The Digital Transformation Of The Humanitarian Sector

Uploaded on 2017-01-11 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Health & Welfare

When you’re pulling people from rubble after missile strikes, or tending to injuries in a tent, or worrying about getting the next truck with medical and food supplies past military check points in a war zone, the latest transformations from technology and digitalization might seem distant – but not for long.

In a few short years, Uber has completely transformed the way we get around cities. Long-established taxi companies suddenly found that, when people could see user ratings of individual drivers, their company brand was no longer a selling point. Their infrastructure – offices, telephone systems – become unnecessary overheads when all you need is an app. For taxi users, Uber has mostly been welcome, bringing a drop in prices; for taxi companies, it has been a disaster.

Some industries had been grappling with technological disruption for years before Uber disrupted taxis: think, for example, of the music industry and Napster. Others are only now beginning the process: it remains unclear, for example, how fundamentally block chain and distributed ledger technologies might upend the financial industry.

No industry – no part of life – is immune to being disrupted by technology. And that includes conflict and humanitarian relief.
In many industries, the talk is of ‘self-disruption’ – established players are trying to anticipate how technology may be about to change the landscape, identify the risks and opportunities, and get ahead of the process rather than waiting to be surprised. Established humanitarian agencies likewise need to ask: how might technology reshape humanitarian relief in the coming years, and what should we be doing to prepare?

The rise of the ‘connected beneficiary’

Some sudden catastrophe means you must flee your home, right now. You might or might not ever come back. You have a few moments to grab whatever you can carry. What will you take? It’s a fair bet that near the top of the list is your smartphone. Of course you’d want it with you: to find out where you’re loved ones are; to keep up with news and rumours; to access information and assets, if you have any; to plan where you might go next.

True, not everyone has a smartphone yet – but many do, including seven in ten Syrian youths. When refugees reach a place of relative safety, some of their first questions are “Where can I charge my phone?” and “Is there Wi-Fi?” Increasingly, in the future, beneficiaries will be connected – and that opens up tremendous opportunities to help them more effectively. It will become easier, for example, to collect and analyze data about where refugees are going – and to get good information to them about their options in fast-changing situations.

We may see the rise of online direct-giving platforms, where refugees can prove their identity and describe their current needs, and individual donors can electronically transfer money to them. We may see widespread use of drones to drop aid supplies. Such innovations could start to make the traditional methods of delivering humanitarian aid – large organizations with a sense of pride in always having workers on the ground, physically proximate to beneficiaries – look as anachronistic to donors as old-style taxi companies in the age of Uber.

Beneficiaries need the best of both worlds: for more nimble and efficient ways of meeting their needs to be embraced by agencies with a history that inspires trust. For those agencies, that implies a willingness to self-disrupt in partnership with willing innovators – to constantly question the value of their ways of working, and think hard about the potential opportunities presented by technology to connect people, things, processes and data in new ways. But in seeking to harness the immense opportunities of technology to improve humanitarian aid, they also need to be conscious of some very real risks.

Cyber security and data privacy

There are obvious benefits in, for example, a doctor from one organization being able to use a beneficiary’s digital identity to call up details of medical treatment they previously received at a clinic run by a different organization. But associating data with digital identities inevitably creates issues of privacy and security. And while the consequences of data breaches in peaceful, developed societies are likely to be limited to inconvenience, loss of privacy or financial risks – recovering stolen money, say, or getting one’s name off a credit blacklist – for refugees, they could more easily become matters of life and death.

Consider these different but intertwined scenarios:

  • Sudden political change sweeps your country. A group you’ve belonged to for years is now persecuted. You manage to flee, but now unknown entities have access to data from various apps you’ve had on your phone or platforms you have accessed and used, which show where you have been and with whom over the past few years. This enables them to identify your family members and networks, and target you and them with threatening messages.
  • You arrive at a refugee camp, hungry and desperate. To access food and basic necessities, you have to agree to provide biometric data – iris and fingerprint scans. Several years hence, you are living in a country which passes a new law asserting jurisdiction over data stored in the cloud by the organization that helped you. By taking your fingerprint, the security services can now find out not only your ethnicity or immigration status but your movements, consumer patterns and financial situation. In some instances the pressure is happening real-time, as data is collected. The fact that ‘humanitarian data’ is picked up and used for purposes other than humanitarian, such as counter-terrorism or migration flow management (while understandable and important from one point of view), puts the individuals at risk of adverse, albeit potentially legitimate, consequences (such as arrest, denial of entry, etc). As a consequence it means that these people will not be able to access essential humanitarian assistance. The humanitarian organization, which collected the data for a humanitarian purpose will be effectively participating, by the use of that data for purposes other than humanitarian (whether willingly or not). This could then severely compromise the ability of the humanitarian organization to continue to carry out its humanitarian activities.
  • You are a humanitarian relief worker. You are taken to visit a person in need of humanitarian assistance or protection. Unknown to you, your phone has been hacked, or the metadata generated by your phone is aggregated, allowing its location to be surveilled, your social media activity followed and telecom metadata analyzed. The next day, the house you visited is destroyed in a drone strike or the people you met with detained. Suddenly your organization is viewed locally with anger and suspicion, and and perception of neutrality of humanitarian action is compromised.

Despite the gravity of potential risks of data breaches, data hygiene tends not to be a high priority for humanitarian workers in the heat of a crisis situation – understandably so, when time is of the essence and workers from different agencies need to be able to collaborate quickly on the basis of trust. Meanwhile, many beneficiaries have only recently come online and have not yet developed a mature appreciation of the risks that come with connectivity. Others are simply having a hard time to adapt to a new reality where connectivity also carries greater risks.

