Digital intervention infrastructures: biometrics in counterterrorism and beyond
Biometric data – uniquely identifying biological characteristics like iris patterns or fingerprintsFootnote 1 – are collected in several contexts. Particularly in the aftermath of 11 September 2001 (9/11), biometrics came to be viewed as an important counterterrorism technology. Illustrative of the imagined supremacy of biometrics as a counterterrorism technology, a former Central Intelligence Agency (CIA) officer noted, in November 2001, that “the use of biometric technologies might help make America a safer place,” by protecting US citizens from terrorist attacks.Footnote 2 Today, biometrics is still seen as central to counterterrorism. A recent US program, for example, aims to develop systems capable of performing “biometric identification at long-range,” in order to “recognize individuals under challenging scenarios,” including from unmanned aerial vehicles.Footnote 3 Further illustrative of the imagined centrality of biometrics in US counterterrorism, a 2017 report from the Government Accountability Office (GAO) notes that between 2008 and 2017, U.S. Department of Defense (DoD) used biometrics “to capture or kill 1,700 individuals,”Footnote 4 who would allegedly otherwise represent a threat to US security.Footnote 5
After two decades of counterterrorism biometrics, challenges have surfaced. Scholars have shown how technology-derived “accuracy” in enemy identification is problematic when mistaken for accuracy in political decisions about “who comprise legitimate targets for the use of violent force.”Footnote 6 Challenges related specifically to biometrics have also become visible. Following the withdrawal of coalition forces from Afghanistan in August 2021, the Taliban gained access to biometric devices left by US forces, giving them access to biometric data through which persons registered by coalition forces in relation to training, salary payments or other collaboration could be identified. In this case, biometric infrastructures – as will be explained in this article – came with new forms of insecurity, thus challenging imaginaries of biometrics as straightforwardly delivering superior security. While this example is unique in many ways, additional examples appear if we consider the use of biometrics in other contexts and by other actors, including not only military but also humanitarian.
Exploring the use of biometrics in two different intervention contexts – Afghanistan and Somalia – diverse challenges and cross-cutting dynamics, logics and effects come into view. Whether resulting from biometrics falling into enemy hands, from biometrics being shared deliberately, or from real-world testing of unproven biometric modalities, both contexts illustrate how the use of biometrics may generate new risks and insecurity. Both contexts also illustrate how isolated analyses of either military or humanitarian biometrics risk overlooking the issue of data flows. In Afghanistan, not only soldiers but also humanitarian actors produced large amounts of biometric data. Also, in some contexts, data-sharing agreements enable biometric data flows between humanitarian actors and State security actors. Starting our enquiry from a perspective that attends to flows, the analysis explores different ways in which non-military biometric data flows might – intentionally or unintentionally – interrelate with counterterrorism infrastructures, e.g. at the level of data-sharing agreements (such as that between the United Nations High Commissioner for Refugees (UNHCR) and the U.S. Department of Homeland Security (DHS)).
Further, in many contexts, different actors test biometrics in ways that generate “success stories” which in turn feed into imaginaries of the accuracy and centrality of biometric data gathering and sharing. If viewed in isolation, we fail to appreciate how military and non-military actors contribute in different ways to an emerging digital intervention infrastructure. This article will more specifically focus on biometric infrastructures – as part of digital intervention infrastructures – as referring to the makings and flows of biometric data that make up an infrastructure of databases used and produced by different intervention actors, for different purposes, though sometimes with flows that enable the same data to be used across such differences. These biometric databases constitute an often-overlooked dimension of contemporary intervention infrastructures, an “infrastructure collecting, archiving and identifying digital biometrics.”Footnote 7
Following Brian Larkin, this article understands infrastructures as platforms that carry “not just water or cars” – in our case biometric data – but also desires, dreams or imaginariesFootnote 8 – in our case success stories or fear. But how and under what conditions are biometric infrastructures produced in the first place? To appreciate this, the article combines Larkin's notion of infrastructure with Helen Tilley's notion of “living laboratory” to foreground the real-world trialing of biometrics by different actors in various intervention contexts. During such trials, biometric data is produced, and so are “success stories” that potentially animate imaginaries of the presumed value to various intervention actors of biometric data(bases), thus potentially propelling quests for expanded biometric data-making and -sharing. By combining these notions of infrastructure and laboratory, the article asks under what conditions biometric intervention infrastructures are produced, and what flows they are comprised of and enable, including both biometric data flows (intentional or not) and the more invisible flows of success stories or fear.
After this introduction, the concepts of infrastructure and living laboratory are explained. Next follows an analysis of the makings and flows of biometric data, in Afghanistan and Somalia. The article concludes with a set of reflections on the broader relevance of these two cases and on the significance of exploring the making of digital intervention infrastructures – specifically, biometric databases – in a manner that attends to power relations and inequalities, including during (varyingly experimental) practices of data-making.Footnote 9
Methodological reflections
Diverse sources were used to explore these biometric intervention infrastructures. Eleven semi-structured interviews were conducted with individuals from the International Committee of the Red Cross (ICRC), Food and Agricultural Organization (FAO), United Nations Office for Project Services (UNOPS), UNHCR and the World Food Programme (WFP), all of whom had experience with the use of biometrics in Somalia, Afghanistan or humanitarian programs more broadly. Interviewees include staff at different levels and in different locations. Given the sensitive nature of data-sharing questions and other aspects, interviews were made under conditions of anonymity. In addition, news stories, industry websites, expert reports and official documents were examined for accounts of how biometric data is made and may subsequently flow. Sources cover the period from early uses in the aftermath of 9/11, to current examples from Afghanistan, recent data protection policies and data-sharing agreements. Neither Afghanistan nor Somalia are in-depth case studies. Rather, the article draws on examples from both contexts to illustrate trends of broader relevance, for example regarding how biometric data flows may generate insecurity.
Little information is available, and secrecy surrounds not just counterterrorism biometrics but also data-sharing agreements between donors and humanitarian agencies. In cases where the content of data-sharing agreements is not known, it is impossible to determine whether and what type of biometric data might be exchanged, which may not always be the case. For example, in Jordan biometric data is not shared with the UNHCR, whereas in the case of the U.S. DHS, such data is being shared.Footnote 10 It is certainly difficult, and not the aim here, to irrefutably prove direct links between non-military biometric data and counterterrorism uses of such data. Yet, simply disregarding the possible place of non-military biometrics in ongoing counterterrorism efforts risks contributing to the continued invisibility of such potential interconnections and the risks and insecurities that may result. Adding to the invisibility relating to biometric data flows, is of course also the invisibility of many of the people who suffer harm from the unintended consequences of such biometric data flows and from other unintended consequences of contemporary uses of biometrics in various intervention contexts.Footnote 11 Importantly, in addition to unpacking biometric data-makings and flows, it is crucial to unpack and remedy this type of invisibility, as some have indeed begun to do.Footnote 12
Analytical framework: infrastructures and living laboratories
Infrastructural makings and flows: data and dreams
In exploring biometrics as part of broader digital intervention infrastructures, the analysis operationalizes two elements of Larkin's notion of infrastructure. First is Larkin's focus on flows. A crucial element of Larkin's approach is his definition of infrastructure as “socio-technical platforms for mobility,” not simply mobility of people but more broadly of material and immaterial flows like cars and dreams, data and rumours, for example. Indeed, Larkin's approach invites us to study infrastructures with attention to their functions in terms of flows. Infrastructure, understood in this way, is not only to be studied with attention to processes that go into the makings – e.g. of biometric databases – but also with attention to flows enabled by these infrastructures. Second, is Larkin's emphasis on immaterial elements like imaginaries and desires. As Larkin writes, infrastructures “emerge out of and store within them forms of desire.”Footnote 13 In our analysis, this for example translates into a focus on success stories as something, which dreams are made of, and thus as a type of “flow” which feeds into and animates broader biometrics accuracy imaginaries.
