Source: Bloomberg by Samanth Subramanian
It’s also a potential security and data privacy nightmare.
When Toby Norman was a graduate student at Cambridge’s Judge Business School in the early 2010s, he’d often visit Bangladesh to study its community health system, trying to understand what made high-performing health workers tick. As he sweated over datasets, he spotted an unrelated, pervasive problem. Looking at workers in maternal-welfare programs, for instance, he saw that, after going from house to house to register pregnancies, “they’d want to follow up, to do antenatal screenings for things like anemia and preeclampsia,” he says.
But “tracking patients over time was very hard, particularly in rural areas.” Women often didn’t have formal identity documents, and while registering them, health-care workers using English keyboards would misspell their Bengali names. Birthdates were approximate, or worse. A woman might say, “I was born two years after a cyclone” or something even less exact. “We saw a huge number of women falling through the cracks,” Norman says. “Had they moved? Had they reenrolled elsewhere? It was difficult to say, and for that reason, patient outcomes were a lot worse than we hoped.”
Of the 1.1 billion people who lack formal proof of identity, most live in Asia and Africa, and a third of them are children, according to World Bank data. This invisibility isolates them from systems of democracy and social welfare. Men and women fail to find themselves on voter rolls; boys and girls can’t get into schools; welfare benefits are misdirected. And, as Norman realized, health-care delivery goes awry. “It doesn’t matter if it’s tuberculosis or HIV or immunizations,” he says. “In every single case, the fundamental challenge is: Can you know who’s in front of you and give them the right treatment?”
For Norman and Simprints, the startup he co-founded in 2015, and for more and more organizations and governments, the answer to the quandary of identity lies in biometrics—in fingerprints or irises, which are more distinctive than names or birthdates can ever be. The precision of biometrics, Norman says, makes them ideally suited for a stern new mission: to immunize the world against the novel coronavirus.
When a vaccine finally makes it to the market, it will be hustled into one of the widest, most complicated public-health campaigns of all time. Potentially every person on Earth will need a shot, and even in more moderate scenarios the number to be administered will run into the billions. Not all the doses can be manufactured immediately, so some people will get immunized before others. Depending on the vaccine, we may require two doses apiece: a preliminary jab, followed weeks or months later by a booster. We may need shots every year, as we do with the flu. Tracking patients, their health histories, and their Covid-19 vaccinations will be an enormous exercise in record-keeping—one made that much knottier because a seventh of the planet’s population is difficult to monitor.
The consequences of mistakes are potentially disastrous: people left out, people getting too many doses or too few, a region cleared to resume normal activities before it’s been fully immunized. A single person misidentified as vaccinated could visit an unvaccinated area and spark an outbreak. This is the kind of error providers of biometric solutions promise to minimize. Administer a shot, then scan an iris or a fingerprint, and link the two records securely; then, with another scan, an official can call up these details to find out if a person has been immunized.
Even before Covid-19, a variety of companies and nonprofits had been promoting the benefits of digital and biometric IDs. The need for a speedy and comprehensive vaccination campaign has further emboldened them, to the point that privacy and data security campaigners are increasingly discomfited. In May, after the executive director of ID2020, a sprawling alliance of organizations pushing for digital IDs, wrote a white paper calling for electronic “immunity certificates” for Covid-19, one of the group’s advisers quit, writing in her resignation email that the alliance just wanted to “promote decentralized identity solutions at all costs.”
If biometrics-led vaccine drives are rolled out everywhere in a hurry, there’s a danger that privacy and security measures will be weak or even nonexistent, says Ella Jakubowska, a policy and campaigns adviser at European Digital Rights, a Brussels-based advocacy group. She points out that governments could use biometric information to set up mass-surveillance systems, or private companies could tap banks of biometric data to profile and target customers. In the haste to inoculate populations, ethical measures such as informed consent might be abandoned altogether. The more quickly biometric-based vaccination programs are put into place, Jakubowska says, “the greater the chance that you’ll be putting a lot of people’s data at risk.”
Norman was still working on his Ph.D. when, in 2015, he and three others founded Simprints, a tech nonprofit aiming to bridge the gaps of identity he’d seen in Bangladesh. Any remedy they came up with had to be exceedingly accurate. It had to work offline where connectivity was poor. And it had to plug into existing health databases, negotiate low levels of literacy and education, and be secure and private.
Norman thought the existing approaches all floundered in one or more aspects. Registering names and other personal details could be unreliable. In theory, health-care cards with features such as bar codes increased precision, but Norman had read about a system involving vaccine cards distributed in Chad, in which 59% of the cards were lost within two years. Besides, as Barbara Saitta, a vaccination adviser with Médecins Sans Frontières, told me, “so many people in the world are refugees or internally displaced—and if you have to run for your life, those cards aren’t the first things you go for.”
