead at risk of being manipulated and having their freedoms suppressed.
What Can Be Done?
There are huge gaps in technological knowledge and capacity between private sector companies, and society and policymakers. Governments and industry must work together to improve awareness, information-sharing, and education on cyberthreats, mitigation and implementation of sanctions, and trust-building initiatives in society. ‘Digital resilience’ requires a human-centred approach to ensure an open and inclusive Internet that supports data justice and data rights.
The World Bank’s 2021 ‘Data for Better Lives’ report conceptualises digital development in a way that is favourable to building robust and sustainable cybersecurity capacity:
- at the bottom, private sector firms must design products and user experiences that are both safe and secure;
- in the middle, governments and international organisations must implement transparent evidence-based policies that do not harm citizens’ freedoms of expression and association but are also aware of cyberthreats;
- and at the top, civil society must hold governments and the private sector accountable.
Data, digital platforms, and technology are not inherently bad. The way they are used can be harmful if individual freedoms and private information is jeopardised, leading to greater social distrust and insecurity. Bridging the gap between digital development and cybersecurity will inevitably require a commitment to human-centred design and principles since the user is at the centre of these discussions. This will have larger implications for global security across all systems, domains, and industries in the world.
Sorry, the comment form is closed at this time.