Biometric data collection appears to offer a variety of potential benefits: technological efficiency, transparency and accountability, even fraud mitigation. But the ICRC’s touchstone of ‘do no harm’ means it must weigh those opportunities against the full range of risks and always proceed with caution, and a new initiative will attempt to design and build a biometric system specifically for use in sensitive humanitarian settings.

The long-standing partnership between the ICRC and Switzerland’s two federal institutes of technology—EPFL in Lausanne and ETH Zurich—received a boost when the ETH Board agreed a two-year, five million CHF funding package for new research in 2020, dubbed Engineering Humanitarian Aid. The biometrics project, which will be fully underway in February 2021, is among the first to benefit from seed funding.

“The balancing act is how to be future-leaning and innovative in our practice, but conservative when it comes to protection,” explains Federica du Pasquier, advisor to ICRC President Peter Maurer. “Instead of accepting the parameters of the technology that is offered, we often need to develop a product that works for the ICRC.”

Careless tools cost lives

Currently, the ICRC only collects a very specific range of biometric data in a very specific set of circumstances. For example, some of ICRC’s current biometrics serve to identify the deceased, facilitate reunification of separated families, or ensure the right people receive aid.

The ICRC collects the minimum data required for the job and, crucially, does not archive the information in a database that could fall victim to hacking or to legal or coercive appropriation by authorities. Once biometric data has been used for the purpose for which it was collected, it is deleted.

As the ICRC’s August 2019 Policy on the Processing of Biometric Data states:

For the ICRC, the protection of personal data whose disclosure could put its beneficiaries at risk, or otherwise be used for purposes other than those for which it was collected, is an integral means of preserving its neutrality, impartiality, and independence, as well as the exclusively humanitarian nature of its work.

This necessary caution stems from an understanding that technology is a tool but, if carelessly deployed, it can become a threat to the very principles on which the ICRC is founded.

Efficiencies and risks

Cash and Markets Specialist Clara Setiawan is based in ICRC’s Iraq delegation, where the risks and benefits of biometric data are stark. Distribution of cash tends to attract greater scrutiny than other forms of humanitarian assistance—like food, blankets or medicines—because of their perceived “greater” value, and the higher risk of fraud or theft, she says.

“Cash is often the entry point where biometrics comes into the conversation,” Setiawan says, “as a route to ensuring that conflict-affected people receive what they are entitled.”

For now, the ICRC only uses what is known as token-based biometrics, where any data that is captured is stored on something the individual them self owns.

“Harnessing the benefits of biometrics, while ensuring we do no harm, is a constant challenge,” Setiawan says.

Authenticity is key

When it comes to using biometrics, it is important to point out that that identification is not the same as authentication.

Identity is something every human has (from birth) and, while there is no universally accepted form of identity, it is generally accepted that the concept of identity is represented by a set of unique attributes. Knowing a person’s identity can be vital in some cases, such as reuniting unaccompanied minors with their parents.

But quite often, it is enough to know that a person is entitled to access a service because they meet certain criteria or have a particular set of attributes (e.g. under a certain age and therefore able to receive a particular vaccine). This is known as authentication, or the process or action of verifying an identity to be true, genuine and valid.

With biometrics, it is very convenient to authenticate an identity but heightens the risks. This is because the process involves highly personal data and cannot be revoked – a identity card can be revoked but a person’s iris is rather permanent.

Authentication can also be used to infer other information (e.g. gender, health conditions, etc) and, depending on the choice of biometrics (finger prints, iris, voice, face, veins and even behavioral attributes), the actual process’ intrusiveness can range from potentially invasive (from blood to psychological tests) to possibly being done without the subject even knowing (like a face scan).

Less data, more protection

Because of data’s tremendous market value, commercial companies manufacturing biometric systems have an interest in harvesting and storing as much as possible. For the ICRC, the opposite is true.

“Humanitarian organisations need reliable data,” says du Pasquier, “to identify those who need assistance, maintain medical records and even reunite families.”

The relationship is one of assistance and respect, but it is also transactional with goods exchanged. “Whenever there’s a humanitarian transaction, there is a human being involved and data is exchanged,” says Vincent Graf Narbel, ICRC Strategic Technology Advisor. “The challenge is to only collect what is necessary and only when it is necessary.”

For Graf Narbel, the key issue is the responsible use of biometrics, something he argues is impossible with the tools currently available.

When deployed, biometric systems capture data on a device—a touchpad, scanner or camera—then the image is quality-checked and processed to extract the individual’s biometric features which are stored in a database as a biometric template or profile. When the individual returns, the same features are rescanned and compared with those in the database to find a match.

“Unfortunately, all the current software is proprietary instead of open-sourced, so the entire process is extremely opaque, like a black box,” says Graf Narbel. “But we believe there are ways to improve the situation.”

Build better

The lack of what Graf Narbel calls “appropriate tech” is something Carmela Troncoso, Assistant Professor at EPFL’s Security and Privacy Engineering Lab, is hoping to fix. Troncoso is a computer scientist well known for her work leading the team that built the ground-breaking DP-3T COVID-19 app that tracks contacts using a smartphone’s Bluetooth without infringing privacy.

“Humanitarians find it hard to work with off-the-shelf solutions,” says Troncoso, “because they are optimized for efficiency and profit, but in a humanitarian scenario profit is not the number one priority. This is an opportunity to design differently.”

The aim is to minimize the data collected and maximize its protection, using encryption and decentralization. “We are trying to limit the risk that any corner of the system can have for the rest,” says Troncoso. “We build technology with cryptography so that if you lose one device the risk overall is minimal, or none.”

What that will look like is not yet known, but it could be a program or application that uses biometric data differently and can be deployed in the field by any humanitarian organization.

“We would like something that is very local, very close to the user and very decentralized because the more it is decentralized the less value each element has on its own, which further reduces the risk.”

Once there is a working prototype, says Graf Narbel, “the objective is to put a product on the market that will enable better biometrics for humanitarians. To do that, we will need another type of collaboration, like a commercial partner outside academia.”

It is a goal that is as ambitious as it is essential – and potentially transformational – for humanitarian work.