ICRC develops decentralized biometric deduplication method for humanitarian aid

Researchers have devised a tool that uses biometrics to avoid multiple registrations in humanitarian aid.

A problem that humanitarian efforts face is fair distribution since resources are usually scarce, and therefore organizations want to ensure that people can register only once.

Dr. Wouter Lueks and his colleagues at the CISPA Helmholtz Center for Information Security, in cooperation with the International Committee of the Red Cross (ICRC), have developed a method that allows this while using biometric data safely.

“The core of what we design is to say we want to use biometric data for one purpose only,” Lueks said. “We want to be able to determine whether the biometric data of the person in front of us was already registered.”

The newly developed biometric deduplication system compliments one for issuing decentralized IDs and using them for aid distribution, presented by Lueks earlier this year at RSA Conference 2024. At that time, he stated an intention to follow up with a deduplication scheme that does not require collecting all of the data in one database.

The method would involve a person going to a registration station to register biometric data, such as a fingerprint, for example. This would require a computer and an internet connection to read the data. Next, a cryptographic protocol is run between the computer at the registration station and a second computer at another location, which would be at the ICRC headquarters in Geneva, in Lueks’ explanation.

The result of this protocol is a “yes or no” decision, since the biometric data is either in the database or it is not. In the latter case, the recipient’s data can be added, but on the local computer the data is saved only for the moment of data recording before being deleted.

Lueks and his colleagues call this “Janus” in their paper, “Janus: Safe Biometric Deduplication for Humanitarian Aid Distribution,” which deeply considers security, safety, and ethical concerns. The word “deduplication” is a computing term that refers to eliminating excessive or duplicate copies of data.

“In the past, for example after the U.S. withdrawal from Afghanistan, we have seen that the simple fact that people have registered for a certain program can have very far-reaching consequences for their future life and might threaten their security,” Lueks explained, pointing to the risks of storing biometric data in databases.

With Janus, two computers must work together to make the “yes or no” decision. “If one of the two computers refuses to cooperate, or more specifically, if someone in Geneva decides to shut down the system, no further information is made available from the system,” Lueks said.

According to the researchers, Janus is the first to achieve the low error rate required for deduplication in humanitarian aid. A full copy of Lueks paper can be read and downloaded here.

Digital transformation in humanitarian response is a growing phenomenon although the field is not without its challenges. The ICRC has been working on addressing the data protection risks associated with the use of biometrics in humanitarian situations for years.

Article Topics

biometric enrollment  |  biometrics  |  decentralized ID  |  deduplication  |  humanitarian  |  Red Cross