A refugee uses the iris-scanner during a biometric data registration conducted by UNHCR staff members in Sfax, Tunisia. © UNHCR/Peter Horton
When UNHCR, the UN Refugee Agency, began collecting biometrics in 2002, it was for one local and very specific use case: To facilitate fair and single-time cash grants, and irises of Afghan refugees in Pakistan were collected. Since then, the use of biometrics has evolved significantly, and other UNHCR operations started collecting biometric data, such as index fingers or thumbs, to anchor and protect identities against misrepresentation and identity theft, and for the prevention of duplicate registrations. In the response to the Syria emergency, the organization expanded the collection of irises using a system provided by IrisGuard, to not only prevent multiple registrations, but also to facilitate efficient assistance delivery through biometric verification.
Integrating many developments in biometrics over the past two decades, UNHCR explored and implemented different biometric tools in different regions and for a variety of purposes. Since the beginning, biometrics brought direct benefits to refugees, UNHCR, and partners alike, and are now considered an integral component of registration data in more than 90 UNHCR country operations globally.
Biometric Identity Management System (BIMS)
Nowadays and since 2015, UNHCR’s primary biometric tool is the Biometric Identity Management System, BIMS. BIMS collects 10 fingerprints, images of both irises, as well as a facial photograph for persons forced to flee aged five or older with photographs used mainly for printing on registration documents or identity cards. BIMS has come a long way since its pilot introduction in 2013. Gradually being deployed to all regions in which UNHCR works, now almost 12 million biometric records have been collected for persons registered with UNHCR. Support and oversight for biometrics is at all levels of the organization from field operations to regional bureau and headquarters, with dedicated biometrics capacity on hand to ensure the responsible integration and use of the technology across UNHCR’s ever-evolving contexts. Structures are in place to also ensure that UNHCR is aware of new technological developments and BIMS can remain a reliable tool for its users and fit for UNHCR’s purposes.
Business as usual for BIMS: Change requests, bug fixes, and technological advancements
Whereas the core of the BIMS software has largely remained the same over the years, many components continuously transformed since its initial rollout.
Throughout time, operations and users have submitted so-called ‘change requests’, expressing the need for additional functions or modifications to the user interface. This could range from additional reports to use the full extent of the collected data, to a shortcut in the interface to save valuable time, or another data field to help with the verification process. Additionally, greater granularity and control of user access and visibility over data fields has allowed operations working with partners to work to principles of data minimization and to only display exactly the level of information that is required.
As expected, when iterating any complex computer software, also BIMS has not always been flawless: so-called ‘bugs’ pop up occasionally, which have caused the application to misbehave, freeze, or crash, and required urgent fixing as soon as possible. Any bug fixes and software modifications are carefully designed and discussed in detail. All changes undergo several rounds of thorough testing in a dedicated testing environment prior to their release. Furthermore, major changes may even be piloted in various offices or camp sites before they are made available globally.
Everchanging contexts have also made it necessary to modify BIMS. New technological advancements have improved the ways in which we can use the system to serve the forcible displaced and stateless, including through increased interoperability with other tools and systems.
Built-in Data Protection in BIMS
UNHCR takes data protection very seriously. Biometric data, such as fingerprints and irises, are personal data and processing these requires responsible management. UNHCR’s General Policy on Personal Data Protection and Privacy solidified the Agency’s longstanding human rights-based approach to these issues and established a unified framework applicable to the collection, and further processing of personal data of people we work with and for.
User access to BIMS is provided on a need-to-basis, which means only those staff members who require access to BIMS will receive it. Access to use the system is strengthened where possible through multi-factor authentication. Visibility over biometric records and displayed personal information is also customized for each user type. Only dedicated system administrators in each operation have advanced search rights that enable them to run reports or perform other tasks.
Thanks to the valuable feedback from an attentive user community, the team behind BIMS can ensure that the tool remains reliable, agile, and fit-for-use in an ever-changing environment.