How Biometric Devices Are Putting Afghans in Danger

“Every night and every day, in every province in every district, they are searching for former government security forces, and they are searching for staff who helped the Afghan national police and the former government. We are under the direct threat of getting killed, tortured or jailed.” Shir Entezar is in hiding. He used to work for the Germans in Afghanistan as an educator for Afghan police officers, teaching them to read and write. When the Taliban took back power in the country, he had to go underground. By the time he initially got in touch with us, he had been in hiding with his family for nine months – somewhere in Afghanistan, far away from his home.

“They are searching for the people who helped the police, especially the people who worked for foreign countries like Germany and the U.S.,” he says. In the past, he might have been able to go underground in a different province where nobody knows him. But in today’s Afghanistan, that is no longer enough. His biometric data, collected as part of his employment with the Germans, could reveal his true identity at any time and in any place. He can’t say for sure whether the Taliban have access to that data. But he fears they do.

Biometric Devices for Sale on Ebay

When we first met with IT expert Matthias Marx in March 2022, he too had heard that the Taliban might have the ability to track people down using the biometric scanners left behind by Western troops. Marx lives in Hamburg and is a member of the Chaos Computer Club, the vast German hacker organization. He told us he has discovered and reported more than 100 serious security gaps. He is particularly interested in the issue of biometrics and had two biometric scanners from the U.S. military sitting in front of him during our meeting.

He had found them on the internet, purchasing them on the auction platform Ebay from shops in the U.S. that sell all kinds of discarded items, such as underwater metal detectors or precision thermometers. Much of it appears to come from old military inventories. By way of technical analysis, Matthias Marx wanted to answer the question that had long been the focus of speculation in reports from Afghanistan: Whether the Taliban can in fact use biometric devices left behind by the international troops to identify specific individuals. So, he developed a plan.

A few weeks later, we met in Berlin with a group of IT experts from the Chaos Computer Club to examine the devices. The hackers were looking for answers to a number of questions: Are the devices encrypted? Are they protected by a password? Do they still contain data with which the Taliban could identify people?

At the initiative of the U.S., the international troops under NATO leadership pursued the goal of collecting biometric data from the entire population of Afghanistan. The strategy was known as “Identity Dominance.” According to a U.S. military biometrics handbook, the idea behind it was, the faster the biometric data of the entire population could be collected, the faster all attackers could be removed from the battlefield. To achieve that goal, U.S. soldiers in Afghanistan deployed several thousand such devices and scanned millions of people. German soldiers were also involved in collecting biometric data in Afghanistan.

Biometric scanning became an omnipresent fact of life in Afghanistan in recent years. When voters cast their ballots, when they sought access to military bases, when they wanted to work for the police or in the schools: In all such cases, their identity was checked and their biometric data saved. A former senior official in the Afghan Interior Ministry confirmed for us that a great deal of this data found its way to ABIS in the U.S. Including data that wasn’t collected by international troops, but by staff members of Afghan government agencies. Which makes it possible that Shir Entezar’s data is also stored in ABIS. Shir Entezar himself believes it is quite likely. If that data was to find its way back to the biometric devices still in Afghanistan and, thus, to the Taliban, his family would be in great danger.

Shir Entezar’s Family Has Been in Hiding for Months

When we again spoke with Shir Entezar, he, his wife and his children had once again moved to a different hiding place. In autumn 2022, their situation seemed to be growing increasingly threatening. By this point, he and his family had been trying to get out of Afghanistan for over a year. Through a German NGO, Shir Entezar had applied to the German government to be allowed to emigrate, but he had heard nothing for several months. “I am waiting for a positive answer from Germany to save my life,” he told us.

Countless Photos, Iris Scans and Fingerprints

Meanwhile, Matthias Marx had bought more biometric scanners on Ebay and had now managed to analyze a total of five of them. He made a spectacular find on one: Thousands of secret U.S. military files. He had copied the entire content of the device onto his laptop and showed us photos of people staring into the camera, not looking particularly happy. Most had dark hair, many wore a beard and some were dressed in orange overalls of the kind familiar from Guantanamo.

The Evidence: The Devices Put People's Lives at Risk

This information found on the biometric scanner could be sufficient to put someone’s life at risk. If the Taliban had possession of such a device, they would be able to make a definitive determination as to whether people were supporters of the former Afghan government or the international troops. As people against whom they want to take revenge. That was what Matthias Marx had been looking for, and it represents conclusive proof of just how dangerous these devices are that were deployed and left behind by the U.S. and by other international troops under NATO leadership.

“The U.S. government in this case has to be held accountable,” said Belkis Wille, when we told her about Marx’s discovery. Wille is a crisis and conflict researcher at the NGO Human Rights Watch and wrote a report in which she warned of the dangers represented by the biometrics devices. Of the new findings, she said: “Now we realize that these systems were in and of themselves fundamentally insecure. They were not fit for the purpose.” Given the security situation in Afghanistan, she says, the deployment of such devices was “highly reckless.” She demands that the U.S. government take immediate action and that endangered people should be given the possibility to leave Afghanistan and apply for asylum. “Biometric signatures are things that you can’t erase. They stay with you forever,” she said. “Even a former policeman who is in hiding, who has changed their name because they don't want the Taliban to capture them isn’t safe anymore. This system means that they really have no way to protect themselves.”

Secret Deal on the Handling of Data

Some of the data shows that aside from the U.S., other troops active in Afghanistan also collected biometric data. In one field, for example, it says “UK” along with a British telephone number. Another says “Canadian.” One of the data files includes the abbreviation “GER.” Could data collected by the German military have ended up on the device? Years ago, Wikileaks published an agreement that had originally been secret, a deal between the U.S. Department of Defense and the German Defense Ministry regulating the manner in which the U.S. handles data collected by the German military, the Bundeswehr, in Afghanistan. According to the deal, the data was to be “stored in a technical environment that is safeguarded against unauthorized access” and deleted following the end of the Afghanistan mission. “In particular,” it reads:

According to what Matthias Marx has discovered, there is concern that precisely that might happen. And that data collected by NATO troops, including Germans, could put people’s lives at risk.

When reached for comment by BR, the German Defense Ministry said they were in possession of no information regarding the issue. The devices used by the German Bundeswehr had been returned to the NATO mission command at the end of the mission, the Defense Ministry said. The U.S. Defense Department said when contacted that the Afghan military had been given 1,200 biometric devices. Initially, these devices had been able to connect with databases in the U.S., but that such a transfer of data was now no longer possible. We were unable to learn how many biometric devices were deployed in Afghanistan, how many of them remained behind and why data can still be found on them. Those questions were not answered by the U.S. Defense Department, NATO and the German government. We were also unable to find out why Matthias Marx had been able to buy some of these devices on Ebay.

Shir Entezar May Leave – But Many Others Remain Stuck

In November 2022, Shir Entezar got in touch with us again. After several months of waiting, he had finally been granted permission to relocate to Germany. And just a few weeks after that, he and his family were in safety. But he is apparently an exception. Many of his former colleagues are still in Afghanistan and are afraid for their lives. “Hundreds of my colleagues received rejections. I’m worried about them. They are not safe in Afghanistan and have cases similar to mine.” When we told Shir Entezar about the findings made by Matthias Marx, he grew emotional: “I am so sorry about Germany and about NATO, about the U.S., that they forgot all of their biometric machines in Afghanistan. That they have put the lives of people in Afghanistan at risk.”

Published on December 27, 2022