TY - JOUR
T1 - Computer security for data collection technologies
AU - Cobb, Camille
AU - Sudar, Samuel
AU - Reiter, Nicholas
AU - Anderson, Richard
AU - Roesner, Franziska
AU - Kohno, Tadayoshi
N1 - The authors thank the survey and interview respondents that made this work possible. The authors also thank Yaw Anokwa, Waylon Brunette, and Carl Hartung for sharing their ODK expertise, and Waylon Brunette, Carl Hartung, Kiron Lebeck, Ada Lerner, Lucy Simko, and Anna Kornfeld Simpson for reading drafts of this paper and providing feedback. This work was supported in part by NSF Grant CNS-0846065, NSF Grant CNS-1513575, the Bill and Melinda Gates Foundation Grant OPP1140486, the Short-Dooley Professorship, and Google Research Grant 2-378512.
The authors thank the survey and interview respondents that made this work possible. The authors also thank Yaw Anokwa, Waylon Brunette, and Carl Hartung for sharing their ODK expertise, and Waylon Brunette, Carl Hartung, Kiron Lebeck, Ada Lerner, Lucy Simko, and Anna Kornfeld Simpson for reading drafts of this paper and providing feedback. This work was supported in part by NSF Grant CNS-0846065 , NSF Grant CNS-1513575 , the Bill and Melinda Gates Foundation Grant OPP1140486 , the Short-Dooley Professorship , and Google Research Grant 2-378512 .
PY - 2018
Y1 - 2018
N2 - Many organizations in the developing world (e.g., NGOs), include digital data collection in their workflow. Data collected can include information that may be considered sensitive, such as medical or socioeconomic data, and which could be affected by computer security attacks or unintentional mishandling. The attitudes and practices of organizations collecting data have implications for confidentiality, availability, and integrity of data. This work, a collaboration between computer security and ICTD researchers, explores security and privacy attitudes, practices, and needs within organizations that use Open Data Kit (ODK), a prominent digital data collection platform. We conduct a detailed threat modeling exercise to inform our view on potential security threats, and then conduct and analyze a survey and interviews with technology experts in these organizations to ground this analysis in real deployment experiences. We then reflect upon our results, drawing lessons for both organizations collecting data and for tool developers.
AB - Many organizations in the developing world (e.g., NGOs), include digital data collection in their workflow. Data collected can include information that may be considered sensitive, such as medical or socioeconomic data, and which could be affected by computer security attacks or unintentional mishandling. The attitudes and practices of organizations collecting data have implications for confidentiality, availability, and integrity of data. This work, a collaboration between computer security and ICTD researchers, explores security and privacy attitudes, practices, and needs within organizations that use Open Data Kit (ODK), a prominent digital data collection platform. We conduct a detailed threat modeling exercise to inform our view on potential security threats, and then conduct and analyze a survey and interviews with technology experts in these organizations to ground this analysis in real deployment experiences. We then reflect upon our results, drawing lessons for both organizations collecting data and for tool developers.
KW - Data collection
KW - ICTD
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85042605528&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85042605528&partnerID=8YFLogxK
U2 - 10.1016/j.deveng.2017.12.002
DO - 10.1016/j.deveng.2017.12.002
M3 - Article
AN - SCOPUS:85042605528
SN - 2352-7285
VL - 3
SP - 1
EP - 11
JO - Development Engineering
JF - Development Engineering
ER -