Humanitarian aid-distribution programs help bring physical goods (e.g., food, blankets) to people in need. Traditional paper-based solutions to support aid distribution do not scale to large populations and are hard to secure. Existing digital solutions solve these issues, at the cost of collecting large amount of personal information. Failing to protect aid recipients' privacy can result on harms for them and enables surveillance in the long run. In collaboration with the International Committee of the Red Cross, we build a safe aid-distribution system in this paper. We first systematize the requirements such a system should satisfy and then propose a decentralized solution based on the use of tokens. Our design provides strong scalability and accountability, at the same time, ensures privacy by design. We provide two instantiations of our design, on a smart card and on a smartphone. We formally prove the security and privacy properties of our design, and empirically show that the two instantiations can scale to hundreds of thousands of recipients.
44rd IEEE Symposium on Security and Privacy