Jump to content
  • US-collected biometric data in Taliban’s killer hands

    alf9872000

    • 1 comment
    • 422 views
    • 7 minutes
     Share


    • 1 comment
    • 422 views
    • 7 minutes

    Afghanistan’s Taliban reportedly have now control of US biometric devices – a lesson in the life-and-death consequences of data privacy.

     

    In the wake of the Taliban’s takeover of Kabul and the ouster of the Afghan national government in August 2021, alarming reports indicated that the insurgents had potentially accessed biometric data collected by the U.S. to track Afghans, including people who worked for U.S. and coalition forces.

     

    Afghans who once supported the US have been attempting to hide or destroy physical and digital evidence of their identities. Many Afghans fear that the identity documents and databases storing personally identifiable data could be transformed into death warrants in the hands of the Taliban.

     

    A March 30, 2022, report from Human Rights Watch indicated the Taliban have been collecting biometric data to potentially match against captured US and Afghan government databases. US military devices and the data they contain have since turned up on the open market.

     

    This data breach underscores that data protection in zones of conflict, especially biometric data and databases that connect online activity to physical locations, can be a matter of life and death. My research and the work of journalists and privacy advocates who study biometric cyber-surveillance anticipated these data privacy and security risks.

    Biometric-driven warfare

    Investigative journalist Annie Jacobsen documented the birth of biometric-driven warfare in Afghanistan following the terrorist attacks on September 11, 2001, in her book “First Platoon.” The US Department of Defense quickly viewed biometric data and what it called “identity dominance” as the cornerstone of multiple counterterrorism and counterinsurgency strategies.

     

    Identity dominance means being able to keep track of people the military considers a potential threat regardless of aliases, and ultimately denying organizations the ability to use anonymity to hide their activities.

     

    By 2004, thousands of US military personnel had been trained to collect biometric data to support the wars in Afghanistan and Iraq. By 2007, U.S. forces were collecting biometric data primarily through mobile devices such as the Biometric Automated Toolset (BAT) and Handheld Interagency Identity Detection Equipment (HIIDE).

     

    BAT includes a laptop, fingerprint reader, iris scanner and camera. HIIDE is a single small device that incorporates a fingerprint reader, iris scanner and camera. Users of these devices can collect iris and fingerprint scans and facial photos, and match them to entries in military databases and biometric watchlists.

     

    In addition to biometric data, the system includes biographic and contextual data such as criminal and terrorist watchlist records, enabling users to determine if an individual is flagged in the system as a suspect. Intelligence analysts can also use the system to monitor people’s movements and activities by tracking biometric data recorded by troops in the field.

     

    By 2011, a decade after 9/11, the Department of Defense maintained approximately 4.8 million biometric records of people in Afghanistan and Iraq, with about 630,000 of the records collected using HIIDE devices.

     

    Also by that time, the US Army and its military partners in the Afghan government were using biometric-enabled intelligence or biometric cyberintelligence on the battlefield to identify and track insurgents.

     

    In 2013, the US Army and Marine Corps used the Biometric Enrollment and Screening Device, which enrolled the iris scans, fingerprints and digital face photos of “persons of interest” in Afghanistan.

     

    That device was replaced by the Identity Dominance System-Marine Corps in 2017, which uses a laptop with biometric data-collection sensors, known as the Secure Electronic Enrollment Kit.

     

    Over the years, to support these military objectives, the Department of Defense aimed to create a biometric database on 80% of the Afghan population, approximately 32 million people at today’s population level. It is unclear how close the military came to this goal.

    More data equals more people at risk

    In addition to the use of biometric data by the U.S. and Afghan military for security purposes, the Department of Defense and the Afghan government eventually adopted the technologies for a range of day-to-day governmental uses. These included evidence for criminal prosecution, clearing Afghan workers for employment and election security.

     

    In addition, the Afghan National ID system and voter registration databases contained sensitive data, including ethnicity data. The Afghan ID, the e-Tazkira, is an electronic identification document that includes biometric data, which increases the privacy risks posed by Taliban access to the National ID system.

     

    file-20210826-15-1mh4vcb.jpg?w=780&ssl=1

    Before falling to the Taliban, the Afghan government made extensive use of biometric security, including scanning the irises of people like this woman who applied for passports. Photo”: Rahmat Gul / AP via The Conversation

     

    We do not yet know the extent to which the Taliban have been able to commandeer the biometric data once held by the US military. One report suggested that the Taliban may not be able to access the biometric data collected through HIIDE because they lack the technical capacity to do so.

     

    However, it’s possible the Taliban could turn to longtime ally Inter-Services Intelligence, Pakistan’s intelligence agency, for help getting at the data. Like many national intelligence services, ISI likely has the necessary technology.

     

    Another report indicated that the Taliban have already started to deploy a “biometrics machine” to conduct “house-to-house inspections” to identify former Afghan officials and security forces.

     

    This is consistent with prior Afghan news reports that described the Taliban subjecting bus passengers to biometric screening and using biometric data to target Afghan security forces for kidnapping and assassination.

    Biometric data concerns

    For years following 9/11, researchers, activists and policymakers raised concerns that the mass collection, storage and analysis of sensitive biometric data posed dangers to privacy rights and human rights.

     

    Reports of the Taliban potentially accessing US biometric data stored by the military show that those concerns were not unfounded. They reveal potential cybersecurity vulnerabilities in the US military’s biometric systems. In particular, the situation raises questions about the security of the mobile biometric data-collection devices used in Afghanistan.

     

    The data privacy and cybersecurity concerns surrounding Taliban access to US and former Afghan government databases are a warning for the future. In building biometric-driven warfare technologies and protocols, it appears that the Department of Defense assumed the Afghan government would have the minimum level of stability needed to protect the data.

     

    The US military should assume that any sensitive data – biometric and biographical data, wiretap data and communications, geolocation data, government records – could potentially fall into enemy hands.

     

    US_soldiers_in_Zabul_province-scaled.jpg

    A US Army officer and an Afghan interpreter on a reconnaissance mission near Forward Operating Base Lane in Zabul province, Afghanistan, in 2009. Photo: US Department of Defense / Staff Sergeant Adam Mancini / Wikimedia Commons

     

    In addition to building robust security to protect against unauthorized access, the Pentagon should use this as an opportunity to question whether it was necessary to collect the biometric data in the first instance.

     

    Understanding the unintended consequences of the US experiment in biometric-driven warfare and biometric cyberintelligence is critically important for determining whether and how the military should collect biometric information.

     

    In the case of Afghanistan, the biometric data that the US military and the Afghan government had been using to track the Taliban could one day soon – if it’s not already – be used by the Taliban to track Afghans who supported the US.

     

    Source


    User Feedback

    Recommended Comments



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...