Digital Refugee Lawyering: Risk, Legal Knowledge, and Accountability

This article explores how the digital transformation of humanitarianism, and the refugee regime reshapes refugee lawyering. Much refugee lawyering is based on a traditional understanding of legal protection – and a focus on legal aid, law reform advocacy, and speciﬁc protection procedures (such as refugee status determin-ation). Refugee lawyering must now grapple with the challenges offered by the digital transformation of international protection. This entails identifying emergent protection issues and how they relate to the law and legal claims. To that end, the article puts forward suggestions regarding the risks of the digital transformation as it pertains to the humanitarian space, the refugee management infrastructure, and refugee lawyering. The article also considers its implications for legal knowledge and the possibility that law may be “displaced” by technology. The article con-cludes by discussing what it means for refugee lawyering and for being accountable to the norms and values of rule of law standards, international protection, and to individual clients.


INTRODUCTION
The digital transformation of the international refugee regime reshapes the dynamics of international legal protection and its attendant governance and justice effects in ways that need attention. 1 This article explores its implications for Essentially, this transformation involves the adoption by aid organisations of information communication technologies (ICTs), which change how they operate, fulfil their mandates, and achieve impact. It includes the process of digitisation -the conversion, articulation, and management of previously analogue information, processes, and actions -and the large-scale datafication of aid, through the conversion of information, concepts, processes, and systems into mathematical and machinereadable formats. 11 It also entails the rapid growth of a sprawling digital infrastructure and the proliferation of digital humanitarian goods. Digital innovations can indeed make international legal protection more effective and accountable. Once evaluations of project pilots, best practice standards, and contextualised qualitative case studies have become widely available, the potential benefits of the digital transformation of refugee lawyering will be better understood. Humanitarian situations, however, are inherently unstable -and insecure, which means that digital innovations may bring new risks and vulnerabilities for refugees and asylum-seekers attempting to access international protection. They can also generate risks for refugee lawyers, including that of becoming de facto threats to their clients. 12 This article focuses on refugee lawyering as a civil society and legal sector activity (legal aid can be commercial, pro bono, or non-profit). It does not include the work done by government refugee lawyers or UNHCR's legal protection officers. Refuge lawyering has traditionally focused on legal aid, law reform advocacy, and litigation of specific protection procedures (such as refugee status determination (RSD) or asylum claims). 13 From this perspective, refugee lawyers are accountable to their clients, the ethics of their Bar, and the basic values of the rule of law. However, the digital transformation is changing international protection -and what can be considered refugee law. It entails an expansion that brings in new legal areas and formats, such as data protection policies and algorithmic code, that pay less attention to due process and rule of law. These profound changes suggest that the everyday practices of refugee law are changing and require different skills and approaches. Therefore, the study of everyday digital refugee lawyering practices is emerging as an important field of socio-legal research. 14 At the same time, on a more conceptual level, these Sandvik In the humanitarian domain, there is frequent use of terms like "victims," "survivors," "beneficiaries," "recipients," "communities in crisis," "individual cases" (ICs), "users" and -with the turn to private sector collaboration -"customers." While this article takes the lawyer-client relationship as its key focus critical reflection is needed on how far the relationships and privileges such terms imply (like "lawyer -client") can be maintained in precarious legal environments, and how far they remain meaningful. I am indebted to Mirjam Twigt for this observation. 13 M. Kagan changes also oblige refugee lawyers -and socio-legal scholars -to engage with the challenges offered by the digital transformation of international protection and how this transformation affects notions of accountability. This includes the types of humanitarian and legal accountability refugee lawyers should seek to obtain on behalf of their clients -and their own accountability vis-à-vis those clients. These conceptual challenges are the theme of this article. 15 The analysis proceeds in four parts. So far, little scholarly attention has been given to this topic. To begin to articulate a research agenda, the digital transformation of refugee lawyering needs to be placed in its institutional context. Parts 1 and 2 situate refugee lawyering and shifting notions of accountability in the digital transformation of the humanitarian space itself. Part 3 offers suggestions on the risks of the digital transformation as it pertains to the digitisation of the humanitarian space, to refugee management infrastructure, and to refugee lawyering. Part 4 considers the implications of this for legal knowledge and the risk that law may be "displaced" by technology. In conclusion, the article discusses the consequences for refugee lawyeringand what it means to be accountable. 16

