Introduction

From Article 6 of the UN Declaration of Human Rights (“Everyone has the right to recognition everywhere as a person before the law” ) to Sustainable Development Goal 16.9 (“By 2030, provide legal identity for all, including birth registration”) to the formation of the ID2020 Alliance (whose fourth goal is to “Enable more efficient and effective delivery of development and humanitarian aid), identity has been central to the modern project of development.

Discussion of identity within the aid sector is embedded in a much larger set of political, social, economic, legal and technical discussions at a national and global level. This review will not address that larger set of discussions, but will instead focus specifically on humanitarian aid, and more specifically refugees, and more specifically still on refugee camps as a location in which identity provision is both critical and contested. It is the first output of a DFID-funded research project examining data requirements for service delivery (by UN agencies and NGOs) within refugee camps.

Given how central the issue of identity is for refugees, there is surprisingly little literature about how identity provision is implemented in the context of refugee camps.1 This essay introduces some of the critical issues relating to identity (particularly in the context of the digitisation of aid) and explores how they relate to the research project. It is accompanied by a bibliography for those who are interested in exploring the issue further.

Registration in the context of the Convention

There is a legal obligation under the 1951 Refugee Convention that “Contracting States shall issue identity papers to any refugee in their territory who does not possess a valid travel document.”2 This process of establishing refugee identity begins with registration: “the recording, verifying, and updating of information on persons of concern to UNHCR with the aim of protecting and documenting them and of implementing durable solutions.”3 Registration is important for a variety of reasons, all of which stem from “formalizing the protection relationship between the government and/or UNHCR and the refugee”4 which in turn gives access to a range of services.

At the outset UNHCR emphasises that “At all times, registration should be undertaken with full respect for the confidential nature of the relationship between the protecting agent — government or UNHCR — and the person concerned.”5 The requirements of service provision must be balanced with the privacy rights of the individual, and the two cannot be disentangled. Technological advances have made maintaining this balance increasingly challenging, as the linkability of personal data increases the likelihood that that data will be used for purposes that were not originally intended or imagined when the data itself was collected.6

An interesting parallel can be drawn between refugee registration and birth registration as described in SDG 16.9. The individual is “born” into a new life as a refugee, often with little continuity between the new life and the old; this is especially true if their identity documents have been lost, destroyed or never existed, requiring no small effort on the part of UNHCR and other agencies to establish the old identity. There are also incentives for asylum seekers to actively obscure their identity in order to maximise their opportunities of being recognised as refugees, receiving more support, reaching their destination of choice — or simply avoiding further persecution.7

While such behaviour is often viewed with suspicion by state actors, it is entirely rational from the refugee perspective; or may in fact be the reason for or result of the events that lead them to become a refugee. Becoming a refugee is both the result of past displacement and the cause of future displacement. Insecurity becomes mobility: refugees often seek to make new lives in their new homes, but usually wish to return to their original home when conditions permit; if their status is uncertain or their options are poor within a destination country, they may seek a new destination; and if they are financially insecure, they may travel to find work, or be forced to move accommodation.

While camps are often viewed by outside observers as a source of some stability and security in such a situation, life in a refugee camp is at the whim of the government that authorises that camp; and even if that camp is a long-term settlement, it is always, always temporary.

Registration in the context of the Camp

In the context of refugee camps registration remains the responsibility of States (i.e. host governments) although they will often receive operational support from UNHCR, and the camp itself may be managed by a government body, by UNHCR, or by a third party camp management agency. Registration allows camp management agencies to obtain baseline information on population characteristics in order “to inform the quality and effectiveness of protection and assistance programmes.”8 It is important to note the dual nature of programming: in terms of services, protection and assistance are equally important.9

The Camp Management Toolkit notes that registration usually results in documentation being issued — usually to heads of households, but sometimes to individuals — showing the status of the refugee, such as an identity card or attestation letter, and their entitlements to material assistance, such as a ration card or health card. The Toolkit specifies that these should be separate documents since they serve different purposes. A camp ID does not need to prove the legal identity of the refugee, only to provide a functional identity credential that can be used to request continuity of care between essential services, between the actors providing those services, and between the locations in which those actors provide those services.10

Digital technology means that the legal and functional requirements of refugee identity provision need no longer be kept separate; they can potentially be combined in a single identity system. This raises a critical question: how much should technological progress determine service provision for refugees, rather than vice versa? Refugees are by definition marginalised populations with limited autonomy, and as a result they are seldom allowed to make a meaningful contribution to debates about how they will be treated in either policy or practice.