Accordingly, this article suggests a two-fold approach, attending to makings and flows of both biometric data and biometric success stories. Attending to flows encourages us to explore – rather than assume – how the emergence of biometric infrastructures affects relations between actors, e.g. by following how biometric data produced by one type of actor may flow into the realm of a very different type of actor. From this perspective, the article calls attention to various flows: between different humanitarian databases (with Somalia as the laboratory for interoperabilityFootnote 14), between humanitarian and corporate actors, between humanitarian and counterterrorism actors, or unintended flows between coalition and “enemy” forces.
Living laboratory
Bringing Tilley's notion of “living laboratory” into the analysis of infrastructures enables us to pose questions that precede the focus on data flows, questions about the conditions under which biometric data was produced in the first place.Footnote 15 “Living laboratory” foregrounds the varyingly experimental character of many biometric uses through which data has been made. It also foregrounds the significance of attending to wider implications of more or less explicitly experimental technology uses and underlying rationales, like the risk of implicitly making certain locations into temporary laboratories considering the seeming acceptance of biometric technology testing in various intervention contexts.Footnote 16 Importantly, “living laboratories” are not spaces or conditions that simply exist in that capacity. Rather, Tilley invites us to explore how such spaces are created by external actors via particular assumptions and analogies that in turn legitimize specific practices.Footnote 17 While Tilley developed her analysis with reference to colonial Africa, living laboratory foregrounds dynamics of relevance to contemporary biometric experiments. Tilley for example notes that, when shifting to settings in Africa, this often meant that informed consent was then “rarely an explicit concern” – a silencing, which contributed to making Africa a seemingly appealing “living laboratory.”Footnote 18 The issue of consent – often the absence of genuine consent – and arguably of the subsequent international legal obligation is an important consideration in relation to the making of biometric data in contemporary intervention contexts.Footnote 19 Thus, Tilley's analysis highlights the importance of adding questions about the makings of laboratory conditions to our analysis of biometric data flows. As such, “living laboratory” becomes an analytical lens through which to explore questions about various tensions and misfortunes of temporary real-world laboratories.
Combining the two, Tilley invites important considerations, including questions that precede the Larkin-inspired focus on flows of biometric data and immaterial components like success stories or fear: prior to exploring such flows, we should ask how biometric data is made in the first place, by whom and under what conditions? Thus, combining Tilley and Larkin, a two-fold analytical framework is developed. Accordingly, the subsequent analysis first attends to questions about “data-makings” (before data flows) by asking (a) by whom and (b) under what conditions, and second, explores the issue of “data flows,” with attention to both (a) intended and (b) unintended biometric data flows.
Afghanistan and Somalia: analyzing biometric data-makings and data flows
Data-makings: (a) by whom
Afghanistan
Several sources indicate that by November 2019, the US military had gathered biometric data from “7.4 million identities,” including several terror suspects.Footnote 20 During the first half of 2019, this data helped identify persons on the battlefield “thousands of times.”Footnote 21 Indicative of the focus on biometric data collection, a US military document on Employment of Biometrics in Support of Operations has a section on “collectors,” which notes that: “Almost every operation provides the opportunity to collect biometrics.”Footnote 22 Specifically in Afghanistan, already by 2011, biometric data of “about more than 1.5 million Afghans” had been collected and stored in “databases operated by American, NATO [North Atlantic Treaty Organization] and local forces.”Footnote 23 Considering the composition of this data, it becomes evident that this biometric data collection effort has a specific focus, namely on “males of fighting age, ages 15 to 64,” of which “roughly one of every six” had been registered biometrically in this database.Footnote 24 But how was biometric data produced in the first place? Who was collecting it and how? Given the connection to intelligence gathering, it should be noted that such biometric data collection constitutes only a small part of the data-gathering practices of a much larger US intelligence infrastructure.Footnote 25 That of course applies to humanitarian actors too as they collect large amounts of data, with digital biometric data being just one type of data – but a particularly sensitive one given for example that one cannot easily get a new iris pattern, voice or fingerprint, combined with the ease with which large amounts of digital biometric data can be shared, which is not the case for paper files.
As alluded to above, US soldiers in Afghanistan have been collecting “fingerprints and iris patterns” from several individuals encountered in the field, assuming this would allow the US military to accurately “identify enemy combatants,”Footnote 26 for example by matching fingerprints of individuals in the field against templates stored in biometric databases including “watch lists of known or suspected terrorists.”Footnote 27 Besides field encounters, “soldiers and police officers” have also collected biometrics (notably fingerprint and iris scans) from detainees, or from “local residents who apply for a government job, in particular those with the security forces and the police and at American installations.”Footnote 28 At a more subtle level, biometrics have been collected by lifting off fingerprints “from a defused bomb or from remnants after a blast.” Such fingerprint data was then subsequently used when checking the fingerprints of individuals encountered in the field or persons applying for jobs. According to General Petraeus, this practice was “very helpful in identifying who was responsible for a particular device in a particular attack, enabling subsequent targeting.”Footnote 29 Biometrics was also used to control who was given access to US military bases.
Not only US soldiers but also various groups of Afghan officials have been collecting biometric data. At the Sarposa Prison in southern Afghanistan, for example, Afghan officials (using technology provided by the US) collected iris scans and fingerprints from militants and detainees.Footnote 30 Represented as displaying the usefulness of this data, the database was for example used to identify some of the 475 inmates who escaped this prison following an incident where the Taliban dug a tunnel system “right into the prison's political section where hundreds of Taliban were held.”Footnote 31 Now, according to various sources, biometric data was important in identifying these individuals and getting them back into the prison: ”Within days of the breakout, about 35 escapees were recaptured at internal checkpoints and border crossings; they were returned to prison after their identities were confirmed by biometric files.”Footnote 32 Various other Afghan officials also collected biometric data. Indeed, two main biometric projects were active in Afghanistan: one focusing on collecting biometrics from detainees “and what NATO calls ‘other persons of interest’,”Footnote 33 another focused on collecting biometrics from army and police applicants. Developed by the U.S. DHS and NATO, the “Afghan Automated Biometric Identification System” (AABIS)Footnote 34 was “administered by about 50 Afghans at the Ministry of Interior in Kabul,”Footnote 35 who collected “biometric data from army and police applicants,”Footnote 36 in order to “keep Taliban infiltrators out of the Afghan army.”Footnote 37 Also focusing on army and police staff, the Afghan Personnel and Pay System (APPS), which was used by the Afghan Ministry of the Interior and the Ministry of Defense to pay the national army and police, also had a biometric component.Footnote 38
Biometric data was also collected by various other actors. For example, Afghanistan's National Statistics and Information Authority collected fingerprints and iris scans when implementing the “e-Tazkira” ID-card systemFootnote 39 with support from the World Bank.Footnote 40 The Independent Election Commission implemented biometrics in “an attempt to prevent voter fraud during the 2019 parliamentary elections.”Footnote 41 Other actors also collected biometrics. In a 2019 report, the WFP notes that since initiating its biometric SCOPE system in Afghanistan, “more than 2.5 million beneficiaries have been registered.”Footnote 42 Even earlier, the UNHCR started collecting biometrics from beneficiaries. In 2002, the UNHCR introduced mandatory iris recognition for millions of Afghans whom the refugee agency assisted in repatriating to Afghanistan from refugee camps in neighbouring Pakistan. Upon returning to Afghanistan, each returnee had to undergo iris registration with the UNHCR.Footnote 43
Though this list of actors who gather biometrics from various segments of the Afghan population is already long, it is not, however, an exhaustive list. Rather, the point is to illustrate the plethora of actors that for different purposes collect and store biometric data from Afghan individuals – whether from subjects that US soldiers suspect of being terrorists, or subjects who collaborate with US forces, whether in prison, or former UNHCR-registered refugees. Whilst these actors are indeed very different – sometimes opposed – what they share is a strong faith in biometrics as a tool to more effectively achieve diverse aims. But how does the collection and storing of biometric data potentially link these diverse actors in different ways? What happens when biometric data “travels” from one actor (with one purpose) to a different actor (and purpose)? When may such flows occur in contravention of data protection principles? What do biometric data exchanges or flows mean for the underlying contrasting security priorities – which one is eventually prioritized? How does biometric data collected by humanitarian actors flow once collected? Such questions were relevant even twenty years ago as the UNHCR was conducting biometric registration in the Afghan–Pakistan borderlands, which, for the UNHCR was a repatriation location, but for others, like the US military, a location of intense counterterrorism efforts with biometric identification as one of its central components. These are some of the questions that we return to later, after having explored another characteristic of these biometric data-makings, which is shared across various data-making actors: degrees of experimentation.