HUMANITARIANISM, LEGALISATION, AND ACCOUNTABILITY
To provide a context for gauging these effects on dynamics and governance, we will first situate international protection within the humanitarian space. Seeing the digital transformation of international protection as a stand-alone development gives an incomplete view: the problems of the digital humanitarian space also affect refugee lawyering. Thus, to gain a better contextual understanding of the digital transformation, the article sees international protection as part of the humanitarian space. The digital transformation of this space is operationalised by the humanitarian sector as a series of piecemeal projects -variously labelled "humanitarian innovation" or "humanitarian experimentation," which are directed at "fixing" the system, making it better, faster, stronger, and more secure. While such initiatives are fragmentary and often disjointed, the fact that humanitarian action is connected to new partners (the World Bank, start-ups, big tech), new projects (proxy-means welfare testing or social innovation), and new activities (banking), means that humanitarianism itself is transformed. This is particularly visible in the ways the digital transformation of aid changes the sites of production of knowledge (i.e. algorithms and data) and expertise, as well as their content and characteristics. This shift in the meaning of 15 The article draws on a survey of the academic literature (including the author's own work), analysis of current debates on the digital transformation of refugee protection and the author's experiential insights. The author has previously fundraised for NRC's ICLA project in Kosovo (2000); been a part of Harvard Law School's human rights clinic, with a focus on lawyering for the Inter-American Commission; worked with UNHCR legal protection on resettlement in Uganda and undertaken empirical field-based studies of feminist and indigenous rights lawyering for IDP rights in Colombia. 16 The growing criminalisation of those offering support to migrants, refugees, and asylum-seekers on land and at sea, and the equation of such assistance with human smuggling falls outside the scope of this article. That said, the digital transformation is clearly taking place within a broader context of shrinking civic and humanitarian spaces. At the same time, a recent Report of the Special Rapporteur on the Situation of Defenders of Human Rights (A/HRC/37/51 2018) highlights the challenges faced by those defending people on the move, without ever discussing the digital transformation of threats and risk. I am grateful to an anonymous reviewer for alerting me to these issues.
humanitarianism also affects international refugee protection. For refugee lawyering, this is highly significant, as it changes the types of legal problems that arise, and ultimately, notions of accountability to refugees and asylum-seekers. Furthermore, there is a need to clarify what the relationship between law and humanitarianism means for the digital transformation of protection. It may seem paradoxical that the refugee regime should be incorporated into humanitarian space. As noted above, international protection is all about law, lawyering, legal procedure, and access to legal process. However, while humanitarian action is closely bound up with international humanitarian law, the sector is in fact characterised by a remarkable lack of law: to put it bluntly, humanitarians don't seem to like law, legal processes, or lawyers very much. 17 Humanitarian governance is premised on short-term and ad hoc interventions designed to preserve life and reduce human suffering. 18 Longstanding cross-sectoral engagement with accountability initiatives has translated into scarcely any form of legal accountability. However, the sector is legalising -albeit unevenly and in fits and starts -and the law, legal discourse, lawyers, and legal institutions are becoming increasingly important to humanitarian governance. 19 In response to calls for greater accountability and effectiveness, and because of the field's rapid expansion and integration into global markets, what was once a largely unregulated area is now emerging as a transnational humanitarian space where authority, governance, legitimacy, and power are increasingly invoked via the law. 20 This (belated) legalisation is intertwined with the digital transformation of the sector. There is an emphasis on combining law, technology, and markets to address crises and solve the humanitarian sector's perennial problems of effectiveness and efficiency. 21 It is through this messy, ambivalent, and still evolving approach to law and regulation -and in the face of sector-wide underinvestment and lack of interest in humanitarian lawyering -that the humanitarian field, including international protection, grapples with the digital transformation. What are the consequences of this for how refugee lawyering construes the nexus between legal and humanitarian accountability? To answer this question, we need to bring together this incarnation of the digital transformation of international protection with ongoing discussions about the meaning and nature of accountability. 