The use of biometric data in aid delivery has become the focus of fierce debate in the past few weeks, as the World Food Programme paused food deliveries in Yemen’s capital city after Houthi rebels refused to allow the registration of recipients’ details.
The WFP says biometric registration is necessary to stop Houthi-aligned authorities from diverting aid. The Houthis, who are fighting a more than four-year war against a Saudi Arabia-led coalition and Yemen’s internationally recognised government, say the biometrics programme WFP proposed is “counter to national security”, and they want more control over the data.
As the standoff between WFP and the Houthis continues alongside ongoing negotiations, we asked two experts on biometrics — Linda Raftree and Karl Steinacker, both independent consultants with experience in humanitarian settings — to weigh in on the same six questions. As you might expect, they take very different views on the issues at play.
The use of biometrics — be it fingerprints, iris scans, or photos — in humanitarian aid isn’t brand new, nor is it unique to Yemen. In Jordan, some Syrian refugees pay for groceries using WFP allowances by scanning their irises at checkout. In Uganda, a re-registration of refugees using biometric technology restored confidence in a relief programme troubled by allegations of fraud and fake registrations.
But it is controversial. Privacy advocates are concerned there isn’t yet enough research to prove the efficacy or necessity of biometrics, worrying about keeping the details of vulnerable people safe.
Aid agencies argue the new technology can make sure aid gets where it is supposed to go, and could even make it easier to pick up assistance. After all, you don’t have to keep track of an ID card that entitles you to aid when an iris scan does the job.
Here’s what Raftree and Steinacker had to say.
Answers have been edited for length and clarity.
Linda Raftree is an independent consultant focused on the ethical uses of technology and digital data in international development, humanitarian, and human rights work. She writes the Wait… What blog and organises the annual MERL Tech conference.
Karl Steinacker is a freelance advisor on digital identity and trust. He worked for the UN and was responsible for UNHCR’s refugee registration. Today he advises international civil society organisations.
More and more aid agencies and NGOs are using biometrics (or talking about using them) to register people in need of aid and later deliver it. What is driving this trend?
A convergence of trends is driving the use of biometrics. Humanitarian work is increasingly being privatised and digitised. Funding is shrinking and agencies feel growing pressure to cut costs, prove [their] efficiency, and be more accountable. Directly tracking individuals and the aid that they receive allows organisations to improve accountability, which makes them more attractive to funders.
The private sector is perceived as more efficient, and technology has been a driver of both efficiency and scale. For these reasons, humanitarian partnerships with the corporate sector and technology firms are becoming the norm.
Image and branding also come into play. Humanitarian agencies are under pressure to modernise and innovate in order to stay alive. Business metrics rather than humanitarian principles tend to be the yardstick by which agencies are assessed.
“Being innovative” in the form of new devices, digital approaches, and corporate partnerships allows an organisation to position itself as forward-thinking and relevant. Humanitarian contexts also provide a less-regulated space for corporate piloting of new technologies aimed at bringing in future revenue. In this context, quick PR wins may be more valued than consideration for long-term, potentially negative effects on vulnerable people and groups and their societies.
When, after the genocide in Rwanda, millions fled into Tanzania and Zaïre [now the Democratic Republic of Congo], those who had organised the genocide registered the population, handed over their lists to the aid agencies, and subsequently siphoned food and aid away in large quantities from the vulnerable, and fed and rewarded the thugs under their command. As a young aid worker I was appalled, as were so many others, to watch this happening.
Eventually, that power was wrested away from criminal refugee leaders and handed over to the UN aid agencies. However, registration at the time meant that the police come at night, wake up the population, drive them out of their huts and round them up in purpose-built kennels where children, women and men, the frail and the young, had to sit all day, whether in pouring rain or scathing sun, until the aid workers had filled the last form, handed out wristbands and ration cards, and finished by spraying invisible ink on each and everybody [to show that they had been registered already]. Children were interviewed separately from their parents – or should I say interrogated, sometimes even traumatised – in order to identify “recyclers” [people who registered more than once under false names to get extra resources] and exclude them from registration.
Anybody who was part, or witness, of such degrading procedures welcomed the arrival of biometrics as a much more dignified way of registering people in need.
What types of aid fraud or waste can a biometric ID prevent (or not prevent)?
Biometric identification and beneficiary tracking systems are aimed at reducing fraud by verifying that a person is who they say they are (using a fingerprint, iris scan, or another type of biometric marker) and ensuring that aid is distributed to the people to whom it is directed.
