The Digital Transformation Of The Humanitarian Sector

When you’re pulling people from rubble after missile strikes, or tending to injuries in a tent, or worrying about getting the next truck with medical and food supplies past military check points in a war zone, the latest transformations from technology and digitalization might seem distant – but not for long.

In a few short years, Uber has completely transformed the way we get around cities. Long-established taxi companies suddenly found that, when people could see user ratings of individual drivers, their company brand was no longer a selling point. Their infrastructure – offices, telephone systems – become unnecessary overheads when all you need is an app. For taxi users, Uber has mostly been welcome, bringing a drop in prices; for taxi companies, it has been a disaster.

Some industries had been grappling with technological disruption for years before Uber disrupted taxis: think, for example, of the music industry and Napster. Others are only now beginning the process: it remains unclear, for example, how fundamentally block chain and distributed ledger technologies might upend the financial industry.

No industry – no part of life – is immune to being disrupted by technology. And that includes conflict and humanitarian relief.
In many industries, the talk is of ‘self-disruption’ – established players are trying to anticipate how technology may be about to change the landscape, identify the risks and opportunities, and get ahead of the process rather than waiting to be surprised. Established humanitarian agencies likewise need to ask: how might technology reshape humanitarian relief in the coming years, and what should we be doing to prepare?

The rise of the ‘connected beneficiary’

Some sudden catastrophe means you must flee your home, right now. You might or might not ever come back. You have a few moments to grab whatever you can carry. What will you take? It’s a fair bet that near the top of the list is your smartphone. Of course you’d want it with you: to find out where you’re loved ones are; to keep up with news and rumours; to access information and assets, if you have any; to plan where you might go next.

True, not everyone has a smartphone yet – but many do, including seven in ten Syrian youths. When refugees reach a place of relative safety, some of their first questions are “Where can I charge my phone?” and “Is there Wi-Fi?” Increasingly, in the future, beneficiaries will be connected – and that opens up tremendous opportunities to help them more effectively. It will become easier, for example, to collect and analyze data about where refugees are going – and to get good information to them about their options in fast-changing situations.

We may see the rise of online direct-giving platforms, where refugees can prove their identity and describe their current needs, and individual donors can electronically transfer money to them. We may see widespread use of drones to drop aid supplies. Such innovations could start to make the traditional methods of delivering humanitarian aid – large organizations with a sense of pride in always having workers on the ground, physically proximate to beneficiaries – look as anachronistic to donors as old-style taxi companies in the age of Uber.

Beneficiaries need the best of both worlds: for more nimble and efficient ways of meeting their needs to be embraced by agencies with a history that inspires trust. For those agencies, that implies a willingness to self-disrupt in partnership with willing innovators – to constantly question the value of their ways of working, and think hard about the potential opportunities presented by technology to connect people, things, processes and data in new ways. But in seeking to harness the immense opportunities of technology to improve humanitarian aid, they also need to be conscious of some very real risks.

Cyber security and data privacy

There are obvious benefits in, for example, a doctor from one organization being able to use a beneficiary’s digital identity to call up details of medical treatment they previously received at a clinic run by a different organization. But associating data with digital identities inevitably creates issues of privacy and security. And while the consequences of data breaches in peaceful, developed societies are likely to be limited to inconvenience, loss of privacy or financial risks – recovering stolen money, say, or getting one’s name off a credit blacklist – for refugees, they could more easily become matters of life and death.

Consider these different but intertwined scenarios:

  • Sudden political change sweeps your country. A group you’ve belonged to for years is now persecuted. You manage to flee, but now unknown entities have access to data from various apps you’ve had on your phone or platforms you have accessed and used, which show where you have been and with whom over the past few years. This enables them to identify your family members and networks, and target you and them with threatening messages.
  • You arrive at a refugee camp, hungry and desperate. To access food and basic necessities, you have to agree to provide biometric data – iris and fingerprint scans. Several years hence, you are living in a country which passes a new law asserting jurisdiction over data stored in the cloud by the organization that helped you. By taking your fingerprint, the security services can now find out not only your ethnicity or immigration status but your movements, consumer patterns and financial situation. In some instances the pressure is happening real-time, as data is collected. The fact that ‘humanitarian data’ is picked up and used for purposes other than humanitarian, such as counter-terrorism or migration flow management (while understandable and important from one point of view), puts the individuals at risk of adverse, albeit potentially legitimate, consequences (such as arrest, denial of entry, etc). As a consequence it means that these people will not be able to access essential humanitarian assistance. The humanitarian organization, which collected the data for a humanitarian purpose will be effectively participating, by the use of that data for purposes other than humanitarian (whether willingly or not). This could then severely compromise the ability of the humanitarian organization to continue to carry out its humanitarian activities.
  • You are a humanitarian relief worker. You are taken to visit a person in need of humanitarian assistance or protection. Unknown to you, your phone has been hacked, or the metadata generated by your phone is aggregated, allowing its location to be surveilled, your social media activity followed and telecom metadata analyzed. The next day, the house you visited is destroyed in a drone strike or the people you met with detained. Suddenly your organization is viewed locally with anger and suspicion, and and perception of neutrality of humanitarian action is compromised.

