This is the real story of the Afghan biometric databases abandoned to the Taliban


According to Jacobsen’s book, AABIS aimed to cover 80% of the Afghan population by 2012, or around 25 million people. Although there is no publicly available information on how many records this database now contains, and neither the contractor managing the database nor officials from the US Department of Defense have responded to the requests for comment, an unconfirmed figure from the LinkedIn profile of his US-based company program manager puts it at 8.1 million records.

AABIS was used extensively in various ways by the previous Afghan government. Applications for government positions and roles in most projects required biometric verification from the MOI system to ensure applicants did not have a criminal or terrorist background. Biometric checks were also required for passport, national identity and driver’s license applications, as well as for registrations for the country’s university entrance examination.

Another database, slightly smaller than AABIS, was connected to the “e-tazkira”, the country’s electronic national identity card. When the government fell, it had around 6.2 million pending applications, according to the National Statistics and Information Authority, although it is not known how many applicants had already submitted biometric data.

Biometrics have also been used – or at least made public – by other government departments. The Independent Election Commission used biometric scanners to try to prevent voter fraud in the 2019 parliamentary elections, with questionable results. In 2020, the Ministry of Commerce and Industry announced that it will collect biometric data from those who register new businesses.

Despite the plethora of systems, they were never fully connected to each other. An August 2019 audit by the United States found that despite the $ 38 million spent to date, APPS had failed to meet many of its goals: biometrics was still not integrated directly into its personal records , but was simply linked by the unique biometric number. The system also did not connect directly to other computer systems of the Afghan government, such as that of the Ministry of Finance, which sent the salaries. APPS also always relied on manual data entry processes, the audit said, which allowed human error or manipulation.

A global problem

Afghanistan is not the only country to adopt biometrics. Many countries are concerned about so-called “shadow beneficiaries” – false identities used to illegally raise wages or other funds. Preventing such fraud is a common rationale for biometric systems, says Amba Kak, director of global policies and programs at the AI ​​Now institute and legal expert in biometric systems.

“It’s really easy to paint this [APPS] as exceptional, ”says Kak, who has co-edited a book on global biometric policies. It “seems to have a lot of continuity with global experiences” around biometrics.

“Biometric identification as the only effective means of forensic identification is… flawed and somewhat dangerous.”

Amber Kak, IA now

It is widely recognized that having legal identification documents is a right, but “to confuse biometric identification as the only effective means of legal identification”, she says, is “flawed and a little dangerous”.

Kak questions whether biometrics, rather than policy fixes, is the right solution to fraud, adding that they are often “not based on evidence.”

But driven in large part by US military objectives and international funding, Afghanistan’s deployment of these technologies has been aggressive. Even though APPS and other databases had not yet reached the level of functionality for which they were intended, they still contain many terabytes of data on Afghan citizens that the Taliban can mine.

“Identity domination” – but by whom?

Growing concern over biometric devices and databases left behind, and tons of other data about ordinary life in Afghanistan, has not stopped the collection of sensitive data from people in the two weeks between l entry of the Taliban into Kabul and the official withdrawal of American forces.

This time, the data is mostly collected by well-meaning volunteers in insecure Google forms and spreadsheets, highlighting either that the lessons about data security have yet to be learned or that they need to be relearned. by each group involved.

Singh says the issue of what happens to data during conflict or government collapse needs more attention. “We don’t take it seriously,” he says, “But we should, especially in these war-torn areas where information can be used to create a lot of damage. “

Kak, the biometric law researcher, suggests that perhaps the best way to protect sensitive data would be if “these types of [data] the infrastructure … was not built in the first place.

For Jacobsen, the author and journalist, it’s ironic that the Defense Ministry’s obsession with using data to establish identity may actually help the Taliban achieve their own version of identity dominance. “It would be fear of what the Taliban are doing,” she said.

Ultimately, some experts say the fact that the Afghan government databases weren’t very interoperable could actually be a saving grace if the Taliban tried to use the data. “I suspect the APPS is still not performing as well, which is probably a good thing in light of recent events,” Dan Grazier, a veteran who works in the Project on Government watchdog group, said via email. Oversight.

But for those logged into the APPS database, who can now find themselves or their family members being hunted down by the Taliban, it’s less irony and more betrayal.

“The Afghan military has trusted its international partners, including and led by the United States, to build a system like this,” said one of the people familiar with the system. “And now this database is going to be used as [new] government weapon.

This article has been updated with comments from the Department of Defense. In a previous version of this article, a source indicated that there was no policy of deletion or retention of data; he has since clarified that he was not aware of such a policy. The story has been updated to reflect this.


Leave A Reply