Greater threats identified for Afghanistan’s highly detailed biometric databases
Further threats have been unearthed for government biometric databases in Afghanistan, which could allow the identification of millions of people, according to an investigation by the MIT Technology Review.
The investigation found that the biometric registration devices used by the U.S. military and captured by the Taliban during the removal of foreign forces, provide only limited access to biometric data. The majority is held on secure remote servers.
A potentially bigger problem is the U.S.-funded database, the Afghan Personnel and Pay System (APPS) used by the Afghan ministries of the Interior and Defense to pay army and police personnel. The sheer amount of data collected on the staff and their extended networks – right up to tribal elders who recommended them for the job – gathered but not deleted from the day they enlisted, amounts to around half a million records and covers every member of the Afghan National Army and Afghan National Police.
The MIT Technology Review found that each APPS profile holds at least 40 data fields including an ID number that connects the profile to a biometric profile.
Biometrics may have enabled targeted Taliban attacks in recent years, according to the report. Witnesses report seeing the Taliban use fingerprint scanners to single out victims. And it could also be possible that the Taliban accessed the databases indirectly, rather than through seized equipment.
The writers find that even during the two weeks between the Taliban entering Kabul and U.S. troops withdrawing, volunteers were still collecting people’s personal data in unsecured Google forms and spreadsheets.