The Digital Transformation Of The Humanitarian Sector

When you’re pulling people from rubble after missile strikes, or tending to injuries in a tent, or worrying about getting the next truck with medical and food supplies past military check points in a war zone, the latest transformations from technology and digitalization might seem distant – but not for long.

In a few short years, Uber has completely transformed the way we get around cities. Long-established taxi companies suddenly found that, when people could see user ratings of individual drivers, their company brand was no longer a selling point. Their infrastructure – offices, telephone systems – become unnecessary overheads when all you need is an app. For taxi users, Uber has mostly been welcome, bringing a drop in prices; for taxi companies, it has been a disaster.

Some industries had been grappling with technological disruption for years before Uber disrupted taxis: think, for example, of the music industry and Napster. Others are only now beginning the process: it remains unclear, for example, how fundamentally block chain and distributed ledger technologies might upend the financial industry.

No industry – no part of life – is immune to being disrupted by technology. And that includes conflict and humanitarian relief.
In many industries, the talk is of ‘self-disruption’ – established players are trying to anticipate how technology may be about to change the landscape, identify the risks and opportunities, and get ahead of the process rather than waiting to be surprised. Established humanitarian agencies likewise need to ask: how might technology reshape humanitarian relief in the coming years, and what should we be doing to prepare?

The rise of the ‘connected beneficiary’

Some sudden catastrophe means you must flee your home, right now. You might or might not ever come back. You have a few moments to grab whatever you can carry. What will you take? It’s a fair bet that near the top of the list is your smartphone. Of course you’d want it with you: to find out where you’re loved ones are; to keep up with news and rumours; to access information and assets, if you have any; to plan where you might go next.

True, not everyone has a smartphone yet – but many do, including seven in ten Syrian youths. When refugees reach a place of relative safety, some of their first questions are “Where can I charge my phone?” and “Is there Wi-Fi?” Increasingly, in the future, beneficiaries will be connected – and that opens up tremendous opportunities to help them more effectively. It will become easier, for example, to collect and analyze data about where refugees are going – and to get good information to them about their options in fast-changing situations.

We may see the rise of online direct-giving platforms, where refugees can prove their identity and describe their current needs, and individual donors can electronically transfer money to them. We may see widespread use of drones to drop aid supplies. Such innovations could start to make the traditional methods of delivering humanitarian aid – large organizations with a sense of pride in always having workers on the ground, physically proximate to beneficiaries – look as anachronistic to donors as old-style taxi companies in the age of Uber.

Beneficiaries need the best of both worlds: for more nimble and efficient ways of meeting their needs to be embraced by agencies with a history that inspires trust. For those agencies, that implies a willingness to self-disrupt in partnership with willing innovators – to constantly question the value of their ways of working, and think hard about the potential opportunities presented by technology to connect people, things, processes and data in new ways. But in seeking to harness the immense opportunities of technology to improve humanitarian aid, they also need to be conscious of some very real risks.

Cyber security and data privacy

There are obvious benefits in, for example, a doctor from one organization being able to use a beneficiary’s digital identity to call up details of medical treatment they previously received at a clinic run by a different organization. But associating data with digital identities inevitably creates issues of privacy and security. And while the consequences of data breaches in peaceful, developed societies are likely to be limited to inconvenience, loss of privacy or financial risks – recovering stolen money, say, or getting one’s name off a credit blacklist – for refugees, they could more easily become matters of life and death.

Consider these different but intertwined scenarios:

  • Sudden political change sweeps your country. A group you’ve belonged to for years is now persecuted. You manage to flee, but now unknown entities have access to data from various apps you’ve had on your phone or platforms you have accessed and used, which show where you have been and with whom over the past few years. This enables them to identify your family members and networks, and target you and them with threatening messages.
  • You arrive at a refugee camp, hungry and desperate. To access food and basic necessities, you have to agree to provide biometric data – iris and fingerprint scans. Several years hence, you are living in a country which passes a new law asserting jurisdiction over data stored in the cloud by the organization that helped you. By taking your fingerprint, the security services can now find out not only your ethnicity or immigration status but your movements, consumer patterns and financial situation. In some instances the pressure is happening real-time, as data is collected. The fact that ‘humanitarian data’ is picked up and used for purposes other than humanitarian, such as counter-terrorism or migration flow management (while understandable and important from one point of view), puts the individuals at risk of adverse, albeit potentially legitimate, consequences (such as arrest, denial of entry, etc). As a consequence it means that these people will not be able to access essential humanitarian assistance. The humanitarian organization, which collected the data for a humanitarian purpose will be effectively participating, by the use of that data for purposes other than humanitarian (whether willingly or not). This could then severely compromise the ability of the humanitarian organization to continue to carry out its humanitarian activities.
  • You are a humanitarian relief worker. You are taken to visit a person in need of humanitarian assistance or protection. Unknown to you, your phone has been hacked, or the metadata generated by your phone is aggregated, allowing its location to be surveilled, your social media activity followed and telecom metadata analyzed. The next day, the house you visited is destroyed in a drone strike or the people you met with detained. Suddenly your organization is viewed locally with anger and suspicion, and and perception of neutrality of humanitarian action is compromised.

Despite the gravity of potential risks of data breaches, data hygiene tends not to be a high priority for humanitarian workers in the heat of a crisis situation – understandably so, when time is of the essence and workers from different agencies need to be able to collaborate quickly on the basis of trust. Meanwhile, many beneficiaries have only recently come online and have not yet developed a mature appreciation of the risks that come with connectivity. Others are simply having a hard time to adapt to a new reality where connectivity also carries greater risks.

