New technologies offer unprecedented occasions to engage with people in different contexts. However, if we want to adopt these new technologies responsibly, it is crucial to understand the risks involved, and figure out how they can be avoided or mitigated. To do this, the ICRC teamed up with Privacy International – an NGO that focuses on technology and privacy rights – to examine the risks for the ICRC’s digital communications, and make recommendations on how to handle them.
An inevitable trail
Metadata – data about data – are tiny information about our online activities: where we are, at what time we logged in, how many times we contact a particular person, etc. They may not convey the actual information that was transmitted, that is to say the data – such as credit card details, or the content of the email. However, they do offer clues that are much less protected, easier to find and that can still say a lot about a person: where they are, whom they are in contact with, etc. Moreover, they can be use to infer information about these people: who their most important relationships are, what their sleeping patterns are, and even what their political linings or sexual orientation are.
Humanitarian organizations increasingly use mobile technology, messaging services and social media to communicate and engage with people – and, in doing so, leave a trail of new metadata about these people.
Metadata are not new: old style analogue communication created data trails such as a log of mail delivered to a postbox, or a record held by a telephone exchange.
However, digital technology has massively increased the amount of metadata generated and possessed – and with it the capacity to analyze and use this information to make informed decisions. With billions of smartphones in daily use there is a growing understanding that metadata contain useful – and valuable – information. The value ranges from relatively benign use by marketers and advertisers, to more insidious political and economic manipulation, and even for profiling by military and intelligence services.
Recognizing the ethical duty to ensure that any potential harm is minimized, and building on a history of recognizing the importance of confidentiality, the ICRC has studied the implications of metadata in humanitarian contexts, and identified some mitigating actions.
While the answers are not conclusive, awareness of the dangers and pitfalls of metadata is a first step.
Working with Privacy International, a civil society group which campaigns for greater data protection, in 2018 the ICRC published The Humanitarian Metadata Problem: “Doing No Harm” in the Digital Era. This report outlines the ethical and practical considerations of generating and handling metadata in a humanitarian context.
Why it matters
Our digital presence is a virtual shadow of our physical lives. A single electronic message can leave details, in clear view for those who know where to look, about the individual devices and SIM cards used to send and receive it. Other metadata could include the message size, the precise location and time, IP addresses and web browser information.
So, while each element of metadata may not individually amount to much, as a whole, they can be pieced together and analyzed – bit by bit and byte by byte – to build a bigger picture.
Even if users take basic steps to protect their privacy, such as declining to accept cookies (electronic markers used to track online identities and behaviors) or avoiding online services that request personal details, these metadata are still out there. And they are being used.
Patterns of activity can predict behavior. For example, purchasing records are used by marketers to bombard us with targeted advertising; clues about our personal lives – where we go, who we associate with – can be used to infer a profile of our professional or financial situation.
In operational contexts, metadata can give away crucial and even sensitive information.
For example, metadata about mobile communications can give away one’s position and movements. Social media use creates metadata that can be used to map social connections between individuals – exposing, for example, certain vulnerable communities. This has the potential for abuse by hostile groups.
Even where the contents of transactions are encrypted – as in banking transactions, or some mobile messaging apps – the data about these transactions, their metadata, are usually not. By cross-referencing metadata, it is often possible to build a picture of the online activity and, by extension, the physical presence of the person engaging in that activity.
Information pieced together in this way can – and is – used to track, target and retaliate against individuals and even entire groups.
For example, some governments have started using data gathered from asylum seekers’ smartphones to verify claims made in their asylum applications. Where humanitarians have helped gather this data, their impartiality and reputation could be called into question.
There are other instances where affected people may be singled out on the basis of their association with humanitarian programmes— with metadata being used to identify these interactions. Such people may be vulnerable to reprisals or fall victim to criminal activity.
Humanitarians themselves have been subject to surveillance by intelligence services: metadata trails could endanger them and those they engage with. This was confirmed by Edward Snowden, who revealed in 2013 that intelligence services had indeed actively subjected a number of humanitarian agencies to surveillance, and subsequent investigations showed that this included gathering metadata from Amnesty International.
The contexts in which the ICRC works, involving conflict and instability, are of particular interest to some intelligence services. However the trust required to gain access to the people affected by these situations is fragile, and the threat of exposure to hostile forces as a result of metadata trails generated through interactions with the ICRC, could be very damaging.
According to Stewart Baker General Counsel at the US Government’s National Security Agency (NSA), quoted in the New York Review of Books: “Metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.”
The same article cites General Michael Hayden, a former director of the NSA and the CIA, who candidly admitted: “We kill people based on metadata.”
One risk is the duration of metadata. Digital interactions as part of a humanitarian intervention could have repercussions years down the road, long after the emergency itself is resolved.
“The report raises the risk that, from the simple presence in a humanitarian organization’s Facebook group, an entire minority might be identified and targeted years after the group has stopped offering information on aid programmes, or that participation in a cash transfer programme might prevent you from accessing a loan a decade afterwards because of negative credit profiling.” says Silvia Pelucchi, of the ICRC Communication Policy and Support Unit. “This basically means the emergency has become an essential aspect of your identity, with external and unrelated impacts beyond its duration.”
Recognizing the critical potential threat posed by metadata, The Humanitarian Metadata Problem explains the contexts in which metadata are created and released. It also lays out some preliminary steps that can be taken to mitigate risks.
When the ICRC engages in electronic and online interactions, it has an ethical duty to ensure that no harm is done with the information collected and generated as part of its programmes.
At the same time, the ICRC has a duty to utilize 21st century tools to deliver its services in a relevant, efficient, timely and global way.
The report proposes a number of mitigation measures: humanitarian organizations should conduct advance risk assessments for all telecommunications; they should increase data and tech literacy among staff, volunteers and crisis-affected people when messaging apps and social media are used to communicate.
Special precautions are needed with registration for Cash Transfer Programmes (CTPs), especially for vulnerable minorities. And data-sharing practices, policies and laws should be considered in the selection of banks used in CTP.
“The report, and a series of instruments that are being built around it, aim to make us more conscious of what are some of the risks we might not have considered – so that we can evaluate case by case whether we should use digital tools or whether it’s too risky,” Pelucchi says.
“As the world moves toward digitalization at an ever-increasing pace, digital technologies become crucial tools to serve and engage with affected people that are out of physical reach. Because of this, however, it is imperative that the humanitarian sector learns to recognize, anticipate and mitigate the risks derived from such an interaction,” she says.
The report’s findings and recommendations were part of the discussions at the ICRC’s Symposium on Digital Risks in Situations of Armed Conflict, on 11-12 of December 2018 in London. Nearly 200 participants from humanitarian organisations, United Nations agencies, private tech companies, academia and government met to share and discuss their perspectives and experiences with identifying and tackling digital risks, to explore how they could evolve in the coming years, and to consider possible measures to manage them.
- Download the report The humanitarian metadata problem: ‘Doing no harm’ in the digital era
- Watch the explainer video series
- Read more about metadata protection at the ICRC: Digital trails could endanger people receiving humanitarian aid, ICRC and Privacy International find . See also: The price of virtual proximity: How humanitarian organizations’ digital trails can put people at risk
- Read more about Data and digitalization