However, biometric IDs focus on “downstream fraud” at the level of an aid recipient rather than on “upstream fraud” at the level of the wider supply chain where most fraud happens. In 2017, Oxfam commissioned a study on biometrics in the humanitarian sector, and the authors were unable to find solid evidence that biometrics reduce fraud in the humanitarian sector better than other fraud prevention strategies.
While absence of evidence does not automatically mean absence of impact, some in the aid sector are calling for a pause on the use of biometrics until their positive and negative effects are more clearly understood and documented.
As for the recent case of the World Food Programme in Yemen, it is questionable whether forcing individuals to submit to biometric tracking would stop aid from being redirected upstream to armed groups.
Biometric enrolment should happen only once, at the beginning of the aid cycle, when a person or a household needs to be identified. Based on this registration, ID and/or entitlement cards should be issued. There is no need for biometric checks every time a person receives a sack of rice, a piece of soap, cash, or health treatment.
The main advantage of biometrics is the prevention of multiple registration of adults. But it also provides the registered person with an identity that can be useful in other contexts than aid.
Depending on circumstances, biometric imprints can also be run against other databases so as to avoid – as has happened in Kenya, Mauritania and elsewhere – that nationals pretend to be refugees from a neighbouring country [to access aid supplies].
Surprisingly, biometrics can also preserve privacy! Afghan refugees who return from Pakistan to their country are receiving a one-time cash grant. Every returnee leaves his/her biometric features anonymously in a database. The database simply checks that no imprint is entered twice, i.e. that there is no double payment. This system has worked for more than a decade now, and has millions of entries.
Biometrics does not prevent fraud and manipulation by corrupt aid workers – it just makes it more difficult for them... Likewise, the large-scale use of biometrics requires viable complaints and recourse mechanisms since the last decision on who gets what should be taken by a human and not a machine.
Every time the issue of biometric ID comes up, questions about data protection and putting vulnerable people at risk are raised. Why have biometric ID systems acquired this bad reputation?
It comes down to trust and power. Biometric data on highly vulnerable populations, such as those fleeing persecution in politically charged situations, is extremely sensitive and requires adequate protections. There is little evidence that humanitarian agencies are putting the necessary protections in place. The World Food Programme conducted a data audit in 2017 that revealed areas of high risk in its beneficiary tracking system, for example.
Add technology companies (who are not lauded for their ethical standards) to the mix and the situation gets worse. In 2019 the WFP’s partnership with Palantir (a US company working with anti-terrorism efforts, the CIA, the police, and the US Immigration and Customs Enforcement) raised serious questions. Many believe that aid agencies are being naïve when entering into data partnerships with corporations and do not fully understand the implications.
Governments are also being questioned. Ghana’s electoral commission sold voter biometric data to a software developer who then sold the data on to financial service providers. The European Commission’s EURODAC database of asylum seekers, initially protected, was opened up to Europol and other law enforcement agencies.
Affected populations have little say over what is done with the data they provide to aid agencies or their corporate or government partners. They may also have a low understanding of the consequences of providing biometric data or refusing to provide it. Fundamental questions about who holds power, who decides how data is shared and with whom, and who determines how data is used need to be addressed.
As an aid worker I have never come across a single case where biometrics used by an aid agency has put an individual at risk.
In the public debate about biometrics, the latter is often used as a proxy for other contentious issues, such as on who decides on the eligibility of somebody to receive aid (as is the case in Yemen), or who counts as a Myanmar citizen rather than a stateless refugee. The pros and cons of biometrics will not contribute a bit to resolve these political issues.
The reputational risk of using biometrics is actually lower than that of wasting the funds entrusted to aid agencies by high street donors and taxpayers. How can it be justified to amateurishly run aid programmes [without taking advantage of biometrics] where some may receive more than they are entitled to while others get nothing and are falling through the cracks?
What are examples of biometric ID being used responsibly — and irresponsibly?
I’ve listed questionable examples already, so I won’t say any more on that. For me the jury is still out on responsible uses of biometrics, but here are some initiatives I’m watching.
Omidyar Network and others are exploring what “Good ID” means. Their working definition requires it to: be empowering to individuals; be secure and privacy protecting; provide agency and control to the individual; be fit for purpose; and be inclusive and offer choice to individuals.
Caribou Digital is researching how vulnerable individuals view and experience digital ID.
Simprints is working on an open source toolkit for enabling meaningful informed consent for biometrics, and Yoti is looking at locally held biometric data held on a key.
