As the United States pulled its troops out of Afghanistan after a 20-year occupation, byproducts of the prolonged deployment took on new meaning and represented a new chapter of danger for the Afghan people. For two decades, the United States spearheaded the collection of information on the people of Afghanistan, both for commonplace bureaucratic reasons like payroll and employment data—and in massive databases of biometric material accessible through devices called HIIDE.
HIIDE, the Handheld Interagency Identity Detection Equipment, are devices used to collect biometric data like fingerprints and iris scans and store that information on large accessible databases. Ostensibly built in order to track terrorists and potential terrorists, the program also was used to verify the identities of contractors and Afghans working with U.S. forces. The military reportedly had an early goal of getting 80% of the population of Afghanistan into the program. With the Taliban retaking control of the nation, reporting about the HIIDE program prompted fears that the equipment could be seized and used to identify and target vulnerable people.
Some sources, including those who spoke to the MIT Technology Review, claimed that the HIIDE devices offered only limited utility to any future regimes hoping to use them and that the data they access is stored remotely and therefore less of a concern. They did raise alarms, however, on the wide-reaching and detailed Afghan Personnel and Pay System (APPS), used to pay contractors and employees working for the Afghan Ministry of Interior and Ministry of Defense. This database contains detailed information on every member of the Afghan National Army and Afghan National Police—prompting renewed fears that this information could be used to find people who assisted the U.S. military or Afghan state-building, policing, and counter-insurgency measures.
There has always been concern and protest over how the U.S military used this information, but now that concern takes on new dimensions. This is, unfortunately, a side effect of the collection and retention of data on individuals. No matter how secure you think the data is—and no matter how much you trust the current government to use the information responsibly and benevolently—there is always a risk that either priorities and laws will change, or an entirely new regime will take over and inherit that data.
One of the most infamous examples was the massive trove of information collected and housed by Prussian and other German police and city governments in the early twentieth century. U.S. observers given tours of the Berlin police filing system were shocked to find dozens of rooms filled with files. In total, over 12 million records were kept containing personal and identifying information for people who had born, lived, or traveled through Berlin since the system began. Although Prussian police were known for political policing and brutal tactics, during the Weimar period between 1918 and 1933, police were lenient and even begrudgingly accepting of LGBTQ+ people at a time when most other countries severely criminalized people with same-sex desires and gender-nonconforming people.
All of this changed when the Nazis rose to power and seized control of not just the government and economy of a major industrialized nation, but also millions of police files containing detailed information about people, who they were, and where to find them.
The history of the world is filled with stories of information—collected responsibly or not, with intended uses that were benevolent or not—having long afterlives. The information governments collect today could fall into more malevolent hands tomorrow. You don't even need to go abroad in search of a government finding new nefarious uses for information collected on individuals for entirely different and benevolent purposes.
With the afterlives of biometric surveillance and data retention now re-threatening people in Afghanistan, we are now regrettably able to add this chapter to this history of the dangers of mass data collection. Better protections on information and its uses can only go so far. In many instances, the only way to ensure that people are not made vulnerable by the misuse of private information is to limit, wherever possible, how much of it is collected in the first place.