U.S.-built databases a potential tool for Taliban repression
BOSTON >> Over two decades, the United States and its allies spent hundreds of millions of dollars building databases for the Afghan people. The nobly stated goal: Promote law and order and government accountability and modernize a war-ravaged land.
But in the Taliban’s lightning seizure of power, most of that digital apparatus — including biometrics for verifying identities — apparently fell into Taliban hands. Built with few dataprotection safeguards, it risks becoming the hightech jackboots of a surveillance state. As the Taliban get their governing feet, there are worries it will be used for social control and to punish perceived foes.
Putting such data to work constructively — boosting education, empowering women, battling corruption — requires democratic stability, and these systems were not architected for the prospect of defeat.
“It is a terrible irony,” said Frank Pasquale, Brooklyn Law School scholar of surveillance technologies. “It’s a real object lesson in ‘The road to hell is paved with good intentions.’”
Since Kabul fell Aug. 15, indications have emerged that government data may have been used in Taliban efforts to identify and intimidate Afghans who worked with the U.S. forces.
People are getting ominous and threatening phone calls, texts and WhatsApp messages, said Neesha Suarez, constituent services director for Rep. Seth Moulton, D-Mass., an Iraq War veteran whose office is trying to help stranded Afghans
who worked with the U.S. find a way out.
A 27-year-old U.S. contractor in Kabul told The Associated Press he and co-workers who developed a U.S.-funded database used to manage army and police payrolls got phone calls summoning them to the Defense Ministry. He is in hiding, changing his location daily, he said, asking not to be identified for his safety.
In victory, the Taliban’s leaders say they are not interested in retribution. Restoring international aid and getting foreign-held assets unfrozen are a priority. There are few signs of the draconian restrictions — especially on women — they imposed when they ruled from 1996 to 2001. There are also no indications that Afghans who worked with Americans have been systematically persecuted.
Ali Karimi, a University of Pennsylvania scholar, is among Afghans unready to trust the Taliban. He worries the databases will give rigid fundamentalist theocrats, known during their insurgency for ruthlessly killing enemy collaborators, “the same capability as an average U.S. government agency when it comes to surveillance and interception.”
The Taliban are on notice that the world will be watching how they wield the data.
All Afghans — and their international partners — have an obligation together to ensure sensitive government data only be used for “development purposes” and not for policing or social control by the Taliban or to serve other governments in the region, said Nader Nadery, a peace negotiator and head of the
civil service commission in the former government.
Uncertain for the moment is the fate of one of the most sensitive databases, the one used to pay soldiers and police.
The Afghan Personnel and Pay System has data on more than 700,000 security forces members dating back 40 years, said a senior security official from the fallen government. Its more than 40 data fields include birth dates, phone numbers, fathers’ and grandfathers’ names and could query fingerprints and iris and face scans stored in a different database with which it was integrated, said two Afghan contractors who worked on it, speaking on condition of anonymity for fear of retribution.
Only authorized users can access that system, so if the Taliban can’t find one, they can be expected to try to hack it, said the former official, who asked not to be identified for fear of the safety of relatives in Kabul. He expected Pakistan’s ISI intelligence service, long the Taliban’s patron, to render technical assistance. U.S. analysts expect Chinese, Russian and Iranian intelligence also to offer such services.
Originally conceived to fight payroll fraud, that system was supposed to interface eventually with a powerful database at the Defense and Interior ministries modeled on one the
Pentagon created in 2004 to achieve “identity dominance” by collecting fingerprints and iris and face scans in combat areas.
But the homegrown Afghanistan Automated Biometric Identification Database grew from a tool to vet army and police recruits for loyalty to contain 8.5 million records, including on government foes and the civilian population. When Kabul fell it was being upgraded, along with a similar database in Iraq, under a $75 million contract signed in 2018.
U.S. officials say it was secured before the Taliban could access it.
Before the U.S. pullout, the entire database was erased with military-grade data-wiping software, said William Graves, chief engineer at the Pentagon’s biometrics project management office. Similarly, 20 years of data collected from telecommunications and internet intercepts since 2001 by Afghanistan’s intelligence agency were wiped clean, said the former Afghan security official.
Among crucial databases that remained are the Afghanistan Financial Management Information System, which held extensive details on foreign contractors, and an Economy Ministry database that compiled all international development and aid agency funding sources, the former security official said.