Menu Close

The latest lesson on biometric data privacy could cost people’s lives

Two United States government documents about the use of biometric identification in occupied Afghanistan lack any mention of data security on the ground.

One document, the U.S. Army’s “Commander’s Guide to Biometrics in Afghanistan” is an upbeat, 99-page lesson published in 2011 on deploying identification systems in a developing economy suffering decades of superpower warfare.

The other is from the FBI. Also published in 2011, “Mission Afghanistan: Biometrics,” and also takes a chipper tone describing the law enforcement agency’s challenging but ultimately rewarding effort to help Afghans help themselves through biometric identification.

Neither document discusses securing the data collected from Afghans and the occasional non-Afghan. Both talk about the hardware and software being used to harvest information in the field, build databases and upload the data.

The tools are described as secure and the servers holding the data are described as secure, but there is no discussion about the need to make sure the fractal-like tribal militias – or anyone else – do not get access to the biometric data.

The U.S. began scanning biometrics in 2007, and it was only in 2021 that observers outside the government began raising questions about the security of the information.

That was when privacy and human rights advocates pointed out that with the U.S. gone from the country, the Taliban could use biometrics collection kits to punish Afghan citizens who welcomed and worked with foreign armies and non-governmental organizations.

In fact, there is no way to be sure that handheld systems were not dropped in chaotic situations or abandoned at any point since 2007. Based on the government insider documents, no one operating an iris, face or fingerprint scanner was instructed on minimizing that kind of risk.

MIT Technology Review, a Massachusetts Institute of Technology news publication, in August 2021 wrote at length about breadth of data that the devices, known as Hiides, could hold and, therefore, divulge. Hiides stands for Handheld Interagency Identity Detection Equipment.

It was thought unlikely that the Taliban, which show every sign of bringing back its glory days of summary executions, amputations and strict moral policing, could get data out of a device if they could find one.

Yet The New York Times is reporting on people in the West buying Secure Electronic Enrollment Kits (SEEK IIs) used in Afghanistan on eBay. One of the SEEK IIs held dense personal data records, including iris, finger and face biometrics, on Afghans. It sold for $68.

It is not known how many SEEK IIs or Hiides remain in Afghanistan, where they are and how they can be retrieved. Allies in a U.S.-led war have to live with the threat that they can be identified by a vengeful Taliban. Two United States government documents about the use of biometric identification in occupied Afghanistan lack any mention of data security on the ground.

One document, the U.S. Army’s “Commander’s Guide to Biometrics in Afghanistan” is an upbeat, 99-page lesson published in 2011 on deploying identification systems in a developing economy suffering decades of superpower warfare.

The other is from the FBI. Also published in 2011, “Mission Afghanistan: Biometrics,” and also takes a chipper tone describing the law enforcement agency’s challenging but ultimately rewarding effort to help Afghans help themselves through biometric identification.

Neither document discusses securing the data collected from Afghans and the occasional non-Afghan. Both talk about the hardware and software being used to harvest information in the field, build databases and upload the data.

The tools are described as secure and the servers holding the data are described as secure, but there is no discussion about the need to make sure the fractal-like tribal militias – or anyone else – do not get access to the biometric data.

The U.S. began scanning biometrics in 2007, and it was only in 2021 that observers outside the government began raising questions about the security of the information.

That was when privacy and human rights advocates pointed out that with the U.S. gone from the country, the Taliban could use biometrics collection kits to punish Afghan citizens who welcomed and worked with foreign armies and non-governmental organizations.

In fact, there is no way to be sure that handheld systems were not dropped in chaotic situations or abandoned at any point since 2007. Based on the government insider documents, no one operating an iris, face or fingerprint scanner was instructed on minimizing that kind of risk.

MIT Technology Review, a Massachusetts Institute of Technology news publication, in August 2021 wrote at length about breadth of data that the devices, known as Hiides, could hold and, therefore, divulge. Hiides stands for Handheld Interagency Identity Detection Equipment.

It was thought unlikely that the Taliban, which show every sign of bringing back its glory days of summary executions, amputations and strict moral policing, could get data out of a device if they could find one.

Yet The New York Times is reporting on people in the West buying Secure Electronic Enrollment Kits (SEEK IIs) used in Afghanistan on eBay. One of the SEEK IIs held dense personal data records, including iris, finger and face biometrics, on Afghans. It sold for $68.

It is not known how many SEEK IIs or Hiides remain in Afghanistan, where they are and how they can be retrieved. Allies in a U.S.-led war have to live with the threat that they can be identified by a vengeful Taliban.  Read More   

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami