Wednesday, December 21, 2011

U.S. Military Departs Iraq, Takes Huge Biometric Database with It

U.S. Holds On to Biometrics Database of 3 Million Iraqis (Wired)

Two things are going on here. First, the United States is keeping the biometric (and other) information it gathered on some three million Iraqis over the length of its involvement in Iraq. Second, the military is not going to share that information with the Iraqi government it leaves behind, though it would be a simple and inexpensive thing to do. After all, information is not like cake — you can have your data and eat (or share) it, too.

The digital database is the property of Central Command’s intelligence shop in Tampa, Florida. It is conspicuously not in the control of the Iraqi government. Taylor says that the Iraqis might be able to access the database’s contents if they go “through the [U.S.] embassy” in Baghdad.

“Common sense-wise, we still have an interest there in helping our Iraqi partners,” Taylor explains, “and that information might be helpful to them should there be any issues.”

Taylor doesn’t say why the U.S. didn’t hand over its biometrics toy to the Iraqis. But there’s an obvious reason: Iraq’s sectarian divides have not healed. And a database filled with uber-specific information about approximately 10 percent of Iraq’s population could represent a wish list for a death squad, militia or insurgent group — some of which are aligned with Iraqi political parties.
This thought-provoking article addresses the issue of what happens to biometric information (or any other military intelligence, for that matter) when a military campaign is wound down.

Don't read it expecting firm and definitive answers, though. The article raises as many questions as it answers. John at the M2SYS blog does an excellent job of making explicit the questions the Wired article begs.

Answering the questions, however, will require a political, legal and military analysis rather than a technical analysis. After all, ID management is about people.

UPDATE: John at M2SYS, asks via Twitter:

I think it's highly unlikely that there will be a privacy backlash, at least among Iraqis.

The Iraqis (esp. Sunnis) friendly toward the U.S. military who had their biometrics captured are probably extremely relieved that the U.S. military has decided not to give the current Iraqi government their info. As for Iraqis of more violent intent, they're already lashing back and it's not over privacy concerns.

Once the U.S. military made the decision that it was going to keep the biometric database information — and it would have been truly astounding had it decided otherwise — exercising caution in how the data is shared lowers the risk that harm will come to individuals in the database and arguably demonstrates respect for the privacy of any ordinary Iraqis in the database.

It's also important to draw a contrast between violations of privacy that lead to more spam, phishing and identity fraud and the kind of privacy violation that can lead to political persecution, torture, prison and loss of life. My guess is that Iraqis worry more about the latter than the former and the former isn't very likely to result from the U.S. military's possession of the biometric data in question.

On another note, nothing prevents the U.S. from co-operating with the Iraqi government using the biometric data it has gathered on a case-by-case basis in the future. They simply decided not to turn over the whole database now, no questions asked.