The World Bank’s Identification for Development initiative, meanwhile, focuses on making sure that digital IDs are integrated with government-held civil registration and vital statistics. (The two organizations also recently unveiled their Joint Data Center on Forced Displacement, which promises to collect and distribute refugee data “with adequate anonymization and safeguards.”)

Meanwhile, the World Economic Forum’s Platform for Good Digital Identity sees this push as a “new chapter in the social contract,” a way of preventing “a future where nearly all individuals lack choice, trust, and rights in the online world.” ID2020, one of the most prominent digital identity programs, is an alliance of governments, NGOs, and private corporations including Microsoft, Accenture, and Gavi, a public-private partnership aimed at increasing access to vaccines. It now wants trusted identity platforms to be labeled in the same way that organic milk cartons get a certification mark at the supermarket.

“There are a billion people globally who have no form of identification whatsoever,” says Dakota Gruener, executive director of ID2020. “Simultaneously, none of us have digital identities that work for us particularly well—all of our data is scattered.”

The UN’s World Food Programme recently announced a new $45 million, five-year collaboration with Palantir that will use the Palo Alto firm’s “range of digital analytical solutions” to streamline and track the dispersal of humanitarian aid. The move was immediately met with skepticism among privacy advocates: a group of more than 60 human rights activists sent an open letter to WFP executives, expressing deep concern over the partnership and urging WFP leaders to “reconsider the terms and scope of the agreement with Palantir.”

They argued that not only would the partnership threaten to “seriously damage the reputation of the WFP,” but also that it could “seriously undermine the rights of 90 million people the WFP serves.” The controversy, researchers said, should be a “wake-up call” to the humanitarian community about the dangers of relying on digital data and entrusting their networks to third parties.

In a statement responding to these concerns, the WFP wrote that a series of “checks and balances” would protect private, identifying data, and that Palantir would not be able to use it for commercial gain. In an e-mail to MIT Technology Review, a WFP representative wrote that the agency has its own solutions to managing refugee identities, and that “the WFP-Palantir partnership does not focus on areas that require personally identifiable information (PII) of beneficiaries, nor does it focus on digital identity. No PII data is ever shared with Palantir or with any other partner. Only anonymized/encrypted information is used to analyze allocation of assistance to ensure complete privacy and security for the people we serve.”

Yet as researcher Faine Greenwood said in Slate, the WFP may be overestimating its ability to protect and anonymize sensitive data.

Drought in Somaliland made Maryama Abdi Wa’ays and her family homeless—just some of the 24 million people being displaced by climatic events each year. © UNHCR/Mustafa Saeed

“We still don’t have much information about how the WFP came to this agreement with Palantir or what the full terms are—a bad precedent to set in the humanitarian assistance field, where trust is key,” wrote Greenwood, an assistant researcher at the Harvard Humanitarian Initiative.

Sensitive issues

Both the promise and the risks of digital identity have already become evident in the work of a small army of blockchain and biometric startups. The immutable, decentralized nature of the blockchain has led a number of startups to pin their hopes on the emerging technology as a solution to the problem of storing and protecting sensitive information, including biometric data.

Passbase, which bills itself as “the first self-sovereign identity platform backed by verified government documents, linked social media accounts, and biometric signatures,” has raised seed funding from Alphabet and Stanford, and currently accepts documents from over 150 countries. Vinny Lingham, cofounder of the blockchain identity verification company Civic, goes so far as to claim that his company can help save democracy. WFP.s Building Blocks program also uses blockchain inside a refugee camp in Jordan.

Maybe blockchain will save democracy. Or maybe it will make future political crises even worse. The Rohingya Project distributed blockchain-based digital identity cards to Rohingya refugees in order to help them access financial, legal, and medical services. It is, on the face of things, an altruistic, forward-looking humanitarian initiative. But uploading highly sensitive, identifying biometric information to an immutable ledger and testing emerging technology on a vulnerable population means exposing that population to untold risks.

“Might it be highly irresponsible to digitize all that information?“ asks Wayan Vota, a digital entrepreneur and critic of the initiative. “Wouldn’t making a list of who is persecuted be a handy reference for those who seek to persecute more?” Other efforts to register Rohingya were hamstrung when refugees discovered that their new identity cards would not describe them as “Rohingya” but rather as “Myanmar citizens,” leading some to refuse registration.

