Afghanistan: biometric data systems put many Afghans at risk

The Taliban took control of computer systems containing sensitive biometric data that Western aid governments left behind in Afghanistan in August 2021, endangering thousands of Afghans, Human Rights Watch said today.

These digital identity and compensation systems contain the personal and biometric data of many Afghans, including iris scans, fingerprints, photographs, occupation, address and names of relatives. The Taliban may use this data to target people they consider adversaries, and Human Rights Watch research suggests that in some cases they may have already begun to do so.

The governments and organizations that have helped gather vast amounts of personal data on many Afghan citizens may be unwittingly contributing to the Taliban’s crackdown. said Belkis Ville, senior fellow at Human Rights Watch’s Crisis and Conflict Unit. “ The highly intrusive nature of data collection and the lack of adequate safeguards may increase the risk of abuse by the Taliban by some individuals. »

Foreign governments, such as the United States, and international organizations, including United Nations agencies and the World Bank, have funded, and in some cases installed or helped build, extensive computer systems for collecting biometric data and other personal information of various categories. Afghan citizens for official purposes. In some cases, these systems were created for the former Afghan government. In others, they were intended for foreign governments and their military forces.

There is currently no data protection law in Afghanistan. The existence of such a law, even if it met international standards, would not provide adequate data protection, but could help ensure best practices and reduce the risks of harm to people whose data fell into the hands of the Taliban.

Human Rights Watch interviewed 12 Afghans familiar with the country’s biometric systems, including 6 judges; 5 foreign privacy and human rights researchers documenting the potential impact of Taliban access to these systems; 3 UN staff working in Afghanistan; and 2 US Army officers formerly based in Afghanistan.

The former military leader, who is still in Afghanistan, said the Taliban detained him for 12 days in November, took his fingerprints and scanned his iris with a data collection tool. “ They told me they were taking my fingerprints to see if I was a soldier and if they confirmed it they would kill me. “, he said. “ I was very lucky, because for some reason they could not find confirmation. »

Human Rights Watch examined six systems created by private companies for or with the assistance of foreign governments and international organizations:

  1. Afghan national biometric system used to issue Afghan national identity cards known as e-Tazkira;
  2. US Department of Defense Automated Biometric Identification System (Automated Biometric Identification SystemABIS) is used to identify individuals deemed by the United States to pose a security threat, as well as those who work for the US government;
  3. Afghan Automated Biometric Identification System (Afghan Automated Biometric Identification SystemAABIS) used to identify criminals and members of the Afghan army and police;
  4. Payroll and Human Resources System of the Ministry of Interior and Defense of Afghanistan (Afghan Personnel and payment systemsAPPS) for the army and police, in which AABIS was integrated in early 2021;
  5. The pay system of the National Security Administration, formerly the state intelligence service; as well as
  6. Payroll system of the Supreme Court of Afghanistan.

In late 2021, several privacy organizations and news outlets raised concerns that the Taliban would gain access to some of these systems, specifically APPS and AABIS. Concerns about Taliban access to other systems have not been widely reported in the media. However, according to information shared with Human Rights Watch by a former government adviser, the Taliban may not have access to APPS.

The Taliban’s access to all of this data comes at a time when they are directly targeting certain people because of their ties to the former government, in particular former members of the security forces, former judges and prosecutors, and former civil servants, including women working in the these sectors. The Taliban also imprisoned and mistreated people who criticized their policies. In November, Human Rights Watch documented the killing or enforced disappearance by the Taliban of 47 former members of the Afghan National Security Forces (Afghan National Security ForcesANSF) – military, police, intelligence and militias – between August 15 and October 31, while the UN reported credible reports of at least 130 members of the security forces or their families being killed.

The Taliban harassed journalists and threatened human rights activists, including women’s rights activists, women working in sectors that the Taliban consider inappropriate for them, and lesbian, gay, bisexual and transgender (LGBT) people.

Since the Taliban took control of the country on August 15, many people who consider themselves in danger have been living in hiding and often on the move. The Taliban’s access to these data systems is likely to make it much more difficult, if not impossible, for these people to be hidden. The Taliban also took steps to prevent people from fleeing the country.

The Taliban have used biometrics to target people before. In 2016 and 2017, journalists alleged that Taliban fighters used biometric scanners to identify and summary execution of bus passengers they determined were former members of the security forces, and all Afghans questioned mentioned these incidents.

Aziz Rafii, Executive Director of the Afghanistan Civil Society Forum, who is intimately familiar with many of these systems and the risks associated with them, said: The international community may have thought it was helping us, but in reality it has been playing with our destiny and creating systems that are more dangerous than helpful. »

A person familiar with the development and operation of one of the systems studied, who wished to remain anonymous, said that some people who worked for the company that maintained the system were still in Afghanistan and were at risk of being targeted by the Taliban. He added that the Taliban arrested two experienced employees to force the company to continue maintaining the system, which it refuses to do.

On August 21, Nawazuddin Haqqani, a Taliban brigade commander, reportedly told US-based Zenger News that his unit was using US-made handheld scanners to access interior ministry and other national biometric systems. collect data, in particular about “ journalists and so-called human rights activists. » « Those who barked that they had dollars in their pockets until the last days will not be sorry “, he said. “ They can’t be spared, can they? »

On February 10, 2022, Human Rights Watch wrote a letter to the US government, the European Union, the International Organization for Migration, the World Bank, Grand Technology Resources, Leidos, and Netlinks Inc. with the question of what measures they took before and after after August 2021 to protect the biometric data of Afghans and warn people about possible data leaks. Only one of these companies sent a response, which they asked us to keep confidential.

Human Rights Watch also wrote to the Taliban asking what systems they had access to for collecting Afghan citizens’ biometric data, and if so, what they were going to do with that information. The Taliban did not respond.

Given the developments since August 2021, all actors involved in the funding and development of these biometric systems, including the US government, the European Union, UN agencies and the World Bank, must report on the types of data lost or potentially captured by the Taliban, the architecture of these systems, impact assessments from a human rights and data protection perspective, before and during the life cycle of these systems, and the steps they have taken to keep people informed about what has happened to their personal data.

Governments, international organizations and companies must work together to help protect people who are at risk due to the Taliban’s access to some of these systems. Belkis said to Ville. “ They should also learn from this fiasco so that future data collection systems are better designed and better secured. »

Leave a Comment