Afghanistan’s reported data breach has life-and-death consequences

In the wake of the Taliban’s takeover of Kabul and the ouster of the Afghan national government, alarming reports indicate that the insurgents could potentially access biometric data collected by the U.S. to track Afghans, including people who worked for U.S. and coalition forces.

Afghans who once supported the U.S. have been attempting to hide or destroy physical and digital evidence of their identities. Many Afghans fear that the identity documents and databases storing personally identifiable data could be transformed into death warrants in the hands of the Taliban.

This potential data breach underscores that data protection in zones of conflict, especially biometric data and databases that connect online activity to physical locations, can be a matter of life and death. My research and the work of journalists and privacy advocates who study biometric cybersurveillance anticipated these data privacy and security risks. Investigative journalist Annie Jacobsen documented the birth of biometric-driven warfare in Afghanistan following the terrorist attacks on September 11 in her book First Platoon. The Department of Defense quickly viewed biometric data and what it called “identity dominance” as the cornerstone of multiple counterterrorism and counterinsurgency strategies. Identity dominance means being able to keep track of people the military considers a potential threat—regardless of aliases—and ultimately denying organizations the ability to use anonymity to hide their activities.