Somalia
In Somalia, US drone strikes intensified in 2019Footnote 44 and the US military remains focused on preventing “the use of Somalia as a safe haven for international terrorism.”Footnote 45 Yet, in contrast to Afghanistan, Somalia is a counterterrorism location with few – at times no – US ground troops.Footnote 46 Appreciating this, important questions emerge concerning our analysis of biometrics in US counterterrorism interventions. Without soldiers on the ground in Somalia, how and by whom is biometric data then collected? Is biometrics even a significant component of US counterterrorism efforts in Somalia? Indeed, and again in contrast to Afghanistan, little information is available on how and to what extent the US military uses biometrics in Somalia. Yet, few accounts indicate that biometrics do play a role. For example, the practice of lifting off fingerprints from improvised explosive devices does not seem unique to Afghanistan. In May 2010, biometrics-enabled intelligence indicated: “a suspected member of a Somali Al Qaeda terrorist organization was trying to enter the US from Mexico.”Footnote 47 Border control agents apprehended a person whose fingerprints flagged him as being “of extreme interest to the U.S. government,”Footnote 48 given that his “live” fingerprints, presented to scanners at this border crossing, “matched those of a suspected Al Qaeda bomb-maker that had been lifted during an improvised explosives device investigation and entered into BEWL [DoD's Biometric-Enabled Watchlist].”Footnote 49 Thus, even with no or very few US soldiers in Somalia, biometric data from members of Somalia-based Al Qaeda were still collected and stored in US databases. Examples like this indicate that biometrics may not be altogether unimportant to US targeting of terror suspects in/from Somalia.
Concerning US military actors, little information exists about their potential use of biometrics in Somalia. Yet, concerning Al Shabaab, a former US Navy SEAL noted, in 2017, “once militants are off the battlefield and in custody, program stakeholders collect defectors’ biometric data.”Footnote 50 It has also been noted how US military contractors biometrically register recruits.Footnote 51 Such accounts tentatively suggest that military actors and contractors produce biometrics from individuals in Somalia. Yet, as for the case of Afghanistan, looking only at biometrics collected for military purposes neglects the diversity of actors who for different purposes produce biometric data. Somalia, for example, hosts numerous humanitarian and development agencies who gather biometrics from various beneficiaries. Indicative of the extent of biometric data-making in Somalia, the WFP conducted a European Union (EU)-funded study to map “Somalia Databases,” including biometric databases.Footnote 52 Thus, not only do military actors collect biometrics (in little-known ways), various humanitarian actors also produce (“ideally interoperable” – see below) databases with biometrics from different parts of the Somali population. The UNHCR collects and stores biometrics from Somali refugees that they assist. By 2018, the WFP had conducted biometric registration of 1.6 million Somali beneficiaries.Footnote 53
Other UN agencies also collect and store biometric data. The UN FAO runs “a biometrics-based fishermen database system in Puntland.”Footnote 54 The UNOPS has biometrically registered frontline soldiers of Somalia's National Army. Interestingly, some UN agencies use contractors for the making of biometric data(bases) – notably to register populations in areas of Somalia that are difficult to access. As an interviewee noted, those carrying out biometric registration for a UNOPS program were contractors. This enabled them to bypass strict UN security regulations. In this sense, the making of biometric data simultaneously generated an implicit “risk-outsourcing.” Besides contractors, the making of non-military biometric databases also involved local Somali staff: “we were training Somalis to use the [biometric] equipment since in some locations it was too dangerous for UN staff to do the registration ourselves.”Footnote 55 Moreover, the African Union Mission to Somalia (AMISOM) has trained the Somali Police Force in biometric registration. The International Organization for Migration (IOM) has installed biometric scanners to collect fingerprints at eight border crossings in Somalia.Footnote 56 And in addition to – sometimes in collaboration with – various UN projects, researchers have produced biometric data, for example, whilst testing new biometric voter registration tools during the 2017 election in Somaliland. These examples are not an exhaustive list, but are meant to illustrate the breadth of military and non-military actors engaged in making databases with biometrics from individuals of Somali origin, including fishermen, border-crossers, refugees and frontline soldiers.
Data-makings: (b) under what conditions
Afghanistan
The first real-world “laboratory” in which the US military was testing counterterrorism biometrics was in Iraq. Specifically, the idea of “expanding biometrics for wholesale application on the battlefield was first tested in 2004 by Marine Corps units in Falluja.”Footnote 57 Prior to that smaller trials had taken place, like testing biometric prototypes “in Iraqi detention centers in 2003.”Footnote 58 While Iraq is not the focus of this article, it is important since “success stories” coming out of these biometric trials circulated beyond Iraq in ways that affected the use of counterterrorism biometrics in Afghanistan. As General Petraeus noted: “based on our experience in Iraq, I pushed this hard here in Afghanistan, too.”Footnote 59 Though field tested before, various accounts suggest that also in Afghanistan, the use of biometrics was in some sense experimental, testing, for example, how biometric devices developed elsewhere would perform when used in the rough conditions of Afghanistan. It was, for instance, discovered that: “The hand-held [biometric] devices fail in the awesome heat of the Afghan summer.”Footnote 60 Another dimension being tested was interoperability: “military officials acknowledge that the new systems fielded by American, coalition and Afghan units do not all speak to one another.”Footnote 61
Experimental dimensions underwriting these trials of biometric prototypes, application scale and other unproven aspects like interoperability were not exclusively conditions that characterized specific uses of biometrics by the US military. The World Bank, for example, provided “technical support to the [Afghan] Government on MSP [mobile salary payments] pilots”Footnote 62 where “biometric and biographic information of MoE employees receiving salary payments” was being registered.Footnote 63 Further, the UNHCR was testing biometrics.Footnote 64 In 2002, the UNHCR initiated a “first-of-its-kind UNHCR biometrics program for Afghan refugees in Pakistan.”Footnote 65 The system used anonymously stored iris scans to decide whether returning Afghan refugees had already received aid from the UNHCR once. Thus, “false positives” – where a person's iris is mistakenly matched against existing templates in the UNHCR's database – could mean that biometric failures would imply that the UNHCR erroneously denied aid to eligible but falsely matched returnees.Footnote 66 Beyond the case of Afghanistan, others have similarly noted with reference to biometrics how “deploying such sophisticated technologies in difficult environments has a high failure rate.”Footnote 67
Not only the UNHCR but also the WFP have been testing biometrics in Afghanistan: “WFP is currently trialing a ground-breaking initiative to take advantage of new technology in its food assistance efforts,” running “6 e-voucher pilots,” starting in May 2014.Footnote 68 Specifically, the WFP tested e-vouchers as “a new model of food assistance.”Footnote 69 This e-voucher model had an important biometric component: “Biometric registration captures the fingerprint of the beneficiary to ensure verification of the intended beneficiary. […] which allows them to verify and accept payments for the food items purchased by the e-voucher recipient.”Footnote 70 One challenge that was discovered during this US-funded e-voucher pilot was that in a few cases, “involving about 5% of beneficiaries,” their “fingerprints could not be read by the biometric function of the POS [point of sale] machine because the recipients were elderly or had sent a representative who was not previously registered to redeem the e-voucher.”Footnote 71 Despite – or rather alongside – discovering new knowledge about this and other challenges, the WFP pilot produced biometric data on approximately “70,000 food assistance recipients.” For the WFP, the advantages of this new system were described with reference to accountability and inclusion benefits. Yet, as an interviewee noted about informed consent in another context: “what can be guaranteed to these recipients about where their data may potentially end up once collected?” Yet, international legal frameworks of course exist that are meant to guide use of biometrics, namely, through international human rights law and requirements such as consent and collection for specific purposes. We get back to the issue of risks stemming from potential biometric data flows in the next section.
