UN uses biometrics to allocate refugee benefits, but is it ethical?

Azraq — At a grocery store checkout in the Jordanian refugee camp of Azraq, Sameera Sabbouh stares wide-eyed into a scanner to pay for her shopping — her iris scan unlocking payment from a digital aid account with the help of blockchain technology.

Many of the nearly 40,000 Syrians who live in the camp recognise the convenience of the cashless, card-free payment method, which verifies recipients’ identity by referencing a UN database, but few said they like it.

“It’s really tiring. It doesn’t take the eye scan in the first try — it is two or three times before it takes the scan,” said Sabbouh, a mother of two from Aleppo who fled the city in 2015. “I would rather have my fingerprint scanned.”

Introduced in 2017, the World Food Programme’s (WFP) Building Blocks initiative was one of the first to harness blockchain technology in humanitarian aid delivery, and it now reaches more than 1-million refugees in Jordan and Bangladesh.

The system enables the tracking, co-ordination and delivery of multiple types of assistance, including cash, food, water and medicine, and has saved about $2.5m in bank fees on millions of transactions, according to the WFP.

Guinea pigs

But digital rights groups question the use of such new technology among vulnerable groups such as refugees, and the need for them to surrender sensitive biometric data to receive vital food aid.

“The refugees are guinea pigs,” said Petra Molnar, a fellow at Harvard University’s Berkman Klein Center for Internet and Society, adding that she is troubled that such “experiments” are being conducted on marginalised groups.

“Imagine what would happen at your local grocery store if all of a sudden iris scanning became a thing; people would be up in arms. But somehow it is OK to do it in a refugee camp,” she told the Thomson Reuters Foundation.

Others question whether refugees reliant on aid are in a position to give informed consent. “The issue of consent has a question mark on it,” said Dima Samaro, an independent human rights researcher based in Tunisia. “Did they give consent because they are content, or because they are being forced?”

Responding to such criticism, Roland Schoenbauer, a spokesperson for the UN refugee agency (UNHCR), said refugees were informed about the objectives of gathering their data when they were asked to give permission.

“UNHCR doesn’t share biometric data with anybody under the sun,” he said in an interview at the Azraq camp, adding that if refugees chose to opt out of the programme they would still receive the same level of assistance.

Ticking bomb

As the number of people fleeing war, poverty, persecution and environmental disaster reaches record levels worldwide, states have turned to a range of digital technologies to monitor the flow of people and control their access to services.

These include smart IDs, GPS monitors and blockchain, the decentralised database technology that underpins cryptocurrency.

But while states and aid agencies say these technologies have increased efficiency and reduced waste, the systems have sometimes exposed vulnerable refugees to surveillance and commercial exploitation of their data, critics say.

“Imagine if this were to fall in the hands of bad faith actors,” said Marwa Fatafta, Middle East and North Africa policy manager at digital rights group Access Now, warning that refugees also have less legal protection and fewer safeguards in countries without strong data protection laws.

“Collecting biometric data to identify someone is a very invasive form of identification. It is not necessary, it is not proportionate, and it violates international standards on privacy which UN agencies should subscribe to,” she said.

The UNHCR faced criticism over its collection of Rohingya refugees’ data at the vast refugee camps where they live in Bangladesh. Human Rights Watch said in a report in 2021 that the agency had not conducted a full data impact assessment, and in some cases failed to obtain refugees’ informed consent for their data to be shared with Myanmar, the country they had fled.

Similarly, when the Taliban took over Afghanistan in 2021, there were fears that biometric databases and sensitive data gathered by aid agencies and the government would fall into their hands and used to hunt down activists and dissidents.

Not necessary

IrisGuard, the company commissioned by the UN for the eye scanners and the software that verifies payments and transactions in Jordan, does not retain any data on the refugees, said Simon Reed, a director at the company.

The machines have built-in encryption, and the company adheres to the General Data Protection Regulation, the EU’s legal framework ensuring privacy rights, he added. “We wanted this to be as absolutely anonymous as we could possibly make it.”  

For many of the Syrians living in Azraq, the payment method’s convenience trumps any concerns. Refugee Mohammad Jabbar al-Helak said he is not worried about who has access to his biometric data and that he trusts the UNHCR.

Before the iris scanning was introduced, he said he had to use a debit-like ID card that could easily be misplaced, or the PIN forgotten. “It’s better than before by far,” he said. “If the internet is good, it’s done in the blink of an eye.”

Originally published here.

The Thomson Reuters Foundation