Tech
&
Innovation
Video story

2 of 3| Block or accept?

As humanitarian groups have rushed to embrace new technologies, biometric data such as eye, finger and palm scans have become a common method for humanitarian organizations to track aid during emergencies. But is the humanitarian sector fully ready to protect this most personal form of data?

A few decades ago, eye and palm scans were the stuff of high-tech thrillers and James Bond films. Today, they are a common part of daily life, even at places such camps for refugees and people displaced by crisis.

The Kenya Red Cross Society, for example, began using thumb prints and eye scans as part of its efforts to help people rebuild after devestating country-wide floods in 2018.

In the absence of clear regulations on the use of biometric data, Kenya Red Cross staff voluntarily followed the European Union’s General Data Protection Regulation or GDPR as well as policies set by the Red Cross Red Crescent Movement.

“For us, it wasn’t about us coming in, doing the assessment and collecting data on the people we wanted to help,” says Steve Kenei, a data analyst for the International Centre for Humanitarian Affairs of the Kenya Red Cross Society.

“We did the assessment with the community, having them prioritize who was getting what,” he says. ”So with the biometric element, people knew with that this technology was simply further guaranteeing that the only people receiving shelter materials where those who were most in need.”

In that context, says Kinei, the use of biometric data can help build trust with communities dealing with extreme hardship. In addition, it can assure donors and the public at large by providing clearly quantifiable evidence of results.

But things like eye scans and thumb prints can also be met with skepticism and hostility from people who feel the technology is unnecessarily invasive. In recent years, refugees and displaced people in some camps have protested such practices, uncomfortable with the process and unsure how this deeply personal type of data would be used.

Part of the frustration is that people fleeing conflict, looking for shelter after violence or flooding, may not feel they are in a position to object to intrusive practices, especially if their access to food, shelter, cash or medicine depend on it.

Digital biometric data is now integral in humanitarian response. Here, the Indonesian Red Cross, or PMI as it’s known there, uses a digital data collection system to ensure proper measurement and accountability after a December 2019 earthquake in the country’s Lombok region. | Photo: Musfarayani/IFRC

Zero to 60

Some experts who study the use of data in humanitarian response argue that it’s time the sector start to question its own practices and work toward adopting universal standards to ensure biometric data is adequately protected.

“In the past five to ten years, the humanitarian sectors has gone from 0 to 60 in terms of not having a biometric component in our work to having biometrics and digital identity being at the centre of what aid organizations do now in the 21st century,” said Nathaniel Raymond, a human rights expert and lecturer at Yale University’s Jackson Institute for Global Affairs. “We in the humanitarian sector have adopted technological modalities far faster than we have upgraded our ethics, norms and legal analysis.”

This rush to embrace new technologies is driven in part by increased pressures on humanitarian organizations to do more with less. As humanitarian needs rise and budget face increased pressure, humanitarian organizations have looked to innovative, tech-based and data-driven solutions that can deliver results backed up by clear evidence.

Even organizations used to assesing and navigating risks in extremely dangerous situations do not always fully understand the risks posed in the digital world, according to Alexandrine Pirlot de Corbion, director of strategy at Privacy International, a leading global data privacy organization.

“Historically, the humanitarian sector has always been very careful about protecting the confidentiality of the people they are assisting,“ notes Pirlot de Corbion, who helped author several reports co-produced by the ICRC and Privacy International that critiqued data protection practices in the humanitarian sector. (See The humanitarian Metadata problem: Doing no harm in the digital era).

“But when it came to the digital world, with more of them using the internet and processing data,” she says, or her team’s investigations, “we didn’t see the same understanding or approach to threat modeling and the risks and safeguards needed as a result.”

Humanitarian groups have used fingerprints on paper for decades to identify recipients of aid. Digitizing these biological identifiers offers a new level of traceability and accountability. The Kenya Red Cross used digital biometric data after country-wide floods to ensure new shelter materials went only to those the community said were most in need. | Photo: John Bundi/Kenya Red Cross

“Historically, the humanitarian sector has always been very careful about protecting the confidentiality of the people they are assisting. But when it came to the digital world, with more of them using the internet and processing data, we didn’t see the same understanding.”

Alexandrine Pirlot de Corbion, director of strategy at Privacy International, a leading global data privacy organization.

A cautious approach in conflict zones

Data protection is especially critical in conflict zones, where a breach of such data could be a matter of life or death. When it comes to biometric data, the ICRC now takes a cautious approach. Any biometric information taken is kept by the person being scanned on a card and it’s never stored by the ICRC.

“We looked very carefully at the benefits that using biometric data would bring in terms of effectiveness and efficiency, and we looked at the risks involved if biometric data ended up in the wrong hands, or was mis-used,” says Massimo Marelli, head of the Data Protection Office at the ICRC.

“In the end, we decided that the ICRC policy should be that biometric can be captured and stored exclusively on a card held by the individual and never in a centralized data base that the ICRC would hold.”

Clearly, humanitarian organizations shoulder a heavy responsibility when it comes to biometric data as well as other kinds of digital information. For his part, Marelli isn’t saying that all humanitarian organizations, in all cases, should adopt the same policy as ICRC. But he agrees with other experts that each organization needs to make judgements based on full knowledge of the risks and potential benefits, which will vary from case to case.

“The fact that there are risks does not mean we do not do things,” Marelli adds. “We just need to develop the tools to understand those risks and be accountable when we do take those risks. In a way, this is no different than what we do in the physical world. It’s just that in the physical world, we are more equipped to deal with those risks because we can more easily see them.”

By working closely along with affected communities in the decisions about assistance and data collection after floods in 2018, the Kenya Red Cross says the use of biometric data helped build trust by ensuring help went only to those most in need. | Photo: John Bundi/Kenya Red Cross

Related

Find more...

Subscribe

Want to stay up to date?

Join our newsletter to get a regular roundup of stories from Red Cross and Red Crescent.