Not only do biometric technology trials produce data that may subsequently circulate via (un)intentional paths. Moreover, attending to the conditions under which biometric data-making takes place will render visible another set of risks, including risks of technology failures as well as a more subtle production of subjects whose exposure to biometric failures is made to seem more acceptable than for other subjects.Footnote 72 Yet, despite accounts of risks and insecurity during two decades of biometric data production – and as others have also noted – there has, however, often been “minimal acknowledgement of the attendant risks,”Footnote 73 and limited attention to questions about how biometric data, once collected, can be deleted or otherwise secured from unwanted access, and to how meaningful consent can be obtained in the absence of answers to such questions. What are subjects consenting to when enrolled in humanitarian or other biometric databases? To indefinite retention of their data? To the sharing of their biometric data? As an interview explained (with reference to biometrics beyond Afghanistan): “we decided to remove the part about data deletion in our consent form. We cannot guarantee this.”Footnote 74 So once registered with humanitarian actors like the UNHCR or WFP, do refugees know and consent to having their data stored indefinitely? What does that “laboratory” condition mean – not only during trial phases but also in subsequent implementation?
Somalia
Of these multiple actors, many use biometrics in Somalia in more or less experimental programs. For example, iris recognition for biometric voter registration in Somaliland was tested in a setup involving experts from the University of Notre Dame.Footnote 75 In previous trials, fingerprint registration was unable to solve the problem of “double-registration” – which refers to the same individual using a “system” twice, in this case to cast more than one vote. One aim of this new iris recognition trial was to generate knowledge about this double-registration problem whilst collecting biometric data as part of this trial, including the aim of developing a fraud-free voter registration checklist.Footnote 76 Trials conducted in Somaliland and elsewhere in Somalia not “only” produced knowledge about the reliability of iris technology for voter registration. Implicitly, Somalia risks being turned into as a “living laboratory,” with increasingly larger parts of the Somali population produced as “test subjects.” Trialing biometrics under challenging conditions puts the technology “to test” but also poses challenges, for example, to ensuring informed consent. This challenge is not exclusive to the iris trial but applies to a broad range of varyingly experimental uses of biometrics in Somalia. As an interviewee noted with regard to non-military use of biometrics: “it's like dangling a lollipop,” highlighting critical challenges to obtaining meaningful informed consent in contexts (refugee assistance, voting, etc.) where biometrics are trialed. Indeed, considering the position of vulnerability and lack of alternatives, one wonders whether consent in such circumstances can ever truly be genuine. As this interviewee explained: “giving consent is extremely complex: consent to having one's data stored? Shared? For what purposes?” Thus, biometrics trials not only produce new knowledge. They also produce beneficiaries (aid recipients, fishers, etc.) and other enrolled subjects (infants, voters, etc.) as seemingly acceptable test subjects.
Another example is infant fingerprinting. “Despite years of effort, reliable biometric identification of newborns and young children has remained elusive.”Footnote 77 Yet, although critics note, among other things of concerns vis-à-vis infant biometrics, that they “would be surprised if the concept of toddler fingerprinting would be acceptable – or even attempted – in wealthy countries,”Footnote 78 infant biometrics trials were conducted in India: “This is the first time anybody has collected a longitudinal database of fingerprints for such a young population,” said biometric expert Jain, from Michigan State University. Following this trial, Jain talked to the UN “about trialing the system with the World Food Programme.”Footnote 79 Later, the WFP announced their decision to partner with experts from Michigan State University to set up a “proof of concept” trial to test whether child biometrics could solve what the WFP saw as a problem of different families “presenting the same children as their own, with the goal of getting more supplementary food rations.”Footnote 80 The trial involved “taking the thumbprints of 150 children in three locations in Somalia over seven months.”Footnote 81 During this trial, “evidence” of the reliability of child biometrics was produced. According to the WFP, the trial had demonstrated the feasibility of using biometrics to identify children under 5 years old, thus producing a “proof of concept” that animates visions of ever-expanding enrolment populations, now including children down to 5 years. The WFP trial also produced a call for “more research” to test the reliability of biometrics for children under 5 years: “while biometric technologies have some application in children above 5 years of age, solutions at younger ages are largely experimental and require more research.”Footnote 82 This call for further research echoes a broader logic where failures and limitations are countered by adding more of the same: more biometrics trials, more biometric data collection, more interoperability, more data-sharing. Both the proof of concept and the call for further research echo the U.S. DoD's vision of a future of ubiquitous biometrics, and in that way nourishes the vision of expanding biometrics as key to successful and presumably more ethical counterterrorism efforts.
As with “success stories” from Iraq feeding broader “dreams” and affecting the introduction of biometrics in Afghanistan, the case of Somalia is illustrative of somewhat similar dynamics. To explain how the idea of using biometrics in a specific UN project came about, an interviewee for example explained how UN Mine ActionFootnote 83 had been using biometrics and that “success stories” from that had inspired other UN programs.Footnote 84 Various interviewees alluded to similar dynamics of biometric success stories circulating: “biometrics wasn't so popular when I worked on it. However, because of the success of this project, many other UN agencies jumped onto the bandwagon so to speak,” adding that knowledge about the success of biometrics in a specific UN project “was for example shared during meeting amongst Heads of Programmes (FAO, UNODC [UN Office on Drugs and Crime], etc.), that is, within UN circles.”
