The Economy Of Data

Understanding and optimizing the foundational inputs that will power Artificial Intelligence in Africa.

Recent posts:

About the Author:

Linet is a computer scientist, Certified Data Privacy Solutions Engineer, and practitioner in AI policy, data science and data policy. She works to strengthen data ecosystems in partner countries across Africa and Latin America, as well as strategies to tackle technical challenges and achieve their data for decision and policy making commitments.

  • How Citizen Generated Open Data Prevents Corruption and Increases Accountability.

    The Kenya Open Data Initiative is a program that was launched in 2011 out of the need for Government to provide useful information to the public. Its launch followed the promulgation of the Kenya Constitution in 2010, in which Article 35 of the Bill of rights clauses states that every Kenyan citizen has a right to access information held by the state; giving impetus to the government’s willingness to be open and transparent.

    Data is the Foundation of improving accountability and governance and Open Data is in its very definition an opportunity for a government or corporate body to proactively release information to the public and state the facts upfront, giving opportunities for transparency and accountability. To be able to do this successfully, agencies need to review the flow of data throughout their institutions and consider everything about how the data is collected, stored and later on disseminated to the public.

    Increased demand for data means that more and more government agencies make some kind of data and information available online through their websites or dedicated data access portals like the Kenya Open Data Portal. As they do so particularly in electronic formats and more particularly in open formats it makes it possible to easily engage citizens, interact and enhance participation and accountability of government activities. It also means that agencies need to require better quality data not just for the public but more importantly for their own internal operations and to improve the quality and relevance of their finding.

    Citizen and Society participation and involvement in discussions around open data are critical towards valuing government data in its correctness and value. It provides a feedback mechanism for citizens to interrogate government and hold a fact-based discussion with government and elected leaders. Locally we have seen it increase accountability of public officers involved in the implementation of government projects. Where in the past funds could be allocated projects that do not exist on the ground or that are never completed as reported, today citizens can counter check these allocations and through citizen-generated data show photographic evidence of projects, the quality, and level of completion. For Kenya, this is a step in the right direction towards building a “participatory environment with feedback loops that enable citizens to analyze, visualize, and even challenge the reporting in government data.” The question is, “Is the right kind of data that can be a real deterrent towards corrupt practices being published?”

    Case study 1:

    Corruption in and of itself takes place at a transactional level, where assets are transferred from one entity to another. In obvious forms, it can be observed in form of unreasonable pricing of goods and services too far above the bounds of market rates, or in the awarding of contracts to specific entities under unclear circumstances. By its very nature, “corruption likes secrecy, It is a multilayer phenomenon.”One clear way to combat it is by providing greater access to transactional information and further reveal the entities involved in transactions while allowing the public and skilled individuals to examine this Government data and identify potential risks, irregularities or conflicts of interests that take place. In the context of anti-corruption, the open data charterlists a number of basic datasets that should be published by every government. This includes, 1) Data on Government Officials, their actions and or decisions in while in office, financial assets / interests, and records of officials involved in public procurements. 2) Data on Government Finances. The use of public resources; contracting, budget, and expenditure. 3) Data on Government management and performance, including parliamentary voting data, courts and audit reports, 4) Data on related non-Government actors, including asset and entity registries.

    Case study 2:

    While Open Data is the critical key towards averting possible corruption it many times is not an end in its self. While relevant and up-to-date data is required there also needs to be a vibrant, intelligent and skilled community of stakeholders and users around data. These users can be especially useful in investigating, exploring and making sense of all the data different kinds of data and data sources that are made available. These users are very often the citizens on the ground who are a key source of citizen-generated data that is a great avenue for holding a transparent government accountable.

  • The Internet and You. Us.

    ‘Data is the currency we use to access free services’

    By Linet Kwamboka

    Image Source

    The past year has been one of the most fulfilling years in my pursuit to sharpen my expertise on the issues of privacy and data protection. The quote that is my headline, above, came from an unknown source and really resonated with me in this work.