Surprisingly few efforts have been made to understand the specific needs for information security risk management in an humanitarian context

In spite of work done by the UN, little tangible progress has been made. Part of the problem is that donors, seeking efficiency, do not put pressure on agencies to invest in stronger cyber policies or data protection regimes. Another part of the problem is that agencies, like any business with a reputation to protect, have the incentive not to admit when they have been hacked.

In considering how to seize the opportunities of technological self-disruption, humanitarian agencies need to pay more heed to the potentially devastating impact of being publicly implicated in a data breach that endangers the lives of beneficiaries (and staff). There needs to be more proactive discussion on global standards for collecting, sharing and storing data in times of crisis – and a zero-tolerance for attempts to penetrate these organizations to gain insights into people at their most vulnerable. Some examples of situations where these risks have materialized are reported in the 2013 report by Privacy International Aiding Surveillance. The International Conference of Privacy and Data Protection Commissioners recognized these risks in its 2015 and 2016 resolutions on Privacy and International Humanitarian Action, in which it noted that:

Humanitarian organizations not benefiting from Privileges and Immunities may come under pressure to provide data collected for humanitarian purposes to authorities wishing to use such data for other purposes (for example control of migration flows and the fight against terrorism). The risk of misuse of data may have a serious impact on data protection rights of displaced persons and can be a detriment to their safety, as well as to humanitarian action more generally.
Misinformation and the changing nature of war

Among the ways in which technology is transforming the conduct of conflict is opening up new possibilities to battle for the control of the narrative, by using third party commercial agents and ‘chatbots’ to disseminate propaganda in ways that appear organic.

Technological change brings another under-appreciated risk for humanitarian agencies: becoming the victim of concerned misinformation campaigns using new and social media platforms. This risk intersects with the risk of data privacy breaches. Imagine an online platform established by a humanitarian agency to crowd-source data from citizens about what is happening in real-time during a conflict, to provide information about evolving humanitarian needs and collect evidence to document abuses. Now imagine such a platform being hacked or spoofed to create a false picture about who is attacking whom. A successful hack could rapidly reshape perceptions and change the course of conflict.

The recent targeting of humanitarian efforts in physical attacks, from medical convoys to facilities or individuals, indicates that norms are shifting, and agencies’ reputation for neutrality is no longer guaranteed to offer protection. It will be increasingly desirable to attack an agency’s reputation directly, if a party to a conflict perceives it to be in their interest to spread misinformation about the mandate, impact and purpose of its operations or the intentions of its staff. The consequences could be devastating, with a high cost of reestablishing staff security and organizational reputation, and ultimately of the beneficiaries for whom the action of such organizations is essential.

Currently, little thought is going into game-planning such scenarios and thinking through possible responses or mitigation strategies. The same is true for other questions raised by how technology is reshaping the conduct of both war and humanitarian relief. Imagine, for example, a party to a conflict perceiving a strategic advantage in taking down the physical infrastructure that underpins an enemy’s connectivity – fibreoptic cables or GPS satellites; if communications go down over a wide area for a long time, what challenges would it create for delivering humanitarian relief, particularly once humanitarian organizations start to rely heavily on digital connectivity and disinvest in physical, frugal, operational capability?

The same is true for other questions raised by how technology is reshaping the conduct of both war and humanitarian relief. Imagine, for example, a party to a conflict perceiving a strategic advantage in taking down the physical infrastructure that underpins an enemy’s connectivity – fibreoptic cables or GPS satellites; if communications go down over a wide area for a long time, what challenges would it create for delivering humanitarian relief, particularly once humanitarian organizations start to rely heavily on digital connectivity and disinvest in physical, frugal, operational capability? There are no easy answers to this question, or the many others raised by thinking about how technology will disrupt the conduct of war and humanitarian relief. How best to meet refugees’ data protection needs, even when refugees themselves may not be aware of them?

What opportunities may exist to serve connected beneficiaries and victims of armed conflict more efficiently? Humanitarian agencies are starting to address these questions, but slowly; the question is whether they can adapt and accept the change in mindset needed to mitigate risks and build on the potential offered by the exponential growth rate and convergence of new technologies and digital transformation for a forward-looking humanitarian response.

Anja Kaspersen is Head of Strategic Engagement and New Technologies, International Committee of the Red Cross,  ICRC

This article is co-authored with Charlotte Lindsey-Curtet, Director of communication and information management, ICRC. 

The article was first published by the ICRC

« Surprise: Snowden Knows Some Russian Spies
Seamless Bio Electronic Devices »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

Synovum

Synovum

Synovum was formed with the intention to provide high quality advice, consultancy, training and project management services to clients in all sectors of industry.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Aujas

Aujas

Aujas helps organizations manage information security risks by protecting data, software, people and identities in alignment with best practices and compliance requirements.

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

RhodeCode

RhodeCode

RhodeCode is an open source repository management platform. It provides unified security and team collaboration across Git, Subversion, and Mercurial.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

1Password

1Password

1Password combines industry-leading security with award-winning design to bring private, secure, and user-friendly password management to everyone.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Block Harbor Cybersecurity

Block Harbor Cybersecurity

Block Harbor has worked closely with automakers, suppliers, and regulators since 2014 on vehicle cybersecurity.