Digital Footprints in Afghanistan

Key Takeaways

  • Afghans that helped Western forces over the last 20 years are racing to delete their online histories in fear that the Taliban will punish them for their involvement

  • A number of resources are being provided to help Afghans swiftly erase their online presence, but deleting evidence of their help to the U.S. could hurt their chances when applying for asylum

  • The U.S. has its own footprint to worry about too; left behind digital hardware could expose sensitive information and be sold to the U.S.’s enemies

Afghans racing to delete their online lives

People in Afghanistan are seeking to delete their online history in fear of Taliban retribution, ranging from journalists to those who worked with western troops and NGOs over the past two decades. Though the Taliban spokesperson Zabihullah Mujahid told the press conference that it wouldn’t be seeking “revenge” against people who had opposed them, many Afghan people are understandably still worried.

After the US forces invaded Afghanistan in 2001, they hired thousands of locals to work as translators and contractors at military bases. US-backed organizations such as USAID hired Afghans to promote girls education and democracy. Other foreign-funded programs were specifically aimed at promoting arts, culture, music and media freedom — many of which the Taliban previously banned in its 90s regime. All the Afghans who helped these foreign initiatives now fear what the Taliban will do to them or their families for being involved.

Human Rights First, a US-based advocacy organization, has published two aids: first, a Farsi-language version of its guide on how to delete digital history (view English version here) that it originally produced last year for activists in Hong Kong; and, a manual on how to evade biometrics in English, Pashto, and Dari.

These Afghans with Western ties are also facing a life or death dilemma about whether or not to delete the very documents that could help them escape Afghanistan. The Afghans who worked with western forces or embassies have to furnish documents and proofs that might include emails from US soldiers to apply for asylum. The more of the digital history they delete, the less they have to attach with their applications. Keep this evidence and they risk persecution from the Taliban, delete it and they may find their only way out no longer available.

What Afghans can’t delete

Afghans may choose to delete their online profiles, messages, and contacts, but there are loads of information about Afghan citizens and their associations held on databases out of their control.

"We are also very concerned about databases retained by aid agencies and other groups, and alarmed that there is no clarity whether mitigation measures are being taken to either delete or purge information that can be used to target people," said Raman Jit Singh Chima, Asia Pacific policy director at Access Now.

The digital identity cards, the Tazkira, can expose certain ethnic groups, while even telecom companies have a "wealth of data" that can be used to track and target people, he added. The responsibility to secure these data systems was ultimately that of the Afghan government, but Western forces probably had a role in designing the systems in the first place and helping with implementation. It’s hard to say what the US and its Allies can do now to prevent these databases from being infiltrated by the Taliban.

What about the U.S. footprint?

After nearly two decades in Afghanistan, the breadth of the U.S. footprint is posing a challenge during a quick evacuation. The U.S. fears that the Taliban will seize what they leave behind, and, indeed, the Taliban has already secured large amounts of military hardware from the United States including rifles, humvees, ammo, planes, and night-vision goggles.

Part of the U.S. presence was an immense digital footprint that if found by the Taliban has similarly serious implications as the military hardware. Evacuation procedures can’t account for every piece of digital hardware left in Afghanistan after such a lengthy presence or for information shared with allies and local partners.

There are protocols for not leaving a digital trace and we can assume that the vast majority of classified information that lived on-premises in Afghanistan was flown out or destroyed. Also, nowadays most of the government’s highly sensitive data is stored in the cloud rather than on-prem. However, in a rushed evacuation like we just saw, protocols are not executed perfectly and things are surely forgotten

The sensitive data that we left behind goes beyond “incriminating” Afghan citizens, it poses a national security threat to the U.S. And it will surely be sought by U.S. adversaries outside Afghanistan, such as Russia and China, that are willing to pay for whatever data the Taliban can provide

Taliban already seized U.S. biometric technology

In 2002, the US established a program to collect the fingerprints, iris scans and facial images of Afghan national security forces. The program’s initial goal was to keep criminals and Taliban insurgents from infiltrating the army and police force. To collect and store this data, the US Department of Defense launched its Automated Biometric Identification System (ABIS) in 2004.

Over the years, the biometrics initiative has had both coalition and Afghan troops from multiple biometric task forces collecting fingerprint, iris and genetic biometric data from as much of the population as possible, now in the millions.

Some of this biometric equipment is now in the hands of the Taliban, “We understand that the Taliban is now likely to have access to various biometric databases and equipment in Afghanistan,” wrote US-based Human Rights First this week. “This technology is likely to include access to a database with fingerprints and iris scans, and include facial recognition technology.”

In 2016, Taliban insurgents killed 12 passengers on a bus they stopped after requiring everyone to scan their fingerprints on a biometric machine that cross-checked a database of security force workers. The worry is that the Taliban will be able to use the newly seized biometric equipment and data to carry out a more widespread search for people who worked in the coalition-backed regime.

With the whirlwind of news surrounding the U.S. pullout from Afghanistan in the last week, it’s easy to forget about something like the data privacy implications, but the digital footprints left in that country by citizens and foreign countries can be just as critical to protect as military hardware.