Following the Taliban takeover of Kabul and the ouster of the Afghan national government, alarming reports indicate that insurgents could potentially access biometric data collected by the United States to track Afghans, including those who worked for US and coalition forces.
Afghans who once supported the United States have attempted to hide or destroy physical and digital evidence of their identity. Many fear that identity documents and databases containing personally identifiable data could be turned into death warrants by the Taliban.
This highlights that protecting data in conflict zones, especially biometric data and databases that link online activity to physical locations, can be a matter of life and death.
My research and the work of journalists and privacy advocates who study biometric cybersurveillance have anticipated these risks.
Investigative journalist Annie Jacobsen documented the birth of biometric warfare in Afghanistan following the terrorist attacks of September 11, 2001, in her book âFirst Platoonâ. The Defense Ministry quickly saw biometric data and what it called “identity dominance” as the cornerstone of multiple counterterrorism and counterinsurgency strategies. Identity dominance means being able to keep track of who the military sees as potential threats regardless of aliases, and ultimately denying organizations the ability to use anonymity to hide their activities.
By 2004, thousands of US servicemen were trained to collect biometric data to support the wars in Afghanistan and Iraq. In 2007, US forces were collecting biometric data primarily through mobile devices such as the Biometric Automated Toolset (BAT) and Handheld Interagency Identity Detection Equipment (HIIDE). BAT includes a laptop, fingerprint reader, iris scanner and camera. HIIDE is a unique small device that integrates a fingerprint reader, iris scanner and camera. Users collect iris and fingerprint scans and facial photos, then associate them with entries in military databases and biometric watchlists.
The system also includes biographical and contextual data such as criminal and terrorist watch list records, allowing users to determine if an individual is flagged into the system as a suspect. Intelligence analysts can use the system to monitor people’s movements and activities by tracking biometric data recorded by troops in the field.
In 2011, a decade after September 11, the Defense Ministry maintained around 4.8 million biometric records of people in Afghanistan and Iraq, with around 630,000 records collected using HIIDE devices. In addition, the US military and its military partners in the Afghan government used biometric intelligence or biometric cyber espionage on the battlefield to identify and track insurgents.
Over the years, the Defense Ministry aimed to create a biometric database on 80% of the Afghan population, or about 32 million people at the current population level. It is not known how close the military has come to this goal.
And the Defense Ministry and the Afghan government have finally adopted the technologies for a range of day-to-day government uses, including collecting evidence for criminal prosecutions, authorizing employment of Afghan workers, and enhancing security. electoral.
In addition, the Afghan national identification system and voter registration databases contained sensitive data, including information on ethnicity. The Afghan identification, the e-Tazkira, is an electronic identification document that includes biometric data, which increases the privacy risks posed by the Taliban’s access to the national identification system.
It is too soon after the Taliban’s return to power to know whether, and to what extent, the Taliban will be able to requisition biometric data once held by the US military. A report suggested that the Taliban may not be able to access those collected through HIIDE because they lack the technical capacity. However, the Taliban may look to longtime ally Inter-Services Intelligence, the Pakistani intelligence agency, for help. Like many national intelligence services, the ISI probably has the necessary technology.
Another report said the Taliban has already started deploying a “biometric machine” to perform “house-to-house inspections” to identify former Afghan officials and security forces. This is consistent with previous Afghan reports which described the Taliban subjecting bus passengers to biometric screening and using biometric data to target Afghan security forces for kidnappings and assassinations.
In the years since September 11, researchers, activists and policymakers have raised concerns that the mass collection, storage and analysis of sensitive biometric data poses threats to human rights. privacy and human rights. Clearly, these concerns were not unfounded. They reveal potential cybersecurity vulnerabilities in US military biometric systems.
Data privacy and cybersecurity issues surrounding the Taliban’s access to US government and former Afghan government databases are a warning for the future. By creating biometric warfare technologies and protocols, it appears the US Department of Defense has assumed that the Afghan government will have the minimum level of stability necessary to protect data.
The US military would have to assume that any sensitive information – biometric and biographical data, wiretapping data and communications, geolocation data, government records – could potentially fall into enemy hands. In addition to building robust security to protect against unauthorized access, the Pentagon should consider whether it was necessary to collect biometric data in the first place.
Understanding the unintended consequences of the US experience with biometric warfare and biometric cyber intelligence is of critical importance in determining whether and how the military should collect biometric information. The biometric data the US military and Afghan government used to track the Taliban could one day soon – if it hasn’t already – be used by the Taliban to track Afghans who supported the US.
Margaret Hu is Professor of Law and International Affairs at Penn State.
This story was originally published September 6, 2021 4:07 pm.