    In this fellowship, I focused in-depth on a subject I am very passionate about and I had a great team of colleagues, advisors and support that helped me realize excellent results and understanding towards a subject that we should all be focused on and concerned about. I have been a part of a few fellowships and programs but none has really been like the Mozilla Fellowship. None has been quite as supportive and challenging while at the same time fulfilling.

    I spent the better parts of 2011–2016 working on Kenya’s Open Data Project. This was undeniably my proudest moment. Being the project coordinator, my roles included forming communities with various users and suppliers of open data. This position put me in a great place of understanding the data ecosystem from both the local and global perspective. I became expert in the legislation to make data available, which then highlighted legislation we also needed to protect data and ensure privacy and integrity of the data.

    Globally, there are 9 principles of open data that are celebrated and the push has been to make everything available openly and permanently. The principles dictate that open data should be:

    • Complete
    • Primary
    • Timely
    • Accessible
    • Machine-readable
    • Non-discriminatory
    • Non-proprietary
    • License-free
    • Permanently available online

    When I left the Kenyan Government in 2016, I sought to push one more agenda forward given my experience in opening up data by default — I sought to introduce the missing piece in the principles of open data: privacy.

    ‘Open Data should respect and uphold privacy of personal data’

    I joined the Mozilla Foundation Fellowship in July 2017 with a focus on data protection and privacy in East Africa.Through the fellowship, I narrowed in on ‘privacy in the era of big data’ investigating how the countries — governments and citizens — in East Africa are addressing the ideas privacy and data protection. The work has been achieved through the analysis of various existing legislation, analysis of the gaps, and in interviewing and surveying various stakeholders.Over the course of the year in the fellowship, I have had some really valuable findings and experiences.

    Some of my findings are available here:

    At the beginning of the fellowship, my general assumption was that everyone should care deeply about their privacy and the availability of their sensitive data online. I thought that many people would care about subjects like identity theft, data protection and terms and policies of use of products and services. Through the fellowship, I focused my work not only in speaking to policy makers on the progress of the pending policies that would ensure data protection but also in surveying regular citizens on their thoughts and experiences with exposure and misuse of their data, while also seeking their view on how we can progress the agenda of proper data protection and ensuring privacy.

    With this work, I have only set the groundwork. The journey has just began. I will dedicate the next two years in being more involved in the data protection and privacy space, while using most of my resources and time in user sensitization, education and collaboration.

    I seek to better understanding the things that affect our access to data and those that threaten our right to privacy and protection of our data. With the launch of the General Data Protection Regulation and most African countries redirecting their focus on cyber crimes, there is a lot to do moving forward and I invite anyone willing to join forces to see where this journey leads us.

    Special thanks to Cori Zarek, Kevin Zawacki, the Tech Policy Fellows, the entire Mozilla family and the team at DataScience Ltd. Thanks for the support, encouragement and a wonderful past year.

  • Dear Internet, I Love You But We Need to Talk…

    Over the past few weeks, the world has boiled over with the revelations of how Facebook allowed its vulnerabilities to be exploited by Cambridge Analytica (CA) in using data of its users in political campaigns.

    For most of the global North, these conversations have carried on to a point leading to the Facebook CEO, Mark Zuckerberg appearing before a senate committee hearing and two CEOs of CA finding their way in an out the position due to the complexities of the outcome of the events.

    The news that Cambridge Analytica harvested 50 million Facebook profiles is a major data breach . The point in fact is without the consent or knowledge of the Facebook users. The wrongdoings of FB and CA are widespread in the Global North with a lot of users expressing their concerns while many celebrities including Elon Musk opting to delete their and companies’ facebook pages.

    In the Global South, these revelations have led to the call for better data privacy and protection practices while some have gone as far as recommending that African countries adopt the European Union’s GDPR policies that will come into effect in May 2018.

    Given these revelations, I seek to understand, if our personal data is really as valuable as we make it be, why are we so careless with how we share it, who we share it with and where we share it.

    Considering the following statements:

    “We exploited Facebook to harvest millions of people’s profiles and built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on…”

    and that

    “about 270,000 users agreed to have their data collected and used for academic research in exchange for a small payment, we conducted a survey to understand more about the effect of sharing personal information on social media.

