The Humanitarian Metadata Problem: "Doing No Harm" in the Digital Era

"[T]he use of these technologies [including smartphones, drones and other connected objects] ...leaves traces. It can allow for the tracking and profiling of individuals, with great risk to their lives, integrity and dignity."

International Committee of the Red Cross (ICRC) and Privacy International created this study on the issue of humanitarian metadata "to ensure a high level of data protection when using information and communication technologies. Finally, it provides relevant insights into the use of different technologies and the inherent risks that they entail." In order to mitigate these risks, organisations need to learn how to assess risks involved with their programme activities that generate metadata which can be accessed and used by other parties "for non-humanitarian purposes (e.g. by profiling individuals and using these profiles for ad targeting, commercial exploitation, surveillance, and/or repression)."

Processing data, understanding the legal and policy landscape and checking where services intersect, all have bearing on exposure to metadata collection. For example, registering individuals for cash transfer programmes exposes the user to being profiled by financial institutions. Mapping who can access data is essential, especially as data are sought to control immigration and combat crime. The intersection of services is categorised as the use of traditional telecommunication services (including voice and SMS), messaging applications, cash-transfer programming and social media, each service with its risks and recommendations.

• Telecommunications and messaging:
• Metadata and content can be intercepted between a phone and the phone tower, and failure can occur in SMS broadcast, bringing into question its use in emergencies. Interception can include content and the associated metadata (sender/recipient, time and location), resulting in tracking, including when the phone is in sleep mode and turned off. Mitigation begins with end-to-end encrypted, secure communication methods. Lacking that encryption technology, organisations need to include in planning the possible access of third parties.
• Messaging Apps can include encryption but sometimes only when using a privacy mode. Destination and sender can still be read. methods that create "tunnels" for masking that information is still susceptible to third party interception, including using false prompts and error messages which can ask user for location, photos, and contacts. Organisations can open conversations on user vulnerability to exposure on messaging apps so informed decisions can be made, including mapping who has information access. "Finally, the humanitarian community could explore what leverage they have to negotiate greater protection or discretion from messaging app providers in certain situations."
• Cash Transfer Programmes (CTPs) increase risk by requiring identification of individual users. Mobile money for CTP delivery adds risk even with encryption because the fact of the transaction and the sender/receiver are not encrypted and can be data shared by telecommunications providers. Organisations may be providing an indirect census of a minority group and should seek out how telecommunication providers chare data and with whom.
• Banking metadata may put people at risk when opening an account or using an existing one. Third parties can include national anti-corruption organisations and government intelligence agencies, other banks, credit bureaus, and credit rating agencies. "These data can be used to create and monitor an individual’s credit profile, with potential repercussions on their access to credit; to track their movements across borders (e.g. in the case of international banking groups); or to discriminate against them on the basis of inferred political or religious affiliations." Organisations need to map the country’s data-sharing laws and practices and bank policies and agreements. "They should also try to negotiate a 'no sharing' agreement for CTP data" and limited data retention period.
• Smartcards are an electronic chip that linked to a virtual wallet and generating a transaction record that is geo-located, time-stamped, and the transaction amount recorded. Individual identity can be linked to behavioural patterns, locations, and purchasing habits. Organisations using smart card need to map all entities with access and establish data amount and storage limits.
• Social media makes users vulnerable to monetisation of their data, hence commercial exploitation. The amount of personal data makes possible predictions of behaviour, preferences, and other personal details (e.g. ethnicity, sexual orientation and political and religious affiliations). Deleting accounts leaves a shadow profile. Organisation need to increase digital literacy including understanding of the business model of social media. Vulnerability of using it to organise activities should be accessed. "Finally, the sector as a whole could jointly negotiate with major social media platforms (e.g. Facebook and Twitter) in order to secure specific safeguards across their services and in particular for humanitarian metadata."