For sale on eBay: A military database of fingerprints and iris scans
For sale on eBay: A military database of fingerprints and iris scans
Exactly how the device ended up going from the battlefields in Asia to an online auction site is unclear.
Matthias Marx, a security researcher at the Chaos Computer Club, uses a SEEK II to scan his fingerprint in Hamburg, Germany, on Dec. 21, 2022. Andreas Meichsner /The New York Times
By Kashmir Hill, John Ismay, Christopher F. Schuetze and Aaron Krolik, New York Times Service
December 27, 2022
Facebook
Twitter
Email
Email
1
The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than what was promised in the listing.
The device’s memory card held the names, nationalities, photographs, fingerprints and iris scans of 2,632 people.
Most people in the database, which was reviewed by The New York Times, were from Afghanistan and Iraq. Many were known terrorists and wanted individuals, but others appeared to be people who had worked with the U.S. government or simply been stopped at checkpoints. Metadata on the device, called a Secure Electronic Enrollment Kit, or SEEK II, revealed that it had last been used in the summer of 2012 near Kandahar, Afghanistan.
ADVERTISEMENT:
The device — a relic of the vast biometric collection system the Pentagon built in the years after the Sept. 11, 2001, attacks — is a physical reminder that although the United States has moved on from the wars in Afghanistan and Iraq, the tools built to fight them and the information they held live on in ways unintended by their creators.
Exactly how the device ended up going from the battlefields in Asia to an online auction site is unclear. But the data, which offers detailed descriptions of individuals in addition to their photograph and biometric data, could be enough to target people who were previously unknown to have worked with U.S. military forces should the information fall into the wrong hands.
For those reasons, Marx would not place the information online or share it in an electronic format, but he did allow a Times reporter in Germany to see the data in person alongside him.
“Because we have not reviewed the information contained on the devices, the department is not able to confirm the authenticity of the alleged data or otherwise comment on it,” Brig. Gen. Patrick S. Ryder, the Defense Department’s press secretary, said in a statement. “The department requests that any devices thought to contain personally identifiable information be returned for further analysis.”
ADVERTISEMENT:
He provided an address for the military’s biometrics program manager at Fort Belvoir in Virginia where the devices could be sent.
The biometric data on the SEEK II was collected at detainment facilities, on patrols, during screenings of local hires and after the explosion of an improvised bomb. Around the time when the device was last used in Afghanistan, the U.S. war effort there was winding down. Osama bin Laden had been killed in Pakistan a year earlier — his identity reportedly confirmed using facial recognition technology.
One of the main concerns of military leaders at that time was a rash of shootings in which Afghan soldiers and police turned their guns on U.S. troops. They hoped that the biometric enrollment program would help identify any possible Taliban agents inside their own bases.
A 2011 “commander’s guide to biometrics in Afghanistan” described face, fingerprint and iris scans as a “relatively new” but “decisive battlefield capability” that “effectively identifies insurgents, verifies local and third-country nationals accessing our bases and facilities, and links people to events.”
The SEEK II has a tiny screen, a miniature physical keyboard and an almost comically small mouse pad. A thumbprint reader is protected by a hinged plastic lid at the bottom of the device. Like an ancient Polaroid camera, the machine unfolds to allow iris scans and to take photos. Marx used the SEEK II on himself; when he turned it off, a message popped up, asking to connect to a U.S. Special Operations Command server to upload the new “collected biometrics.”
Exactly how the device ended up going from the battlefields in Asia to an online auction site is unclear.
Matthias Marx, a security researcher at the Chaos Computer Club, uses a SEEK II to scan his fingerprint in Hamburg, Germany, on Dec. 21, 2022. Andreas Meichsner /The New York Times
By Kashmir Hill, John Ismay, Christopher F. Schuetze and Aaron Krolik, New York Times Service
December 27, 2022
1
The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than what was promised in the listing.
The device’s memory card held the names, nationalities, photographs, fingerprints and iris scans of 2,632 people.
Most people in the database, which was reviewed by The New York Times, were from Afghanistan and Iraq. Many were known terrorists and wanted individuals, but others appeared to be people who had worked with the U.S. government or simply been stopped at checkpoints. Metadata on the device, called a Secure Electronic Enrollment Kit, or SEEK II, revealed that it had last been used in the summer of 2012 near Kandahar, Afghanistan.
ADVERTISEMENT:
The device — a relic of the vast biometric collection system the Pentagon built in the years after the Sept. 11, 2001, attacks — is a physical reminder that although the United States has moved on from the wars in Afghanistan and Iraq, the tools built to fight them and the information they held live on in ways unintended by their creators.
Exactly how the device ended up going from the battlefields in Asia to an online auction site is unclear. But the data, which offers detailed descriptions of individuals in addition to their photograph and biometric data, could be enough to target people who were previously unknown to have worked with U.S. military forces should the information fall into the wrong hands.
For those reasons, Marx would not place the information online or share it in an electronic format, but he did allow a Times reporter in Germany to see the data in person alongside him.
“Because we have not reviewed the information contained on the devices, the department is not able to confirm the authenticity of the alleged data or otherwise comment on it,” Brig. Gen. Patrick S. Ryder, the Defense Department’s press secretary, said in a statement. “The department requests that any devices thought to contain personally identifiable information be returned for further analysis.”
ADVERTISEMENT:
He provided an address for the military’s biometrics program manager at Fort Belvoir in Virginia where the devices could be sent.
The biometric data on the SEEK II was collected at detainment facilities, on patrols, during screenings of local hires and after the explosion of an improvised bomb. Around the time when the device was last used in Afghanistan, the U.S. war effort there was winding down. Osama bin Laden had been killed in Pakistan a year earlier — his identity reportedly confirmed using facial recognition technology.
One of the main concerns of military leaders at that time was a rash of shootings in which Afghan soldiers and police turned their guns on U.S. troops. They hoped that the biometric enrollment program would help identify any possible Taliban agents inside their own bases.
A 2011 “commander’s guide to biometrics in Afghanistan” described face, fingerprint and iris scans as a “relatively new” but “decisive battlefield capability” that “effectively identifies insurgents, verifies local and third-country nationals accessing our bases and facilities, and links people to events.”
The SEEK II has a tiny screen, a miniature physical keyboard and an almost comically small mouse pad. A thumbprint reader is protected by a hinged plastic lid at the bottom of the device. Like an ancient Polaroid camera, the machine unfolds to allow iris scans and to take photos. Marx used the SEEK II on himself; when he turned it off, a message popped up, asking to connect to a U.S. Special Operations Command server to upload the new “collected biometrics.”