Because camps have finite spatial definition, they offer the potential for providing universal coverage to residents. This potential is difficult to realise because of practical constraints — camp populations are by definition mobile, and camps are often located where the infrastructure is inadequate for precise enumeration — but also by political considerations. Governments may overstate or understate refugee numbers, camp residents may try to game the system, and non-residents may seek access to services for themselves. Identity management provides the key to profiling the population and addressing these considerations, and has therefore been central to discussions about refugee management.

Identity Management and Service Provision

How does identity provision relate to service delivery in refugee camps? The answer is not simple. In particular the language around improving identity provision in the humanitarian sector is frequently one of of increasing efficiency. This language appears not just in internal documents such as evaluations, but also in popular discourse: for example, an article in the Guardian newspaper reports that “Biometrics is highly efficient, according to Andrew Hopkins, chief of identity management and registration at UNHCR… The technology can also offer greater efficiencies and value for money for aid and development agencies.”11

“Efficiency” is “used as a rhetorical device by state representatives, UNHCR and academics to advocate a range of policy initiatives”.12 Although in this case efficiency is clearly defined in terms of reductions of the incidence of fraud (including “recycling” identities) and of double-counting by agencies themselves, this rhetoric serves to obscure the question of whether improved identity management will actually lead to improvements in the quality and coverage of service delivery. At present there is no evidence that better identity provision (particularly using novel technologies) will lead to better services for refugees; and some evidence that any efficiency gains may come at the expense of service recipients — particularly by restricting their coping strategies — rather than to the cost of service providers.

Despite these outstanding questions, it is indisputable that better identity provision does lead to better profiling of camp populations, and profiling is essential for providing services at the appropriate scale. However it is worth noting that there is not a one-to-one correlation between identity and service: different services require different levels of and types of personal detail, primarily to meet the requirements recommended by the minimum standards described in the Sphere Handbook.13

Provision of services is also related to specific personal information regarding qualifying factors such as gender and mobility, and better identity provision may help to address this. Even if somebody’s identity is clearly established, however, their access to services may be negatively affected by these factors. While there is increasing focus on how technology — particularly mobile technology — can “play a role in establishing unique, digital identities for refugees”,15 technology may exacerbate rather than alleviate access problems: in one Jordanian refugee camp, for example, access was “particularly tied to gender… In the family groups being interviewed, often — though not always — the men were the ones with the phone tucked into their pockets and not their wives, mothers, or daughters.”16

This highlights that although the current discussion about improved identity provision as a means of improving service delivery is driven by technological advances, the way in which that technology is implemented is critical, particularly for ensuring protection rather than just delivering assistance.

The Refugee as a Digital Avatar

While technological advances have made digital identity provision a possibility, the main driver for the promotion of digital identity in humanitarian response has been the increasing use of cash transfers, and specifically the outsourcing of these services to third-party financial service providers. The Report of the High-Level Panel on Humanitarian Cash Transfers recommended not only that the humanitarian community should “[g]ive more unconditional cash transfers” but that “[w]here possible, deliver cash digitally and in a manner that furthers financial inclusion.”17

A second driving force usually goes unmentioned: digital identity for humanitarian assistance is not merely possible but essential, since the organisations providing that assistance are now digital organisations themselves. Reliant on network technologies for their own organisational processes, including planning and monitoring their activities, they are thus predisposed to extend those technologies beyond organisational boundaries to aid recipients. At the same time those recipients’ increasing access to digital technologies (specifically mobile phones) and use of digital services (particularly messaging apps and social media platforms) offer an obvious means to extend services, and the prerequisite for this project is digital identity.

Aid agencies have not yet incorporated this broader view of digital identity into their policy and programming. Limiting digital identity to financial services is a missed opportunity; a digital identity that is interoperable with “all the different digital services that might affect an individual’s well being”18 (including any form of information collection or distribution, but potentially extending into the physical world through the Internet of things) is potentially the starting point for the digital transformation of the entire humanitarian sector.

This path must be walked with great care by humanitarian organisations, however. Organisations operating at a global level tend to develop global solutions, rather than adapting to local conditions; digital systems in particular are not amenable to localisation in any meaningful sense. In practical terms this can pose difficulties when interacting with local governments which do have systems adapted for local conditions; but it also exposes refugees to greater risks — risks that they are unlikely to be aware of, and unable to mitigate.

The best way to understand these risks is to borrow a metaphor from — appropriately — the software industry. The attack surface of a software environment is “the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment”. The attack surface of an individual identity is all the points at which that identity is vulnerable to misuse or abuse. Digitisation increases the attack surface by linking identity data to other systems, making the refugee more vulnerable while decreasing the capability for the refugee to mitigate that vulnerability.

