Surveillance as a Condition for Humanitarian Aid

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance.

Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing for fraud requires entire populations to be tracked using their personal data. And that experimental technologies will work as planned in a chaotic conflict setting. And last, that the ethics of consent don’t apply for people who are starving.

Tags: , ,

Posted on August 20, 2019 at 6:45 AM17 Comments

Comments

Fankly August 20, 2019 8:58 AM

This same sad concept will certainly end up being applied to social safety net programs, probably under the excuse that the surveillance is needed to prevent fraud. Technology creates all kinds of new ways to abuse government power.

Erdem Memisyazici August 20, 2019 9:48 AM

It hasn’t worked historically, and we haven’t done anything differently this time around either. Perception is a subjective phenomenon, thus cannot be validated as controlled objectively. A set of similar perceptions is not an objective conclusion either much like a group of people viewing a magician’s performance. We need more James Randi type characters and less Uri Geller type characters in surveillence, like Mr. Schneier. The push to deploy constant surveillence once again is one of profitability and effects populations negatively in time (see chilling effect). Unfortunately this isn’t immediately obvious but is included in common principals such as, “Never assume your secrets are safe”, and “Do not deploy security through obscurity”, but we always get the basics wrong unfortunately.

Clive Robinson August 20, 2019 10:22 AM

@ Erdem Memisyazici,

We need more James Randi type characters and less Uri Geller type characters in surveillence

That is not going to sell product, esprcially product that remains owned courtesy of the DMCA and walled garden market places that rent seekers love so much…

Thus, dare I say “It ain’t gona happen bud”…

Tatütata August 20, 2019 11:28 AM

Highfalutin techno-gimmicks applied an old problem…

But can aid still be labelled “humanitarian” if it is conditional on the group to which its recipient is supposed to belong, or on the bl**dy flag sown on his rags, rather than on the human needs?

We already know that the hallowed human rights coded in our precious constitutions have plenty of exceptions, e.g., depending on which side of an imaginary dotted line on the ground the alleged human stands, or of some Catch-22 or gotcha paragraph, or a “convenient” interpretation made by a dingbat in a black robe… 🙁

Clive Robinson August 20, 2019 11:46 AM

@ Tatütata,

Highfalutin techno-gimmicks applied an old problem…

If only that was the problem with supposed “Humanitarian aid”. I won’t list what other horrors have slithered in under that banner, but death by preventable disease that blind eyes were turned to is but one…

JDM August 20, 2019 11:56 AM

The day they tie things like military contracts to extensive surveillance of the recipients is the day I’ll believe this is being done to combat fraud.

Faustus August 20, 2019 12:32 PM

We are accelerating downhill faster and faster into a surveillance state/world!

I am really happy the Bruce (not a typo) has gone independent. I thought he was wavering for a while but he seems fully back on the team. He provides an immense service in calling out each of these human rights violations.

I call upon everyone to do all they can do to oppose, obstruct, and contaminate each and every one of these authoritarian initiatives, to the best of their ability.

Hong Kong is everywhere! Let’s bring the anti-authoritarian spirit of the protestors home. Not the civil disorder part (unless called for). But their ingenuity in avoiding and obstructing surveillance.

Wo August 20, 2019 2:23 PM

To be fair, the ethics of consent are not exactly robust in the modern age as it is. Doing away with the appearance of consent being meaningful though….that is not a promising step for the future.

Peter S. Shenkin August 20, 2019 8:18 PM

I agree that in a war situation, the idea of carefully validating the right of each recipient to receive aid is misplaced. Even if fraud is a huge problem, there has got to be a better way.

But I disagree with the author on almost everything else.

Presenting it as an issue of “surveillance” is just not right. The effort is misguided, but it’s not about surveillance. It’s about validation of one’s right to receive a benefit in order to minimize fraud. It is directly analogous to an attempt to use biometric criteria to validate voter credentials. I’m not sure I would advocate even that unequivocally, but it’s different from surveillance. Yes, some, but not all, of the relevant technologies could be used for surveillance.

Further, the author says that the concept that “technology solutions can fix deeply embedded political problem” is one of “a number of unproven assumptions” that the effort is based upon.

