Handling malicious users of crowdsourced documents during an emergency
Recently discussion on the CrisisCommons email list raised an issue about security pertaining to crowdsourced data – and the ease with which the information can be deleted by an anonymous malicious individual when using tools such as etherpad or Google Docs with open editing rights.
In this case an anonymous user was deleting data as quickly as it was entered in a shared public document. What is a more concerning risk is perhaps the subtle editing of crowdsourced information, where the edits are not obvious enough to be detected – such as the subtle and malicious modification of facts and figures.
For tech volunteers, there is a careful balance to be struck between protecting information (in this particular case its availability and integrity) and not creating significant barriers to entry.
The first obvious solution is that access on the document be restricted to authorised users. This means that only those individuals that are trusted can be expected to contribute to the collection and management of unstructured crowdsourced information.
This is less than ideal as it means that new users that volunteer immediately following an emergency haven’t developed a trust relationship with, for example, the CrisisCommons community, and are unable to immediately contribute.
I believe that with the simple use of a two-tier approach, one can easily protect the quality of the final document(s), whilst still making it easy for new volunteers to contribute.
You effectively create two types of document:
- Public and open documents – which are open to all to edit, and are effectively a rough scratchpad for collecting unstructured information.
- Trusted documents – which are open for only a limited pool of trusted users to edit, but draw from the content provided in the public and open documents.
The trusted editors effectively become the curators of the information, and once content has been copied and edited from the open documents, malicious anonymous users won’t be able to waste other volunteers time through deletion or editing.
There are other process benefits to this approach. For example, you may create a public document particular topics of the emergency – such as infrastructure, health/medical and background information (e.g. weather forecasts, population demographics etc) and these multiple individual documents may map to a single section within the trusted document to produce an edited and trusted version of crowdsourced information.
Still, from an operational perspective, this is a far from ideal approach, and there are certainly more robust approaches available to turn this into a process that can be used for intelligence gathering and situation reporting.
Another option for type one documents is to make them “add only” with content tagged by contributor. The document might become a little unwieldy until the information stabilized, but you’d never loose information. I’m imagining a wiki page where additions are color coded(?) by user. At any time a trusted editor could delete spam/malicious comments and/or ban malicious users.
By tagging edits to a user there is the advantage that readers of the document would likely notice a malicious person’s activities and discount their additions until they could be “officially” removed.
Steve
25 May 11 at 23:59