Restrictions with Encryption?

Hello,
relating to the following hints: http://support.kobotoolbox.org/en/articles/592415-encrypting-forms and Support Article and Request,
I have the following questions, please:
Does encryption …

  1. no more allow to save (and auto-save) not-finalised forms, e.g. if the household interview needs to be continued the next day.
  2. limit later export to simple .csv format, not allowing label export (?), as needed for SPSS optimal import?
  3. not allow local data visibility and editing after saving/finalising, e.g. for local review by supervisor?
  4. not allow KoBo features on server level, like report/tabulations, geomapping
  5. has other important limits?
    Thanks in advance.

Hi @wroos
Could you please clarify what exactly you are seeing with each and every issue you have mentioned. I also do not not understand how this is linked to the encryption problem.

Stephane

Dear @stephanealoo,
we would like to do encryption, already on offline field work devices (KoBoCollect on smartphones). But before we need to know more about the resulting restrictions for normal KoBoCollect features.
Each bullet marks a possible restriction resulting from KoBo encryption, as far as we understood cited community sources.
We would like to get confirmation or correction and addition to the list of restrictions.
For example, if encryption would no more allow an enumerator to save unfinalised data during interviewing over two days, we would probably not be able to use encryption.
Kind regards

Hi @wroos
Following up on this, could you please detail each and every step you want to take. Ideally encryption should still work for you.

Regards
Stephane

Dear @stephanealoo,
thanks for your reply and interest. I am sorry, that the questions were not clear enough. I will try again. Environment for all questions is: Encryption is turned on for a KoBoCollect form (Android smartphones).

  1. When does KoBoCollect encrypt data in offline-forms (first)?
    At Save? Also at Autosave? At Validate? At Finalize form? At .Send?

  2. Does KoBo-encryption still allow the enumerator to save (and auto-save) a not yet finalised form, e.g. if the household interview needs to be continued the next day.

  3. Does encryption of a form still allow local data visibility and re-editing on the smartphone after saving/finalising, e.g. for local review by supervisor?

  4. Does KoBo-encryption restrict KoBo analysis features on server level, like report/tabulations and data mapping with KoBoToolbox?

  5. Does KoBo-encryption limit later export from server to simple .csv format, or does it still allow (additional) label export, as needed for optimal SPSS import?

  6. Could encrypted local data/forms still be transferred manually to the server?

  7. Does KoBo-encryption provoke other important limits for KoBoCollect and KoBoToolbox features?

Kind regards
Wolfgang

Hi,
Prior to explaining each specific issue you raised. It should be important to note the following introductory note about encryption. Encrypted forms work by encrypting the data on the phone the moment it is saved. Data sent to KoBoToolbox is encrypted and completely inaccessible to anyone not possessing the private key. In this case, KoBoToolbox serves simply as a storage locker for your encrypted files - a place to upload and then download for later for local decryption (using ODK Briefcase). Since the form submissions are encrypted, it means, however, anything that requires access to the data like the map view or data export won’t work within KoBoToolbox. The extra level of security makes using KoBoToolbox in a way to collect sensitive data while meeting certain data protection protocols possible. (source)

At send

Yes, since the form while on the phone and not yet submitted, remains open for editing on the phone.

Yes as long as they are using the interviewer phone. Same logic as above applies

Yes it restricts it because the server will not have the necessary decryption code needed to decrypt the data for processing. @jnm can confirm this too.

You must be able to export your data using decryption services which means some of the benefits of exportation would be lost. My suggestion would be you keep a copy of your project that is not encrypted yet has no data to allow you to export the SPSS values and use them on the data that you will eventually collect.

The answer should be yes for this. However you should try this and see if there is a challenge

There are always pros and cons for various features including encryption. Unfortunately we cannot exhaust all the seen and unforeseen limitations. We rely on users to share their experiences which we can document for other users as they go.

Regards
Stephane

Dear Stephane,
thank you very much for the answers.
May I add the following question and hint, please:

  1. When does KoBo encrypt FIRST … (>> at Save OR >> at send OR at >> COMPLETED (finalised)?)

Encrypted forms work by encrypting the data on the phone the moment it is SAVED

When does KoBoCollect encrypt data in offline-forms (first)?
At Save? Also at Autosave? At Validate? At Finalize form? At .Send?

AT SEND

And in the help article from Tino_Kreutzer, we find:

KoBoCollect supports the ability to encrypt the content of a form the moment it is marked as completed and ready for submission on the phone.

  1. Label export
    a) Does your answer mean, that a label export is not possible with Briefcase (neither for Excel nor for SPSS), only simple csv format?

My suggestion would be you keep a copy of your project that is not encrypted yet has no data to allow you to export the SPSS values and use them on the data that you will eventually collect.

b) Did you try this already successfully?
c) What needs to be done then, if a (label) change later, after encryption, will be necessary?

I scanned the community for (all) Encryption topics, and add some people, who may contribute with additional experience and best practice hints: @raph, @meeske, @Francis_Vachon, @Dyala_Rousan, @uwanja, @jseiden, @Bahr_AbdUlrazzak, @Tino_Kreutzer.

Thanks in advance to all!
Kind regards
Wolfgang

You’re correct. In fact, this is explicitly stated in our support article at http://support.kobotoolbox.org/en/articles/592415-encrypting-forms:

Since the form submissions are encrypted, it means, however, anything that requires access to the data like the map view or data export won’t work within KoBoToolbox.

1 Like

Dear @jnm,
thanks. Could you also help for the open questions, please? Like when exactly is encryption done?
Kind regards

Encrypted forms apply asymmetric public key encryption at the time the form is finalized within ODK Collect.

https://docs.opendatakit.org/encrypted-forms/

1 Like

Dear @stephanealoo, dear @jnm,
additonal question, please: As far as we can see, decryption of (finalised) data can only be done through csv export from Briefcase (after download), Our question is:

How can KoBo data then be corrected (and put back on the server)?

As the data are only decrypted in csv form, we don’t see any change to get the correction back.

Could you, please, assist with more information?
Thanks in advance and kind regards

You’re right. For encrypted forms, you cannot edit submissions stored on the server. You also can’t use any of the server-side analysis tools, since your data is only gibberish from the server’s perspective. Given that, I’m not sure why correcting data and putting it back on the server would be very useful.

Dear @jnm,
thanks for the confirmation. Concerning the Why:
In an up-coming larger survey, we would like to be able to monitor, validate and, if needed, correct data soon soon after coming in from the field. More than one person will do monitoring and QA. So loading down, exporting to Excel merging all the separate parts (repeatings, audit and media files) etc. will not be a satisfying option. Esp. on a daily level and with staff with low ICT know-how. Also, Briefcase is limited to simple csv export, and for data set security the OCHA server seems a better place than Excel data on local devices.
Kind regards and thanks again
Wolfgang

1 Like