22 Following decades of criticism of UNHCR's lack of accountability and its struggle to fulfil its mandate to protect refugees, 23 the introduction of new accountability mechanisms to strengthen "accountability to affected populations" -defined as a commitment "to use power responsibly by taking account of, giving account to and being held to account by the people they seek to assist" 24 -has become an institutional feature of international refugee management. 25 Yet, for UNHCR, "affected populations" are not the only ones to whom it seeks to be accountable; it also holds itself accountable to donors, to the broader international community, and to its overall mandate, which is to provide international protection to refugees. This increased attention to accountability has been criticised for delivering more upward than downward accountability, by focusing, for example, on how effectively, efficiently, or strategically UNHCR spends donor funding -or how it produces better domestic security in donor countries. 26 Importantly, the multiple purposes of accountability efforts are not only facilitated but also changed by technology. 27 Legal accountability, in this context, refers to the adjudication of violations (of human rights obligations) by judicial or quasi-judicial bodies accessible to asylum-seekers and refugees. 28 For refugee lawyers, this includes combining their work for their clients in the humanitarian protection system (adhering to professional standards and to the material and procedural requirements of the law) with their duty of care for their own operations. This entails minimising the chances of risk and harm, together with a duty of technological competence (see below on legal technology).

FROM REFUGEE LAW TO LAWYERING IN THE DIGITAL
HUMANITARIAN SPACE: A KNOWLEDGE GAP While the emergence of a "law of humanitarian action" is changing the role and activities of lawyers, so is the digital transformation. Struggles over data protection and privacy, surveillance, and data justice issues are developing. While there has been some attention to digital humanitarians and the politics and ethics of their expertise, less has been paid to the objectives and tasks of digital refugee lawyering. The following scoping exercise identifies gaps in knowledge to help clarify the nature of the problems and tasks outlined in the next sections. Lawyering for social change is conceptualised by leading socio-legal scholars as "a form of advocacy that consciously [strives] to alter structural and societal impediments to equity and decency"; the term describes the activities of those "lawyers whose work is directed at altering some aspect of the social, economic and/or political status quo" and who believe that current societal conditions obstruct the full participation of and sufficient benefits to subordinated people. 29 As noted in the literature, lawyering for refugees includes a plethora of approaches beyond litigation on RSDs and asylum procedures: it includes lawyering for community development, grassroots lawyering, poverty lawyering, and human rights lawyering. 30 However, while the professionalisation of the humanitarian sector has been examined, 31 no attention has been given to important changes in the nature and scope of the work carried out by lawyers, one of the oldest professional groups involved in the humanitarian sector. The literature on lawyers specialising in international humanitarian law focuses on the "humanitarian lawyer as colonialist," 32 on the role of lawyers in the war on terror, 33 and on how lawyers contribute to the ideological production of international and transnational justice. 34 Humanitarian lawyering, let alone the implications of "digital humanitarian lawyering," remain little discussed.
For problems arising from digitisation and digital technologies to become an area for refugee lawyers, whether regarding manufacturing, malfunctioning, design, training, human error, or responsibility for cyber due diligence, they must be recognised and described as a legal injury. Somebody or something must be blamed, i.e. held responsible and something -redress, compensation, the right to appeal -must be claimed. 35 This suggests that problem definitions are important for how legal problems are identified, represented, and litigated. The burgeoning scholarship on the use of digital tools in aid (humanitarian technology and innovation) therefore provides useful pointers to what digital refugee lawyering involves. Much of this scholarly work has focused on the perils of digital tools and their capacity to cause new risks, harms, and vulnerabilities; it has also assessed how digital "solutions in need of problems" shape grant-making and staff allocations as well as thematic and processoriented trajectories. It includes a substantial literature on paradigm changes (the dangers of "humanitarian technology," 36 "digital humanitarianism," 37 and "humanitarian innovation" 38 ); work on specific hardware and software (big data, 39 blockchain, 40 biometrics, 41 smartphones 42 ); and the role of data in decision-making and resource allocation. 43 In sum: there is an increasing tendency of the humanitarian system to frame protection issues according to their amenability to technological solutions. Accordingly, refugee lawyers must figure out how the digital transformation shapes the problems they work on -as well as how they should deal with these problems and, while doing so, how they should relate to and communicate with their clients.