Despite the gravity of potential risks of data breaches, data hygiene tends not to be a high priority for humanitarian workers in the heat of a crisis situation – understandably so, when time is of the essence and workers from different agencies need to be able to collaborate quickly on the basis of trust. Meanwhile, many beneficiaries have only recently come online and have not yet developed a mature appreciation of the risks that come with connectivity. Others are simply having a hard time to adapt to a new reality where connectivity also carries greater risks.

Surprisingly few efforts have been made to understand the specific needs for information security risk management in an humanitarian context

In spite of work done by the UN, little tangible progress has been made. Part of the problem is that donors, seeking efficiency, do not put pressure on agencies to invest in stronger cyber policies or data protection regimes. Another part of the problem is that agencies, like any business with a reputation to protect, have the incentive not to admit when they have been hacked.

In considering how to seize the opportunities of technological self-disruption, humanitarian agencies need to pay more heed to the potentially devastating impact of being publicly implicated in a data breach that endangers the lives of beneficiaries (and staff). There needs to be more proactive discussion on global standards for collecting, sharing and storing data in times of crisis – and a zero-tolerance for attempts to penetrate these organizations to gain insights into people at their most vulnerable. Some examples of situations where these risks have materialized are reported in the 2013 report by Privacy International Aiding Surveillance. The International Conference of Privacy and Data Protection Commissioners recognized these risks in its 2015 and 2016 resolutions on Privacy and International Humanitarian Action, in which it noted that:

Humanitarian organizations not benefiting from Privileges and Immunities may come under pressure to provide data collected for humanitarian purposes to authorities wishing to use such data for other purposes (for example control of migration flows and the fight against terrorism). The risk of misuse of data may have a serious impact on data protection rights of displaced persons and can be a detriment to their safety, as well as to humanitarian action more generally.
Misinformation and the changing nature of war

Among the ways in which technology is transforming the conduct of conflict is opening up new possibilities to battle for the control of the narrative, by using third party commercial agents and ‘chatbots’ to disseminate propaganda in ways that appear organic.

Technological change brings another under-appreciated risk for humanitarian agencies: becoming the victim of concerned misinformation campaigns using new and social media platforms. This risk intersects with the risk of data privacy breaches. Imagine an online platform established by a humanitarian agency to crowd-source data from citizens about what is happening in real-time during a conflict, to provide information about evolving humanitarian needs and collect evidence to document abuses. Now imagine such a platform being hacked or spoofed to create a false picture about who is attacking whom. A successful hack could rapidly reshape perceptions and change the course of conflict.

The recent targeting of humanitarian efforts in physical attacks, from medical convoys to facilities or individuals, indicates that norms are shifting, and agencies’ reputation for neutrality is no longer guaranteed to offer protection. It will be increasingly desirable to attack an agency’s reputation directly, if a party to a conflict perceives it to be in their interest to spread misinformation about the mandate, impact and purpose of its operations or the intentions of its staff. The consequences could be devastating, with a high cost of reestablishing staff security and organizational reputation, and ultimately of the beneficiaries for whom the action of such organizations is essential.

Currently, little thought is going into game-planning such scenarios and thinking through possible responses or mitigation strategies. The same is true for other questions raised by how technology is reshaping the conduct of both war and humanitarian relief. Imagine, for example, a party to a conflict perceiving a strategic advantage in taking down the physical infrastructure that underpins an enemy’s connectivity – fibreoptic cables or GPS satellites; if communications go down over a wide area for a long time, what challenges would it create for delivering humanitarian relief, particularly once humanitarian organizations start to rely heavily on digital connectivity and disinvest in physical, frugal, operational capability?

The same is true for other questions raised by how technology is reshaping the conduct of both war and humanitarian relief. Imagine, for example, a party to a conflict perceiving a strategic advantage in taking down the physical infrastructure that underpins an enemy’s connectivity – fibreoptic cables or GPS satellites; if communications go down over a wide area for a long time, what challenges would it create for delivering humanitarian relief, particularly once humanitarian organizations start to rely heavily on digital connectivity and disinvest in physical, frugal, operational capability? There are no easy answers to this question, or the many others raised by thinking about how technology will disrupt the conduct of war and humanitarian relief. How best to meet refugees’ data protection needs, even when refugees themselves may not be aware of them?

What opportunities may exist to serve connected beneficiaries and victims of armed conflict more efficiently? Humanitarian agencies are starting to address these questions, but slowly; the question is whether they can adapt and accept the change in mindset needed to mitigate risks and build on the potential offered by the exponential growth rate and convergence of new technologies and digital transformation for a forward-looking humanitarian response.

Anja Kaspersen is Head of Strategic Engagement and New Technologies, International Committee of the Red Cross,  ICRC

This article is co-authored with Charlotte Lindsey-Curtet, Director of communication and information management, ICRC. 

The article was first published by the ICRC

« Surprise: Snowden Knows Some Russian Spies
Seamless Bio Electronic Devices »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Imprivata

Imprivata

Imprivata is the digital identity company for life- and mission-critical industries, redefining how organizations solve complex workflow, security, and compliance challenges.

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council is a leading collaborative effort between Government of India and Industry to raise Cybersecurity awareness nationally.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Next DLP

Next DLP

Next DLP (formerly Jazz Networks) is a leading provider of insider risk and data protection solutions.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.

WIIT Group

WIIT Group

WIIT Group are focused on a single goal: securing our clients’ critical processes and enabling them for digital transformation.