Practicing Responsible Data
So, what does all of this mean about how we practice responsible data, and how we collect and store data?
- We practise data minimisation: only collecting the data we need, and deleting it afterwards
- We use and support open source technology
- We incorporate responsible data support when working with partners to design and implement projects
- When we collect data about people or organisations, we communicate clearly about that collection to allow for informed consent and an opt-in process
- We do not collect data about people, organizations, or activities that we do not have a clear intent to use productively
- We set high operational security standards and provide the support needed to meet these standards
Services and tools we use
- CryptPad for storing documents that may contain confidential or sensitive information, hosted on servers we control.
- GitHub for storing a statically generated website freely accessible and not implementing any tracker for publishing the research documentation.
- Google Drive for storing non-sensitive information, which is sadly somewhat of a necessity collaborating with an entirely virtual organisation. Real-time collaboration over documents is a key part of how we work, and we’ve not yet found an open source solution that offers even close to the same level of functionality
- GlobaLeaks for surveys, a free and open source software that allows secure submission of information and anonymous access through the Tor Browser
- We use different video/conference call software, as their reliability changes. We’re regular users of end-to-end encrypted messaging apps Signal and Wire, though the latter doesn’t (yet) allow for group video calls. Until that happens, we use meet.jit.si
Communications
- For internal communication between the collaborators in this research project, we encrypt our emails using PGP, and we put our public keys up online. We use both Riseup and Gmail as providers along with Enigmail/Thunderbird and Mailevelope with Gmail to encrypt our emails to each other and, wherever possible, to partners and beneficiaries
Last update April 28, 2020