UNDERSTANDING NEW CHALLENGES: CLUSTERS OF RISK
What types of digital risks are there, and what is the role of law and lawyers in dealing with them? Digitisation and the integration of new technology create risks -and harms -which can not only compromise existing legal rights and procedural guarantees but also threaten the integrity of refugee protection in new ways. This article suggests that refugee lawyering must deal with three clusters of risks: general risks; risks that compromise the protection of individuals, protection infrastructure and protection processes in themselves; and the risk created by refugee lawyering. This means refugee lawyers must not only address risks posed to their clients but also recognise how technology makes lawyers themselves sources of risk.
4.1. General risks and risks specific to humanitarian action On a conceptual level, this type of risk analysis has implications for how we think about the client as a protected subject. The digital transformation of international protection also means that of being visible and consenting to become a data subject -a refugee must physically come forward to register and agree to have a great deal of personal and sensitive data recorded, stored, and shared -have become requirements for being registered as a refugee, receiving aid (for example biometric banking), and having one's claim for a durable solution processed. The use of digital technologies creates corresponding "digital bodies" -images, information, biometrics, and other data stored in digital space -that represent the physical bodies of populations affected by conflict and natural hazards, but over which they have little control. Refugee lawyers need to understand this double risk -to the physical body as well as to the digital body, and the interplay between the two -if they are to identify injury and properly articulate a claim for remedy and protection. 44 Humanitarians, including refugee lawyers, get hacked and are targets for cybercriminals. The general risks arising from technological innovation and digitisation affect the refugee management system, along with everyone else in the international community: they include the potential for data misuse and cyber/information data security breaches leading to identity theft, or theft, destruction, or manipulation of data. 45 In addition, given the fraught nature of forced displacement, they also have a political component. Cyberspace has always been a site for national interest politics and is associated with an ever-growing military and civil capacity for mass surveillance. 46 Because of the properties of humanitarian cyberspace, humanitarians have been enrolled -voluntarily, knowingly, or unwittingly -in digital conflicts. As actors such as UNHCR and the World Food Programme (WFP) become data hoarders through their new social protection and digital payment programmes, data and cybersecurity challenges affecting the individual digital bodies of beneficiaries will become more frequent. With respect to cyber-attacks against the UNHCR for example, once databases are created, they invariably become targets for criminal, State, and armed actors. 47 On a much smaller scale, the same is potentially true for the operating systems and client files of refugee lawyers. Risks also arise from the type of moral economy humanitarian aid trades in, giving licence to entrepreneurs, start-ups, and tech companies who want to "do good" by testing their products in humanitarian contexts. Together with Sean Martin McDonald and Katja Lindskov Jacobsen, I have argued that experimental innovation in the testing and application of new technologies in humanitarian contexts can contribute to unethical, illegal, and ineffective practices that result in increased harm and vulnerability for the humanitarian subjects involved, and potentially for the humanitarian actors too. These consequences can be direct or indirect. Risk can result from both the failure and the success of such experiments. Risk can result from individual harms, which are exacerbated by their relationship to larger underlying trends in humanitarian aid. Risk can involve, for example, the violation of privacy through the collection of identifiable personal information, commercial gains obtained from suspending restrictions on testing technological products on people, or from the distribution of resources. 48 From the perspective of refugee law, mistakes, malfunctions, or abuse of a biometric registration process or biometric data can result in the rejection of a claim for refugee status, for example, because of mistaken identity.
To sum up, for refugee lawyers, the challenge is not only to protect clients against digital harms by international actors, but also to protect them from themselves, by making sure that breaches and cyberattacks against the legal practice do not compromise clients' security or their chances of success vis-à-vis UNHCR and the host State.

