Big tech firms are racing to track climate refugees - MIT Technology Review
To be an undocumented refugee, these days, is to exist in many places and to not exist at all. It is to have your movements, words, and actions tracked, archived, and multiplied. It is to live between fences, tents, and databases—one new entry per doctor’s visit, per bag of rice, per canister of water. It can mean having your biometric and biographical data scanned, stored, and cross-checked by people you do not know, and who speak a language you may not understand. It is to have your identity multiplied, classified, and reduced to lines of code. It is to live in spreadsheets.
Today, around 1.1 billion people live without a recognized form of identification. In many cases, their papers—if they ever had papers at all—have been burned, lost, or otherwise destroyed. And the number is growing every day. The United Nations High Commissioner for Refugees (UNHCR), the UN’s refugee agency, estimates that in 2017, one person became displaced every two seconds as a result of conflict, economics, or climate change. “In short, the world had almost as many forcibly displaced people in 2017 as the population of Thailand,” the agency reports. “Across all countries, one in every 110 persons is someone displaced.”
The next frontier, though, is not figuring out where people have been or where they will settle: it is figuring out who they will be when they get there. What will their “digital identity” look like? Who will hold the keys? A number of new and established tech companies are rushing to answer these critical questions. Technology accelerated the global identity crisis, and now technology claims to have the solution.
But now that so much of our economic and political life takes place online, creating new forms of identity has taken on a severe urgency. Both the private and public sectors are racing to come up with a sustainable way of counting, identifying, and connecting not only the growing population of the global displaced, but also the wealthy population of the voluntarily mobile. Mastercard, Microsoft, Apple, Palantir, and Facebook have all entered the field, through private ventures as well as controversial partnerships with some of the world’s largest humanitarian agencies.
In 2015, all the UN’s member states committed to providing “legal identity for all” by 2030 as part of its Sustainable Development Goals. As a result, virtually every major aid-granting agency is either incubating, researching, or piloting a digital identity program.
Et hop, Palantir dans la boucle... humanitaire, tant qu’à faire.
The UN’s World Food Programme recently announced a new $45 million, five-year collaboration with Palantir that will use the Palo Alto firm’s “range of digital analytical solutions” to streamline and track the dispersal of humanitarian aid. The move was immediately met with skepticism among privacy advocates: a group of more than 60 human rights activists sent an open letter to WFP executives, expressing deep concern over the partnership and urging WFP leaders to “reconsider the terms and scope of the agreement with Palantir.”
They argued that not only would the partnership threaten to “seriously damage the reputation of the WFP,” but also that it could “seriously undermine the rights of 90 million people the WFP serves.” The controversy, researchers said, should be a “wake-up call” to the humanitarian community about the dangers of relying on digital data and entrusting their networks to third parties.
In a statement responding to these concerns, the WFP wrote that a series of “checks and balances” would protect private, identifying data, and that Palantir would not be able to use it for commercial gain. In an e-mail to MIT Technology Review, a WFP representative wrote that the agency has its own solutions to managing refugee identities, and that “the WFP-Palantir partnership does not focus on areas that require personally identifiable information (PII) of beneficiaries, nor does it focus on digital identity. No PII data is ever shared with Palantir or with any other partner. Only anonymized/encrypted information is used to analyze allocation of assistance to ensure complete privacy and security for the people we serve.”
Yet as researcher Faine Greenwood said in Slate, the WFP may be overestimating its ability to protect and anonymize sensitive data.
Expérimenter la blockchain sur des populations fragilisées comme les Rohynga, quelle bonne idée.
Both the promise and the risks of digital identity have already become evident in the work of a small army of blockchain and biometric startups. The immutable, decentralized nature of the blockchain has led a number of startups to pin their hopes on the emerging technology as a solution to the problem of storing and protecting sensitive information, including biometric data.
Passbase, which bills itself as “the first self-sovereign identity platform backed by verified government documents, linked social media accounts, and biometric signatures,” has raised seed funding from Alphabet and Stanford, and currently accepts documents from over 150 countries. Vinny Lingham, cofounder of the blockchain identity verification company Civic, goes so far as to claim that his company can help save democracy. WFP.s Building Blocks program also uses blockchain inside a refugee camp in Jordan.
Maybe blockchain will save democracy. Or maybe it will make future political crises even worse. The Rohingya Project distributed blockchain-based digital identity cards to Rohingya refugees in order to help them access financial, legal, and medical services. It is, on the face of things, an altruistic, forward-looking humanitarian initiative. But uploading highly sensitive, identifying biometric information to an immutable ledger and testing emerging technology on a vulnerable population means exposing that population to untold risks.
Data breaches, like those that have repeatedly exposed personal information in India’s Aadhaar biometric identification program, have exposed at-risk populations to new dangers. And they are all too common: in March, a data breach at the US Federal Emergency Management Agency exposed the personal information of 2.3 million survivors of American wildfires and hurricanes, leaving them vulnerable to identity fraud. In April, Kaspersky Labs reported that over 60,000 user digital identities could be bought for $5 to $200 via a dark-net marketplace. No technology is invulnerable to error, and no database, no matter how secure, is 100% protected from a breach.
As digital identification technologies flood into the market, it is difficult to imagine predicting or preventing the disruptions—good and bad—that they will cause. Blockchain and biometric technologies have touched off a critical reevaluation of the most existential questions: What determines identity, and how many identities can one person claim? What will it mean when official identification eventually—inevitably—is no longer the purview of the nation-state?
“Everybody deserves to have formal identification that they can use to exert their rights,” says Brandie Nonnecke, director of UC Berkeley’s CITRIS Policy Lab, which works on technology development in the social interest.
But the rush of public and private digital identity programs has already begun to complicate fundamental questions about identification, registration, citizenship, and belonging. Even the simplest questions about digital identity have yet to be determined, Nonnecke says: “Do you have one identity, or do you have multiple identities across institutions? Is that a safeguard, or does it create more risk?”