JANUS: Using biometrics to avoid multiple registrations in humanitarian aid
Millions of people around the world rely on humanitarian aid. One of the challenges when it comes to distributing aid is that resources are almost always scarce. Therefore, organizations want to ensure that people can only register once. CISPA-Faculty Dr. Wouter Lueks and his colleagues at EPFL in Lausanne recently developed a tool in cooperation with the International Committee of the Red Cross (ICRC) that enables organizations to overcome this challenge by using biometric data safely.
The chance of people registering multiple times for humanitarian aid looms over these programs like the sword of Damocles. “Humanitarian organizations try to help as many people as possible,” explains CISPA-Faculty Dr. Wouter Lueks. “In achieving that goal, they want to make sure that they do not give aid to the same recipient twice because in that case someone else cannot receive aid”. Lueks looked for an approach to prevent the duplication of aid. As the use of ID documents in regions with humanitarian crises is often impossible or associated with risks, biometric data was the method of choice. “The core of what we design is to say we want to use biometric data for one purpose only: We want to be able to determine whether the biometric data of the person in front of us was already registered,” explains Lueks.
But how does the method actually work in practice? “When a person comes to a registration station and asks for registration, biometric data, such as a fingerprint, is taken from this person,” explains Lueks. This requires a reader connected to a computer and an internet connection. “Then, a so-called cryptographic protocol is run between the computer at the registration station and a second computer at another location, in our case at the ICRC headquarters in Geneva,” Lueks continues. “The result of this protocol is a ‘yes or no’ decision. Yes, I found the biometric data in the database or no, I didn't find it. In the latter case, the recipient's data can be added”. On the local computer, the data is only saved for the moment of data recording and then deleted again.
Ensuring security
According to the CISPA researcher, “the fact that biometric data cannot be changed makes storing it in databases very risky. They leave traces of information about the fact that certain people have been here, that they have registered and so on. In the past, for example after the US withdrawal from Afghanistan, we have seen that the simple fact that people have registered for a certain program can have very far-reaching consequences for their future life and might threaten their security.” This is why Lueks and his colleagues have implemented various security mechanisms into their system. “The decisive factor is that the two computers have to work together to make this ‘yes or no’ decision,” explains Lueks. “If one of the two computers refuses to cooperate, or more specifically, if someone in Geneva decides to shut down the system, no further information is made available from the system.” Not even physical access to one of the two computers will reveal biometric data of recipients: the system is designed in order to prevent data access.
Embedding the registration process in the distribution of humanitarian aid
The method that Lueks and his colleagues present in their recent paper focuses on the registration process. However, this is only one part of the complex process of distributing humanitarian aid. Another important part is the actual distribution of goods, where it is important to prevent people from receiving aid more than once. To prevent this, the researchers already developed a token-based system for distributing humanitarian aid last year. In concrete terms, this would mean that aid recipients who have successfully registered would receive a token, for example in form of a smart card, to collect the goods they are entitled to. The token’s design ensures that there is no more than one distribution per person per distribution round. Although the initial solution was aimed at households, not individuals, the approach could easily be applied to the new method. Looking to the future, Lueks can imagine developing a prototype for the application of both methods. His cooperation partners at the ICRC would certainly be interested in this.
Originalpublikation:
EdalatNejad, Kasra; Lueks, Wouter; Justinas, Sukaitis; Graf Narbel, Vincent; Massimo, Marelli; Carmela, Troncoso (2024). Janus: Safe Biometric Deduplication for Humanitarian Aid Distribution. CISPA. Conference contribution. https://doi.org/10.60882/cispa.25119287.v1