Risks arising from digital protection infrastructures: the rise of PRIMES
Because of the demand for legibility and the need to provide financial and political accountability to donors and host States (through statistics and profiles of Individual Cases), international humanitarian organisations, including UNHCR, are building large databases containing enormous amounts of beneficiary data. 49 While the platforms are iterations of previous databases and results-based management frameworks, much remains unclear about how they will work, how data will travel, who will be able to access it, how it will be stored and protected, how individuals can access their own data, and what purposes these systems will ultimately serve. 50 In 2018, UNHCR introduced the Population Registration and Identity Management EcoSystem (PRIMES), which encompasses all interoperable UNHCR registration, identity management, and caseload management tools and applications. The scope of PRIMES is immense: it incorporates existing UNHCR tools such as the Profile Global Registration System (proGres, a case management software application), the Biometric Identity Management System (BIMS), the Global Distribution Tool (GDT), the Rapid Application (RApp), IrisGuard and Refugee Assistance Information System (RAIS), and will contain tools developed in the future. PRIMES is designed to work in offline, online, and Global System for Mobile Communication (GSM) environments and will be interoperable with IT systems used by governments and partner organisations such as the World Food Programme's SCOPE and the United Nations Children's Fund's (UNICEF's) PRIMERO. PRIMES will also move data from local databases worldwide and collect all UNHCR data in a single database that can be accessed via the web. 51 As a framework influencing how phenomena are captured and represented as data, the database is a key site for the production and materialisation of social meaning. It reflects the values, norms, epistemologies, social relations, and power that influence how people interact with the world and each other. 52 How can responsibility be assigned if something goes wrong -how can attributions for lack of capacity, wrongful conduct, or technological or manufacturing error be made, for exampleand how should refugee lawyering go about formulating legal claims? A further consideration is that, when protection procedures are contained in digital structures, refugee populations will suffer if there is unstable or inadequate electricity supply, internet connectivity, or mobile networks, or little digital literacy and access.
So far, these databases and the type of knowledge management and control they enable have received little scrutiny from refugee law scholars, as have questions related to the contractual agreements and legal frameworks governing the development and operation of these platforms and the extent of the duty of care. For example, an important issue is how individual refugees can ask for corrections of flawed information or updates reflecting changes in their personal circumstances, and how such requests can be vetted to prevent fraudulent claims. The management of one's digital identity and digitised life story is crucial, 53 yet this is a right that is hard to claim or monitor. 54  54 If the database is closed, the risk is that databases will be de facto abandoned with data not fully destroyed and what remains being inadequately protected. New systems also interact with non-humanitarian systems in ways that can lead to humanitarian mission creep and function creep. A further risk is "vendorlock in": the risk UNHCR will become dependent on a particular provider, including as regards the control of personal data processed by proprietary systems. Sandvik, "The Digital Transformation of Refugee Governance". 55 As observed by Lemberg-Pedersen and Haioty, while the extraction of data from displaced quasi-Statecitizens may be problematic in terms of organisations' downward accountability, the same practices are also a highly profitable market for the ICT and biometrics sector. M. Lemberg-Pedersen & E. Haioty, These developments require refugee lawyers and refugee law scholars to rethink how and where one looks for problems, which stakeholders are put under critical and how one can assess the linkages between due diligence defaults, deficiency, and malfunctions at the corporate end -and protection failures at the humanitarian end. 56 4.3. Operational and strategic risks to lawyering posed by legal tech A third type of risk results from the rise of "legal tech" in the domain of refugee law, that is, the use of technology, software, and computer analytics to provide legal services and justice. Legal tech produces important changes in legal practice, legal institutions, and the legal profession. While the database is an external source of problems and concerns material and procedural aspects of refugee lawyering, legal tech is a potential internal source of problems. 57 Digitisation processes change our understanding of legal problems and what can be considered appropriate legal responses. In the context of legal tech, digitisation refers to the collection, conversion, storage, and sharing of data and the use of digital technologies (e.g. mobiles, tablets, drones, biometric devices, computational applications in artificial intelligence, bespoke digital platforms, and blockchain technology) to collect, analyse and disseminate information about claimants and plaintiffs, the decision patterns of judges, case law and emergent legal problems. In situations of forced displacement, this information would likely also involve the political and cultural context and historical violence and patterns of displacement. The collection of this type of data is particularly significant for how lawyers think about their accountability to refugee clients. As sensitive data passes from clients to lawyers, and as more data (statistical, geospatial, or concerning telecommunications or digital forensics) is enrolled to bolster clients' claims, for example, of political activism or gender-based violence -or of a "safe" risk profile, the lawyers managing this stored information are becoming targets for attack, and thus pose further threats to their clients.