As an example of immaterial aspect of biometrics infrastructures, attending to such “success stories” is important for several reasons. They have effects as they, for example, animate a sense of confidence, in different UN projects, about the value of using this technology and encourage the use of biometrics in an increasing number of programs. Moreover, such UN-labelled success stories not only animate expectations in other UN programs but also beyond. They travel to industry websites to display the value and reliability of biometrics. As an interviewee, for example, explains: “our automated biometric identification system (ABIS) has been deployed by UNSOM [UN Assistance Mission in Somalia],”Footnote 85 showing how the technology helped the Somali Federal Government. Such biometric success stories may also animate existing faith in biometrics for counterterrorism. This vendor not only deployed its systems with UNOPS, but has also “won a Home Office [prize] for its work on a project to help counter terrorism,” as a company with “close liaison” with the Ministry of Defence and NATO.Footnote 86 In these ways, “success stories” and other “knowledge” generated during varyingly experimental uses of biometrics in Somalia animate visions of biometrics for counterterrorism. Yet, at the same time, critics have pointed out how “biometric initiatives in Somalia by various international actors have had dubious benefits and detrimental effects on local populations.”Footnote 87 One lens through which to unpack certain dimensions of such “detrimental effects” is to look at what happens to the biometric data once it has been collected.
Data flows and after
Once all of the concerned actors have collected biometrics, how is this biometric intervention infrastructure then being used? While these actors share a common faith in the importance of biometrics for advancing their specific aim (refugee protections, emergency aid, counterpiracy, counterterrorism, etc.), Larkin's invitation to focus on flows – e.g. of biometric data – becomes an entry point for exploring what happens to the biometric data that these different actors have produced. Shifting from exploring the makings of biometric databases to exploring subsequent data flows, examples of intended and unintended data flows are presented below (with crucial difference in terms of the whom and how of such data-sharing).
Data flows and after: (a) intended – data-sharing agreements
Afghanistan
One example of deliberate exchanges of biometric data is the above-mentioned AABIS where data flows between the Federal Bureau of Investigation (FBI) and Afghanistan's Ministry of the Interior was an intended part of the system set-up. As described by the FBI, information sharing with partners like the FBI, was a “key component of the program [AABIS],” enabling critical data flows.Footnote 88 As such, AABIS represents an example of biometric data-sharing by design: “AABIS … is designed to be compatible with the U.S. DoD ABIS and the FBI Integrated Automated Fingerprint Identification System.”Footnote 89 With the withdrawal of US troops and other coalition forces from Afghanistan in August 2021, several questions emerge. For example, will this biometric database, which one source tentatively put at approximately “8.1 million records,” be retained or deleted?Footnote 90 If retained, what does this mean for the potential of biometric counterterrorism intervention infrastructures to alter frontiers by calling into question where intervention ends, considering the potential for external actors’ continued access to biometric data of millions of Afghan citizens. Crucially, this and other examples of biometric data-sharing in the context of counterterrorism must be understood against a wider backdrop of actors and initiatives that in different ways encourage biometric data-sharing, including UNSCR 2396 (2017), which requires States to “develop and implement systems to collect biometric data” in order to “responsibly and properly identify terrorists.”Footnote 91
Concerning Afghanistan specifically, highlighting the potentially fatal consequences of biometric data falling into the hands of the Taliban (see below) is important for several reasons. It may for example help accentuate the urgency of discussing how best to prevent further risks emerging for biometrically registered subjects in Afghanistan, including risks of retribution. However, at the same time, these discussions should not make us forget that intended data-sharing “by design” may also come with challenges, though sometimes more subtle. For example, the diverse actors who have collected and stored biometric data for different purposes may have a shared faith in the usefulness of biometrics. Yet, besides that shared faith are often crucial differences in logics and security priorities, for example (but not exclusively) between military and humanitarian actors. Acknowledging how logics, mandates and protection priorities of different biometric data-making actors do not always align, it becomes crucial to ask how their biometric data may flow – by intentional or unintentional paths. Importantly, how may such data flows affect these potentially un-align-able security priorities and, ultimately, the security of individuals whose biometric data may be accessed by agencies without the consent, let alone awareness, of the concerned individual? On that note it is interesting to observe how, in their annual country report on Afghanistan, the WFP notes about data-sharing agreements signed with four partners – the UNHCR,Footnote 92 International Rescue Committee, Norwegian Refugee Council (NRC) and Shelter Now International – that these agreements on the sharing of beneficiaries’ data do not include biometric data.Footnote 93 The sensitivity of this data as well as the difficulty of ensuring that it remains in safe hands, despite data-sharing agreements that deliberately exclude biometrics, become evident from the following examples of unintended flows.
Somalia
Some biometric infrastructures are set up to enable data flows within the humanitarian sector, for example to enable various humanitarian actors in Somalia to share biometric data internally.Footnote 94 Indeed, improved interoperability between various databases of humanitarian actors in Somalia was the focus of a report, which also describes the piloting of “biometric interoperability” between the WFP and the Somalia Cash Consortium. A specific focus of the aforementioned mapping of “Somalia Databases,” including biometric ones, was to assess the “potential for data sharing and interoperability” and the making not just of biometric data, but on “making biometric collection standards.”Footnote 95
Another type of intended data flow occurs where data-sharing agreements are made. One example of data-sharing agreements enabling biometric data flows was the decision made by the EU in 2010 to share data on “suspected maritime pirates,” including fingerprint data collected by EU Naval Force Somalia, with INTERPOL, allowing that biometric data “to be checked against INTERPOL's global databases.”Footnote 96 More specifically on data-sharing agreements that enable biometric data collected by humanitarian actors to flow beyond humanitarian databases, a Privacy Impact Assessment highlights how the U.S. DHS “has been discreetly gathering the biometric information of tens of thousands of refugees, many of whom may never make it to America.”Footnote 97 The biometric data was made available to the U.S. DHS “through a sharing arrangement with the United Nations High Commissioner for Refugees (UNHCR), which sends profiles to federal agencies when referring refugees for resettlement.”Footnote 98 However, out of the almost 85,000 UNHCR referrals in 2018, less than a quarter of these referrals were accepted for resettlement.Footnote 99 Through data-sharing agreements like these, biometric data from “tens of thousands of refugees who are not admitted to the country” flows into DHS databases, stored “on Homeland Security's IDENT [Automated Biometric Identification System] database” and shared with various federal agencies.Footnote 100 IDENT is “a continually growing database that holds biometric information and other personal data on over 200 million people who have entered, attempted to enter, and exited the United States of America.”Footnote 101 Also, critically, considering the aforementioned data-sharing agreement with the UNHCR, IDENT holds information of people who have never set a foot in the US.
