FB pixel

Decentralized biometric system proposed for privacy in ICRC aid distribution

Humanitarian aid solution based on smart cards and phones shared at RSA
Categories Biometric R&D  |  Biometrics News  |  In Depth
Decentralized biometric system proposed for privacy in ICRC aid distribution
 

Wouter Lueks, faculty member at the CISPA Helmholtz Center for Information Security in Germany explained a proposed system for digital aid distribution with privacy protections in a presentation at the recent RSA Conference 2024. The key to the system, Loeks says, is the use of smart cards and potentially smartphones to store data and perform transactions without relying on centralized databases.

The work Lueks described in his presentation on “Another Digital ID: Privacy-preserving Humanitarian Aid Distribution,” conducted in collaboration with the International Red Cross, aims to develop a digitized aid distribution system tailored to the needs of vulnerable populations affected by crises such as war, famine, and natural disasters. Traditional methods of aid distribution, which involve manual registration and the physical handling of items, are labor-intensive and prone to inefficiencies, he says, especially when dealing with large numbers of recipients.

Lueks’ research, which garnered a Distinguished Paper Award at the IEEE Symposium on Security and Privacy, addresses the critical challenges faced by humanitarian organizations in crisis settings.

This decentralized digital identity approach aims to enhance privacy and security by minimizing the amount of sensitive information collected and stored. Smart cards include biometric samples to authenticate recipients, reducing the risk of fraud and ensuring aid reaches the intended beneficiaries. This was a problem with food aid distribution by the World Food Programme in Yemen, which Lueks mentions as an example of the drawbacks of centralized biometrics storage.

Deduplication of biometrics, which can ensure beneficiaries are not enrolled under multiple names, for instance, typically requires a centralized database. Lueks says a forthcoming paper will propose a way to deduplicate users’ biometrics without storing them all in one place.

The project presented at RSA involves a close partnership with the International Committee of the Red Cross (ICRC), renowned for its operations in challenging environments. Frequent consultations with the ICRC’s Data Protection office and field personnel informed the development process, ensuring the system met real-world requirements and addressed potential risks.

The distribution process involves verifying the smart card’s authenticity, checking eligibility, and issuing entitlements based on household needs. To prevent double-dipping, where a household might try to receive aid more than once in a distribution cycle, the system employs pseudorandom function (PRF) tags. These tags, unique to each distribution round and household, enable the distribution station to detect and block duplicate requests.

Additionally, the system incorporates cryptographic commitments to facilitate robust auditing. These commitments allow for the verification of aid distribution without exposing detailed personal information, thereby protecting recipients’ privacy. During audits, the system can demonstrate that aid was distributed fairly and accurately, even under scrutiny from external donors or internal reviews.

During his talk, Lueks emphasizes the dual nature of technology, acknowledging its potential to benefit society while also posing significant risks, particularly concerning security and privacy. He notes that while users typically have the option to avoid technologies that threaten their privacy, this choice is often unavailable to those receiving humanitarian aid. For these individuals, rejecting technology can mean losing access to essential resources necessary for survival.

Lueks also discusses the implementation of a similar system using smartphones, leveraging anonymous credentials and domain-specific pseudonyms to maintain security and privacy. This flexibility allows for the adaptation of the system to different contexts, such as using smartphones in areas with higher mobile device penetration.

The ICRC worked with a pair of universities in Switzerland on a series of research projects to improve humanitarian assistance in 2022, one of which involved privately-held biometric data for aid distribution.

Related Posts

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

OFIQ report outlines evaluation techniques for algorithm accuracy and reliability

The Open Source Face Image Quality (OFIQ) project, led by the German Federal Office for Information Security, has published a…

 

Google Wallet plans for biometric authentication, broad ID document support revealed

Google Wallets are expanding from payments and biometric ID documents like mobile driver’s licenses and passports to “Everything else.” An…

 

Digital ID and SSI to cause radical shift in travel experience by 2035

Verifiable digital credentials and digital wallets took center stage at the recent Phocuswright Europe conference in Barcelona, with professionals from…

 

Testing for biometric identity verification still maturing

Biometrics testing is a rapidly maturing field, but there is more to effective identity verification than an accurate matching algorithm,…

 

Youverse upgrades liveness detection, achieves 100% success rate in iBeta test

Youverse has announced a fourfold improvement in its liveness detection capabilities. The company boasts that the update aims to upgrade…

 

‘Highly effective age assurance’ poorly defined in Ofcom consult, says AVPA

The Age Verification Provider’s Association (AVPA) has issued an extensive response to the UK regulator’s consultation on “Protecting children from…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events