Legal tech represents a disruptive innovation because it changes the time required for knowledge production and its cost, scope, and management in law. 58 In a resource-poor and time-constrained field such as refugee law, legal technology can bring down costs, enhance effectiveness and provide better services. Current transnational refugee litigation depends on digital tools. However, we should recognise "Re-Assembling the Surveillable Refugee Body in the Era of Data-Craving", Citizenship Studies, 24(5), 2020, 607-624. 56 Sandvik, "The Digital Transformation of Refugee Governance". 57 As shrewdly observed by an anonymous reviewer, legal aid providers and refugee lawyers may be even more vulnerable to the issues faced by UNHCR with respect to PRIMES, than is UNHCR itself. For example, they are more likely to lack resources, expertise, and the scale needed to implement solutions. More contextualised analysis of how this relationship operates is needed. that the general risks associated with legal tech proliferate in situations of forced displacement and humanitarian crisis. Legal technology is neither neutral nor apolitical: much of it has been developed and trained on U.S. data and reflects the rationalities, processes, and values of common law systems. Minor technical decisions in its design and implementation can create ripple effects in the direct and distributive effects (on domestic legal cultures) of legal technology, given the likelihood of rapid and unreflective uptake in legal systems lacking capacity and resources. This means that we need a much better understanding of the costs and trade-offs involved in the transplantation of legal tech. 59 As observed in studies of legal technology and access to justice, social stratification and bias also matter enormously. 60 We have already discussed the implications of the digital wrapping of protection procedures. Along with these, access to legal assistance is increasingly impacted by the digital divides between nations, regions, and demographics (class, gender, ethnicity) which arise from limited access to ICT, because of lack of connectivity, inability to afford gadgets or the data power, software and cybersecurity protections required for using legal tech safely and effectively -or because of heavily controlled/censored access to the internet or specific software. There are consequent gaps in digital literacy that leave swathes of the population, civil society, or legal profession at a disadvantage regarding the ability to critically engage with, optimise or resist the use of legal technology to access refugee law and protection mechanisms. The developing legal design community emphasises the need for user-centred innovation. 61 While this is undeniable, better innovation will not resolve what are essentially political conflicts over participation, distribution, and social justice. The main stakeholders seeking to globalise legal technology are market actors, not governments. It should be recognised that this way of framing access to justice problems prioritises solutions focusing on technological innovation and legal design, as well as the interests of technology stakeholders.

IMPLICATIONS FOR LEGAL KNOWLEDGE PRODUCTION
Law is generally seen as a structured, hierarchical system of knowledge separate from value-laden social and political life. 62 As noted in the introduction, the "legalese" (or principled) approach adopted by refugee lawyers has been criticised for being distant from the lifeworld of refugees and political realities, and lacking awareness how power shapes legal interpretations and the meaning of principles -or even the definition of refugees. 63 However, at present, the construction and production of knowledge about law, and its use in refugee management are rapidly changing -with implications for individuals' rights and refugee lawyering.