Considering data flows in view of such data-sharing agreements invites a range of important questions, including questions about the reach of biometric counterterrorism infrastructures: to what extent might biometric counterterrorism infrastructures interconnect with biometric data stored by non-military agencies? Non-military biometric databases may not only be valued by donors who feel ensured that, with biometric registration, “assistance reaches the right people,”Footnote 102 but possibly also by counterterrorism actors.Footnote 103 As the ICRC notes in their Biometric Processing Policy, the agency is “aware of the value of biometric data in locating and identifying persons of concern to States and security,” adding that the ICRC is conscious that State authorities have a significant interest in obtaining such data from organisations operating in humanitarian emergencies. This interest can extend to using biometric data for purposes that … may be incompatible with the neutrality, impartiality and independence of the ICRC, [including] counter-terrorism activities.Footnote 104
Similarly, Privacy International argues that the value of biometrics gathered in aid programs “is not lost on intelligence agencies.”Footnote 105 Further to this point, McDonald argues: “international intelligence operations realise the uniqueness of the data that humanitarian organisations collect.”Footnote 106 While such concerns are not specific to Somalia but apply more broadly to humanitarian biometrics, the extent of non-military biometric data-making in Somalia, coupled with ongoing US counterterrorism efforts in Somalia, makes Somalia a particularly interesting context to explore not only the makings of biometric data, but also subsequent flows – and implications thereof. Indeed, other scholars have also, in analyses of humanitarian actors’ use of biometric registration, highlighted various “concerns regarding data-sharing practices with states.”Footnote 107
Though difficult to prove, the significance of enquiring about potential infrastructural interconnections emerge when considering not only the role of donors (e.g. data-sharing agreements and requests) but also the role of corporations like Palantir.Footnote 108 Palantir is widely known for its role in US counterterrorism: its software has been “used by the CIA to identify terrorist and insurgent threats.”Footnote 109 As Palantir explains, their technology “allows the military to have a more targeted response to threats.”Footnote 110 Meanwhile, Palantir notes in a philanthropy report, how in three trial projects – one in Somalia – its data-analyzing tool “Foundry” helped the WFP automate data flows and “make precise, data-driven decisions to ensure its beneficiaries are reached.”Footnote 111 Correspondingly, the WFP announced, in February 2019, that they had entered into a five-year partnership with Palantir.Footnote 112 Thus, not only warfighting but also humanitarian data in Somalia is on the radar of Palantir's top-level leadership. Besides criticism that this WFP–Palantir partnership could lead to “exploitation of the data in WFP's ‘data lake’,” including “beneficiary biometric data,”Footnote 113 the partnership also illustrates the significance of exploring the potential role of non-military biometrics in military counterterrorism. The WFP is the only humanitarian actor in Somalia with known partnerships with Palantir. Yet, the WFP is not the only non-military actor collecting biometrics from various parts of the Somali population.
Though the case of Palantir is exceptional (the WFP being the only humanitarian actor with known partnerships with corporations working with the US military on counterterrorism), the role of corporations in relation to the issue of control over biometric data is relevant beyond the WFP–Palantir partnership. For example, the other issue is the data used through commercial service providers – cash programmes in particular. Were they cash programmes for very specific vulnerable groups who might be targeted by the Taliban, because they were war veterans, or sexual minorities – whatever it is.Footnote 114
As a more general point, an interviewee from the aid sector raises the following question: “How to effectively implement data deletion when shared with so many different actors?” Importantly, even if large amounts of data may not have “flowed,” the potential for such flows may have had negative implications. Besides data, immaterial things like rumours and fear (rather than dreams) also emerged and circulated, potentially affecting personnel on the ground who risk being “seen as collaborating with a CIA contractor,” when gathering biometrics from beneficiaries, and to individuals in Somalia for whom “knowledge of this partnership” may deter them from seeking WFP assistance.Footnote 115
If we consider flows of biometric data not just among aid agencies but within Afghanistan and Somalia more broadly, an additional type of potential flow emerges – the possibility, and the associated risk, of involuntary flows of humanitarian biometric data falling into the hands of armed groups.
Data flows and after: (b) unintended – in enemy hands
Afghanistan
A particularly noteworthy case of unintentional biometric data flows emerged as coalition forces left Afghanistan, in August 2021. Following their withdrawal, “the Taliban seized US military biometric devices that might help uncover people who worked with international forces, The Intercept reported.”Footnote 116 “On August 27th, the Taliban boasted of using US digital identity technology to hunt down Afghans who had worked with the international coalition,”Footnote 117 specifically, the US military's Handheld Interagency Identity Detection Equipment (biometrics devices). This scenario entails significant risks to the many Afghan individuals who have had their biometrics data captured and stored in these biometric identification systems. For these Afghans, it means that “the Taliban have sensitive personally identifiable information that they have said they will use to target those they deem enemies or threats.”Footnote 118 According to various sources, the Taliban regime “mobilized a special unit, called Al Isha, to hunt down Afghans who helped US and allied forces,” and following the revelation of biometric devices left behind by coalition forces having fallen into the hands of the Taliban, one of the commanders of that unit emphasized in an interview “that his unit is using US-made hand-held scanners to tap into a massive US-built biometric database and positively identify any person who helped the NATO allies.”Footnote 119
Others have highlighted the dangers confronting Afghans whose biometric data may have become accessible to the Taliban regime in whose eyes they are traitors, for which they may be punished. With biometrics, “erasing” such traits in order to remain safe in a Taliban-ruled Afghanistan is impossible: you cannot change the pattern of your iris. It remains to be seen what the Taliban will do with this data and with these devices. How and where, if at all, might they for example “use it to check whether an individual has collaborated with coalition forces?”Footnote 120 While this story first broke in the August of 2021, concerns had been raised ten years earlier: “Some Afghans are concerned that in the future the growing biometric database could be abused as a weapon.”Footnote 121 Importantly, concerns about unintended consequences of data flows on civilians have been highlighted in a report by the UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, Professor Fionnuala Ní Aoláin. Specifically the report mentions how “Aside from the threat of misuse, in particular by oppressive and/or authoritative governments, concerns have also been raised regarding the collection of biometric data on vulnerable populations and persons in vulnerable situations, in diverse contexts.” Specifically concerning Afghanistan, the Special Rapporteur noted not only how “the United States and some of its allies proceeded to collect biometric data of populations in conflict zones, such as Iraq and Afghanistan,” but also that since 2007, human rights organizations have cautioned that these biometric databases “could become a ‘hit list’ in the wrong hands,”Footnote 122 posing risks to “millions of Afghan and Iraqi citizens who have never been accused of any wrongdoing.”Footnote 123
As Larkin reminds us, we should not only attend to material flows but also to immaterial elements. Even if massive amounts of biometric data may not have been flowing to, let alone actively used by the Taliban, the potential infrastructural interconnection that became visible with stories circulating of the Taliban having access to coalition biometrics may indeed have generated immaterial “flows,” notably in the form of “rumours” and “fear” (rather than desires and dreams).Footnote 124 Indeed, it is crucial to take seriously how not only data flows but also fear can have potentially negative consequences, like if a person decides not to go to hospital out of fear that the Taliban may require that person to undergo biometric screening. In such cases, even if potential biometric data flows and subsequent uses may not all materialize, the emergence and flow of fear need to be taken seriously as potentially affecting biometrically registered persons’ security negatively. Such questions are relevant for all actors who collect biometrics in Afghanistan (and elsewhere). Once collected, can it be guaranteed that this sensitive data (you can never get a new iris) will not fall into “enemy hands” or otherwise into the hands of actors who may use it for other purposes than originally intended?
Summarizing these examples from Afghanistan, looking across military, humanitarian and other actors – as an infrastructure perspective invites us to do – highlights important challenges. For example, how neither storing of identifiable biometric data by coalition forces, nor anonymized data in UNHCR databases, offer an easy solution to difficult questions about what “safe” biometrics may look like. For the UNHCR, anonymized data generated different risks (of failures translating into humanitarian failures to assist). Asking new questions like how do (intentional or unintentional) biometric data flows alter the security aims guiding the use of such data? Interoperability is not simply a technical issue, not just a matter of infrastructural platforms that enable data flows, but also a question of how such flows carry and constitute imaginaries, including hierarchies of whose lives are important/unimportant from different security perspectives. What diverse, sometimes diametrically opposed, security perspectives does the flow of biometrics “erase” or what hierarchies do these flows reinforce or constitute or reshape? Moreover, how do success stories travel, and with what implications for the rollout of biometrics in new contexts or expansion of biometrics in existing contexts?
