International Association
for Cryptologic Research

Today, humanitarian distribution heavily relies on manual processes that can be slow, error-prone, and costly. Humanitarian aid organizations therefore have a strong incentive to digitalize the aid distribution process. This would allow them to scale up their operations, reduce costs, and increase the impact of their limited resources. Digitalizing the aid distribution process introduces new challenges, especially in terms of privacy and security. These challenges are particularly acute in the context of humanitarian aid, where the recipients are often vulnerable populations, and where the aid distribution process is subject to a high degree of scrutiny by the public, the media, and the donors. This is compounded by a very strong threat model, with adversaries ranging from corrupt officials to armed groups, and by the fact that the recipients themselves may not be able to protect their own privacy. This talk we propose is split into three main parts: first, we stress the need for assessments when deploying privacy-preserving applications in the real world, using concrete examples. In particular, we discuss the tension between supporting assessments and the security and privacy of the application's users. Second, we reflect on our experience in designing privacy-preserving applications for various use cases, and discuss how we go from an informal, high-level need expressed by our partners, to a formal model and a concrete protocol. Here, we stress common pitfalls, and outline a methodology that we have synthesized from our experience. Finally, we discuss how we tackled the use case of a privacy-preserving aid distribution system with statistics, in collaboration with partners from the International Committee of the Red Cross. We present a general framework to collect and evaluate statistics in a privacy-preserving way (including one-time functional evaluation, a new primitive that we introduce), and we present three concrete instantiations of this framework (based on trusted execution environments, linear secret sharing, and threshold fully homomorphic encryption, respectively).