A US Army soldier scans the irises of an Afghan citizen in 2012 as part of an attempt by the military to collect biometric information from much of the Afghan population. Jose Cabezas/AFP via GettyImages
In the wake of the Taliban takeover of Kabul and the ouster of the Afghan national government, alarming reports indicate that the insurgents may have access to biometric data collected by the US to track Afghans, including people who worked for the US and coalition forces.
Afghans who once supported the US have tried to hide or destroy physical and digital proof of their identity. Many Afghans fear that the identity documents and databases the storage of personally identifiable data can be converted to: death sentences in the hands of the Taliban.
This potential data breach underlines that data protection in zones of conflict, especially biometrics and databases that link online activity to physical locations, can be a matter of life and death. Mine Research and the work of journalists and privacy advocates studying biometric cybersurveillance anticipated these data privacy and security risks.
Biometrically Driven Warfare
Investigative journalist Annie Jacobson documented the birth of biometric warfare in Afghanistan after the September 11, 2001 terrorist attacks, in her book “first platoon.” The Department of Defense quickly saw biometrics and what it called “identity dominance” as the cornerstone of multiple counter-terrorism and insurgency strategies. Identity dominance means being able to track people the military sees as a potential threat, regardless of aliases, and ultimately deny organizations the ability to use anonymity to hide their activities.
In 2004, thousands of US military personnel had been trained to collect biometric data in support of the wars in Afghanistan and Iraq. In 2007, US troops collected biometric data primarily through mobile devices such as the Biometric Automated Toolset (BAT) and Handheld Interagency Identity Detection Devices (HIIDE). BAT includes a laptop, fingerprint reader, iris scanner and camera. HIIDE is a single small device with a fingerprint reader, iris scanner and camera. Users of these devices can collect iris and fingerprint scans and facial images and link them to entries in military databases and biometric watchlists.
In addition to biometric data, the system also contains biographical and contextual data, such as criminal and terrorist tracking lists, so that users can determine whether a person in the system has been flagged as a suspect. Intelligence analysts can also use the system to track people’s movements and activities by tracking biometrics captured by troops in the field.
By 2011, a decade after 9/11, the Department of Defense kept approximately 4.8 million biometric data of people in Afghanistan and Iraq, with about 630,000 of the records collected using HIIDE devices. By this time, the US military and its military partners in the Afghan government were also using biometric intelligence or biometric cyber intelligence on the battlefield to identify and track insurgents.
In 2013, the United States Army and the Marine Corps used the Device for biometric enrollment and screening, which recorded the iris scans, fingerprints and digital facial photos of “key persons” in Afghanistan. That device was replaced by the Identity Dominance System-Marine Corps in 2017, using a laptop with biometric data collection sensors, known as the Secure Electronic Enrollment Kit.
Over the years, in support of these military objectives, the Department of Defense has sought to establish a biometric database on 80% of the Afghan population, about 32 million people at the current population level. It is unclear how close the military has come to this goal.
More data equals more people at risk
In addition to the use of biometrics by the US and Afghan military for security purposes, the Department of Defense and the Afghan government eventually used the technologies for a range of day-to-day government applications. This included proof for criminal prosecution, to clean up Afghan workers for employment and election security.
In addition, the Afghan national ID system and voter registration databases contain sensitive data, including: ethnicity data. The Afghan ID, the e-Tazkira, is a electronic identification document containing biometric data, which increases the privacy risks arising from the Taliban’s access to the national identification system.
It is too soon after the return of the Taliban to power to know whether and to what extent the Taliban will be able to reclaim the biometric data once held by the US military. One report suggested that the Taliban may not have access to the biometrics collected through HIIDE because they do not have the technical capacity to do so. However, it is possible that the Taliban could turn to its longtime ally, Inter-Services Intelligence, Pakistani intelligence, for help in getting the data. Like many national intelligence agencies, ISI probably has the necessary technology.
Another report indicated that the Taliban have already started deploying a “biometric machine” to conduct “door-to-door inspections” to identify former Afghan officials and security forces. This is consistent with previous Afghan news reports describing the Taliban’s subjugation bus passengers to biometric screening and the use of biometric data to target Afghan security forces for kidnapping and murder.
[Get our best science, health and technology stories. Sign up for The Conversation’s science newsletter.]
Concerns About Collecting Biometrics
For years after 9/11, researchers, activists and policymakers have expressed concern that the mass collection, storage and analysis of sensitive biometric data poses a threat to privacy rights and human rights. Reports about the Taliban possibly having access to US biometrics stored by the military show that those concerns were not unfounded. They reveal potential cybersecurity vulnerabilities in the US military’s biometric systems. In particular, the situation raises questions about the security of the mobile biometric data collection devices used in Afghanistan.
Data privacy and cybersecurity concerns surrounding the Taliban’s access to US and former Afghan government databases are a warning for the future. In building biometric technologies and protocols for warfare, it seems that the United States Department of Defense hired the Afghan government would have the minimum level of stability needed to protect the data.
The US military must assume that any sensitive data – biometric and biographical data, eavesdropping data and communications, geolocation data, government data – could potentially fall into enemy hands. In addition to building robust security to protect against unauthorized access, the Pentagon should use this as an opportunity to question whether it was necessary to collect the biometrics in the first place.
Understanding the unintended consequences of the US experiment in biometric warfare and biometric cyber intelligence is critical to determining or and how? the military needs to collect biometric information. In the case of Afghanistan, the biometrics that the US military and the Afghan government had used to track down the Taliban could one day – if not already – be used by the Taliban to track Afghans who entered the US. supported
This article was republished from The conversation, a non-profit news site dedicated to sharing ideas from academic experts. It was written by: Margaret Hue, Penn State.
Margaret Hu is a member of the Future of Privacy Forum, a nonprofit think tank that provides policy guidance on data privacy. Some of Hu’s research assistants receive funding from Microsoft Research. She received an honorarium for speaking at an event hosted by Microsoft Research.
Disclaimer: The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of Algulf.net and Algulf.net does not assume any responsibility or liability for the same.