    Below is an image of the data protection landscape in Africa, where only 17 countries have defined data protection legislation.

    The Africa Data Protection Landscape. Source, @Deloitte.

    Sample size: 500

    Location: Kenya

    Project platform: poll.co.ke

    Here are the top 5 insights about Kenya, Facebook Use and Sharing of Personal Information.

    #1. Third party applications and many other applications access our personal data because we share it with them. What we don’t know is how do they use it? When asked whether they were aware that Facebook authorized the use of their data by third party applications, our respondents had something to say…

    #2. Ever wondered why those that use FB are all stuck with it? While some use the service to store old pictures, well, it’s mostly to stay in touch with friends and family.

    #3. After the recent revelation that CA improperly accessed Facebook users’ personal information, Kenyans were prompt to act by reducing interaction with Facebook, changing user settings while others continued with normal operation of FB, unfazed.

    “Less than a second later, a Facebook app had harvested not only Mr. Deason’s profile data, but also data from the profiles of 205 of his Facebook friends. Their names, birth dates and location data, as well as lists of every Facebook page they had ever liked, were downloaded — without their knowledge or express consent — before Mr. Deason could even begin reading the first survey question.” reported The New York Times.

    #4. It is also interesting to see how helpless social media users are, especially since they do not trust the services but still continue to use them. Also, a key lesson to getting users to trust your services? Have them read the terms and conditions of the services.

    An analysis of those that read, do not read or do not remember reading or not the terms and conditions and whether they trust the services or not.

    #5. The respondents strongly felt that Instagram, Facebook and OLX are the applications that mostly misused their information. Mobile lending apps like Branch and Tala also had a significant showing while betting apps were also accused of misusing customer data.

    In summary, loads of data and personal information has been collected and used to influence our decisions, behaviors and perceptions of others. In 2013 and 2017 campaigns of Kenyans’ Presidential elections: The personal data collected was used inappropriately. We face limited data protection in Africa and Facebook sees 123 million users across sub-Saharan Africa.

    The GDPR specifies that users need to sign different opt in consents for custodians of their data to use the data especially for marketing etc. Just because a user gave you access to their mobile phone number to allow you to complete a service does not grant you the permission to send them a marketing campaign or a new product.

    So, which way, Kenya?

  • The Internet of You.

    28th January was World Data Privacy/Protection day. A day that is well represented and known in the Global North. It so happened that on this day, I was in Amsterdam enroute to San Francisco for our Mozilla Work Week and when I got on the internet at the airport, I kept getting all those notifications from the various sites I visited telling me that i had to be sure that i knew that the site was either using cookies or that they would be collecting or monitoring information about my activities online. Thanks European Union! This is as a result of the GDPR regulations in the EU. Upon landing in San Francisco (read jet lag) I was back to normal operations where no one bothered to let me know that they were looking at my clicks and swipes.

    Last week, in readiness for the day, we decided to carry out a survey in Kenya where the idea was to understand whether people generally knew about the ideas of data protection. The survey was administed to 200 respondents spread across the 47 counties of the country. Below is a summary of the findings.

    1. A whole lot of people are aware about Data Privacy…

    2. Surprisingly, more people read the terms and conditions but…

    3. …Not enough people have the power to do anything about what they just read. They find the terms too complex, time consuming or helpless since its my way or the highway.

    4. The data protection bill has been in discussion for a while now and interestingly, a lot of people have read it. The bill is available here.

    5. In comparison to what the government defines as personal information, more people have varied ideas of what that should be. To most, Personal Information has a lot to do with their bank accounts and family information.

    6. While some people have had their information obtained and used against their consent…

    7. … A lot of people have lost this data to their close friends! So careful with who you trust out there!

    8. It was quite interesting that more people know that they are ultimately responsible for their data. That said, it looks like the government is also deemed responsible for some of it.

    9. We sent out a targeted survey to people around the country (47 counties) and received responses from 22 counties. Not bad 🙂 We hit our 200 people target.

