In contexts affected by violence and instability, digital technologies can be leveraged to support humanitarian programs, for instance by capturing and using information to inform and adjust responses or by facilitating two-way communication between humanitarian staff and affected people.
In recent years, humanitarian practitioners and human rights defenders have progressively integrated tools and methods provided by digital technologies to improve situational awareness and actionable information with the view to better protect and assist crisis-affected populations. For example, they have employed remote sensing tools to augment conflict early warning capacities and document human rights abuse (see, for example, technologies developed by Hala Systems). Humanitarian organizations have also leveraged mobile data for tracking the conditions, profiles, and routes of transit of displaced populations, have exploited meta data from call detail records to predict the spread of infectious diseases, and deploy drones for surveillance of damaged locations and monitoring critical infrastructure.
At the same time, digital technologies have also the potential to exacerbate or change conflict dynamics and to increase the risk of intentional and unintended harm for affected populations. We can discern two categories of risks that raise particular concern:
- The (mis)use of data or digital technology by State and non-State actors which lead to humanitarian consequences for affected population;
- Behaviour or practices of humanitarian actors or affected people that enable increased exposure to digitally-related risks (e.g., through malpractice, mishandling of information and personal data, digital illiteracy).
The (mis)use of data or digital technology
Digital technologies provide States, non-State armed groups, and other stakeholders involved in the ecosystem of conflicts, with new ways and means to operate with or against one another. These can include cyber-attacks on the computer systems of life-saving critical infrastructure and communications systems (see here), emergent and abusive forms of digital surveillance, electronic exploitation and the different ways digital communication can be misused. For latter, examples include online hate speech and dangerous speech, viral rumours, information operations or computational propaganda.
Behaviour or practices by humanitarian actors that increase exposure to risks
Many voices are guarding against the risk of ‘humanitarian innovation’ in conflict-affected environments. Increasingly, it is believed that affected populations are carelessly being exposed to harmful, though often unintended side-effects of digital data experimentation, data protection and privacy violations, and the mishandling of sensitive information by multiple actors, including humanitarian organizations looking to deploy emerging technologies in already fragile contexts. All this can have serious consequences for the fundamental rights, the protection and resilience of people whose life and future perspectives have already been disrupted and undermined by war and violence.
Open questions to be addressed by the humanitarian sector
Yet, are we able to grasp and understand the full scope of possible negative effects resulting from the use digital technologies in armed conflict and other situations of violence? Are there new protection problems emerging? New humanitarian consequences? What does it mean for humanitarian actors to carry out appropriate protection and assistance programs in increasingly digitalized contexts? How do we interpret and implement the ‘Do No Harm’-principle in the digital age and vis-à-vis the people we are mandated to help (see also Professional Standards for Protection Work)? And does the use of new technologies raise challenges to the basic principles that many humanitarian organizations—in particular the ICRC—adhere to in their action, namely neutrality, impartiality, independence and humanity (NIIHA)?
To address some of these questions and to identify areas that require particular attention in the years to come, in December 2018 the ICRC organised a Symposium on Digital Risks in armed conflict. The symposium gathered experts from different fields and sectors (humanitarian, human rights, academia, tech and private sector, government, military). The symposium showed that five key gaps exist that the humanitarian sector needs to address digital risks.
1. A knowledge gap
There is still limited in-depth understanding within the humanitarian sector about the digital threat landscape in conflict environments. Stronger knowledge is needed on how different actors, including parties to the conflict, are making use of technologies, what consequences this may have for affected populations and what are the implications for possible protection response by humanitarian actors are.
A first step to close the knowledge gap could be to strengthen ties and synergies between the humanitarian sector and tech as well as academic circles in order to produce timely and comprehensive evidence-based research looking to improve humanitarian practice.
2. A skill and literacy gap
New technologies are often quite opaque. Knowing how they function and how they can be used beyond a certain level requires an expertise that is not within everyone’s reach. However, more often than never, even the bare minimum of knowledge on the functioning and possible risks of usage of new technologies is lacking among affected populations and humanitarian staff.
Thus, the humanitarian sector needs to seriously invest in the development of digital literacy programs and education in digital risks both for affected populations and for humanitarian practitioners. Equally, learning how to inject and apply a ‘threat modeling’ approach before deciding on using certain technologies could help in unintentionally increasing digital risk exposure.
3. An ethical gap
What does the duty of care, the ‘Do No Harm’-principle and more broadly the NIIHA approach mean in the digital age? How do we apply them? What type of digital innovations are humanitarian organizations ready to support without compromising the ethical foundations of their work? What types of partnerships with the private sector are humanitarians ready to embark on and under which conditions?
As an immediate step, humanitarian actors have to stop experimenting with new technologies in their interaction with affected populations without having put in place necessary safeguards and conducting proper risks assessment, including threat modelling, to reduce exposure to risks. In order to support such assessments, and to resolve some of the existing dilemmas, there should be an inclusive discussion, and some form of agreement within the humanitarian sector—but not only—to re-articulate what the ‘Do No Harm’-principle means in a digital age.
4. A governance gap
What are the accountability mechanisms and safeguards to be put in place for humanitarian action in the digital age? The humanitarian sector should discuss the usefulness and feasibility to establish professional standards for digital risks,bearing in mind that with the velocity at which technology evolves, this would require constant review and update. There may also be a need to set-up an overarching mechanism to report and manage critical incidents related to data breaches across the humanitarian sector.
5. A financial gap
In the same way that not all humans receive the same pay check at the of the month, not all humanitarian organisations have the same budget or resources to invest in information security, risk assessment, development of technical capacities, data protection expertise, digital literacy etc. While this cannot be an excuse to disregard their obligation to put in place the necessary policies, guidelines, safeguards and processes to limit the exposure to digital risks for affected populations, the humanitarian sector should seriously reflect on ways to provide expertise and support to organizations with more limited resources.
The obstacles posed by existing knowledge, skill, ethical, governance and financial gaps are not insurmountable. Finding answers to these challenges is key if we want to make sure we can maintain the centrality of protection in the digital age. They will, however, require work, resources, a certain level of trust and a genuine commitment to implement necessary decisions—while ensuring that affected populations are part of those conversations.
Other posts in the series
- Intro to blog series on human costs of cyber operations
- Malware: A selection of essential cyber notions and concepts, Lukasz Olejnik & Tilman Rodenhäuser
- Potential human costs of cyber operations—Key ICRC takeaways from discussion with tech experts, Laurent Gisel, Lukasz Olejnik
- The potential human costs of eschewing cyber operations, Col. Gary Corn
- Know your enemy and know yourself: Attribution in the cyber domain, Vitaly Kamluk