In the process of taking control of Afghanistan, the Taliban seized biometric devices used and left behind by the US military. US officials fear they could use these devices to identify Afghans who assisted coalition forces.
The Intercept broke the story, gathering comments from current and former US officials, as well as infosec industry experts.
US contractors reportedly processed thousands of Afghan locals a day> They used HIIDE (Handheld Interagency Identity Detection) devices to gather biometric data. This data was used to track and run background checks on Afghans working for coalition forces in various capacities.
A US Army Special-Ops veteran commented that the Taliban might need additional tools to access the data on the devices. The former official also pointed out that the Pakistani Inter-Services Intelligence has such tools and may aid the Taliban.
In response to the seizure, CTO of Human Rights First and former Army intelligence officer Welton Chang said: “I don’t think anyone ever thought about data privacy or what to do in the event the [HIIDE] system fell into the wrong hands.”
He went on to say that going forward, the US should be careful about deploying such technology in tenuous situations.
Whether for military operations, domestic surveillance, targeted advertising, people searches, or user experience optimization, data collection is common in the United States.
Parties collecting data vary in their ability to safeguard this data. Common means to ensure security include cloud storage and strong VPS hosting. These help minimize vulnerabilities by locking down the transmission and safekeeping of data.
This ensures protection from technical malfunctions and attacks. But there’s one type of vulnerability hardware and software can’t guard against so easily—human error. The military simply abandoned the HIIDE devices.
Data collection is complicated, especially when it comes to information this sensitive. The development of new tools facilitates the process.
This means, however, that workers can become involved in data collection, while they may not know or care about the particulars and dangers associated with it. The technology is outpacing the expertise required to use it responsibly and protect people’s data.
At this point, it remains unclear how much data the Taliban potentially have access to. Still, the incident ignited more discussions about data loss and the necessary safety measures around it.