How the U.S. introduced biometrics in Afghanistan and left it to the Taliban
Even in democratic societies, where basic human rights and freedoms are expected, biometric data is seen—at least by some people— as potentially dangerous. But today, in the Taliban-led Afghanistan, this technology is not just potentially harmful, it’s a real danger that many people have to live with. And with news of targeted executions by the Taliban, some people fear that this technology is already in the wrong hands—if it ever was in the right hands.
Last August, MIT Technology Review published an article (This is the real story of the Afghan biometric databases abandoned to the Taliban) giving some insights into the problem of biometric systems in Afghanistan. The following are some excerpts.
IT Technology Review spoke to two individuals familiar with one of these [HIIDE] systems, a US-funded database known as APPS, the Afghan Personnel and Pay System. Used by both the Afghan Ministry of Interior and the Ministry of Defense to pay the national army and police, it is arguably the most sensitive system of its kind in the country, going into extreme levels of detail about security personnel and their extended networks. We granted the sources anonymity to protect them against potential reprisals.
Started in 2016 to cut down on paycheck fraud involving fake identities, or “ghost soldiers,” APPS contains some half a million records about every member of the Afghan National Army and Afghan National Police, according to estimates by individuals familiar with the program. The data is collected “from the day they enlisted,” says one individual who worked on the system, and remains in the system forever, whether or not someone remains actively in service. Records could be updated, he added, but he was not aware of any deletion or data retention policy—not even in contingency situations, such as a Taliban takeover.
Each application contains between 36 to 40 data points, such as name, date, and place of birth, as well as a unique ID number. However, it also contains relational information, like the names of their father, uncles, and grandfathers, as well as the names of the two tribal elders per recruit who served as guarantors for their enlistment.
This turns what was a simple digital catalog into something far more dangerous, according to Ranjit Singh, a postdoctoral scholar at the nonprofit research group Data & Society who studies data infrastructures and public policy. He calls it a sort of “genealogy” of “community connections” that is “putting all of these people at risk.”
But not all the data has such clear use. The police ID application form, for example, also appears to ask for recruits’ favorite fruit and vegetable. The Office of the Secretary of Defense referred questions about this information to United States Central Command, which did not respond to a request for comment on what they should do with such data.
The implementation of biometric IDs was set in place in 2010, as this conference sponsored by the U.S. Central Command shows. “The goal of the Ministry of Interior Biometrics Center is a secure Afghanistan,” said Afghan National Army Lt. Col. Mohammad Anwar Moniri, Ministry of Interior director of biometrics.“It is important to note that the use of biometrics is not limited to simply identifying terrorists and criminals – it can be used to enable progress in society and has countless applications for the provision of services to the citizens of Afghanistan,” said Army Col. Craig Osborne. “It’s not just about finding people who have done illegal actions, but it also proves who are law-abiding citizens.”
Interestingly, one of the reasons given for the implementation of biometric IDs is the national census. ”We want to help our Afghan partners understand who its citizens are. There has not been a national census in Afghanistan since 1978, so identification of its lawful citizens is problematic,” Osborne said. “Clearly knowing who its citizens are will enable the Afghan government, in the future, to provide services to its people in a precise and effective manner.”
“Biometrics are both characteristics of an individual as well as a process,” said Osborne. “As a characteristic, each individual has certain modalities – such as fingerprints, irises, speech patterns – that define him or her as a specific individual. Your iris design belongs only to you and your left and right irises are different. A name can be changed or altered illegally or even legally, but once your iris is formed at the age of six months, it cannot be altered, duplicated or forged. As a process, biometrics is the fusion of individual characteristics with forensic evidence and other forms of information. When combined, you are able to match a person to an event.”
Central to the effort was the Ministry of Interior’s biometric database, called the Afghan Automatic Biometric Identification System (AABIS), but often referred to simply as the Biometrics Center. AABIS itself was modeled after the highly classified Department of Defense biometric system called the Automatic Biometric Identification System, which helped identify targets for drone strikes.
AABIS aimed to identify at least 80% (25 million people) of the Afghan population. The e-tazkira, another government database, had 6.2 million applications by the time Afghanistan fell to the Taliban.
Afghanistan is not the only country to embrace biometrics. Many countries are concerned about so-called “ghost beneficiaries”—fake identities that are used to illegally collect salaries or other funds. Preventing such fraud is a common justification for biometric systems, says Amba Kak, the director of global policy and programs at the AI Now Institute and a legal expert on biometric systems.
“It’s really easy to paint this [APPS] as exceptional,” says Kak, who co-edited a book on global biometric policies. It “seems to have a lot of continuity with global experiences” around biometrics.
It’s widely recognized that having legal identification documents is a right, but “conflating biometric ID as the only efficient means for legal identification,” she says, is “flawed and a little dangerous.”
[also read: One ID for all in 2030]
Kak questions whether biometrics—rather than policy fixes—are the right solution to fraud, and adds that they are often “not evidence-based.”
Singh says the issue of what happens to data during conflicts or governmental collapse needs to be given more attention. “We don’t take it seriously,” he says, “But we should, especially in these war-torn areas where information can be used to create a lot of havoc.”
Kak, the biometrics law researcher, suggests that perhaps the best way to protect sensitive data would be if “these kinds of [data] infrastructures … weren’t built in the first place.”