How re-thinking data security could help the most vulnerable

In December 2020, several refugee camps in Iraq were closed. Suddenly, some 240,000 people, many of them women and children, were put at risk, according to the ICRC. 

As the refugees scattered from the camps, the ICRC rushed to track whether they returned to their home regions, were transferred to other camps or were displaced yet again.

Many of the women’s only form of identification belonged to the man in their household who may have been dead or missing. If they did have a formal ID, lack of public services in their area may have meant it was missing updated information.

Registering people to receive assistance in situations like Iraq’s often leads to such challenges, including duplicate registrations or different people showing up to collect the assistance than those who were registered, according to the ICRC. Technology solutions could help, but the people they serve are highly vulnerable and could be in grave danger if their information falls into the wrong hands.

“The ICRC has been working to protect and assist people affected by war and violence for over 150 years,” said Nour Khadam-Al-Jam. He is the project manager for a new initiative aimed at researching how technology can help aid organisations better fulfil their missions.  “We are investing considerable efforts to ensure we remain relevant to their needs in an increasingly digitalised world.”

The CHF5 million ($5.6 million) partnership launched late last year, known as the Engineering Humanitarian Action Initiative, pairs the ICRC with researchers at the two Swiss Federal Institutes of Technology in Lausanne (EPFL) and Zurich (ETH).

Optimising aid delivery

Aid delivery is especially vulnerable to fraud and data breaches, so one research group from the EPFL is exploring how to securely use biometric data to deliver the right aid to the right people.

The scientists are trying to find a way for biometric identification, such as fingerprint and facial scanning, to make the aid distribution system more efficient and impactful while protecting recipients’ privacy. 
 

Lead researcher Carmela Troncoso says that biometric identification could be an especially ideal solution for displaced people because their fingerprints and facial features never leave them. She is an assistant professor at the EPFL and head of the Security and Privacy Engineering Lab, which developed the technology behind the SwissCovid contact tracing app.

Biometric data could allow aid workers to identify which people are in need of aid and which are not, who has already received their provisions and, for example, which families should receive food provisions containing milk for babies and which do not need it.

Proceeding with caution

Although biometrics are a new consideration for the ICRC, data collection in general is not, says Vincent Graf Narbel, the ICRC’s strategic technology advisor.

“We’ve been collecting data about people forever,” he notes, for example when documenting prisoners of war in the Second World War. The organisation has always been cautious with data, he says, while recognising that good technology can increase impact, security and efficiency. “It’s really about balancing and doing no harm.”

Troncoso sees two areas of concern in biometric data privacy: third-party partnerships and centralised data collection. The moment data enters a system developed by a third party, the ICRC can no longer guarantee the protection it has promised to the populations it serves. So Troncoso is investigating how to remove the third party from the equation.

Because large databases are vulnerable to possible data breaches, her team hopes to avoid reliance on such databases, possibly through local storage devices. She points to the way a fingerprint to open an iPhone is not stored in a database but rather within the device itself.

Similarly, a solution could be developed to provide aid recipients with a device or token that would require a fingerprint to access and that would store a record of aid provided to each person or family. 

But Troncoso cautions that there is no one-size-fits-all approach to biometric security. In regions where women cover their faces for religious reasons, for example, facial recognition would not work. As such, her team is currently taking inventory of situations in the field that may benefit from a biometric system for identifying aid recipients.

“Only then can we create very good privacy-preserving technology,” she says, adding that some risk will always remain. Personal devices or tokens could be lost or stolen and used for bribery. But biometrics could make theft or extortion more difficult because perpetrators would need the owner present to use their fingerprint, for example.

“It is very likely that we cannot completely eliminate fraud or give 100 per cent privacy,” Troncoso admits. ““Solving the problem means doing it with minimal harm.”

System ‘backdoors’ through hardware

As data is collected, stored and used, the possibility of data breaches rises – either through human error or intentional access by groups and nation states who want to access information and systems. 

Areas of concern include guaranteeing secure hardware, secure cloud computing, and secure communications. Adrian Perrig, professor of computer science at ETH Zurich, is leading a team of researchers hoping to find solutions to all three as part of the Engineering Humanitarian Action Initiative.

First, there are potential vulnerabilities in the physical equipment purchased by humanitarian organisations. It is possible to manipulate that hardware to create a so-called backdoor into the system by which unauthorised users can access data.

“It would be the cheapest for some countries to just bug the hardware as it’s being shipped,” Perrig says. “That’s extremely hard to detect, even if you open [the hardware] up and look into it. In some cases, they just exchange the processor, for instance, with a bugged one that looks exactly the same.”

Organisations must also be aware of who might be able to access information when storing or processing data in the cloud rather than on local devices. 

“If you use public clouds, typically they are under the jurisdiction of some country and in some cases the respective authorities can then access the data if they need to,” Perrig says.

Currently, aid organisations try to avoid using cloud servers from technology giants like Amazon and Google because of such data vulnerabilities. But they often have no other choice when faced with the need to keep costs down, according to Perrig, who says that such servers are usually the least expensive option. His team is also working on ways to offer cloud environments that are both safe and cost effective for the likes of the ICRC.  

Risk of eavesdropping

The ETH research team is also working to create secure, global technology that prevents others from listening to communications. 

“Even if you encrypt everything, it’s still possible to eavesdrop and extract partial information,” Perrig says. His team has made some progress on the problem, enabling communication to cross only via trusted entities. 

“We have a way to send the data on different paths through the world,” Perrig explains. “If somebody listens on one path, they may not be able to obtain all information.”

The two-year collaboration between his team and the ICRC seeks to give researchers a blueprint for how to achieve “secure communication and computation in an economically viable manner for humanitarian organisations that’s not dependent on any single nation state who could access the data”, the ETH professor says. 

But he admits that communication will “almost never be risk-free” because it depends on the technological strength of the adversary.