Somalia
Concerning flows of biometric data within Somalia there are also risks of involuntary flows of humanitarian biometric data falling into the hands of actors who may use this data not to enhance but to jeopardize the security of the individuals whose links to Western actors may be perceived negatively. As an interviewee, working for a UN agency in Somalia, notes: “Al Shabaab could misuse it if they were able to identify someone e.g. as a beneficiary of aid from western organizations (whom they see as their enemy).” A risk, which meant that this UN agency decided to reconsider the kind of biometric device that they were using: “We had these big bulky registration machines. But they looked too suspicious, so we found another type of registration device that looks more low-key and less suspicious, if our staff got stopped by Al Shabaab when carrying one of these devices.”
Besides data-sharing and partnership agreements, data flows from humanitarian to State security actors may emerge from a very different type of involuntary interconnection. Though impossible to verify, interviewees and news stories claim that defense agents may be among those who carry out cyber-attacks against UN database to enable involuntary flows of data. According to McDonald, humanitarian organizations are not only limited in their ability to safeguard the biometric data they store. They are also “a target for a range of digitally savvy groups,” including “international intelligence services.”Footnote 125 As noted by an interviewee, highly placed within a central humanitarian organization: “it would not surprise me if those involved in doing counter-terror were the same people as those involved in hacking into our [humanitarian] database. Attacks on our database is an ongoing challenge, and we are really struggling to have some minimum cybersecurity.”Footnote 126 Accentuating this, a journalist revealed how, in 2019, UN networks in Geneva experienced a “major hacking attack.”Footnote 127 According to a cybersecurity expert, the attack had “the hallmark of a sophisticated threat actor,” adding that “nation-states are frequently the most sophisticated threat actors.”Footnote 128 This incident illustrates how humanitarian actors’ biometric databases are vulnerable to unauthorized access,Footnote 129 with hacking incidents resulting in unintended data flows. Whilst cases of unauthorized access to humanitarian databases are not unfamiliar to technology providers or to humanitarian actors,Footnote 130 the extent of this vulnerability remains elusive. Aid agencies, “like any business with a reputation to protect, have the incentive not to admit when they have been hacked.”Footnote 131 These different data flows – to Al Shabaab, the DHS, or hackers – remain largely invisible for various reasons, like the nature of these being confidential programs, the embarrassment associated with acknowledging to have been hacked, and possible difficulties in contradicting a widespread imaginary of biometrics as valued in counterterrorism, refugee assistance and many other intervention contexts.
Importantly, several actors have highlighted how these challenges and crucial unintended consequences are not unique to Afghanistan and Somalia, but indicative of much wider challenges. A UN Special Rapporteur thus stresses how “sharing data with governments that have lower rule of law or human rights standards would risk contributing to human rights violations, going against States’ obligations under international human rights [and domestic] law.”Footnote 132 Also, other critics have for example stressed how “gathering digital ID and biometric data carries particular risks for vulnerable groups who face conflict or oppression: their data could be shared or leaked to hostile parties who could use it to target them.”Footnote 133 Thus, whilst Afghanistan and Somalia are important contexts in which to explore unintended consequences of biometric data-makings and flows, the concerns that emerge are illustrative of far broader challenges.
Afghanistan, Somalia and beyond
While Afghanistan and Somalia are unique in many ways, exploring biometric data-makings and flows with reference to examples from these two contexts can generate insights of broader relevance.Footnote 134 On example of this is the paradox that although several challenges relating to biometric experimentation, data-making and intended/unintended data flows have surfaced – particularly risks related to the security and confidentiality of civilians – faith in the presumed centrality of biometrics as a counterterrorism and wider intervention technology seems largely intact. Several actors in diverse intervention contexts still collect, store and share biometric data, often on a large scale. Looking ahead, what does this sustained faith in biometrics, amidst growing examples (from Afghanistan, Somalia, and elsewhere) of how biometric data may cause risks and insecurity, imply for actors engaged in the making of biometric intervention infrastructures? On the one hand, we have seen the emergence of new biometric policies that explicitly move away from biometric data collection. Oxfam's Biometric Policy, for example, specifies that when deciding whether biometric data processing is appropriate, it is imperative to ensure that “the likely flow of data is knowable and known,” meaning that it is necessary to understand “who will have access to data throughout its life.”Footnote 135 The ICRC's Biometrics Policy (2019) “requires the ICRC to limit the use of biometric data to specific use cases,”Footnote 136 which, for example, contrasts with how, for the UNHCR, biometric registration is considered a “routine feature”Footnote 137 and strategic decision.Footnote 138 Along similar lines, is the recent intensification of debates about data deletion and the right to be forgotten,Footnote 139 with “growing calls from a number of organisations for a greater focus on the risks of new digital technologies.”Footnote 140 However, not only is biometric data still collected and stored by numerous actors, but deletion may not always be an easy option: “For those in official databases, particularly the APPS [the U.S. funded ‘Afghan Personnel and Pay System’ database], user deletion is not an option.”Footnote 141 Another interviewee similarly noted: “By design, UNHCR's registration systems do not allow the deletion of IC files. An IC can be ‘deactivated’ but not be deleted.”Footnote 142
Biometric intervention infrastructures: ambiguity rather than accuracy
Looking ahead, another issue in relation to expanding biometric intervention infrastructures is the question of how this still somewhat elusive infrastructure affects several important distinctions and boundaries like wartime/peacetime, friend/enemy and sovereign/intervention.Footnote 143 Whilst in some cases biometric data flows may lead to increased accuracy, it is crucial, however, to emphasize how flows of biometric data (via formal agreements or involuntary paths) may in other cases produce increased ambiguity. Ambiguity may come about at two levels. First, pertaining to processes through which individuals are categorized by different authorities as legitimate refugee, legitimate counterterrorism target and/or subject of experimentation, the analysis showed the importance of foregrounding questions about how and by whom biometric data is gathered, shared and processed to establish such categories. Attending to data flows encourages analysis of how ostensible biometric accuracy does not always translate into unambiguity in data flows, with biometric data sometimes obtained via shadowy data-sharing practices. Put differently, biometric data-sharing agreements or cases of hacking represent different infrastructural interconnections of military and non-military biometrics, the effects of which are best understood not simply through an imaginary of accuracy, but rather as potentially engendering increased indeterminacy for biometrically registered individuals left unsure of how their biometric data is being processed, by whom and to what effects. By tentatively illuminating emerging ambiguities and insecurities at the level of biometric infrastructures, the article added to the existing literature on the fallacy of accuracy in contemporary counterterrorism.Footnote 144
Second, exploring data-makings and data flows highlighted how an expanding biometric intervention infrastructure may breed another critical ambiguity, namely fluidity in the distinction between war and peace when it comes to the collection and use of biometric data. What happens to the distinction between armed conflict and peacetime when biometric data gathered during armed conflict is passed over to or retained by a State, including its intelligence services, and potentially used for peacetime operations? If biometric data gathered by US soldiers during military intervention in Afghanistan is retained indefinitely, i.e. also after warfighting has officially ended, what do such data flows and retention practice imply for the security of these individuals? Such practices of retaining biometrics beyond “war's end” expand the possible space of counterterrorism action into “peacetime” as illustrated in the following quote from a biometric expert: “we need to take a federated approach to our biometric databases, since they are a powerful weapon that can be used in peacetime, as well as on the battlefield.”Footnote 145 Such expectations about the value of biometrics for counterterrorism purposes feed a practice of data retention which in turn generates another sense of ambiguity that highlights the limits to how biometric accuracy “translates” into more accurate and presumably more legitimate form of counterterrorism. Insofar as the above analysis offers additional nuances to existing debates about the tensions and fallacies of current counterterrorism, the argument also illustrates how looking at biometric infrastructures, with attention to both military and non-military actors, offers an entry point through which to illuminate broader tensions and contradictions.