On one level, little is new. Responding to changing views of accountability, effectiveness, economic efficiency, and national security, humanitarian knowledge production practices are constantly in flux. New Public Management brought a host of results-based approaches, such as log frames and indicators. "Quantification culture" focusing on "quantified truths" drove a demand for measurements (how many refugees in what categories, how many vulnerable dependents, how many people in need of shelter or extra nutrition) which defined social life as something that could be counted 64 and classified. Classification -what Ian Hacking calls "making up people" 65 is a matter of life and death in the humanitarian space: in medical triage, the assignment of urgency decides how patients are treated. Recognition and differentiation are also key tools for distributing limited legal resources. 66 The digital transformation changes the sites of production of legal knowledge and expertise. From the perspective of refugee lawyering, we must scrutinise the circulation of power and expertise in emergent digital infrastructures and the sociotechnical work necessary to acquire, process, store and use data, as well as to study the power relations embedded in these processes. 67 In critical data studies, there has recently been condemnation of the analytical fatalism surrounding datafied knowledge and the fetishisation of the "black box." 68 Many scholars in the field of refugee and migration studies have responded to the call to demystify datafied knowledge. 69 Our challenge is now to link these analytical contributions to the analysis of refugee law.
with national authorities and private entities which may have "different drivers or motivations," such as the development of national identity or welfare programmes. 70 This article argues that the turn to social protection and integration into digital protection infrastructures (see above on PRIMES) may cause a shift away from legal protection. An example of this is the Vulnerability Assessment Framework (VAF), which was launched in Jordan in 2014 to develop a "robust model" to map the vulnerabilities of the Syrian non-camp population. 71 VAF was owned by UNHCR, the World Food Programme, and UNICEF. VAF -which had several regional counterparts, such as the Egypt Vulnerability Assessment of Syrian Refugees (Evar) and the Vulnerability Assessment of Syrian Refugees in Lebanon (VaSyr), was a proxy means-testing instrument intended to enable humanitarian organisations to optimise the use of resources. Its designers hoped that VAF would do this by categorising and ranking refugees, thus enabling the most "vulnerable" to be identified and targeted. Data on VAF indicators were to be collected by UNHCR at the registration stage, but vulnerability was to be identified mainly through the "Home Visit Form," a vulnerability assessment questionnaire to be filled in during household visits by UN agencies and their implementing partners, and then entered into the Refugee Assistance Information System (RAIS), a part of PRIMES. The information gathered includes the estimated ability of a household to cover its monthly expenses, the number of dependents, its housing conditions, and access to healthcare. VAF was promoted as an effective way of identifying and ranking demographic vulnerability through a "vulnerability score," with one representing low vulnerability, two mild, three moderate, and four high/severe. Quantifiable data were created through home visits and qualitative assessments, which were then processed algorithmically, generating a vulnerability score from one to four. This score was a moving target, dependent on the total vulnerability score of the population, and while not officially stated, a score of three or four was required to receive assistance.
Programmes such as VAF shift the focus from legal protection (including legal language, rights, and legal capacity) to social protection, where the encounter is not face-to-face between individual refugees and protection officers (and interpreters), but between refugee households "performing" vulnerability and one or several UNHCR and NGO employees. Given the miniscule number of refugees who manage to get resettled in a third country, the vulnerability assessment becomes a key factor in the protection received by refugees. RSD determination and resettlement procedures are premised on legal language and legal principles and, at least in theory, on human rights and due process values. By contrast, VAF is based on scores fed into a socio-technical system that calculates final scores according to a larger matrix that considers living conditions and the resources available for material support and is adjusted for political pressures exerted on UNHCR by the State, other humanitarian actors, and donors. As critics have pointed out for many years, encounters between refugees and UNHCR protection staff involve enormous power differences and a lack of due process and rights-based approaches. 72 However, from the rule of law perspective, the de facto replacement of the aspirations of international refugee law by proxy means welfare testing raises many new questions.

From legality to "cultures of data protection"?
