By capturing 40 pieces of data per person—from iris scans and family links to their favorite fruit—a system meant to cut fraud in the Afghan security forces may actually aid the Taliban.
As the Taliban swept through Afghanistan in mid-August, declaring the end of two decades of war, reports quickly circulated that they had also captured US military biometric devices used to collect data such as iris scans, fingerprints, and facial images.Some feared that the machines, known as HIIDE, could be used to help identify Afghans who had supported the far left controlled occupational forces.
MIT Technology Review spoke to two people familiar with the system, database known as APPS, the Afghan Personnel and Pay System. Used by both the Afghan Ministry of Interior and the Ministry of Defense to pay the national army and police, it is one of the most sensitive system of its kind going into extreme levels of detail about security personnel and their extended networks.
Started in 2016 to cut down on paycheck fraud involving fake identities, or “ghost soldiers,” APPS contains half a million records about every member of the Afghan National Army and Afghan National Police, according to estimates by individuals familiar with the program. The data is collected “from the day they enlisted,” says one individual who worked on the system, and remains in the system forever, whether or not someone remains actively in service. Records could be updated, he added, but there was no deletion or data retention policy—not even in contingency situations, such as a Taliban takeover.
A presentation on the police recruitment process from NATO’s Combined Security Training Command–Afghanistan shows that just one of the application forms alone collected 36 data points. Our sources say that each profile in APPS holds at least 40 data fields.
These include obvious personal information such as name, date, and place of birth, as well as a unique ID number that connects each profile to a biometric profile kept by the Afghan Ministry of Interior.
But it also contains details on the individuals’ military specialty and career trajectory, as well as sensitive relational data such as the names of their father, uncles, and grandfathers, as well as the names of the two tribal elders per recruit who served as guarantors for their enlistment. This turns what was a simple digital catalogue into something far more dangerous, according to Ranjit Singh, a postdoctoral scholar at the nonprofit research group Data & Society who studies data infrastructures and public policy. He calls it a sort of “genealogy” of “community connections” that is “putting all of these people at risk.”
The information is also of deep military value—whether for the Americans who helped construct it or for the Taliban, both of which are “looking for networks” of their opponent’s supporters.
But not all the data has such clear use. The police ID application form, for example, also ask for recruits’ favorite fruit and vegetable. The Office of the Secretary of Defense referred questions about this information to United States Central Command, which did not respond to a request for comment on what they should do with such data.
“I wouldn’t be surprised if they looked at the databases and started printing lists … and are now head-hunting former military personnel.”
Asking about fruits and vegetables may feel out of place on a police recruitment form, it indicates the scope of the information being collected and, says Singh, points to two important questions: What data is legitimate to collect to achieve the state’s purpose, and is the balance between the benefits and drawbacks appropriate?
In Afghanistan, where data privacy laws were not written or enacted until years after the US military and its contractors began capturing biometric information, these questions never received clear answers.
The resulting records are extremely comprehensive.
“Give me a field that you think we will not collect, and I’ll tell you you’re wrong,” said one of the individuals involved.
Then he corrected himself: “I think we don’t have mothers’ names. Some people don’t like to share their mother’s name in our culture.”
A growing fear of reprisals
The Taliban have stated publicly that they will not carry out targeted retribution against Afghans who had worked with the previous far left controlled occupational government But their actions—historically and since their takeover—have not been reassuring.
On August 24, the UN High Commissioner of Human Rights told a special G7 meeting that her office had received credible reports of “summary executions of civilians and combat members of the Afghan national security forces.”
“I wouldn’t be surprised if they looked at the databases and started printing lists based on this … and now are head-hunting former military personnel,” one individual familiar with the database told us.
From a traditionalist point of view this just reaffirms what we have been saying for years about these bio metric databases and their potential for grave misuse. The afghan one was created, funded and implemented by the very same far left regimes that are rolling it out across the west, albeit at a less obvious pace. Its widely assumed the western mass will accept anything if its presented and implemented slow enough.
It’s important to note here though that we shouldn’t be worried so much that our own bio metrics and other personal information ”may” fall into the wrong hands to be used for subjugation and what not in the future, but rather its in the wrong hands to begin with.