from the fuck-those-helpful-guys,-I-guess dept
The problem with harvesting reams of sensitive data is that it presents a very tempting target for malicious hackers, enemy governments, and other wrongdoers. That hasn’t prevented anyone from collecting and storing all of this data, secure only in the knowledge this security will ultimately be breached.
Hack after hack after hack after hack has shown entities seem to be far more interested in collecting data than protecting data. While steps are undoubtedly taken to protect the info gathered by government agencies and numerous super-snoopy private companies, sooner or later they’re never enough. It’s not that these data collections are always unnecessary. It’s that a breach is pretty much inevitable. And yet that inevitability almost always gets greeted as a surprise by those on the end of a malicious hacking.
What’s happening in Afghanistan isn’t exactly unprecedented. We saw the same thing happen when the United States military pulled out of Vietnam. The enemies that the US presence was supposed to deter were completely undeterred by local military (one we were supposed to be training to be self-reliant) left behind. We have exited one of our Forever Wars and the Taliban — proud supporters of Al-Qaeda — is taking over.
The Taliban is getting everything we left behind. It’s not just guns, gear, and aircraft. It’s the massive biometric collections we amassed while serving as armed ambassadors of goodwill. The stuff the US government compiled to track its allies are now handy repositories that will allow the Taliban to hunt down its enemies. Ken Klippenstein and Sara Sirota have more details for The Intercept.
The devices, known as HIIDE, for Handheld Interagency Identity Detection Equipment, were seized last week during the Taliban’s offensive, according to a Joint Special Operations Command official and three former U.S. military personnel, all of whom worried that sensitive data they contain could be used by the Taliban. HIIDE devices contain identifying biometric data such as iris scans and fingerprints, as well as biographical information, and are used to access large centralized databases. It’s unclear how much of the U.S. military’s biometric database on the Afghan population has been compromised.
At first, it might seem that this will only allow the Taliban to high-five each other for making the US government’s shit list. But it wasn’t just used to track terrorists. It was used to track allies.
While billed by the U.S. military as a means of tracking terrorists and other insurgents, biometric data on Afghans who assisted the U.S. was also widely collected and used in identification cards, sources said.
The Defense Intelligence Agency that oversaw these data collections understandably had no comment. I mean, what could it say? That this wasn’t an inevitability? That pulling out of a country means taking all your stuff with you, including tons of data that won’t even need to be exfiltrated to end up in enemy hands?
And even as the fall of Afghanistan appeared to be the inevitable outcome of leaving the country, the US government was trying to add to the pile of sensitive data now in the Taliban’s possession.
[A] recent job posting by a State Department contractor sought to recruit a biometric technician with experience using HIIDE and other similar equipment to help vet personnel and enroll local Afghans seeking employment at U.S. embassies and consulates.
To claim this couldn’t be foreseen is ridiculous. Decades of propping up the Afghanistan government didn’t make the area any more stable. The never-ending War on Terror ensured tons of sensitive data would be compiled, especially in countries where US-based constitutional rights don’t apply. Pulling out may have been the right thing to do, but abandoning devices containing data on local allies and supporters is insane. Our government has had more than 200 years of practice. The people who helped us during our many years of ineffective occupation can now be targeted with ease. That should never be considered acceptable. Operational security shouldn’t just protect the highest and mightiest in the US government. It should protect everyone the government relies on, including nationals abandoned by a government that had every opportunity to mitigate collateral damage.