For refugee lawyers, the digital transformation changes not only the meaning and pathways of accountability, but also the legal and policy frameworks through which accountability may be obtained. An important factor is how and where the actors are placed in international law, with regional frameworks becoming increasingly important in refugee protection. In Europe, the General Data Protection Regulation (GDPR) enshrines the key principle of data protection law: the collection and processing of displaced individuals' data must have a legal basis. 73 However, whereas the GDPR applies to UNHCR's European partners, intergovernmental organisations, such as the UN, claim immunity from the GDPR and other such data regulations. Thus, while UNHCR processes the personal data of millions of refugees and other people of concern, as an international body, it has privileges and immunities. This means it is subject neither to domestic laws nor to such regional frameworks as the GDPR. Instead, its legal basis is UNHCR's mandate function to protect people of concern and facilitate durable solutions and the 2015 UNHCR Data protection policy (DPP). 74 A 2019 evaluation notes that UNHCR has "rich and meaningful data collected on persons of concern, their protection risks, services and assistance provided to them, and their access to solutions, socioeconomic improvements in their lives, and the contexts in which they live." 75 The 2019 evaluation never considers UNHCR's data governance in terms of regulation or legality -there is no mention of law, legal norms, or sanctions. Rather, it recommends that UNHCR should improve its data governance by establishing a data management "rule book" that specifies the norms and conventions that should govern and align the organisation's data, stipulating the parameters for data collection, processing, protection, storage, analysis, and use. The approach is seemingly very light touch: information and data management are a responsibility of all staff, yet it is noted that staff members' confidence and ability to identify, manage, and analyse operational data varies widely. Similarly, according to UNHCR's senior Data Protection Officer, there is a need to "establish an allencompassing culture of data protection. There is a need to withstand internal and external pressure to compromise on data protection principles." 76

A digital disappearance of vulnerability?
In the past, considerable criticism was directed at the lack of standardisation of legal processes. For example, credibility assessments in RSD -particularly with respect to vulnerability -were criticised for being dependent on personal judgment, difficult to review, and likely to vary from one decision-maker to another. 77 UNHCR has attempted to give credibility assessment a more objective and legalistic basis. The development of gender norms in international refugee law, such as specific categories to protect "women-at-risk" in the application of durable solutions, and specific procedures for dealing with vulnerable refugees, are significant achievements. However, today, there seems to be increasing tension between these achievements and the digital transformation of vulnerability assessments. If you analyse vulnerability based on algorithms that specifically identify and emphasise women's experiences vulnerable, or, conversely, if your algorithms omit or deprioritise the lifeworld of young men, the outcome will impact the allocation of legal identities and material resources. This invisibility is being made ideologically legible according to a script that sees digitised vulnerability assessments as infallible and where what cannot be read as algorithmic knowledge cannot exist. 78 Finally, a lasting, transformative consequence of COVID-19 is likely to be the mediation of the production of knowledge through on-screen encounters. During spring 2020, the sudden halt of many aspects of international legal protection procedures meant that remote interviewing became the only way to process RSDs and handle resettlement cases. 79 This perhaps long-term institutionalisation of remoteness requires us to go beyond previous critiques of remote management to decide its consequences for international refugee protection. The difficult conditions under which remote interviewing takes place mean that we must rethink "vulnerability" as a protection category: due to the sensitivities involved, UNHCR has cautioned against interviewing vulnerable refugee remotely, because of risks to the interviewee and threats to the integrity of the process. The problem here is policy and politics, not technology. The technical consequence, however, may be the loss of access to protection for the most vulnerable.

CONCLUSION
This article has attempted to describe a set of conceptual problems for digital refugee lawyering in the hope of inspiring further discussion and analysis. As such, it is a tentative exercise. The basic assumption is the need for a better understanding of how the framing of problems in refugee law leads to problematisations that are amenable to technological innovation and intervention and that further the interests of technology stakeholders.
In future, we need to go beyond issues of risk and the displacement of legal knowledge to develop a better appreciation of what good practice for digital refugee lawyering looks like in the context of the digital transformation. 80 In the United States, there is a growing normative framework for professional standards, which include a duty of technological competence 81 as well as identifying new forms of malpractice. 82 Central topics include changes in the lawyer-client relationships, 83 particularly in relation to the duty of care and due diligence for the protection of confidentiality 84 and defence against intrusion 85 ; competence in e-discovery 86 and responsibility for the organisation of services. 87 This also involves due diligence responsibility for "non-lawyer" assistance, 88 cyber security protection, and vendor provision of cloud