Communications and connectivity have always been essential for any effective response to humanitarian crises. In recent decades, humanitarian information and communication technology (ICT) have developed from legacy telephony and push-to-talk (PTT) radio systems to incorporate the internet and internet-connected applications.
The January 2010 earthquake in Haiti is generally acknowledged as the moment when the internet emerged on equal footing with other forms of technology during humanitarian response. But even at that point, humanitarian ICT was almost exclusively seen as a support mechanism to enable other, more familiar, forms of humanitarian aid such as food, shelter, and water and sanitation services. Relatively simple networks, connecting hundreds of humanitarian workers in a specific area, could be easily set up through traditional branch network designs.
The Syrian conflict and the ensuing mass migration presented the next transformative challenge. For the first time at scale, humanitarians were presented with a refugee population who carried modern smartphones and expected and needed internet access for a range of reasons, including to maintain contact with loved ones, and to apply for asylum and gain access to their legal rights. And, for the first time, the internet – not just for the responders, but for the crisis-affected people themselves – was seen as a form of humanitarian assistance as important as other forms of aid.
With this expanded mandate, humanitarian ICT officers are no longer expected to only connect humanitarian aid workers in specific locations (as important and as challenging as this continues to be), but may be called to connect potentially hundreds of thousands of affected people across a large geographical sphere.
Unaddressed risks
The impetus to provide connectivity is a good one, namely responding to a need directly expressed by affected people. At the same time, from this expanded audience and scope of humanitarian connectivity emerges fundamental questions of protection.
Along with all the innovations in humanitarian technology of recent years comes an additional unsavory truth: threat actors continue to innovate, too. And these actors are often well financed, resourced and incentivized to keep finding new methods of exploitation. High profile attacks of recent years include the theft of sensitive personal information, ransomware attacks against healthcare systems and critical infrastructure, and the recent hijacking of USAID’s email marketing system for the purpose of accessing its network of civil society and aid organizations. These attacks can expose already vulnerable individuals and populations to increased risk of targeted killing, exploitation, and other harms.
So far, the humanitarian community’s response to both routine and advanced digital threats remains under-resourced and under-prioritized, even as research from organizations such as Citizen Lab at the University of Toronto and FireEye report that humanitarians and vulnerable civilians fleeing conflict were one of the top four categories of digital targets for combatants. At this point, it would be deeply irresponsible to assume anything otherwise: digital infrastructure deployed in any humanitarian response will be attacked.
While these risks are increasingly acknowledged in humanitarian and development contexts, it is still quite common to see humanitarian networks deployed in the field with little attention to cybersecurity and protection concerns. Often this is done by invoking humanitarian exceptionalism: the work is so important and the people in such dire straits that cutting corners to deliver service quickly is not only justified but necessary. Thus, instead of an integrated security architecture that is capable of detecting and mitigating current and foreseeable future threats, many humanitarian connectivity deployments still rely upon a ‘dumb pipe’ model of internet connection, where connectivity is provisioned by a service provider without any active security or network management infrastructure. Digital security incident response plans for field humanitarian operations are almost unheard of, even though security incident response is a common capability in the corporate world.
To make connectivity more readily available in humanitarian crises, humanitarians are increasingly partnering with private sector technology companies to design, provision and implement humanitarian connectivity. While these collaborations can provide immense benefit to affected people, there are unique protection challenges too. When private sector actors provide in-kind support (such as human resources, technical services and/or equipment), these organizations are often: a) unaware of the humanitarian principles and protection methodologies undergirding the work of their partners; b) not bringing a conflict- or crisis-sensitivity lens to the work; and c) not bringing the same sense for security and protection to their work as they might normally do in their home countries and commercial contexts. Unless specifically guarded against, these challenges can create a diffusion of responsibilities that an attacker could exploit.
Yes, provide connectivity[1] – but do it safely
Given the confluence of challenges, there may be a temptation to look at the risks and simply scrap the provision of connectivity. However, refugees and other populations in need of humanitarian assistance should not be denied an important service because it is challenging to do well.
We believe that there is a fundamental difference between providing courtesy Wi-Fi at a local coffee shop and providing humanitarian connectivity in a crisis. In a crisis, the user likely does not have another option, and thus may lack basic agency and the ability to manage their own digital risks. Because of this, and in contradiction to the ‘humanitarian exceptionalism’ argument cited above, the onus should be on the international humanitarian community to provide the necessary services, and to provide it in the safest way possible.