Concluding reflections
As the above analysis demonstrates, we have seen how besides risks of new instances of unintended sharing of biometrics data (potentially with actors whose friend/enemy distinctions are diametrically opposed to those of institutions that beneficiaries and other subjects originally trusted their sensitive data with), it is necessary to expand our appreciation of how biometrics may generate insecurity. Moving forward it is of course crucial to look at actual data flows, but certainly also at the makings and flows of various immaterial elements, be they success stories or fear, both of which may in very different ways affect the safety of beneficiaries or other biometrically registered subjects. For example, where biometric registration remains mandatory with no changes to retention and sharing policies, there is a risk that potential beneficiaries may decide not to register with the WFP, UNHCR or other humanitarian agencies, out of fear of what could happen to their biometric data. Could it end up in the hands of actors who would use it in ways that would create additional insecurity for these already vulnerable individuals? Indeed, as shown in this article, this is a very real risk considering recent examples as well as the extent to which several intervention actors – military and otherwise – produce biometric databases vulnerable to exposure and unintended data flows. Moreover, with stories about unintended access circulating, what also gets produced is fear. And with stories about new real-world proof of biometric reliability or scalability, what also gets produced are success stories. While intangible, both success stories and fear affect the contours of the future of biometric data collection, though potentially in opposed directions. Success stories buttress a broader imaginary of “more biometrics, more safety,” and of the centrality of biometrics in current and future counterterrorism, as “a powerful weapon in peacetime and on the battlefield.”Footnote 146 Fear and anxiety, on the other hand, may more indirectly generate insecurity – be it for refugees who decide not to register with the WFP whereas they would be entitled to do so, or for biometrically registered Afghans who fear that their iris scans are on the databases that the Taliban claims to have access to.Footnote 147 We have seen in other contexts how biometric registration may “create security concerns that could prevent some refugees from registering with UNHCR. This has been the case with Syrian refugees in Lebanon.”Footnote 148 More specifically, the use of biometrics may affect the mobility of refugee in ways that can in turn give rise to unintended negative implications for refugee safety. For example, for refugees who “due to security considerations [have] not entered Lebanon through an official border crossing,”Footnote 149 the use of biometrics may “increase an already prevalent fear that they may be arrested when crossing an internal checkpoint.”Footnote 150
A widening abyss between the imaginary of biometric security and the (silenced) emergence of insecurity is critical. Also importantly regarding silenced insecurity, it must of course be said that besides the focus in this article on certain types of consequences there is a plethora of other largely untold stories about unintended consequences from biometrics encountered by people in various marginalized settings. For example, the UNHCR and WFP note in a joint assessment of their “Kenya Refugee Operations” how “school-going children or child-headed families” were forced to “skive school in order to comply with the requirements of the biometric food distribution system.”Footnote 151 Examples of how humanitarian uses of biometrics may unintentionally generate negative implications for refugees have also been noted in several other contexts. For urban Syrian refugees in Lebanon, “who ‘due to security considerations [have] not entered Lebanon through an official border crossing’,Footnote 152 the use of biometric identification may increase an already prevalent fear that they may be arrested when crossing an internal checkpoint.”Footnote 153 Indeed, the likelihood that biometric data collection and sharing may unintentionally have negative implications on refugee mobility and safety is a concern that has been voiced for several years. An unpublished study highlighted several risks, including that “data falling into the wrong hands could result in persecution, discrimination or even imminent threat to liberty and life” and that data “acquired by host governments” may be used “to assist efforts to imprison or persecute populations.”Footnote 154 Many more examples and voices deserve attention if we are to understand the myriad of ways in which biometric data-makings and flows may generate unintended effects, including the risk that incorrect data is replicated across different systems, may preclude individuals from applying for resettlement or from registering a child's birth.Footnote 155 Assembling existing accounts alongside adding additional examples of the impact of biometric data-making and flows on people whose data is being processed and shared would in important ways contribute to giving voice to individuals whose encounters may indeed make even more apparent why we need to pay attention to the risk of unintended consequences of expanding biometric intervention infrastructures.
Drawing on Tilley's notion of “living laboratory,” that analysis also unpacked how an important dimension of the imaginary of biometrics as central to counterterrorism is a quest for relentless real-world testing of new biometric systems, including new modes of collecting and connecting biometrics. Like in the case of the WFP, framing the limits of biometrics for infants as a call for more research, so too are other limitations framed as an invitation to add more: new trials, new capture devices, more biometric data. In this sense, the analysis alluded to another expansion, an inbuilt logic of continuity where failures are “offset” by adding more of the same. Failing to prove the reliability of biometrics for children under 5 years was formulated as an opportunity for more real-world trialing of infant biometrics. Failing to make biometric databases “interoperable” in Iraq and elsewhere has not genuinely challenged the imaginary of ubiquitous biometrics and accurate identification of enemies globally, but instead propelled new interoperability trials. With reference to “limited interoperability and sharing of data between humanitarian agencies” working in Somalia, a recent report points to efforts to explore “ways to establish interoperable databases.”Footnote 156 Again, this is not exclusive to counterterrorism biometrics but a tendency observed in relation to other counterterrorism engagements as well. Exploring French counterterrorism in the Sahel, Guichaoua argues: “This is a maximalist logic: failure does not lead to the withdrawal of an initiative but to the design of a new one.”Footnote 157
Attending to such logics, another interconnection becomes visible: for humanitarian and for counterterrorism purposes the use of biometrics involves “self-sustaining dynamics” whereby limitations and failures do not lead to questioning of devices or imaginaries but to calls for additional real-world trialing. For example, when the IOM replaced one-digit fingerprint readers with ten-digit readers, at eight Somali border crossings,Footnote 158 this was simply presented as a technical “upgrade” of existing systems, invisiblizing the politics of implementing new systems capable of checking “data records against national and international alert lists for suspected criminals.” Insofar as “failures” become productive, the implication is that biometric trials never fail in the sense of highlighting lack of evidence of biometrics as a counterterrorism panacea. They are only failures in a different sense: as productive of a quest for new trials, more biometric data and further interoperability.Footnote 159 To what extent may this logic impel infrastructural expansions that the analysis of this article presents a critical reading of? Attending to questions about data-makings, flows and infrastructural interconnections of counterterrorism biometrics and biometrics used by non-military actors, this article highlighted critical ambiguities and opaque distinction makings that challenge imaginaries of biometric accuracy and the often-unabated assumption that biometric data gathered by various actors is central to the design of counterterrorism operations.
Finally, can we fully appreciate the continuous expansion of biometric databases without asking questions about the role of donors and their influence on humanitarian actors’ practices of collecting and sharing biometric data? As the above-mentioned report from the UN Special Rapporteur notes: “donors have repeatedly pushed for the integration of biometrics in aid delivery.”Footnote 160 To what extent may biometric data-making confront humanitarian actors as a condition for receiving funding, defined by donors? Moving forward, we need to add such consideration to questions about the conditions under which biometric data is produced in order to appreciate how humanitarian actors confront difficult choices insofar as “no to biometrics” might mean no funding and thus, no assistance to the people whose exposure to risks from biometrics is thus entangled with their vulnerabilities without assistance in the first place. Yet, such consideration should certainly not downplay the critical importance of revisiting humanitarian and other actors’ biometric data-making and data-sharing practices.