First, I can’t imagine anyone believing that assumption in the first place. But even if you could find someone who did, the entire misguided effort is aimed at more efficiently providing food to starving people. You could, of course, argue that, even in the absence of identity validation, providing foo is itself a technological solution (green revolution; modern transportation; modern logistics technology); but I don’t think this what the author has in mind.

Second, might we not point out to the author that providing food to starving people never has solved “deeply embedded political problems”? By the author’s reasoning, apparently, this unfortunate fact means it should not be attempted. I prefer to think that giving food to starving civilians in a war zone is a good thing in itself.

Again, I agree that an over-concern with validating the identity of each recipient, no matter how it is done, is inimical to the goal of keeping people from starving to death, and is a bad thing.

But the author’s text is so overloaded with irrelevancies and contradictions that it would be an act of kindness to pretend he never wrote it.

Ismar August 21, 2019 4:08 AM

Read the short article linked to in the Bruce’s post and completely confused as to how this is supposed to work. Aid agencies are requesting biometrics from whom- locals who distribute the aid? How is this going to help them make sure the aid is not diverted to the rebels? Can anyone please shed some light here?

Ross August 21, 2019 10:47 AM

It’s not just poor folks in third-world countries. Lots of people here in the US have to exchange their personal health information with drug manufacturers to be able to get the medicine they need at an affordable price. What happens with that information is anyone’s guess.

Impossibly Stupid August 21, 2019 12:22 PM

@Peter S. Shenkin

I agree that in a war situation, the idea of carefully validating the right of each recipient to receive aid is misplaced. Even if fraud is a huge problem, there has got to be a better way.

Maybe, but maybe not; it all depends on the details of the problem as presented. An analogous scenario might be opioid drug prescriptions. You want the right people to get what they need, but the potential for abuse in the whole supply chain might require some invasive monitoring in order to find and fix the problem. And that could include the individual themselves, because whether it’s drugs or food or anything else, anyone at any time could decide to misuse a valuable resource.

Further, the author says that the concept that “technology solutions can fix deeply embedded political problem” is one of “a number of unproven assumptions” that the effort is based upon.

First, I can’t imagine anyone believing that assumption in the first place.

Really? There are a lot of people who think that the solution to police misconduct is to use body cams. The world is full of people who see a cheap technology and spin a story of how it can solve all of our human faults. Remember when the Internet was touted as something that would unite the planet? Instead we get companies like Ring making secret deals with police agencies to engage in surveillance capitalism.

But even if you could find someone who did, the entire misguided effort is aimed at more efficiently providing food to starving people.

It’s not so simple. They want to feed the “right” people. In a war zone, food is a weapon. This is partly why you don’t want to mix soldiers in with the civilian population. If a way can’t be found to identify innocent people who are caught in the middle, humanitarian organizations are then forced to either withdraw or feed the war machine.

I prefer to think that giving food to starving civilians in a war zone is a good thing in itself.

Again, arguments can be made both ways. The addition of resources to any problem should be done with some overarching plan. Unless your plan is to further victimize civilians, you shouldn’t just give them resources that armed soldiers can use to keep fighting. Starvation might be the symptom, but treating it doesn’t cure the disease of war.

Ross Anderson August 28, 2019 2:46 AM

I agree with Ismar. Although the first part of the article is on the nail, the last four paragraphs are waffle. “Databases can be not only encrypted but also engineered so that no one has access to the data” – so what use are they then?

Clive Robinson August 28, 2019 8:11 AM

@ ismar,

How is this going to help them make sure the aid is not diverted to the rebels? Can anyone please shed some light here?

By a process of “chain of custody” and “auditing”.

OK if we start of with ten tons of rice in 200 bar coded 50kg sacks. When you take custody of the rice the sack bar codes are recorded against your identity which you sign. You then deliver the sacks to ten aid posts. As part of that at each aid post the 20 sacks bar codes are recorded and transfered to another persons identity which they sign in some way.

In this way an audit trail is built up against a signed identity, down to the level of 1.5cups (~300g) given to an individual for 1/2 their calorific requirments per day.