The mantra “Do No Harm” is insufficient in a digital world. The possibility that successful implementation of a digital identity system may pose risks as great as a failed system is one reason why these initiatives meet with resistance from refugees themselves.

The state of exception becomes the rule

The refugee camp is a means of control, “a vital device of power… [that] made people accessible to a whole gamut of interventions, including study and documentation, and the postwar figure of the modern refugee largely took shape in these camps.”19 The implementation of digital identity — especially through biometrics — will reshape the figure of the modern refugee again as part of the ongoing high modernist project of rendering the individual legible to the state, a project that has met and will continue to meet with resistance from refugees themselves.

Biometric technology in particular is a source of concern. The historical roots of modern biometrics are in the identification of criminals, but the war on terror and the global refugee crisis have turned biometrics into a $13.8bn industry.20 Biometrics takes identification beyond “something you have” and “something you know” into “something you are” — and something you are may be the reason for your refugee status, as for example during the Rwandan genocide. Even if this is not a concern, a refugee camp might easily turn into an internment camp; if access to services is tied to a biometric identity valid only within a camp, that identity is a more effective yet less visible means of population control than a barbed wire fence.

Reports of resistance tend to be downplayed: one evaluation noted that “[t]he low rate of awareness observed in Dadaab camps was mostly due to the fact that refugee leaders were vehemently opposed to the introduction of the new controls, and had actively sabotaged the communication campaign.”21 This was not an isolated incident, however: the Kakuma News Reflector, a refugee free press in Kakuma camp, reported that during the rollout of a biometric system, “political refugees who have been stacked in the camps for decades felt [that it] could eventually risk their individual security as data and identity are being shared with third parties.”22

Refugee camps therefore replicate the type of resistance described by James C. Scott: “Fearing, with good reason, that an effort to enumerate and register them could be a prelude to some new tax burden or conscription, local officials and the population at large often resisted such campaigns.”23 To that list of fears can be added the well-founded fear of persecution: refugees are not ignorant of the fact that “data and data systems have been used to assist in planning and carrying out a wide range of serious human rights abuses throughout the world.”24

As noted earlier, refugees are already marginalised, and lack of state protection means that they may have little to no recourse even in a host country with relatively well-developed data protection and privacy laws. “Regardless of whether the people receiving humanitarian aid find themselves in a jurisdiction with a comprehensive legislative framework that can protect their privacy interests,” however, “such interests still exist.”25 On the other hand, existing and proposed data protection regulation promulgated in other countries — such as the General Data Protection Regulation that will come into effect in May 2018 for service providers based in the European Union — create additional complications; what if an entire refugee camp demands the “right to be forgotten”?

How to balance these interests with the requirements of both state governments and non-state service providers is one of the most important questions facing the humanitarian community in the twenty-first century.

Refugee Livelihoods in the Digital Economy

That balance is critical because refugees are not simply passive recipients of aid, but agents who seek to re-establish their livelihoods, often at the earliest possible opportunity.26 While national policy is the most critical factor shaping refugee livelihoods, “even within more conducive policy and legal environments, with the right to work, freedom of movement and access to public services, refugees [struggle] to make a living and sustain themselves and their families, because of a lack of economic opportunities, unregulated informal labour environments and development challenges.”27

Multiple surveys show that problems associated with identification policies and practices place refugees at a disadvantage across multiple areas critical for their livelihoods. Syrian refugees in Jordan found that lack of documentation produced “cascading consequences”, including “restricted access to services, such as health and education, limitations on their eligibility to receive humanitarian and development assistance, and restrictions on their movements… as well as a higher risk of exploitation in illegal work.”28 Of particular note was that any refugee leaving a camp without authorisation became ineligible for a government service card, creating a catch-22 for those seeking to improve their livelihoods.

Within camps themselves, improving identity provision will not necessarily solve service problems. Obstacles to accessing services reported by residents of Zaatari had little to do with documentation — distance to facilities, extended waiting periods, privacy concerns, inconsistent quality of service, and staff attitudes towards refugees cannot be addressed by better identity provision29 — while residents of Dadaab reported that lack of capital and lack of skills were the main limitations on their livelihood options.30 Digital identity will only improve services if it is part of a wider investment in refugee camps; and if it is to serve refugee interests, it cannot be limited to improving camp services but must also ensure that livelihood options are maintained or even expanded.