On a positive note, there is a growing sense of concern and responsibility on these issues. For example, the ICRC, UN OCHA and others have published useful guidelines and reports about responsible use of technology and data in humanitarian contexts. Building on these foundational documents, we believe the following should now be considered crucial:
First, we need minimum technical specifications for the provision of humanitarian connectivity as aid, which must include how to make the service secure and protective from the outset. As security threats evolve, so too must protection, and the technical architectures should be designed to adapt to evolving or novel threats over their lifetimes.
Second, we need outreach, support and accountability at a field level. The field is all too often where lofty intentions discussed in New York and Geneva fall apart. Simply put, we must enable more local action: guidelines and technical specifications should be operationalized by humanitarian staff and private sector partners.
In order to achieve these two goals, we propose the following list of actions to create a more protective connectivity service:
- Donors should consistently fund digital protective capacities. Even the best intentions are dead upon arrival if the resources to develop and sustain protective capacities are not there. Government aid agencies, foundations, and other donors should include digital risk and harm-reduction work in their grant funding and language. The lack of consistent funding for digital capacities often results in incomplete, poorly designed systems which are neither secure nor sustainable – in other words dangerous, expensive failures.
- There needs to be universal applicability of standards and norms. Humanitarian networks and data systems must be created to be protective by design and by default. Positive security and privacy controls – including incident response – must extend beyond the back-office to the field. Technical and operational specifications should always account for the obligation to protect and pertain to all people involved in providing the service, regardless of whether that service provider is a humanitarian agency, a private sector company, government, or any other entity. For example, this means that volunteers from private sector tech companies must feel personally bound to humanitarian norms of protection, safeguarding and harm avoidance, not just relegating those responsibilities to the humanitarian agency they are supporting.
- Humanitarian agencies need to extend protection capacity to the field. While it is positive that the sector has more Chief Security Officers (CSOs) and information security staff than ever before, these individuals are often focused on systems at the headquarters or enterprise level, such as Enterprise Resource Planning (ERP), human resources data, or protecting donor data. These are all important, but organizations who provide connectivity to crisis-affected people have to be able to effectively manage this service’s security and privacy at the field level – and not just their back-end, back-office systems – as this is where the greatest risk for vulnerable people exists.
- The private sector should collaborate with humanitarian agencies in delivering principled, safe and effective connectivity. It is important that the private sector, whether indirectly as a technology vendor or more actively contributing to a humanitarian response, follows a conflict-sensitive approach. They should adhere to the sector specifications if directly providing humanitarian connectivity services. They should understand humanitarian principles and ethics, as this will help to ensure successful collaborations with humanitarian organizations and help preserve the security and dignity of vulnerable people. The capabilities of Silicon Valley – such as state-of-the-art technology – can be married to the humanitarian values of Geneva, but this collaboration must be intentional from both sides and include sustained mutual dialogue and education.
- Connectivity, including digital protection, must be locally contextual and accountable. We must anchor our work to the local context and the people we seek to serve. It is critical to engage with affected people and communities to identify needed services, assure equitable access, and the protections that need to exist – not only at the design stage, but throughout the programme lifecycle. Moreover, humanitarians must proactively account for and address existing contextual digital divides so that people without devices are able to access the same underlying services.
Conclusion: humanitarians (and their partners) need to act now
With the torrent of news headlines about security breaches in the humanitarian sector, it is clear that the issue of digital protection for vulnerable people is nothing short of an emergency.
In recent years, we’ve heard ‘do no harm’ increasingly invoked in humanitarian technology circles. But ‘doing no harm’ isn’t enough: as humanitarians providing connectivity we should actively seek to protect vulnerable people using the service from digital threats. As connectivity is now seen as a form of humanitarian aid, new humanitarian specifications for protection in the digital sphere are needed that build upon and extend beyond the existing body of ‘responsible data’ guidance in the sector – and must be operationally-focused (including practical to implement in the field) and auditable.
