Biometrics in the humanitarian sector: a threat or an opportunity?

A new report by data non-profit organisation The Engine Room for Oxfam takes a stand against the use of biometrics data for the humanitarian sector. We look at the report’s main findings in our latest blog post. 

By Carolina Are

In 2015 Oxfam self-imposed a moratorium on the use of biometrics. The charity argued that although biometrics were becoming increasingly popular in the humanitarian sector, this incredibly sensitive data posed a variety of risks to the populations involved. Oxfam’s research team is now looking closely at the issue, hoping to come up with guidelines for the correct use of this data.

Oxfam’s Global Humanitarian Team commissioned non-profit organisation The Engine Room (which helps activists, organisations, and other social change agents utilise data and technology) to analyse the use of biometrics in the humanitarian sector. Their main findings can be found below.

Picture by Victor Freitas – @victorfreitas on Unsplash

What counts as biometrics?

The term “biometrics” usually describes technical systems involving the collection of biometric data to authenticate or identify an individual. Biometrics are not a new technological development – photographs are an early example of this data – but current discourse around “biometrics” now refers to fingerprints, face prints and iris scans. Technological advancement implies that in the future we’ll be able to collect even more biometric data, such as voice prints, retinal scans, vein patterns, tongue prints, lip movements, ear patterns, DNA, and more.

The appeal of biometric data is that it’s unique and immutable. As the report states:

“[U]nlike names, appearance or home addresses, most forms of biometric data are singularly unique to the individual involved and cannot be changed.”

The Landscape

Biometrics are the humanitarian sector’s new ‘hype’, according to Oxfam’s report. Although at present there is no evidence proving its efficacy at solving major humanitarian problems, a variety of organisations has begun implementing this technology. For example, in 2015 the United Nations High Commissioner for Refugees (UNHCR) began rolling out its global Biometric Identity Management System (BIMS). UNHCR and the World Food Programme (WFP) now consistently use biometric registration in humanitarian scenarios. International donors are also increasingly pressing for the use of biometric data while delivering aid.

There are many key issues at play, however, starting with data protection, as the report states that:

Because they are not only objective and irrefutable but unique, their replication, distillation, and storage creates risks for the individual concerned, who is no longer the sole possessor of their own biometric data.

Data protection law covers how organisations acquiring biometric data must process, retain, store and destroy such data. Unfortunately, however, many developing countries lack data protection regulation.

Biometrics in the humanitarian sector

In the humanitarian sector, biometrics are primarily used to verify the identify of a beneficiary.  There are two types of identification at present:

  1. “One-to-one” authentication, or comparing the biometric data of an individual to only one biometric profile, the one that will match theirs. This way, organisations can accurately verify that an individual is entitled to the food, vaccine or housing that they claim to be entitled to, and can prevent fraudulent claims.
  2. “One-to-many” authentication, which is used to identify an individual among a database of biometric profiles.  This means that when an individual presents their biometric data, it is compared against stored biometric profiles to authenticate the individual’s unique identity.

One-to-many authentication systems have been deemed more controversial than one-to-one systems. Technically, they require a larger amount of data to be stored in one place, making an organisation more vulnerable to hacking, loss or corruption, and risking that more data may be transmitted over potentially insecure channels. One-to-many systems also experience more false matches.

Benefits and risks of biometrics

Benefits

  • Fraud prevention: The most frequently-cited justification for biometrics is that they enhance the accuracy and integrity of development and humanitarian interventions by reducing fraud. As the data is meant to be highly accurate, according to this view there would be very little chances that aid would go to the wrong person.
  • Identification: The report states that more than two million people worldwide are not identified by government documents, an issue that constitutes a considerable barrier to the delivery of humanitarian aid. Biometrics can help give aid to those in need who can’t be identified to original documents.
  • Speed: Biometrics can speed up the delivery of humanitarian assistance by eliminating the time-lag necessary to authenticate paper identity documents.

Risks

The Engine Room’s report raises many questions about the efficacy of biometrics in preventing fraud. The authors argue that:

“Despite the pervasiveness of this justification, there is lack of evidence as to whether biometrics could help reduce fraud, and as to whether the fraud is happening by beneficiaries or earlier on in the supply chain. A number of stakeholders interviewed by The Engine Room perceived fraud to be a real problem in humanitarian programmes, but were unable to put the problem into figures. Such anecdotes are not supported by evidence, and tend not to distinguish between the potential deterrent effect of a biometrics system and the actual fraud detection capabilities of the system.”

Acquiring biometric data also presents a challenge. For instance, cultural, gender or power imbalances might result in individuals being reluctant to provide biometric samples. Samples can also be more difficult to collect for persons of darker skin colour or people with disabilities, while fingerprinting can be inaccurate if  beneficiaries’ fingerprints are less pronounced due to manual and rural labour. All of these issues threaten to make biometric data collection less inclusive.  Further risks include:

  1. ReliabilityBiometric-based identification can return false matches, too. False matches may reflect inaccuracies in the process of recording the biometric data in the first place; fingerprinting, in particular, has the highest rate of mistakes. Increasing the reliability of the system may involve collecting and storing even more sensitive biometric data, raising further privacy and security risks.
  2. Reusability: Biometrics data could also be sold for profit, re-used by foreign countries for intelligence, or used to publicly embarrass and undermine humanitarian organisations.
  3. SecurityThe ease with which biometric data can be shared, analysed and repurposed is what makes it most appealing. However, it’s also what makes it so potentially dangerous. “Governments of host countries as well as countries of origin could obtain access to the biometric databases of humanitarian actors, either by request or by demand, and repurposed for law enforcement or national security screening,” the report argues. Additionally, Using biometric data places an enormous burden on organisations to constantly maintain a high level of technical and organisational security. According to the report’s authors, “Beneficiaries in humanitarian crises are fleeing persecution and have good reason to want to protect their identity, location and movements. By collecting biometric data and storing it in centralised databases, aid organisations could place beneficiaries at serious risk.”

The future of biometrics

The report deems biometrics too risky an option for the humanitarian sector at present, concluding that:

“Broadly speaking, the key difference with biometrics technology in comparison to other digital technologies is that this technology has the potential for harm that humanitarian agencies engaging with biometrics would not be able to go back and fix, or adjust. From our analysis, we conclude that the potential risks for humanitarian agencies of holding vast amounts of immutable biometric data – legally, operationally, and reputationally, combined with the potential risks to beneficiaries – far outweigh the potential benefits in almost all cases.”