These options reach beyond the physical and administrative limits of the camp, since refugee camps are rarely closed systems; they usually become part of the local economy, although to what extent varies depending on context. It has frequently been suggested that refugee settlements — particularly large and longstanding camps — should be managed like any other urban settlement, but this suggestion has recently taken on a technological gloss, framing camps “not as temporary settlements, but as… smart cities, equipped with the kind of integrated technology and payment mechanisms underpinning those in the developed world.”31 In this scenario digital identity is not just desirable but essential, regardless of the technical capacity of the residents themselves.

There are many constraints on the location and design of camps, not least of which is the policy of the host government, and these constraints affect both service provision and livelihood opportunities. Given these constraints it is unclear to what extent digital identity can improve services (apart from financial services,32 although these are not usually identified as problems by refugees) and expand livelihood opportunities, rather than limiting both of these to the camp itself. The evidence base is weak for both of these propositions mainly because there have been so few implementations of such systems — which is partly due to the lack of technical standards that would enable interoperability within the humanitarian sector, particularly around identity data for aid recipients — and very little evaluation of those systems that do exist.

Some Standard Datasets and Database Solutions

There are no sector-level data standards around identity provision for refugees. The closest thing is UNHCR’s standard data set, promulgated in the 2003 Registration Handbook (see Appendix A) which contains three broad levels of registration that “are not mutually exclusive or rigid categories, but rather suggest the progression that an operation’s registration strategy should go through over time.”33 The Handbook suggests that the level of registration be “determined by the operational objectives and constraints” and decided by management staff in the field. It is important to note that this data set is intended to support asylum claims through legal process rather than support the management of camps or the delivery of assistance.

There are also no sector-level data management systems. ProGres, the UNHCR registration database system, came into use in 2004, “contains not only written details of individuals, but also their photos”.34 For security reasons proGres data has only been hosted inside the country of operations, although UNCHR is now reviewing whether a centralised system could be appropriate. This is partly because proGres has been joined by BIMS (Biometric Identity Management System), which was developed in partnership with Accenture based on UNHCR’s experiences with biometric registration in a variety of locations. BIMS completed development in 2015 and is being rolled out globally; although it has an offline version, it was designed as a centralised online database. A number of legacy biometric projects continue to be used in country locations.

Because of UNHCR’s unique mandate regarding refugees,35 these two databases and the fields they include are de facto standards. This raises the question of how useful and/or appropriate they are as standards since they were not designed with that function in mind, and not designed in consultation with UNHCR’s implementing partners, who may be required to interface with them to facilitate service delivery, or with refugees themselves. There is little public documentation on any of these systems, making it difficult to assess their strengths and weaknesses from an identity management perspective.

Even within UNHCR there is evidence that proGres/BIMS are insufficient for operational requirements, leading to the development of the Refugee Assistance Information System (RAIS) in Jordan and its diffusion to Lebanon and more widely in the regional response. RAIS is complementary to proGres, and is accessible online to UNCHR partners to facilitate coordination of assessments and assistance. It appears that RAIS was developed because proGres, while adequate for registration, is not suitable for coordination (although some elements have RAIS have reportedly been incorporated into a newer version of proGres). This alerts us to the possibility that a single system for identity management may not meet all the operational needs of humanitarian assistance, even within a single camp setting.

As the digitisation of aid proceeds, more systems will be developed and deployed. This is not necessarily a significant problem as long as interoperability is prioritised — not just within UNHCR as the key institution, but between other for-profit and non-profit organisations providing services to refugees — and there are data standards underpinning those systems that enables data to be shared in a policy and practice framework derived from a responsible data approach. UNHCR and other organisations dealing with migration have therefore paid as much attention to developing the policies necessary to ensure that those systems are implemented successfully.

From Policy to Process to Practice

Over the last 10 years organisations within the humanitarian community have begun to develop policies regarding data protection and privacy. UNHCR now has a strong data protection policy regarding personal data,36 as well as a model agreement on sharing personal data with governments.37 Other humanitarian organisations with clear data protection policies include ICRC, IOM, MSF, Oxfam, Save the Children International, WFP and World Vision International.38 More general guidelines on data management are also found in guidance documents for specific emergency response activities such as Camp Management and Cash Transfers.39

These policy and practice documents are necessary but not sufficient to ensure the privacy and security of refugees and other displaced people. A 2016 audit of BIMS found that there was a need to develop operational guidelines on the implementation of their data protection policy, since in four out of five country operations, “the level of information provided to persons of concern during the biometric registration was below the standards required by the Policy.”40 All five operations “had limited knowledge of the Policy, and/or considered it abstract and difficult to implement, due to lack of staff with sufficient technical capacity and political sensitivities.”