Humanitarians will not get there on their own, however. The extended humanitarian community of donors, governments, and private sector partners all play key roles – whether by providing funding, technical expertise, software, equipment, or training – in creating and sustaining the enabling conditions that make secure digital services a reality. And it could be that in doing so, a contribution will be made to global solutions needed for increased cybersecurity.
Digital technologies and humanitarian connectivity can help affirm the human dignity of crisis-affected people by supporting their safety, security, opportunity and agency. But this can only happen when we intentionally deploy technical solutions that are protective by design and maximize beneficial impact.
[1] The position put forward here is to provide connectivity safely where it is possible and relevant. However, there may be places where providing connectivity is not possible for a range of reasons – including where a relevant government has laws and/or regulations blocking such connectivity. There are good debates to be had about connectivity in non-permissive environments; however, it is beyond the scope of this post.
See also
- Sandrine Tiller, Pierrick Devidal & Delphine van Solinge, The ‘fog of war’ . . . and information, March 30, 2021
- Massimo Marelli & Martin Schüepp, Hacking humanitarians: operational dialogue and cyberspace, June 4, 2020
- Massimo Marelli & Adrian Perrig, Hacking humanitarians: mapping the cyber environment and threat landscape, May 7, 2020
- Massimo Marelli, Hacking Humanitarians: moving towards a humanitarian cybersecurity strategy, January 16, 2020
“The Syrian conflict and the ensuing mass migration presented the next transformative challenge. For the first time at scale, humanitarians were presented with a refugee population who carried modern smartphones and expected and needed internet access for a range of reasons, including to maintain contact with loved ones, and to apply for asylum and gain access to their legal rights. And, for the first time, the internet – not just for the responders, but for the crisis-affected people themselves – was seen as a form of humanitarian assistance as important as other forms of aid.
With this expanded mandate, humanitarian ICT officers are no longer expected to only connect humanitarian aid workers in specific locations (as important and as challenging as this continues to be), but may be called to connect potentially hundreds of thousands of affected people across a large geographical sphere.”
— Would you mind explaining the logical steps involved that led you to arrive at a paragraph that begins with “With this expanded mandate….” Can you clarify how you’re using the word “mandate” here?
As for the article’s title, “protective by design”, I am wholly unsold. Connectivity is designed to, uhm, connect people. I agree that connectivity during disasters is one form of aid. I agree that personal data should be protected while being connected. But I don’t know how to make the logical jump to being protected by connectivity — “protective by design”. I’m willing to be schooled and open to being convinced.
Just sharing feedback, which I hope you will receive kindly and appreciate. Thank you in advance.
It’s me again, wanting to add:
More context is needed. What countries are we talking about?
In places where people lack latrines and thus still practice open defecation, or drink brown water because they have no other choice, or have no access to health care and are dying of insect bites and other preventable diseases…. in places where there are no cellular towers (should donors fund these, as stated in the article? “Donors should consistently fund digital protective capacities.”), where people need food first — say any place in South Sudan outside of Juba, is it appropriate to talk about connectivity?
I think this article needs to provide more context. If humanitarian work can’t sustainably provide basic protection and coverage of daily needs — for decades, in many crisis-affected countries — I don’t think we should talk about connectivity yet.
Thanks very much for taking the time to share your thoughts Erwin – I’ve shared your comments with the authors so we can keep this important conversation going.
Hi again Erwin, here with some thoughts from the co-author, Mark Silverman. Thanks again for reading!
“Thanks for reading and engaging.
Re: mandate, this is being used to mean a new requirement for ICT officers – to provide connectivity not only for staff members but also for affected people. The ‘expanded mandate’ is best described by the UN ETC 2020 strategy, which expanded the mission of humanitarian connectivity to serve affected people, not just the humanitarians themselves.
Re: protective by design, we are arguing that if you are using a humanitarian service that is being provided for you to connect, that your data needs to protected while using the service. To do this requires excellent cyber security for the connectivity point, which we believe is not often enough in place.
As far as what this protection might look like and how the threats might manifest, on the Syrian refugee networks in Europe in the fall of 2015, we were stopping approximately 80,000 hostile events against refugees/migrants in the camps every week. Approximately 85% of that was Android malware. (source: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2944147). The point is that we know that humanitarian connectivity could open those very users to digital attacks and we put in place a mechanism to mitigate those risks rather than create an open, unprotected pipe of connectivity.”