TANA DELTA, KENYA — Information security is an issue which has been raised several times in the communities currently being visited by The Sentinel Project in Kenya’s Tana Delta. As discovered during our recent survey of Tana residents, 82% of residents polled own cellular phones, most of whom rely on SMS (91% overall across Kenya, according to 2013 Global Attitudes data) rather than the Internet (which represents only about 25% of our survey respondents). This poses a challenge for community ambassadors seeking to report sensitive information through our Una Hakika program, since many participants worry about the risk of cellular identification, surveillance and persecution. While robust encryption technologies are available for smartphones, a simpler strategy is required for regions with basic “feature phone” adoption.
At The Sentinel Project, we’re tackling this issue as two separate but interrelated problems: a data intake problem and a data retention problem.
To reduce the risk of compromised data intake, our Una Hakika program has been designed with multiple means of reporting rumours; participants may submit rumours by web, email, SMS, voice or “walk-in” (i.e. face-to-face communication with an Una Hakika team member). Since web and email are inaccessible or inconvenient for many residents of the Tana Delta, and SMS is feared by participants to be easily intercepted by telecommunications infrastructure, we’ve prioritized intake methods in the following order:
Obfuscated SMS with voice cypher
The latter option may be most viable for participants who live outside of regular geographic proximity to an Una Hakika team member. The participant would first contact a team member in person or via telephone and agree on a basic cypher, such as word substitution (e.g. “concrete” for “weapons”) or message splitting (e.g. critical words would be sent by another community liaison on a separate cell phone). Once a cypher is established, communication can continue with basic SMS. It should be noted, however, that obfuscating content does not necessarily protect users from the risk of metadata analysis.
To reduce the risk of compromised data retention, The Sentinel Project hosts data outside of the nations in which it operates (potentially discouraging a subpoena from a host government, although it’s uncertain what relationships of convenience exist between Canadian/US data collection agencies and other governments). We also maintain a manual process for destroying source data (such as domestically-received SMSes) and retaining only externally sourced data, which we generally anonymize and encrypt using strong one-way encryption. In the future, we may also implement auto data destruction workflow. While this obviously doesn’t remove the risk of data being intercepted prior to acquisition by The Sentinel Project, it places the advance burden of retention on domestic telecommunication providers and host governments who may have minimal resources to dedicate.
These security measures appear rudimentary when compared with obfuscation technologies like Tor, Orweb or PGP; however, our intention isn’t to entirely remove the risk of participating in Una Hakika, which we feel is impossible, but instead to make risk manageable and understandable for participants with a limited technology ceiling.
Clearly, not all data submitted through our Una Hakika project will require obfuscation. We anticipate that the vast majority of rumours will be of potentially high impact but marginal sensitivity (e.g. rumours of suspicious activity on the part of a rival ethnic group). Exceptions to this rule would be rumours of government, police or military misconduct. In the Tana Delta conflict in particular, the participants are primarily non-state actors, and so our assessment of the risk of information compromise is extremely low.