This is not intended to single out UNHCR for specific criticism, but to illustrate how difficult it is to attend to privacy issues even in a relatively well-resourced organisation with a clear mandate, purpose-built database and explicit policy. In particular it is unclear to what extent humanitarian organisations — and particularly UN agencies — would be able to refuse requests from national governments for personal data about refugees,especially since such data might also be held by private sector partners who are unlikely to share the same protection concerns. As the collection of personal data during humanitarian operations increases, all these organisations are likely to encounter similar problems — but are equally unlikely to publicise those problems, particularly if the publicity will impact their corporate image.

An additional difficulty comes in getting agreement within the humanitarian community regarding universally applicable data standards and supporting policies. The experience of the Humanitarian Exchange Language (HXL) demonstrates the difficulty involved in developing technical standards, but also demonstrates that it is possible.41 However HXL possesses the advantage that it is a technical language — and it is noteworthy that HXL has deliberately avoided including personal data of any kind — that can be relatively easily adopted once management approval is given. Initiatives such as the Signal Code — which attempts to translate human rights standards into humanitarian information management, and therefore carries with it significant policy implications — face much greater challenges in operationalising their recommendations.

More relevant to our research, it is also unclear how these essential policy and practice documents facilitate expand provision of better services to refugees, if at all; and there is still the question of whether sufficiently robust privacy guidelines would in fact obstruct service provision by obscuring personal data that might be used to personalise those services. Finally a tight focus on camps creates its own set of challenges, especially given the recent recognition that most refugees are not in camps; how do the tools of camp management transfer to refugees living in other types of settlement or among a host population, and what does that imply?

Interviewing Syrian refugees in Bekaa Valley, Lebanon (photo credit: Emrys Schoemaker)

Conclusion

We should all welcome the attention that is now being paid to identity management in the humanitarian sector, and it is clear that identity provision is a critical tool in refugee camp management.

We must also note, however, that this attention has been generated by wider initiatives that promote identity for development — which may not serve refugee populations in the way intended. While a suitable identity standard could provide a bridge between short-term cash transfers provided by aid organisations and long-term social safety nets provided by host governments, and potentially between temporary refugee status and more durable long term solution, it is also worth remembering that humanitarian response — and particularly refugee support — has a different set of principles, requirements and constraints. These need to be clearly articulated to ensure appropriate responses.

The WEF has stated that “[t]here is a strong business case for Financial Institutions to lead the development of digital identity systems.”42 This may be the case in a broader sense, but it also creates a new tension. In the aid industry the range of different management systems that incorporate some form of identity (see Appendix C) have usually been developed, implemented and sometimes directly managed by private sector organisations. In most cases these technologies were not usually created with the humanitarian sector in mind, but imported from existing technology offerings developed for other sectors — along with the assumptions that underpin that technology. These assumptions must be tested against both humanitarian principles and good practice in data privacy.

Even relatively simple principles for managing personal data in emergencies are likely to run into these challenges. A principle such as Data Minimization (“a privacy principle that requires the people collecting data to be intentional about what type of data is collected and how long it is retained”43) cannot resolve discussions about what data is required by which organisations in order to implement their activities. An approach such as Responsible Data (“The duty to ensure people’s rights to consent, privacy, security and ownership around the information processes of collection, analysis, storage, presentation and reuse of data, while respecting the values of transparency and openness”44) contains useful guidelines for how to manage data in general — but this still needs to be translated into organisational policy, then into institutional processes, and finally into operational practice.

At the end of all this stands the refugee camp resident, who is unlikely to have been consulted at any point about any of the discussions in this document; and yet who in the end is the subject of all of those discussions. In the domain of digital identity, the issue of consent illustrates this most clearly. Every policy document in this field contains a section on informed consent, and there is at least some debate on what informed consent means both in principle and in practice. Yet the truth of the matter is that in many humanitarian emergencies informed consent cannot be obtained,45 and even where informed consent is obtained it is unclear to what extent it is truly meaningful in the absence of genuine accountability.46

Surveys of refugee opinions consistently show a keenly-felt lack of consultation and participation; as a recent survey of camp residents in northern Iraq put it, “[a]ll participants felt that their views were not taken into account when organisations made decisions about the support that they receive, or were unaware of the processes”.47 The digitisation of aid, if approached from a position that empowers the individual as much as the institution, offers a chance to give refugees back their voices; and the first step is to give them control over their identities.