Taliban allegedly in control of US biometric devices – a lesson in the deadly consequences of data privacy

0


Marguerite Hu, State of pennsylvania

Following the Taliban takeover of Kabul and the ouster of the Afghan national government, alarming reports indicate that insurgents could potentially access biometric data collected by the United States to track Afghans, including Afghans. people who worked for US and coalition forces.

Afghans who once supported the United States have attempted to hide or destroy physical and digital evidence of their identity. Many Afghans fear that identity documents and databases containing personally identifiable data could turn into death warrants in the hands of the Taliban.

This potential data breach underscores that protecting data in conflict zones, especially biometrics and databases that connect online activity to physical locations, can be a matter of life and death. My research and the work of journalists and privacy advocates who study biometric cybersurveillance have anticipated these privacy and data security risks.

Biometric warfare

Investigative journalist Annie Jacobsen documented the birth of biometric warfare in Afghanistan following the terrorist attacks of September 11, 2001, in her book “First Platoon”. The Defense Ministry quickly saw biometric data and what it called “identity dominance” as the cornerstone of multiple counterterrorism and counterinsurgency strategies. Identity dominance means being able to keep track of who the military sees as a potential threat regardless of aliases, and ultimately denying organizations the ability to use anonymity to hide their activities.

By 2004, thousands of US servicemen were trained to collect biometric data to support the wars in Afghanistan and Iraq. In 2007, US forces were collecting biometric data primarily through mobile devices such as the Biometric Automated Toolset (BAT) and Handheld Interagency Identity Detection Equipment (HIIDE). BAT includes a laptop, fingerprint reader, iris scanner and camera. HIIDE is a unique small device that integrates a fingerprint reader, iris scanner and camera. Users of these devices can collect iris and fingerprint scans and facial photos, and match them to entries in military databases and biometric watchlists.

In addition to biometric data, the system includes biographical and contextual data such as criminal and terrorist watch list records, allowing users to determine if an individual is flagged into the system as a suspect. Intelligence analysts can also use the system to monitor people’s movements and activities by tracking biometric data recorded by troops in the field.

In 2011, a decade after September 11, the Defense Ministry maintained around 4.8 million biometric records of people in Afghanistan and Iraq, with around 630,000 records collected using HIIDE devices. Also at this time, the US military and its military partners in the Afghan government were using biometric intelligence or cyber biometric intelligence on the battlefield to identify and track insurgents.

In 2013, the U.S. Army and Marine Corps used the Biometric Enrollment and Screening Device, which recorded iris scans, fingerprints, and digital facial photos of “people of interest” in Afghanistan. This device was replaced by the Identity Dominance System-Marine Corps in 2017, which uses a laptop computer with biometric data collection sensors, known as the Secure Electronic Enrollment Kit.

Over the years, to support these military objectives, the Defense Ministry wanted to create a biometric database on 80% of the Afghan population, or about 32 million people at the current population level. It is not known how close the military has come to this goal.

More data equals more people at risk

In addition to the use of biometric data by the US and Afghan military for security purposes, the Department of Defense and the Afghan government have ultimately adopted the technologies for a range of day-to-day government uses. These included evidence of criminal prosecution, authorization of jobs and electoral security for Afghan workers.

In addition, the Afghan national identification system and voter registration databases contained sensitive data, including data on ethnicity. The Afghan identification, the e-Tazkira, is an electronic identification document that includes biometric data, which increases the privacy risks posed by the Taliban’s access to the national identification system.

Before falling into the hands of the Taliban, the Afghan government made extensive use of biometric security, including scanning the irises of people like this woman who applied for passports. AP Photo / Rahmat Gul

It is too soon after the Taliban’s return to power to know whether and to what extent the Taliban will be able to requisition biometric data once held by the US military. A report suggested that the Taliban may not be able to access biometric data collected through HIIDE because they lack the technical capacity to do so. However, the Taliban may turn to Inter-Services Intelligence, a longtime ally, the Pakistani intelligence agency, for help obtaining the data. Like many national intelligence services, the ISI probably has the necessary technology.

Another report said the Taliban has already started deploying a “biometric machine” to perform “house-to-house inspections” to identify former Afghan officials and security forces. This is consistent with previous Afghan reports which described the Taliban subjecting bus passengers to biometric screening and using biometric data to target Afghan security forces for kidnappings and assassinations.

Concerns about the collection of biometric data

In the years since September 11, researchers, activists and policymakers have raised concerns that the mass collection, storage and analysis of sensitive biometric data poses threats to human rights. privacy and human rights. Reports that the Taliban potentially have access to US biometric data stored by the military show that these concerns were not unfounded. They reveal potential cybersecurity vulnerabilities in US military biometric systems. In particular, the situation raises questions about the security of the mobile biometric data collection devices used in Afghanistan.

Data privacy and cybersecurity issues surrounding the Taliban’s access to US government and former Afghan government databases are a warning for the future. By creating biometric warfare technologies and protocols, it appears the US Department of Defense has assumed that the Afghan government will have the minimum level of stability necessary to protect data.

The US military would have to assume that all sensitive data – biometric and biographical data, wiretapping data and communications, geolocation data, government records – could potentially fall into enemy hands. In addition to building robust security to protect against unauthorized access, the Pentagon should take the opportunity to consider whether it is necessary to collect biometric data in the first place.

Understanding the unintended consequences of the US experience with biometric warfare and biometric cyber intelligence is of critical importance in determining whether and how the military should collect biometric information. In the case of Afghanistan, the biometric data that the U.S. military and the Afghan government used to track the Taliban could one day – if not already – be used by the Taliban to track Afghans who supported the Taliban. United States.


Margaret Hu, Professor of Law and International Affairs, State of pennsylvania

This article is republished from The Conversation under a Creative Commons license. Read the original article.


Keep up to date with all the ideas.
Browse the news, 1 day of email.
Subscribe to Qrius


Share.

Leave A Reply