Insecurity in the Humanitarian Cyberspace: A Call for Innovation

Humanitarian practitioners and scholars are currently struggling with how to analyse the opportunities and challenges of technological innovation. This includes not only what technological innovation can do for humanitarianism but also what it does to humanitarian action. Over the last two decades, innovations have fueled the creation of a humanitarian cyberspace. It is now time for the task of addressing the challenges posed by the humanitarian cyberspace to be prioritised on the humanitarian innovation agenda.

The term cyberspace broadly refers to the realm of computer networks and the internet. The traditional notion that the ´virtual` world is a different social space than the ´real world` is by now obsolete, also in the humanitarian context.

On the one hand, the humanitarian cyberspace is much like the traditional humanitarian space: humanitarians interact with host states, non-state actors, the private sector, donors and the global public and try to assist affected populations. The difference, however, is that these undertakings occur through, or are enabled by, technology, and that they may help expand humanitarian space for example in contexts of limited access or in urban settings, where recipients are widely dispersed.

While the traditional threats to the humanitarian space persist, the humanitarian cyberspace broadens the scope of humanitarian action – which means that, instead of shrinking, the humanitarian space is actually poised to enter an expanding frontier. As illustrated by the increasing reliance on mobile cash transfers in food aid, the humanitarian cyberspace also offers new options for the constitution and distribution of relief. The notion that access to information and humanitarian data constitutes a form of relief in its own right illustrates how technology is reshaping the very definition of aid. The emergence of ‘digital humanitarians’ exemplifies a shift in the understanding of who is an aid provider and the possibilities for providing aid from a distance.

At the same time, the humanitarian cyberspace has engendered a new set of threats, which impinge on the humanitarian space and which needs to be taken more seriously in the context of humanitarian innovation. This concerns the humanitarian cyberspace

  • as a threat to humanitarian work
  • as a space where humanitarian workers can become threats to the safety and well-being of crisis affected individuals or communities
  • as a threat to the security of humanitarian workers

The humanitarian cyberspace can also be a threat to humanitarian work. In February 2016, a Los Angeles hospital paid a nearly $17,000 (40 bitcoins) ransom to hackers who breached and disabled its computer network. The hackers used a malware that locks systems by encrypting files and demanding ransom to obtain the decryption key. The potential consequences of ransomware for humanitarian health data in a field setting may be disastrous, but we have little understanding of potential impact. While humanitarian organisations have a well-developed tool box for negotiating the security or release of humanitarian workers, it remains unclear how well they are equipped to protect and negotiate the release of humanitarian data.

The use of social media by fieldworkers may undermine principles of neutrality and impartiality and endanger recipients of humanitarian aid as well as aid workers. The dilemma is well-known: In the humanitarian field, the free speech of aid workers must be balanced against the vulnerability of aid recipients and the particular dynamics of the emergency context. However, social media exacerbates the risk, also for humanitarians themselves. There is the infamous example of the aid worker who tweeted the location of an IS bunker in Syria, in the hope that the site would be bombed by the United States, eliciting a response from the group that they were “coming for Mr. Aid Worker”.

While the medical and social work professions (among others) are developing more robust, binding and enforceable industry standards with respect to social media, the humanitarian sector is lagging behind. Facebook, twitter and Instagram are largely perceived as “private” platforms, even when used actively during and for work. Additionally, the tension between security concerns and fundraising priorities seems to exacerbate the difficulty of developing strong and innovative approaches to responsible social media use.

Finally, there appears to be a critical lack of responsible data use with respect to the digital registration of personally identifiable data and information sharing protocols across the sector. The Ebola response has recently been described as a “Big Data Disaster”. Also in the context of the European refugee crisis there seems to have been widespread “ad hoc” registration and sharing of sensitive health data despite the existence of a thick legal framework.

Humanitarian cyber insecurity has been on the radar of the humanitarian community (PDF) for a number of years, and the 2014 OCHA report on Humanitarianism in the Age of Cyber Warfare got significant attention. However, the issue has yet to gain the sustained focus of humanitarian actors and policymakers. More attention must now be paid to how such threats can be mitigated by innovations in the way humanitarians understand, own and address technology-related problems.

Note: This entry, originally posted on the ANLAP Blog, is based on a roundtable at the 4th bi-annual IHSA World Conference on Humanitarian Studies and Sandvik’s recent article in the Third World Quarterly ‘The humanitarian cyberspace: shrinking space or an expanding frontier?’