Mastercard offers a “consumer-centric model” for digital identity based on a set of principles that aim to allow individuals to own their identities and control their identity data. The model purports to embody privacy-by-design and does not aggregate identity data. It aims to allow digital interactions to occur with minimal data exchanged and only when needed.
As I said before, I know of no irresponsible use of biometrics by aid agencies since the advent of biometrics 15 years ago. However, what concerns me is the lack of investment in cyber security and data protection training for agency staff. Aid agencies – normally already operating on shoestring budgets – simply don't have the funds, or sense of priority, to engage in the race with hackers – often state-sponsored – to protect data. This is outright negligent.
Another major concern is the security, integrity and use of data held by commercial internet platforms, messenger services, and GSM providers. Take a place like Kakuma [a refugee camp in Kenya] and you will easily see that the combined data available to private companies outweigh by far the data held by aid agencies. Add to this the capacity of those players to mine, link, and analyse data.
Who should be entitled to access aid recipients’ biometric data, and why?
Biometric data should be accessed only when a clear case for access has been established and when there is a lawful basis for collecting it and sharing it. This will differ according to context and scenario.
Rather than asking “who should be entitled to access aid recipients’ biometric data,” I would ask instead what conditions need to be met before anyone can access someone’s biometric data and who verifies that those conditions have been met. There should be clear standards in place, and consequences when data is shared or used without meeting established standards.
Biometric features are part of foundational, or the most basic, personal data. They should be stored and locked away in a database together with a copy of a birth certificate, passport, and so on. Foundational data should only be accessed in the exceptional case where a person needs to be identified.
For aid delivery, it is sufficient when on the basis of the registration the aid recipient receives a smartcard that holds his/her biometric data. At the distribution point there will only be a check on whether the biometric imprint of the person presenting the card is identical with the imprint on the card. This is called one-to-one matching and is compliant with GDPR [the EU’s General Data Protection Regulation], the regulation which is today standard-setting as regards to data protection and privacy.
There is no one-size-fits-all methodology in which biometric data can or should be used for humanitarian purposes. Proper planning, cost efficiency considerations, and impact assessments are always necessary. And if in a certain context all this doesn’t add up, biometrics should not be put to use.
Overall, do the benefits of using biometrics outweigh the risks, and why?
I don’t think you can answer this question in an “overall” way. It will depend on the context; the people and groups involved; who is leading the biometric effort and why; the trust that individuals, groups, partner agencies, and the general public have in those entities; and institutional capabilities, positioning, motives, and track record. Biometrics, if done well, could be an appropriate solution if protections are ensured. Biometrics could be a terrible idea if not done ethically.
Aid agency staff and leadership who are responsible for finance, fundraising, branding, and overheads will likely judge the value of biometrics on efficiency related drivers. Implementers may want to streamline processes and reduce administrative burdens on their staff as well as affected populations. Affected populations might also have opinions on biometrics -- or they might not have time or energy to think about biometrics at all.
It is likely that the greatest burden and risk lie with the most vulnerable, whereas the benefits accrue to agencies. Agencies should be doing more to balance the equation, to reduce risk to the most vulnerable, and to enhance affected populations’ levels of agency and decision-making when interacting with the aid system. It’s essential that the use of biometrics and other more experimental technologies is assessed on grounds that go beyond efficiency, innovation, and partnership and instead place the well-being of affected populations more firmly at the centre.
Obtaining, storing, and using biometric imprints comes as a great responsibility. Every organisation should ask itself whether it can live up to this responsibility. The “Do No Harm” principles fully apply. The last thing the poor and vulnerable need is an inflationary use of biometrics and that each and every service provider runs around with biometric scanners setting-up closed-loop systems. Such a state of anarchy would only be of benefit to IT vendors and branding strategists.
What we really need is a trust system where aid agencies act as identity brokers. Like public notaries they certify somebody's identity and hand the related data, including biometric imprints, over to that very same person. In such a scenario each individual manages his personal data and decides for himself to whom he will make it available.
Let's not forget that more than one billion people, mainly women and children, carry no valid identity documents and are, thus, excluded from many aspects of everyday life: going to school, engaging in paid work, owning land, or even accessing aid. Is there anybody who thinks this problem could be resolved with pen and paper?
Aid agencies ought to develop a people-centred vision on how to use data and give agency to the beneficiaries and data subjects themselves. At the same time, the aid industry should not nourish the (often neo-colonial) pipedream that it is better suited to act as custodians of beneficiary data than states (or Silicon Valley tech companies for that matter).