BanQu, a blockchain app currently being piloted in 11 countries, hopes to solve the problem of the “unbanked” and connect the world’s poor and displaced populations to the global market. The company’s cofounder, Hamse Warfa, fled Mogadishu with his family and spent three years living in a refugee camp in Kenya, where his entire existence was reduced to a registration number. He and his cofounder, Ashish Gadnis, returned to his former refugee camp in 2015 and realized that a lack of official identification was keeping many refugees tied to their camp’s infrastructure.

“Refugees have no ability to prove the history of their existence at a transaction level,” Gadnis told me. “If I send you back to Mogadishu, there you are a brand-new refugee all over again. And yet your data is in the spreadsheets of the UN, the UNHCR, the Gates Foundation … The fundamental problem is that the model has always been NGO-centric. It has never been refugee-centric.”

Data damage

But designing “refugee-centric” systems means ensuring that data is efficiently minimized, secured, and transported across borders—a goal that is as utopian as it is technically challenging.

“Refugees are a population where the risks and benefits of digital identities are amplified,” Manju George, who leads the World Economic Forum’s Digital Identity program, told me. The slightest error in a refugee family’s digital profile can affect the amount of aid it receives. The UNHCR, for example, uses a “desk formula” to determine which refugees should get aid, and how much: any family that scores above the “magic number” is deemed not needy enough, while those who score below it are eligible for support.

Data breaches, like those that have repeatedly exposed personal information in India’s Aadhaar biometric identification program, have exposed at-risk populations to new dangers. And they are all too common: in March, a data breach at the US Federal Emergency Management Agency exposed the personal information of 2.3 million survivors of American wildfires and hurricanes, leaving them vulnerable to identity fraud. In April, Kaspersky Labs reported that over 60,000 user digital identities could be bought for $5 to $200 via a dark-net marketplace. No technology is invulnerable to error, and no database, no matter how secure, is 100% protected from a breach.

Many of the private-public digital identity partnerships aim to streamline international aid supply chains. But doing so could have adverse effects: maybe the person who keeps taking two bags of rice instead of one resells the extra bag for other goods and services as part of an informal economy. Linking undocumented populations to the global market, a move that many organizations bill as a ticket out of poverty, could also open up new avenues for mass exploitation.

“It’s pretty simple: if you look at the 500 top brands in the world, they source from refugees and from people in poverty. And those people do not exist,” said Gadnis. “At the end of the day, everything is a supply chain.”

Simply layering technology on top of existing humanitarian problems tends to exacerbate the issues it intended to resolve. In a new report on the role of digital identity in refugee and migrant contexts, a team of researchers at the Data & Society Research Institute, led by Mark Latonero, detail the various ways these initiatives can reproduce and worsen existing bureaucratic biases.

“One might think that putting a ‘human in the loop,’ or ensuring a human is involved in a computer system, is a way to catch or remedy potential mistakes,” they write of their findings, the result of dozens of interviews with refugees and aid workers in Italy. “Yet in Italy, or any country with an enormously complex bureaucracy, individuals need to rely on a parallel informal system; an Italian citizen might find a solution to a bureaucratic impasse by using a loose network of friends, relatives, or those in power to resolve the issue. Migrants are excluded from these networks of power and privilege, and instead get one shot at data entry in a database.”

As digital identification technologies flood into the market, it is difficult to imagine predicting or preventing the disruptions—good and bad—that they will cause. Blockchain and biometric technologies have touched off a critical reevaluation of the most existential questions: What determines identity, and how many identities can one person claim? What will it mean when official identification eventually—inevitably—is no longer the purview of the nation-state?

“Everybody deserves to have formal identification that they can use to exert their rights,” says Brandie Nonnecke, director of UC Berkeley’s CITRIS Policy Lab, which works on technology development in the social interest.

But the rush of public and private digital identity programs has already begun to complicate fundamental questions about identification, registration, citizenship, and belonging. Even the simplest questions about digital identity have yet to be determined, Nonnecke says: “Do you have one identity, or do you have multiple identities across institutions? Is that a safeguard, or does it create more risk?”