During the past two decades, the United States and its allies have spent hundreds of millions of dollars building databases for the Afghan people. Law and order, government accountability, and modernization of a war-ravaged land are the noble goals. Most of that digital apparatus – including biometrics for verifying identities – appears to have fallen into Taliban hands during their lightning takeover of power. With few data-protection safeguards, it could become the high-tech jackboots of a surveillance state.
When the Taliban get their feet under the table, there are concerns they will use it for social control and to punish perceived enemies. Putting such data to constructive use – promoting education, empowering women, fighting corruption – requires democratic stability, and these systems were not built for failure. Frank Pasquale, Brooklyn Law School scholar of surveillance technologies, called it a tragedy.
Data may have been used by the Taliban.
The Taliban have been attempting to identify and intimidate Afghans who worked with US forces since Kabul fell Aug 15. Government data may have been used in their efforts. Neesha Suarez, constituent services director for Rep. Seth Moulton of Massachusetts, a veteran of the Iraq War whose office is trying to assist Afghans who worked with the United States find a way out, said people are receiving threatening calls, texts and WhatsApp messages.
In Kabul, a 27-year-old US contractor told The Associated Press he and co-workers who developed a US-funded database used to manage army and police payrolls received phone calls summoning them to the defense ministry. Trying to avoid being identified, he said he was in hiding, changing his location daily. Taliban leaders say they do not want retribution in victory. Unfreezing foreign assets and restoring international aid are priorities. When they ruled from 1996 to 2001, they imposed draconian restrictions on women in particular. Similarly, Afghans who worked with Americans have not been systematically persecuted.
Professor Ali Karimi, an Afghan with links to the University of Pennsylvania, is among those uneasy about trusting the Taliban. The databases will enable the Taliban ruthlessly to kill enemy collaborators, as a U.S. government agency does in surveillance and interception. The Taliban are on notice that the world will be watching how they use the data. Afghans and their international partners have an obligation to ensure sensitive government data is only used for development purposes and not by the Taliban for social control or policing, said former peace negotiator Nader Nadery, who was head of the civil service commission in the previous government.
Uncertain fate of sensitive data
Right now, it is unclear what will happen to one of the most sensitive databases, the one used to pay soldiers and police. According to a senior official in the fallen government, the Afghan Personnel and Pay System contains data on more than 700,000 security forces members dating back 40 years. Two Afghan contractors who worked on it, speaking anonymously for fear of retaliation, said the database includes more than 40 data fields, including birth dates, phone numbers, fathers and grandfathers names, fingerprints and iris and face scans.
According to the former official, who asked not to be identified for fear of the safety of relatives in Kabul, the Taliban are expected to try hacking the system if they are unable to find an authorized user. Pakistan’s ISI intelligence service, which has long been the Taliban’s patron, is expected to provide technical assistance. According to U.S. analysts, Iran, China, and Russia will also offer such services.
That system was originally intended to fight payroll fraud, but eventually it was supposed to connect to a powerful database at the Defense and Interior ministries modeled after one the Pentagon created in 2004 to attain ‘identity dominance’ by collecting fingerprints, iris and face scans in combat areas. However, the Afghanistan Automated Biometric Identification Database grew from a tool to test army recruits for loyalty to a database that contains 8.5 million records, including data on government enemies and civilians. The Kabul database, along with the one in Iraq, was being upgraded by a $75 million contract when Kabul fell.
Before the Taliban could access it, it was secured, according to US officials. William Graves, who is the chief engineer at the Pentagon’s biometrics project management office, said that before the US withdrawal, the entire database was erased with military-grade data-wiping software. The former Afghan security official said the intelligence agency of Afghanistan wiped clean 20 years worth of data collected from telecommunications and internet intercepts since 2001. An Afghanistan Financial Management Information System, which held extensive information about foreign contractors, and an Economy Ministry database that compiled international development and aid agency funding sources remained, according to the former security official.
Data of 9 million Afghans
The National Statistics and Information Agency controls the data with iris scans and fingerprints of about 9 million Afghans. Recent years, biometric scans have been required to obtain a passport or a driver’s license, as well as to take a civil service or university entrance exam.
One of the funders, the World Bank, praised the data’s use in helping empower women, particularly when it comes to registering lands and getting loans. As part of an unfinished project, the agency was creating electronic national IDs, or e-Tazkira, somewhat in the model of the Aadhaar program in India. ‘There is a treasure chest there,’ said a Western representative of election assistance.
Taliban hold voter registration databases with information on over 8 million Afghans, the official said. Although full printouts were made during the 2019 presidential elections, the German technology provider retained biometric records used for anti-fraud voter verification. 5,000 biometric handhelds used for voter verification went missing after the 2018 parliamentary elections. Another database inherited by the Taliban contains iris and face scans and fingerprints of 420,000 government employees, another anti-fraud measure which Nadery oversaw as civil service commissioner. The e-Tazkira database was eventually to be merged with it, he said.
A government website touted President Ashraf Ghani’s digital accomplishments on August 3, saying biometric information on ‘all civil servants, from every corner of the country’ would allow them to link ‘under one umbrella’ with banks and cellphone carriers for electronic payments. U.N. agencies have also collected biometric data on Afghans in order to distribute food and track refugees.
An agglomeration of such personal data is exactly what concerned the 37 digital civil liberties groups who signed an August 25 letter calling for an immediate shutdown and erasure, where possible, of Afghanistan’s ‘digital identity tool’. It said authoritarian regimes used such data to target vulnerable people, and digitized, searchable databases amplify the risks’. China’s repression of Uyghurs led to a decade-long delay in the creation of the e-Tazkira database because of disputes over ethnicity and religion.
Professor John Woodward, a former CIA officer who pioneered the Pentagon’s biometric collection, fears hostile intelligence agencies will gain access to the data. ‘ISI (Pakistani intelligence) would be interested in learning who worked for the Americans,’ said Woodward, and China, Russia and Iran have their own agendas. They have the technical chops to break into password-protected databases.