    In conclusion, this was a great exercise and the findings were quite interesting. At the end of the day, your data security is your responsibility. The government has been discussing the data protection bill since 2013 and still no progress made. Private sector organizations have their own vested interests in accessing and using private data and in some cases, we have seen close family and friends use our information to defraud us.

    Take away, guard your information because it is the power that can be used for or against you. All the best!

  • Identity Theft, Is This Really You?

    The fluidity with which we treat our personal information is surprisingly underestimated. The ease with which we share information with perfect strangers, leave our very important details and documents without having agreed to terms and conditions is also quite surprising. Especially in Kenya.

    The other day i came across the image below shared by @0000001ac on instagram.

    The same individual had cloned himself 6 times, using what you would think are “fake details” of a national identity card number.

    At first stance, I thought that the numbers that are used on the various cards were made up. So i decided to put these thoughts to a test.

    In a previous blog post, I talked about Elections and Government Systems and the little that is done to protect citizen data. So, I only share the following information purely out of the fact that these details are freely and publicly available online, through a government body’s website. And also to prove a point.

    I took the ID numbers on all the fake IDs above and used the online verification system for voter registration to try find out if these numbers were indeed legitimate.

    All 6 numbers were and they indeed belonged to registered voters of Kenya.

    There are numerous things that one can do simply by holding a “valid ID card” in this country. “Proof” that you are a citizen of Kenya, open a bank/Mobile money account, get a job, own property e.t.c

    With the disconnection of our government and corporate systems, there is also no saying what one can do as an owner of multiple identities ranging from fraudulent transactions to easily acquiring citizenship of this country.

    So, my question to you is, when you walk/drive into that building and leave your identity card, name, car registration details, e.t.c, details that should be guarded with your all, is there only you in existence?

  • Elections Systems and Citizen Data Protection.

    Governments and government agencies globally are some of the largest custodians of citizen data, collected over time for various intents and purposes as prescribed by different laws. The Kenyan government is no different. This is an essential part of the government’s planning and especially in resource allocation.

    The Independent Electoral and Boundaries Commission is an independent body that is responsible for the collection, storing and use of voter details to carry out voting exercises around the country. The Kenyan elections happened 8th August 2017 through a process that was both nationally and internationally acclaimed and criticized in equal measure. The recent Supreme Court Running overturned the outcomes of the elections and ordered for a new election scheduled for October 2017.
     
    To qualify as a voter in a Kenyan election, one must be a Kenyan Citizen, be above the age of 18, hold a national ID or Passport and register as a voter. After the voter registration process, all voters are encouraged to verify their registration details through online or mobile systems set up by the IEBC as stipulated in the elections laws. The details that are collected about the voter include the Voter’s ID/Passport number, name, their age, gender, and birthdate. These are also the same details that are verified by the voter using the online/mobile systems.

    According to the Access to Information laws 2016 on personal information that should be protected, a few key parameters stand out; information relating to gender, age, birth of an individual, any identifying number (ID/Passport). These are exactly the details that were collected by the elections body for 19,687,563 citizens of Kenya. 40% of the population.

    System Privacy Vulnerabilities:
    In the advent of data protection regulations and interventions, these regulations aim to regulate the collection, retrieval, processing, storage, use and disclosure of personal data. The IEBC is required by law to make the voter register available for individual verification of registration status online.

    With the rising cases of identity theft in Kenya, the expectation is that the security of a system that carries 40% of personal data of Kenyan Citizens would be secure enough to prevent any cases of data breach or theft; instead, the system that was deployed had some weaknesses that exposed all of the data that should be protected freely and openly accessible to anyone that could type any variation of numbers that match a national ID number.

    Some of the system weaknesses include:

    1. No captcha

    The initial voter verification system had no captcha (a program or system intended to distinguish human from machine input, typically as a way of thwarting spam and automated extraction of data from websites), meaning that a well versed computer programmer could write a piece of code that could harvest all the data from the voter register.

    Even with the introduction of a captcha after a public uproar on the vulnerabilities of the system, the system still only required the entry of an ID number, any ID number, to get multiple layers of citizen personal data.