Norman kept coming back to biometrics, and specifically the fingerprint, which avoided these problems, and which had the further advantages of respecting cultures in which women might be veiled and fitting neatly in countries where people commonly sign documents with an inked thumb. But when the Simprints team looked for fingerprint readers, they found only two kinds on the market. One was rugged, with long-lasting batteries and many bells and whistles; it was essentially built for military use, so each unit cost a couple thousand dollars. The cheaper type was more fragile and not sensitive enough to read the kinds of prints found in populations engaged in manual labor, where the pads of fingers have often been scarred or burned. So, with the help of a $250,000 grant from the Bill & Melinda Gates Foundation and the U.K. Department for International Development, Norman and his colleagues designed their own reader. The Simprints scanner, which hooks up to a cellphone, is a sleek, matte-gray device that resembles an overgrown keyless car-door fob.
Simprints’ reader was first deployed in the field in 2016, in partnership with nongovernmental organizations in Nepal and Bangladesh. A pilot study conducted in poor neighborhoods in Dhaka found the biometric approach increased the number of women getting regular maternal health care by 38%. With the aid of an additional $2 million grant, Simprints expects to reach 1 million mothers and children across Bangladesh by 2022. Already, the company’s solution has been employed in 12 countries in Asia and Africa; every health-care worker sent out by Ethiopia’s health ministry, for instance, now packs a Simprints scanner.
One of Norman’s favorite projects unfolded in western Kenya, where he’d volunteered after finishing high school. A species of flea there can embed itself into bare human feet, causing pain and infections. “A child can no longer walk to school or play football with friends,” he says. An NGO used Simprints scanners not only to track and treat more than 11,000 people, but also to provide people with shoes where necessary. “They used biometrics to make sure the shoes didn’t get stolen by middlemen,” Norman says.
Last year, Simprints agreed to collaborate with vaccine nonprofit Gavi and Japanese telecom giant NEC Corp. in a campaign to deliver standard immunizations to children across developing countries. (At least 20 million children around the world fail to get their basic course of shots, according to figures from Gavi.) Even as they prepared for a pilot in Bangladesh, though, the pandemic struck, freezing everyone’s plans everywhere. Through the summer, Simprints and Gavi discussed the use of biometrics in a potential coronavirus vaccine drive. “Nothing is finalized yet,” Norman says. “There’s a ton of work to do before that: identifying partners, figuring out which ministry is the right one to connect with, figuring out the tech and the protocols, making sure the funding is there. We have to start all that now to be ready to go when the vaccine is available.”
The quest to give everyone in the world a form of identification—a digital form, inevitably—has gathered energy over the past decade. In 2014 the World Bank launched Identification for Development, or ID4D, a program that aims to improve access to the bank’s resources in areas such as health, financial inclusion, and social welfare. The ID2020 alliance put out a manifesto two years ago aimed at the same goal. (Simprints is a part of ID2020.) Massive digital ID projects have been planned or rolled out by governments in Brazil, India, Kenya, and Nigeria.
In 2017, Seth Berkley, Gavi chief executive officer, wrote for Nature that immunization programs are still unable to cover millions of children in developing countries, and that such efforts need “affordable, secure digital identification systems that can store a child’s medical history.” As technology has grown cheaper and more sophisticated, “digital” has often meant “biometric.” Tens of millions of Kenyans have had their faces and fingerprints digitized; India’s ID authority, known as Aadhaar, reads fingerprints and irises. Frequently a smartphone and a small scanner are all that are needed to enroll people. The promise held out by these ID programs is that becoming visible to the state can in itself provide a form of protection.
With the advent of the pandemic, companies and governments are toying with the idea of “immunity passports,” or digital IDs vouching that a person has been tested and found free of the coronavirus. In the U.K., a startup named Onfido that’s trying to repurpose its anti-fraud technology into such passports raised $100 million in equity financing in April. But Scott Reid, the outgoing CEO of IRespond, a Seattle-based biometric identity nonprofit, calls immunity passports “a rabbit hole that we don’t want to go into. Right now, there’s no consensus that having Covid-19 once gives you immunity, or for how long it gives you immunity. There are new strains that may emerge.”
