US President Joe Biden said in a statement that he has invested $1 trillion in US operations in Afghanistan. Part of that money went towards the purchase of biometric recognition devices, used by the Americans to register allies among the local population. Now the Taliban, which has regained control of the country, has captured readers capable of scanning the user’s irises and fingerprints, and can use them to have the reverse effect: that of chasing down traitors.
Taliban have access to US allied biometric base
This week, the Taliban regained control of Afghanistan and, in doing so, harvested some loot from President Ashraf Ghani’s US-backed security forces. Members of the extremist organization were seen with stolen equipment and weapons.
But a report from The Intercept brought the information that the group had captured biometric scanners used by the American military.
The equipment is known as HIIDE (Handheld Interagency Identity Detection Equipment) and uses two biometric readers: one to catalog the iris and another for the fingerprints. In addition, it stores biographical information, and is used to access a large, centralized database of users.
HIIDE was used by the US to monitor thousands of Afghans a day, with the aim of identifying terrorists and insurgents, as well as cataloging who helped the US military; even badges were made for American allies in the country, according to sources at The Intercept.
The biometrics system was used to even identify Afghans who would like to work at the American embassy in Kabul, the country’s capital. “I don’t think anyone has thought about data privacy or the timing of the system [HIIDE] fall into the wrong hands,” says Welton Chang, executive director of technology at the NGO Human Rights First and a former US military intelligence officer.
NGO gives tips on how to circumvent biometrics
Human Rights First issued a document on Tuesday warning that the Taliban may have acquired the biometrics system used to distinguish US allies from enemies:
We understand that the Taliban likely have access to several biometric databases and equipment in Afghanistan, including those left behind by coalition forces. This technology likely includes access to a database of information obtained via fingerprint and iris scanner, and includes facial recognition technology. In general, it is very difficult to avoid recognition using biometric data.”
But the NGO provides some recommendations to avoid identification by biometric scanner, such as looking down: whenever the user enters the field of a camera that has a face reader, he should avoid looking directly at it. Thus, the device is not capable of capturing frames of the face — just a few pixels are collected for identification to be carried out.
Another method to deceive facial biometrics, according to Human Rights First, is to modify parts of the face: mouth, jaw, eyes and nose. Any change can help when it goes unnoticed by facial readers — lots of makeup and plastic prostheses can help, but the NGO does not guarantee that they will be effective.
Bypassing iris or fingerprint readers is more difficult and risky. One way to trick palm or fingertip scanners is to dry your hand, or to press your finger too hard against the biometric scanner. Using a lens that is capable of changing the tint of the eye helps against devices used to identify the wearer’s iris.
In Brazil, biometrics is present at airports and at Abis
In Brazil, biometric readers are on the rise: recently, airports started to use technology to identify Brazilians and facilitate the boarding of passengers on the Rio-São Paulo air bridge.
The Federal Police hired companies to help implement the Abis (Automated Biometric Identification Solution) system. The security agency intends to use the technology to identify around 50 million Brazilians in the initial phase of the project. If all goes well, in later stages he will be able to catalog the biometrics of almost the entire population. Entities questioned the system in a note to ANPD (National Data Protection Authority), claiming that the initiative creates a risk to security and privacy.