Biometrics in warfare, surveillance raise new oversight challenges

A new Congressional Research Service (CRS) report warns that biometric technologies are moving from routine identity verification into more consequential national security, intelligence, law enforcement, and military applications, raising new questions for Congress about privacy, civil liberties, oversight, and the future of war.

The report, Biometric Technologies and Global Security, says that while biometric tools have been used for decades, advances in AI and Big Data analytics are expanding their reach and could increase their importance for congressional oversight, defense authorizations, intelligence operations, and military concepts of operation.

The report points out security weaknesses inside existing systems. CRS cites a Pentagon inspector general report that found that some Department of Defense (DOD) biometric technologies lacked data encryption capabilities and did not require certification that biometric data had been destroyed or sanitized when devices were disposed of.

CRS warns that such gaps could expose the identities and biometric information of U.S. forces and people assisting the United States.

Congress responded in the FY2025 National Defense Authorization Act by directing DOD to update its biometrics directive to require encryption, sanitization of devices and hard drives, and records documenting that sanitization. CRS notes that the update had not been published as of the report’s release.

Looking ahead, CRS says DOD is exploring emerging biometric applications that could identify people in low light or obscured conditions, as well as laser-based techniques that could identify individuals from roughly 200 meters away.

The report says such tools could be used in covert or clandestine operations without a person’s knowledge or consent, sharpening privacy and civil liberties concerns.

The most consequential future application may be the integration of biometrics into lethal autonomous weapon systems. CRS says such weapons could theoretically use databases of biometric identifiers for preapproved human targets, allowing a system to autonomously locate, select, and engage people in communications-degraded or denied environments.

Supporters argue this could make targeting more precise and reduce civilian casualties.

Critics argue it is inherently unethical and could violate international humanitarian law.

CRS notes that the United States is not publicly known to possess such weapons, but there is no public prohibition on developing them or incorporating biometric technologies into autonomous weapons.

Biometrics could also be integrated into local or national surveillance networks. CRS cites China’s use of DNA databases, extensive video surveillance, and AI-enabled facial and voice recognition to monitor and track people.

The report says such systems can be combined with medical, travel, and purchase records.

Although China describes these tools as public safety and predictive policing measures, CRS notes that analysts have argued they can support censorship, social control, and human rights abuses, including surveillance of Uyghurs and other ethnic minorities in Xinjiang.

The report warns that biometric surveillance systems also have implications for U.S. intelligence operations.

CRS cites former CIA Deputy Director for Science and Technology Dawn Meyerriecks as saying that roughly 30 countries have deployed biometric surveillance systems capable of autonomously tracking foreign military personnel and intelligence operatives.

Some estimates cited by CRS suggest China has exported components of such systems to more than 80 countries, including authoritarian governments and U.S. allies.

CRS also highlights ways biometric systems can fail. Biometric testing has found that some facial recognition algorithms are more likely to misidentify people with darker skin, women and the elderly because of weaknesses in models and training data, though the most accurate algorithms show very low differentials in the Institute’s latest testing. AI-enabled biometric systems could also be vulnerable to data poisoning, in which an adversary manipulates training data to mis-train a system.

If these failures are not addressed, CRS says they could lead to civil liberties violations or breaches of international humanitarian law.

The report also describes presentation attacks, or spoofing, in which a person uses makeup, prosthetics, or other measures to prevent a system from accurately capturing or matching biometric identifiers.

Such attacks could allow terrorists, foreign intelligence operatives or other targets to evade biometric security systems.

CRS notes that the Intelligence Advanced Research Projects Agency’s Odin program is seeking automated ways to detect known spoofing attacks and identify new attack methods.

For Congress, the report presents several oversight questions. Lawmakers may need to consider how to balance national security benefits against civil liberties, what limits should apply to biometric collection and use, whether systems are tested adequately for accuracy and spoofing, how adversaries are developing and exporting biometric tools, and whether U.S. military and intelligence agencies are adapting their tradecraft for an era of pervasive biometric surveillance.

Article Topics

biometric identification  |  biometric identifiers  |  biometrics  |  military  |  national security  |  surveillance  |  U.S. Government