IRespond’s iris-scanning technology has been deployed in medical and humanitarian contexts, and Reid says it’s trying to develop “a way to collect minimal biometric data that could be linked to a vaccination record.” This would include other facets about the vaccine itself—if a batch wasn’t stored properly or was later found to be ineffective. The company’s iris cameras were built for adult faces and can’t scan the irises of children, Reid says, so it’s been working on other ways to register them in a vaccine drive.
The pandemic will require some modification of Simprints’ approach, too. At a time of high contagion, you can’t have one person after another pressing their fingers into the same scanner unless you keep disinfecting it. As a backup, the company has been chalking out additional biometric functions, such as palm scans and facial recognition. “For Covid-19, when there’s all this social distancing, facial recognition is a good bet,” Norman says. “But that’s only if you can solve for the challenges around privacy.”
Those challenges cloud even the sunniest views of biometrics. We live in an age of data insecurity, when companies and governments of every stripe use our personal information to monetize and monitor us. Not surprisingly, biometrics programs have met with fierce resistance in many countries. In January a court suspended Kenya’s ID system because it lacked sufficient data safeguards. India’s Supreme Court ruled two years ago that the government couldn’t coerce people to sign up for Aadhaar and that basic services such as opening a bank account or enrolling in a school shouldn’t require this biometric ID. And privacy campaigners from Hong Kong to the U.K. have protested the adoption of facial-recognition technologies.
As talk has swirled about immunity passports and ID systems for vaccine tracking, anxieties and conspiracy theories have as well. In March, during an “Ask Me Anything” session on Reddit, Bill Gates predicted that “eventually we will have some digital certificates to show who has recovered or been tested recently or when we have a vaccine who has received it.” The quote was subsequently seeded into a series of false rumors holding that Gates proposed to implant microchips into every vaccinated person.
“For a biometric immunization registry to be accepted everywhere, I think that will largely depend on whether the creators of such systems can guarantee and create public confidence that the system is foolproof in terms of privacy,” says Prashant Yadav, a senior fellow at the nonprofit Center for Global Development, whose research focuses on global health supply chains. “Given the kind of social climate in most parts of the world, the onus of proving and creating that confidence and trust requires a lot more work than in the past.”
As Simprints crafted its privacy and data safety procedures, Norman says, it tried to keep in mind that, in a country like Bangladesh, not everyone would be able to read pages of legalese even if they wanted to. Working with a team of human-rights lawyers, the company boiled consent policies down to a single page of straightforward sentences that can be read aloud by a health-care worker to a patient. When patient records are collected, Simprints’ local partner—an NGO or a government health department—stores the health information while the company keeps the biometric data in its own databases; linking one to the other requires a randomly generated key.
There’s a huge debate going on, Norman says, about whether tech companies should be compelled to host private data on local servers in their customers’ countries, or whether they can upload the data to cloud-computing servers hosted by third parties overseas. “Also, we needed to make sure that, if people refuse to give their fingerprints, they still have a different way to get access to these services,” Norman says. A scanner can always freeze up or die, as devices do. Allowing for a nonbiometric way to identify a person is as much a practical matter as an ethical one.
Privacy campaigners worry that even biometric ID protocols that appear robust on paper can break down in the face of real-world corruption and disorder. In India, companies are forever pushing to access personal information linked to Aadhaar, according to Raman Chima, Asia policy director of Access Now, a digital-rights advocacy group. “They want your financial transaction history, or they want to be able to sell you health insurance,” he says. The Aadhaar database has already been hacked once, and its data has been leaked on several occasions. Using its biometrics to conduct an immunization drive will risk further breaches of privacy. State authorities can too easily transmute biometric vaccination records into immunity passports and use them to restrict the liberties of people—a prospect Elizabeth Renieris, the ID2020 adviser who resigned, called “beyond dystopian” in an essay in May.
Saitta, the vaccination specialist at Médecins Sans Frontières, is more agnostic. No MSF immunization drive has used biometrics before, she says, but in some countries and some contexts, it could be a useful tool. Right now, “one of the first things an MSF team does in a vaccine camp is set up a registration table,” she tells me. “When an adult with a child comes up to the table to get a measles shot or a pentavalent vaccine shot, we ask if the child has already been vaccinated.” Sometimes the adult is unable to recall which shots the child has had or when those shots were administered. Biometrics could ease this kind of doubt and redundancy.
At the same time, Saitta says, if she was working in a refugee camp or in a country with an authoritarian government, “I’d feel very uncomfortable asking people to give me their biometrics. Because if they don’t know what it’s for, or if they feel unsafe, they may not agree to do it.” The world is a complex place, and contexts vary everywhere. “So sure, maybe we should be ready to use biometrics,” she says. “But if necessary, we should also be ready to use a Bic and a piece of paper.”