    2. Selling the entire database for $200

    Systems in most developing countries are usually porous enough to allow for mashing up of different datasets to recreate an identity or detail of an individual. The IEBC selling an entire voters’ register to whoever could afford to pay $200 meant that this information could potentially be used to reconstructed to create the identities of individuals, a result of which could be used for targeted reach of un-consenting voters.

    The above is a text message I received from an aspirant that not only identified me, but also had the exact details of my polling station.

    3. Not limiting access to the voter register.

    Anyone with a mobile phone or an internet connection had access to pretty much the entire voter register depending on their determination to access it. There was no security feature installed to ensure that for one to have access to the voter details, they had to have a level of knowledge of the voter.

    All the details contained in the above image are great parameters for identity theft.

    Recommendations

    Citizen data being very critical for national and subnational planning, there needs to be more that is done to ensure this particular set of data is not only secure but that it is also kept clean, accurate and correct. The easiest way to ensure that this happens is by streamlining the processes that are involved in data collection, storage, access and dissemination.

    Custodians of any datasets that contain personal data of any individuals need to be properly trained on how to handle that data and especially to prevent cases of introducing impurities into the data, such that the data becomes too unreliable and undependable especially for decision making.

    Access to datasets that contain personal data needs to be limited to only those with the right clearance of the owners of that data themselves. Article 31(c) of the Kenyan constitution under the right to privacy provides that citizens have a right to not have information about their private affairs unnecessarily required or revealed.

    For mass access of data, the normal standard is to anonymize the data as much as possible so that it cannot be used to map back to any one or group of individuals. These lessons can be taken in to inform the process that is going in to inform the formulation and improvement to the current data protection bill. To do it right before it becomes law.

  • Privacy in The Era of Big Data

    In an age where the Internet does not forget, access to technology and technological devices is not only easy but cheap. People are using all kinds of tech products and services and most users sign on to these services without reading through the terms and conditions keenly to ensure that they are protected before sharing their private information.

    On top of that, most organizations (private and public alike) tend not to invest enough in ensuring the protection of user data. The rules and regulations are also very lax, especially with the lack of data protection laws in most countries and thus, there are currently no real consequences for the mishandling of private or personal information.

    Data protection and privacy are some of the most underrated acts of personal protection. Without proper laws, rules, regulations, and sensitization around data protection and privacy, increasing numbers of corporate and government institutions will continue to exploit user data for their own benefits without proper consent or acknowledgement. And without meaningful data literacy, individuals will continue to share private information online while being oblivious of the impact of their data being made available in this way.

    By being unaware about the value of their data, Internet users expose themselves to cases of identity theft and data fraud. Increasingly, these cases are starting to take center stage in developing countries. Cases of identity theft are rapidly growing in East Africa with unsuspecting victims having their identities used for criminal activities or even signing up for services that they do not consent to.

    A recent example of this problem occurred in the just concluded election in Kenya, where voter data for those that are registered ended up in the hands of those that were campaigning for various electoral seats. As a result, many people took to social media to demand that their data be either removed from the voter register that had been shared online or that the electoral commission implement better security measures on the data that has been entrusted with them.

    For a healthy Internet, users need a level of assurance that what they share online will not be used against them. Through the Mozilla fellowship, I aim to raise awareness on the need for data protection and privacy, especially among consumers and providers of services. The support by the Mozilla Foundation is especially important to support the study of the various existing laws that touch on data protection and privacy and cases of infringement of user data privacy in the public and private sectors.

    Through this fellowship, I will have engagements with various key stakeholders (policy makers, industry players and the consumers) and make recommendations on how to ensure that the existing data protection and privacy regulations are more inclusive and that they are educating users on the measures that can be taken to protect their data, while at the same time developing guidelines on how service providers can protect user data more effectively. All the findings are recommendations will be published.

    I was the project coordinator for the Government of Kenya’s Open Data Project and during this time, I was able to create professional networks with the various key stakeholders both locally and in the East African community. This will create an important platform to steer this work. The tech policy fellowship has also provided a great avenue to continue the work and especially to focus on ways to improve our data access, communication and dissemination.