A passport and the UN Humanitarian Passport app on a phone, over a blockchain network pattern

UNDP Accelerator Lab · Global

Humanitarian Passport

A cryptographically verified background check that follows aid workers across borders — controlled by no single country.

In 2018, the aid sector was rocked by the revelation that Oxfam staff had used prostitutes while running the relief effort in Haiti after the 2010 earthquake. The charity had known since an internal investigation in 2011 and had not made it public. When The Times broke the story, the damage spread fast: further allegations followed across the sector, and Haiti suspended Oxfam's right to operate in the country.

The scandal was not only about one organisation. The gap was structural. Host countries had no reliable way to verify the backgrounds of aid workers arriving at their borders. A worker could move from one NGO to the next, across jurisdictions, without their history following them. No shared standard. No accountability infrastructure. No way for a government to protect its population from someone exploiting the access that a humanitarian status grants.

The UNDP Accelerator Lab needed a solution that would hold aid workers accountable without creating new privacy risks, work in settings with limited or absent connectivity, and be credible with governments that do not share the same political alliances. Karakoram had five weeks.

The United Nations Humanitarian Passport profile screen on a phone

The Challenge

Three problems at once, each hard on its own.

First, neutrality. Karakoram could not be the entity that investigates or judges aid workers. That role would undermine the platform from the start. The background data had to come from an established, trusted source. We explored Interpol records as the source, working with a UK Government counter-exploitation initiative as a route to access them.

Second, trust across borders. The record had to be authoritative to governments with very different relationships to international institutions. It had to be country-neutral, immutable, and auditable. We used a blockchain ledger: every party can see records and changes, without any single country, bloc, or alliance controlling the data.

The Humanitarian Passport app pulled apart into its layers: identity, verification, and the UN profile record

Third, proof of person. The hardest technical problem: verifying that the person presenting a background check was the person the record referred to. The breakthrough was reading and authenticating the RFID chip embedded in every modern ICAO-compliant passport. Scan the Machine Readable Zone, and you reach the chip's biometric and biographical data: name, address, photo, expiration dates, and passport number. Passport authenticity is confirmed through Active Authentication, Document Signature Validation, and Country Signature Validation.

The authentication process is threefold: optical scan of the passport (physical possession), RFID chip verification (chip ID matches the scanned number), and biometric fingerprint confirmation. All three must succeed. Only then is the background check tied to the verified identity and stored on-chain. The record is portable across borders, usable without reliable internet, and not controlled by a single authority.

GDPR by Design

A significant share of UN field workers are EU citizens, so the platform had to be GDPR-compliant from the architecture up. We store no biometric information on remote servers between sessions. Name, photograph, address, and date of birth are wiped on logout and held only on the aid worker's physical passport RFID chip. Cloud storage is limited to a hash-encrypted passport ID and an anonymised background summary. On each login, if the hash matches, individual data is re-downloaded from the chip. The sensitive data stays where it belongs: on the passport.

What We Built

Humanitarian Passport is a portable, cryptographically verified background check tied to the aid worker's physical passport through triple-factor authentication. A border agent can verify employment history on-device, in any connectivity environment, without a central authority controlling the record.

The prototype was delivered in five weeks. It combined three things that had not been wired together this way before: blockchain-based credential storage, passport RFID authentication at the border, and a GDPR-compliant design that protected workers while giving host countries real verification.

The work drew early interest from within the UK Government and explored Interpol as the background data source, through a counter-exploitation initiative already focused on the problem.

That is the work Karakoram sets out to do: take a problem the field has written off as too hard or too politically fraught, and build something real in response to it, fast. Humanitarian Passport was a prototype, not a finished product. It proved the architecture could hold.

The Humanitarian Passport app creating an account against a physical passport

Continue exploring