In this article, Type Media Center fellow Nick Turse covers the fallout from a data exposure incident involving the Kivu Security Tracker (KST), a project aimed at documenting human rights abuses in the Democratic Republic of the Congo.
- Failing to ‘Do No Harm’: In this article, Nick Turse and co-author Robert Flummerfelt discuss the leak of personal information from KST’s database, which “exposed the identities of 6,000 to 8,000 [high-risk] individuals”. The authors note the failure on KST’s part to fulfill the ‘do no harm’ methodology that is the core of humanitarian work, instead “putting the very people that [they] are trying to protect at risk of death”, as said by Adrien Ogée, the chief operations officer at the CyberPeace Institute.
- An Open Bucket: The article covers the insufficient security measures implemented by KST, in which “sensitive files were hosted on an open “bucket”: a cloud storage server accessible to the open internet.” The leak that occurred as a result of this insufficient system compromised the safety of sources and field staff working in dangerous environments.
- Skipping Steps: Turse and Flummerfelt raise serious ethical concerns regarding informed consent, referencing “multiple people exposed in the data leak who said they did not consent to any information being stored in a database”. The authors emphasize the pronounced ethical violation and potential harm created in this specific situation by neglecting to follow research protocol.
- Unknown Consequences: The article states that there has been no evidence found to indicate that anyone has been threatened or harmed due to the leak, as of yet. However, the maintain that, according to the investigation by The Intercept, “it’s currently unknown if any of the thousands of people involved were harmed.”
Type Media Center’s Note
This article by our fellow Nick Turse reflects Type Media Center’s dedication to nurturing independent journalism that not only informs but strives for societal change.