If you think mass iris scanning is still something reserved for dystopian sci-fi movies, think again. In the King Abdullah Park refugee camp in northern Jordan, Syrian refugees are paying for food with their eyes.

The United Nations World Food Programme (WFP) rolled out a pilot program for refugees this week that connects biometric data directly to points of sale and enables people to buy groceries with an iris scan.

The computerized system communicates with the United Nations refugee agency, UNHCR, which keeps a database of biometric data collected from refugees around the world. If the individual is confirmed to be a refugee in Jordan, based on their iris scan, a bank the organization works with approves the transaction.

Almost 5 million Syrian refugees have fled the country due to conflict, and identification of individuals is crucial for keeping track of people, distributing aid, and connecting with family members. Almost 1 million Syrian refugees are living in Jordan.

By using biometrics to identify refugees, the UNHCR says it’s easier for refugees to access funds, and prevents people from using someone else’s card or personal information to acquire goods meant for aid.

WFP

Additionally, iris scans can increase security, disallowing people associated with extremist groups to apply for and secure aid from the UN. Eye scanning reportedly led to a 30 percent drop in aid requested by Iraqi refugees in Jordan, which the organization says was partly due to fraud reduction.

The WFP’s Jordan pilot is the first to have iris scans at supermarkets to automatically pay for goods, but the UNHCR’s biometric data program already had scanners on ATMs in the country. In 2012, the UNHCR created a program with the Cairo Amman Bank, which already used biometrics in its banking system, that enabled refugees to receive financial assistance via eye scans on ATMs.

After the success of the banking program, UNHCR began development of a global Biometric Identity Management System (BIMS) in 2013 with Accenture technologies. Since then, the UN refugee agency has reportedly registered 1.6 million refugees in the Middle East, Africa, Asia, and Europe.

Iris scans and fingerprints are collected from refugees and stored in a system the UNHCR maintains. Once individuals are registered, they are given a “smart card” that can be accessed from UN card readers, even in remote areas with no Wi-Fi signal. When refugees change camps or countries, they can be tracked and identified.

In the U.S., the federal government is also using biometric data to keep track of refugees entering the country. Fingerprints are already standard protocol, and federal agencies will reportedly start using eye-scans and sharing that information with the UN. The Department of Homeland Security is working on controversial DNA tests that can be processed rapidly and used in field offices.

In a UN statement, 43-year-old Congolese refugee Olivier Mzaliwa said the biometrics registration was helpful to securing his identity. “I can be someone now,” Mzaliwa noted. “I am registered globally with the UN and you’ll always know who I am.”

While the WFP program in Jordan and UNHCR’s biometric data collection seems like a good solution for refugees to verify their identity in order to gain access to things like benefits, aid, and relocation assistance, especially if papers and documentation were left behind in the country they were fleeing, the process raises some serious privacy concerns.

WFP

Jennifer Lynch, senior staff attorney for the Electronic Frontier Foundation, points out that electronic databases of personal information can pose significant risks to security, even those run by government agencies.

“Just last year, we had this huge hack at the Office of Personnel Management databases, which was all the very sensitive and private information of federal employees and government contractors, including their biometrics,” Lynch said. “Databases are being hacked all the time, and that’s a huge threat to privacy and security. Because of course if it’s a biometric, you can’t change your biometric. It can be faked and used by someone else. Security researchers have shown that multiple times.”

The OPM hack was the largest cyberattack in U.S. government history, compromising 4 million people’s personal information.

The refugee surveillance system could create a central point of vulnerability. In one theoretical scenario, an attacker in a refugee’s home country could get access to biometric data and use it against the person or their family. Biometric data is especially sensitive, because unlike credit cards or even social security numbers, this information can’t be changed.

According to the refugee agency, BIMS “poses no risks to the confidentiality of refugees and prevents double registration.” However, there is no documentation describing privacy and security of the program, where the biometric data is stored, and if any third parties have access to it.

Unfortunately, the UNHCR did not respond to multiple requests for comment about the potential privacy concerns by press time.

Transitioning to a system that requires less paper documentation and relies on biology hastens the process of documenting refugees who may be unable to carry proper identification with them while fleeing violence, famine, or human rights abuses. But what about people in developed countries who carry drivers’ licenses and credit cards without worrying about losing identification?

Lynch said that it’s unlikely similar biometric tracking and payment systems will be in use anytime soon in the U.S.

“In the U.S., I don’t think we need it,” Lynch said. “All of us can carry around documentation with us all the time. We’ve seen many many hacks of systems here where customer data has been stolen, the Target hack, the Home Depot hack, you can just list them off continuously … In my mind in the U.S., the risks outweigh the benefits.”

Update 2:37pm CT, Feb. 22: After publication, a representative with the United Nations’ World Food Programme returned an earlier request for further information.

On the topic of data privacy, the WFP notes that no third parties are allowed access to the biometric scan readings: “No third party that is not involved in the transactions, i.e., UNHCR, WFP, the bank and the shop. The first step is that the process checks the veracity of the identity in the UNHCR ‘library’; this all happens in the library so is secure. Access from the shop transaction point to the other partners is through a dedicated eye cloud owned by UNHCR which WFP has the right to access. After checking the identify, the process then moves directly onto the regular card payment process exactly as normal credit cards so this is as secure as any credit card process.”

The WFP also explained that the iris scan data is stored by the UNHCR and that there is no separate storage dedicated to the food aid program specifically. “The eye scans from the original registration are scanned in a database at UNHCR,” the WFP told The Daily Dot. “There is no separate scan for WFP. The system pings this UNHCR ‘library’ and compares the iris with the beneficiary to confirm eligibility. Once compared, it moves on to the financial stages so there is nothing to store or track. The financial transaction is stored in the same way as all regular credit card transactions at the level of the financial service provider.”

Photo via WFP