Surprisingly few efforts have been made to understand the specific needs for information security risk management in an humanitarian context

In spite of work done by the UN, little tangible progress has been made. Part of the problem is that donors, seeking efficiency, do not put pressure on agencies to invest in stronger cyber policies or data protection regimes. Another part of the problem is that agencies, like any business with a reputation to protect, have the incentive not to admit when they have been hacked.

In considering how to seize the opportunities of technological self-disruption, humanitarian agencies need to pay more heed to the potentially devastating impact of being publicly implicated in a data breach that endangers the lives of beneficiaries (and staff). There needs to be more proactive discussion on global standards for collecting, sharing and storing data in times of crisis – and a zero-tolerance for attempts to penetrate these organizations to gain insights into people at their most vulnerable. Some examples of situations where these risks have materialized are reported in the 2013 report by Privacy International Aiding Surveillance. The International Conference of Privacy and Data Protection Commissioners recognized these risks in its 2015 and 2016 resolutions on Privacy and International Humanitarian Action, in which it noted that:

Humanitarian organizations not benefiting from Privileges and Immunities may come under pressure to provide data collected for humanitarian purposes to authorities wishing to use such data for other purposes (for example control of migration flows and the fight against terrorism). The risk of misuse of data may have a serious impact on data protection rights of displaced persons and can be a detriment to their safety, as well as to humanitarian action more generally.
Misinformation and the changing nature of war

Among the ways in which technology is transforming the conduct of conflict is opening up new possibilities to battle for the control of the narrative, by using third party commercial agents and ‘chatbots’ to disseminate propaganda in ways that appear organic.

Technological change brings another under-appreciated risk for humanitarian agencies: becoming the victim of concerned misinformation campaigns using new and social media platforms. This risk intersects with the risk of data privacy breaches. Imagine an online platform established by a humanitarian agency to crowd-source data from citizens about what is happening in real-time during a conflict, to provide information about evolving humanitarian needs and collect evidence to document abuses. Now imagine such a platform being hacked or spoofed to create a false picture about who is attacking whom. A successful hack could rapidly reshape perceptions and change the course of conflict.

The recent targeting of humanitarian efforts in physical attacks, from medical convoys to facilities or individuals, indicates that norms are shifting, and agencies’ reputation for neutrality is no longer guaranteed to offer protection. It will be increasingly desirable to attack an agency’s reputation directly, if a party to a conflict perceives it to be in their interest to spread misinformation about the mandate, impact and purpose of its operations or the intentions of its staff. The consequences could be devastating, with a high cost of reestablishing staff security and organizational reputation, and ultimately of the beneficiaries for whom the action of such organizations is essential.

Currently, little thought is going into game-planning such scenarios and thinking through possible responses or mitigation strategies. The same is true for other questions raised by how technology is reshaping the conduct of both war and humanitarian relief. Imagine, for example, a party to a conflict perceiving a strategic advantage in taking down the physical infrastructure that underpins an enemy’s connectivity – fibreoptic cables or GPS satellites; if communications go down over a wide area for a long time, what challenges would it create for delivering humanitarian relief, particularly once humanitarian organizations start to rely heavily on digital connectivity and disinvest in physical, frugal, operational capability?

The same is true for other questions raised by how technology is reshaping the conduct of both war and humanitarian relief. Imagine, for example, a party to a conflict perceiving a strategic advantage in taking down the physical infrastructure that underpins an enemy’s connectivity – fibreoptic cables or GPS satellites; if communications go down over a wide area for a long time, what challenges would it create for delivering humanitarian relief, particularly once humanitarian organizations start to rely heavily on digital connectivity and disinvest in physical, frugal, operational capability? There are no easy answers to this question, or the many others raised by thinking about how technology will disrupt the conduct of war and humanitarian relief. How best to meet refugees’ data protection needs, even when refugees themselves may not be aware of them?

What opportunities may exist to serve connected beneficiaries and victims of armed conflict more efficiently? Humanitarian agencies are starting to address these questions, but slowly; the question is whether they can adapt and accept the change in mindset needed to mitigate risks and build on the potential offered by the exponential growth rate and convergence of new technologies and digital transformation for a forward-looking humanitarian response.

Anja Kaspersen is Head of Strategic Engagement and New Technologies, International Committee of the Red Cross,  ICRC

This article is co-authored with Charlotte Lindsey-Curtet, Director of communication and information management, ICRC. 

The article was first published by the ICRC

« Surprise: Snowden Knows Some Russian Spies
Seamless Bio Electronic Devices »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

GSMA - IoT Security Guidelines

GSMA - IoT Security Guidelines

GSMA has created a set of security guidelines for the benefit of service providers who are looking to develop new IoT products and services.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

DIGISOC

DIGISOC

DIGISOC, a leader in Latin America in Cybersecurity solutions, combines machine learning with human intelligence to be effective in detecting cyber threats.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

Novem CS

Novem CS

Novem CS are bespoke cyber security specialists providing a highly effective and specialised approach to solving your cyber security challenges.

SecureCyber

SecureCyber

Secure Cyber Defense offers industry-leading technology and managed detection and response solutions.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.

Pantherun Technologies

Pantherun Technologies

Pantherun is a pioneering force in the realm of encryption technology and data protection solutions.