Access Now argues humanitarian biometrics need more transparency, rules

An investigation of the relationship between humanitarian organizations and the private sector by Access Now makes a case that even assessing the ethics of corporate involvement is rendered difficult by a lack of transparency.

Humanitarian projects’ use of biometrics and digital ID are one among four areas of technology focussed on in “Mapping Humanitarian Tech: exposing protection gaps in digital transformation programmes” for their importance to digital rights.

Access Now argues that more disclosure is needed around procurement, data protection impact assessments (DPIAs) and incident reports, as a first step.

In the meantime, digital identity and biometrics are being normalized as ways for people to access humanitarian services, according to the report. This normalization introduces risk, the group argues. The report notes that Okta has had cybersecurity breaches but is used by Mercy Corps and the Norwegian Refugee Council for securing the IDs of beneficiaries.

Access Now says no official report demonstrates the value of biometrics for humanitarian deployments, and reiterates an argument that requiring biometrics from people with little or no recourse in return for aid is “an affront to human rights standards.”

The section on digital ID and biometrics reviews the engagement of the humanitarian market by Trust Stamp, IrisGuard, Neurotechnology, Simprints, Yoti, NEC, Idemia and others, but notes “very few have entered it.”

The evidence supporting Access Now’s claims is not always as straightforward as it appears at a glance.  For instance, a cited post on IrisGuard’s activities in Jordan in the announcement of the report begins with a refugee expressing a preference for fingerprint biometrics over iris, rather than no biometrics at all. A reference to the discontinuation of WFP activities in Yemen declines to mention the alleged redirection of food aid for sale and falsification or records by local officials. The questions raised, however, about the applicability of consent and the proportionality of public interest as a legal basis for biometrics collection in the former case, and the disruption to aid delivery in the latter, still stand.

The report notes the ambivalence of many aid organizations, as expressed in the form of policies limiting biometrics collection and specifying rules for the data’s use and storage.

Access Now is skeptical that biometrics improve aid delivery reliability or reduce fraud, and call for academic analysis to establish the veracity of claims that it does. This will be difficult, however, the group warns.

“Once more, their opaque contractual and technical relationships makes it impossible to ground any analysis on evidence, and forces implementing aid actors to deploy these systems on vulnerable populations based mostly on trust and reputation of the company, resulting in heightened risks for vulnerable individuals,” the report states.

Further complicating analysis is the degree of divergence between aid agencies, Access Now says, with “Some humanitarian organizations barely set up a data protection unit, but others showed more constructive and progressive attitudes.”

Recommendations for biometrics providers and others

Overall, Access Now believes technology providers serving humanitarian organizations and those organizations themselves are converging in role and function. More transparency and rules to safeguard human rights are urgently needed.

The report concludes with 11 recommendations for donors, 13 for the humanitarian community, and 4 for local communities. Access Now urges tech companies to use the UN Guiding Principles on Business and Human Rights in developing and deploying tech products, keep military and civilian applications and data separate, proactively disclose relationships, avoid misusing sensitive data and develop humanitarian-specific support materials. They should also incorporate civil society plans and improve the openness of their tech stacks, prioritize longer-term partnerships and avoid causing vendor lock-in.

The Engine Room published a report on responsible biometrics in humanitarian programs last year.

Article Topics

Access Now  |  biometrics  |  digital identity  |  humanitarian  |  responsible biometrics