Gaps in biometric data sharing leave U.S. open to attack: GAO
- By William Jackson
- Oct 16, 2008
Failure to share the biometric data military personnel collect
in combat areas with counterterrorism agencies at home could
endanger the country’s security, the Government
Accountability Office concluded in a new report.
Although the military collects biometric data on people engaged
in suspicious activities in combat areas in Iraq and Afghanistan,
the type of data collected is inconsistent and not always shared,
despite policies that call for sharing such data.
“Gaps in [the Defense Department’s] and other
agencies’ biometrics collection and sharing processes can
increase the risk that terrorists will avoid identification in
subsequent encounters with U.S. personnel during military
operations, the visa application process and U.S. border
crossings,” GAO auditors wrote in their report.
Efforts are under way to develop a technical and organizational
framework to enable such sharing, but until then, the gaps must be
filled with greater interagency cooperation, GAO auditors
GAO recommends that “until a formalized, governmentwide
biometrics data-sharing architecture is implemented, the
secretaries of Defense and Homeland Security, in consultation with
other federal agencies, such as the FBI and [State Department],
determine if biometrics information-sharing needs are being met and
address, as appropriate, any biometrics data-sharing gaps that may
exist, in accordance with U.S. laws and regulations and
international agreements, as well as Information Sharing
Environment efforts,” the report states.
The report, titled "Defense Management: DOD Can
Establish More Guidance for Biometrics Collection and Explore
Broader Data Sharing," is a public version of a classified report
released in May.
DOD has issued guidance for collecting biometric data from
people who are detained or authorized to access U.S. facilities in
Iraq, but there are no guidelines on data that is collected during
operations in combat areas. DOD prefers to give commanders in the
field the flexibility to gather what they deem is appropriate under
“This flexibility results in the collection of different
data that are not necessarily comparable to each other,” the
GAO report states. “Some units may collect iris images while
others collect fingerprints, which are not comparable data. Broader
national security implications can arise, such as military
personnel’s inability to identify someone who has harmed or
attempted to harm U.S. or coalition forces.”
GAO recommended establishing minimum baselines for standardizing
biometric data collection in the field.
“Having a standard set of biometrics data would help
ensure consistent identification and confirmation of an
individual’s identity, thus allowing forces to compare data
across multiple databases in different commands and to determine
whether individuals should be detained,” the report
DOD officials objected to that recommendation, saying they
prefer to rely on commanders’ judgment on what data to
collect. They agreed that there is a need to determine if
information is being adequately shared and said they are
participating in interagency forums created to address the
Data sharing is already official DOD policy. In January 2007,
the deputy secretary of Defense issued a memorandum requiring the
department to share unclassified biometric data with other agencies
that have counterterrorism missions, as the law allows. However,
the process can be cumbersome and requires, “at a minimum, a
written memorandum from a requesting agency stating the official
need for the data, the intended use of the data, the protections
and safeguards that will be afforded the data, and the nature or
extent of possible further distribution of the data to other
organizations or agencies,” the GAO report states.
The government also lacks a centralized watch list or database
of biometric data on possible terrorists. To date, there are three
primary depositories for such data: the FBI’s Integrated
Automated Fingerprint Identification System; DOD’s Automated
Biometric Identification System; and the DHS Automated Biometric
Identification System, which DHS uses for border patrol, customs,
naturalization, and counterterrorism activities and the State
Department uses as part of its visa-approval process.
The agencies have established formal and informal arrangements
for sharing data, but there is no overarching federal policy or
architecture for doing so.
Although efforts are under way to establish such a framework,
“until such national-level policies are developed and
implemented, opportunities to fill or reduce gaps in our national
security through comprehensive data sharing may be lost unless
remaining needs for biometrics data are appropriately
filled,” the GAO report states.
William Jackson is a Maryland-based freelance writer.