LAMP Consortium

Data Security and Encryption?

Our research team is hoping to make the switch from Beiwe to MindLAMP for several upcoming projects. We are in the process of obtaining IRB approval to use MindLAMP, and we need to provide a thorough description of the data security features of the platform. In particular, we need to describe the specific encryption protocols that will be used to safeguard data on participants’ phones, in transit, and at rest on the server. I’ve looked through the documentation, but the information I’ve been able to find doesn’t include a lot of detail (e.g., I see the platform uses AES-256 encryption, but is that the case for data on participants’ phones as well as on the server?). Is there somewhere I could find a more comprehensive technical description of the MindLAMP data security features?

Thanks!
Eric

Hi Eric,

That’s great news! Would you mind filling out this interest form? https://docs.google.com/forms/d/e/1FAIpQLSeNyY469zPcwVoZ8gKTwW8dLuzRDXpObLcR8JtHdUlRhAQcyQ/viewform?gxids=7757

In response to your question, we do not store data on the patients’ phones. It is only stored on the server. Our security doc can be found here: https://docs.lamp.digital/5f204e1d121b488b929727311e078482

Best,

Rebecca

Hi Rebecca,

Thanks for your response! I just filled out the form.

Sorry if my previous message was a little ambiguous – by “data stored on participants’ phones”, I wasn’t referring to long-term data storage on the phones, I meant the data cached on the phones before being uploaded to the server. If I understand correctly, those data could remain on the phones for awhile under certain circumstances (e.g., if the phone cannot access a data connection). Where could I find out about what security/encryption measures are in place for the phone data cache?

Also, I was hoping to find more information about how the AES encryption keys are generated and stored. Is that information available somewhere?

Thanks!
Eric

Hi Eric,

There is no encryption for the cache. As soon as something something leaves the phone, it is encrypted.

We use whatever AES encryption keys AWS provides, so to learn more of the specifics I would look to their resources.

Hope this helps!

Best,

Rebecca