Opinion, Berkeley Blogs

Risks of recognition: New digital ID program for refugees is vulnerable to abuses

By Brandie Nonnecke

“Everyone has the right to recognition everywhere as a person before the law.” — Article 6, UN Declaration of Human Rights

Tired, hungry, and scared, she approaches the front of the line and is greeted by aid workers. They scan her eyes, catalog her fingerprints, and snap her photo. For the first time in her life, she now has formal identification — a digital ID that will give her access to a range of economic, social, and political services and rights. While the potential benefits of digital IDs are huge, they come with a cost. A digital ID can also be used to track a refugee’s movements, behaviors, and establish a data trail that leaves them vulnerable to human rights abuses .

Nearly one fifth of the world’s population — an estimated 1.5 billion people — lacks formal identification. Due to the extreme circumstances under which they flee their countries and because they are typically from poor and disconnected segments of society, refugees are especially less likely to hold formal IDs. Over 21 million people are currently seeking refuge worldwide. For them, proving their identity can be a lifesaver. Those who lack formal IDs will face greater hardship, such as struggling to access to food, shelter, healthcare, education, financial and telecommunications services.

To better enable refugees’ access to a range of services and aid, the United Nations High Commissioner for Refugees (UNHCR) is piloting a digital identity system to enable the collection and sharing of refugees’ personal data. Under the 1951 United Nations Convention , nation states are expected to register refugees, provide data on their condition, and issue identity papers. When a state lacks capacity to do this, UNHCR has a mandate to step in, providing advice and financial support or implementing the registration and identification process directly.

While stories of European countries hosting refugees have dominated headlines, the vast majority of refugees — nearly nine in ten — are hosted by developing countries in sub-Saharan Africa and the Middle East and North Africa. For many of these countries, UNHCR has intervened, piloting its digital identity system to enable the collection and sharing of personal data across aid agencies.

This is not UNHCR’s first implementation of biometric and digital identification. In 2010, UNHCR established its policy that biometrics should be used as a routine part of its identity management system to ensure individuals’ identities aren’t duplicated, lost, or stolen. Currently, UNHCR holds biometric data from over 4 million people from 46 countries. To better manage this large dataset, UNHCR partnered with Accenture to develop a central database, the Biometric Identity Management System (BIMS) , to make it easier to collect and share the data across agencies like the Red Cross and the World Food Program.

But the more data are shared, the greater the vulnerability of cybersecurity threats. That’s partly why Accenture and Microsoft have formed a collaboration to extend the BIMS digital ID platform to run on blockchain technology. In this case, refugee records are “blocks” that are continuously validated and updated, and then linked and secured through cryptography. Blockchain technology enables agencies to validate IDs and services rendered and keep track of outstanding service needs more securely and effectively. For each data point authenticated by an agency, such as a birthdate, and for each service rendered to the individual, such as a vaccination, a digital stamp would be placed on their individual record on the blockchain. BIMS on the blockchain will enable multiple aid agencies to share data, support verification of identity, ensure distribution of services to eligible parties, and reduce costly and time-consuming duplication of efforts.

Yet as biometric and personal data are collected by UNHCR and shared with third parties, the possibility exists that this data could be transferred to privately controlled databases, raising the risk of data being compromised or stolen.

Take, for example, India’s government-led Aadhaar program. It’s the largest biometric-enabled digital ID platform in the world and it began sharing its biometric and private data with third parties for identification verification. Aadhaar-collected data was shared with Jio, an India-based mobile telecommunications provider, to validate identities of its customers. Jio was hacked earlier this year resulting in the release of Aadhaar-collected personal data it had pulled for a large number of its subscribers.

To balance the benefits and risks of digital IDs for refugees, aid agencies and governments must do three things: consider the risks of recognition, design to uphold the rights of individuals, and architect against centralized dependency.

Consider the risks of recognition

Often, refugees are fleeing conflict, persecution, and human rights abuses. It’s not a far stretch to imagine the overwhelmingly negative ramifications of a database of biometric data and personal information falling into the hands of malicious actors. To mitigate risks of data exposure, consider minimizing the amount of data that’s collected and shared from this population. How much information is really needed to confirm a person’s identity?

Design to uphold the rights of individuals

Everyone has a right to control how their personal information is shared. Blockchain helps maintain that right by allowing people to control how and when their identity is shared with third parties. For example, through a blockchain-structured digital ID app, individuals can set up “smart contracts” that allow external entities (like aid agencies) to access and inspect parts of their blockchain record, allowing them to access their personal identifiers for a set amount of time. This benefits the organizations that are accessing the information, too. Storing data in the blockchain means that multiple people and organizations have to verify that it’s valid, creating what’s known as a distributed trust model. This model, while helping organizational stakeholders, also protects individuals against the risks that come with having one entity hold complete control over their digital ID. Blockchain management of digital IDs decentralizes where private information is stored, significantly reducing the risk of a data breach.

Architect against centralized dependency

Even though nonprofits and NGOs often need the help of the private sector to build and implement massive digital identity platforms, it’s critical that these organizations not rely on one or even a handful to do all of the work. This concentration of power can result in risky dependencies of international aid agencies and governments on the private sector. One option is to support capacity building within public institutions to take over the management of these platforms; however, the private sector will likely remain the most adept in this space. Thus, a better option, already underway, is to build digital ID platforms on blockchain technology, making sure the information is both secure and decentralized.

Like any new technology, digital IDs come with great benefits, but also great risks. For the 21 million refugees worldwide, digital IDs can empower them to exercise their fundamental economic, social, and political rights while simultaneously benefitting aid agencies and governments by validating and streamlining its processes. But, the risks of recognition — of identification and a data trail — are real. We have an obligation to consider the human rights consequences of digital ID systems and to responsibly design and apply these systems in ways that put the interests and wellbeing of these populations above all else.