The Taliban May Have Captured the Biometric Data of Civilians Who Helped the U.S.

Although it remains uncertain at this time whether the Taliban has captured HIIDE and if it can access the aforementioned biometric information of individuals, the risk to those whose data is stored on the system is high. In 2016 and 2017, the Taliban stopped passenger buses across the country to conduct biometric checks of all passengers to determine whether there were government officials on the bus. These stops sometimes resulted in hostage situations and executions carried out by the Taliban.

Placing People at Increased Risk
We are familiar with biometric technology through mobile features like Apple’s Touch ID or Samsung’s fingerprint scanner, or by engaging with facial recognition systems while passing through international borders. For many people located in conflict zones or rely on humanitarian aid in the Middle East, Asia and Africa, biometrics are presented as a secure measure for accessing resources and services to fulfil their most basic needs.

In 2002, the United Nations High Commissioner for Refugees (UNHCR) introduced iris-recognition technology during the repatriation of more than 1.5 million Afghan refugees from Pakistan. The technology was used to identify individuals who sought funds “more than once.” If the algorithm matched a new entry to a pre-existing iris record, the claimant was refused aid.

The UNHCR was so confident in the use of biometrics that it altogether decided not to allow disputes from refugees. From March to October 2002, 396,000 false claimants were turned away from receiving aid. However, as communications scholar Mirca Madianou argues, iris recognition has an error rate of two to three per cent, suggesting that roughly 11,800 claimants out of the alleged false claimants were wrongly denied aid.

Additionally, since 2018, the UNHCR has collected biometric data from Rohingya refugees. However, reports recently emerged that the UNHCR shared this data with the government of Bangladesh, who subsequently shared it with the Myanmar government to identify individuals for possible repatriation (all without the Rohingya’s consent). The Rohingya, like the Afghan refugees, were instructed to register their biometrics to receive and access aid in conflict areas.

In 2007, as the U.S. government was introducing HIIDE in Afghanistan, U.S. Marine Corps were walling off Fallujah in Iraq to supposedly deny insurgents freedom of movement. To get into Fallujah, individuals would require a badge, obtained by exchanging their biometric data. After the U.S. retreated from Iraq in 2020, the database remained in place, including all the biometric data of those who worked on bases.

Protecting Privacy over Time
Registering in a biometric database means trusting not just the current organization requesting the data but any future organization that may come into power or have access to the data. Additionally, the collection and use of biometric data in conflict zones and crisis response present heightened risks for already vulnerable groups.

While collecting biometric data is useful in specific contexts, this must be done carefully. Ensuring the security and privacy of those who could be most at risk and those who are likely to be compromised or made vulnerable is critical. If security and privacy cannot be ensured, then biometric data collection and use should not be deployed in conflict zones and crisis response.

Lucia Nalbandian is Researcher, Canada Excellence Research Chair in Migration and Integration, Ryerson University. This article is published courtesy of The Conversation.