The problem is ensuring the identity and signitures are not just unique but unforgable, when 80% of the individuals can be assumed to be in effect not just illiterate to the system in use but also have no way of preventing theft of tokenized credentials.

Whilst you can not stop an individual from being robbed of a 1kg bag of rice. Such a robbery has to be repeated every day across a great many individuals if the aid is to be diverted to rebels etc. In effect it’s not practical for the rebles to do so for various reasons.

What individual rebles could do is capture an individual steal their identity token and kill them, thus be able to get continued access to food from aid stations.

Thus how to stop this… Which is where the idea of biometrics comes in. You see this in schools in the UK where a child gets given an ID token for paying for food. At the checkout they “swipe” the token and sign each use of the token with their left index finger on a fingerprint reader… Thus you need not just the token but a live fingerprint…

As everything gets connected back for authorization to a central system the argument is that the food has gone to the right person. Further an audit trail backwards to the original supply of the food can be established and thus balanced to show that food has not gone missing in the supply line. Thus an aid agency can “show” the food has not gone to the rebels.

However if you have half a brain it does not take you long to work out how to cheat such a system[1]. But that does not realy matter because the paperwork covers various peoples backsides.

The problem then becomes one of validating individuals.

As Stella Rimington head of MI5 pointed out long ago, you can not prove who you are as there is no reliable and verifiable way to link you as a physical body to a name / paper identity[2].

So whilst if you have a biometric in the system you can check if a new applicant is in the system or not, you can not verify who they are. Even if they have papers at the end of the day they all currently trace back to just a single paper ID document which is your birth certificate which is known to be unreliable[3].

Thus for it’s stated purpose of not giving rebels food it likewise is unreliable.

But as for getting innocent peoples biometrics on mass it works just as well as the food tokens used in very many secondary schools in the UK currently… Which is very well.

Which brings on the idea of using not encryption exactly, but certainly cryptographic algorithms such as hash functions and how you put them to use. However we first have to realise that an audit trail is not implicitly a database as it’s main function is not one of looking discreet pieces of information up, but detecting when resources have gone missing and at what point.

Thus audit information is in effect an “append only authentication log” system not an “updatable database” system. Just like the access system on a computer, you only need an ID and an authenticator such as a password. The ID can be just a number as long as it is unique to the system and the authenticator does not need to be recorded, only that it was “valid”.

That is the logging mechanism checks the user supplied authenticator by pushing it through a one way function and comparing that “encrypted” form to the one stored in the table of valid IDs.

So in the same way you store passwords to stop people stealing the password database and having it all immediately usefull. You can in theory take the output of biometric devices and apply what are in practical effect “one way functions” to them. However due to environmental factors this does not work very well thus biometrics are most often stored unprotected….

[1] The easy way is to substitute sand/dirt for rice. Get a 50kg bag of rice, make a small hole in a seem and push in a hollow rod to vacuum or similar out a small say 0.5kg quantity of rice. Then blow back an equivalent weight of sand or dirt into the bag, withdraw it and seal the hole in the bag in some way. If you do it on the truck with the two hundred 50kg bags you end up wirh the equivalent of two bags of rice almost undetectably.

[2] Even DNA fails on this for tracable ID back through parents etc identical twins are effectively the same person. Likewise if you undergo bone marrow transplant your DNA changes over a period of time. Whilst their ways to tell two twins appart from each other if you have their biological specimens it does not work for tracability to other relatives.

[3] The method described in Frederick Forsyth’s “Day of the Jackle” still works most places in the world after nearly half a century.

Adela Holubova November 17, 2019 6:08 AM

Hey Bruce,

I was curious if you elaborate on that statement. I have an assignment for my Cyber Security course and our prof asked us to “critically analyse each of the four assumptions above and write detailed arguments to support your analysis – are the assumptions valid or invalid, if so why?”.

What are the scenarios you could apply these assumptions outside situations such humanitarian crises.

Also is the paragraph above of your origin or has it been written by Mark Latonero as I understand it?

Thank you very much and thank you for all the work you do for us — people,
Adela

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.