News | Jan. 1, 2014

Biometric-Enabled Intelligence in Regional Command-East

By David Pendall and Cal Sieg Joint Force Quarterly 72


Biometric-enabled Intelligence (BEI) has established its value throughout Regional Command–East even though the full potential of biometrics-related collections and applications remains unknown. Importantly, the concept has gained traction at the general government level as well as locally, where Afghan National Security Forces and allies and adversaries are seeing the forensic footprints insurgents leave behind being exploited to erase insurgent anonymity, which has served as a traditional hiding place. Arrests and warrants are up, and BEI operations have impacted insurgents' ability to lead their movement and lower-level cells' ability to function. The pressure grows as coalition and Afghan forces employ biometrically developed watch lists and "be on the lookout" messages as part of focused hunts for offenders.

In Afghanistan, coalition and Afghan National Security Forces (ANSF) continue to leverage an important component of the counterinsurgency and counterterrorism fight: biometrics. Simply put, biometric-enabled intelligence (BEI) efforts are producing a high return on operations designed to collect and exploit information about insurgents. Consider a few key metrics. A majority of our operations produce biometric information that leads to arrests, warrants, and the removal of insurgent anonymity. Furthermore, increasing components of our successful insurgent-targeted operations are a result of our biometric collection and enrollment processes. Across Regional Command–East (RC-E), biometric intelligence-driven operations have achieved major impacts on the insurgent ability to maintain leadership and lower-level cell structures as both coalition and Afghan forces regularly employ biometrically developed insurgent watch lists and “be on the lookout” (BOLO) messages and as they execute deliberate detention operations.

The biometric enrollment program in Afghanistan began in earnest in 2006. Since then, hundreds of thousands of biometric records have been ingested in both coalition and Afghan databases. In total, we have developed an extensive repository of biometric data across Afghanistan. Additionally, these same modes of biometric data allow both coalition and Afghan forces to protect themselves by ensuring that the ANSF, local national workforce, Afghan Local Police, and reintegrating insurgents (and criminals) are who they say they are and can be screened against derogatory information (matches for previous incidents such as improvised explosive device [IED] attacks and other events that leave biometric information behind). The biometrics program is an invaluable part of the campaign that has even greater potential in the future.

Biometric eye scanner identifies patients arriving at hospital at Bagram Airfield (U.S. Army/Chris Hargreaves)

Biometric eye scanner identifies patients arriving at hospital at Bagram Airfield (U.S. Army/Chris Hargreaves)

Applying BEI

Enrollment is merely the first step in the application of this tool for counterinsurgency and counterterrorism. Enrollment comes from volunteerism in local villages, often supported by the village elders and leaders, as well as involuntary enrollment of detained individuals believed to be witnesses or having direct involvement with security incidents. Both coalition and Afghan forces are involved in the enrollment phase since operations in Afghanistan are inherently partnered—that is, combined operations are the standard.

Following enrollment and upload of the biometric data to the data repositories, the anonymity previously counted on by the insurgent is removed. This step is crucial as it leads to the ability to identify individuals with previous events that have associated biometric-based facts. The extraction of the biometric data begins with an event, and additional biometric information is gained through forensic means to recover trace elements and fully admissible biometric information for both prosecution and intelligence exploitation. The Afghan rule of law sector—the Ministry of Justice, courts, judges, and prosecutors at the national level—understands the significance of biometric evidence and supports its use for making the case against insurgents. The intelligence and operations communities—Afghan and coalition—use the exploitation to trace individuals back to events. This gives the combined team a great advantage over the enemy that it must use.

For those elements that are identified and are transient, BEI offers even greater advantages. The combined team regularly uses checkpoints and other random screenings along traffic routes, fixed facilities, and areas where locals regularly concentrate such as bazaars and markets. Coupled with an active BOLO program and electronic checks against watch lists, the “out of towners” are either identified, enrolled and matched, or correlated with previous enrollments in other areas, which highlights them as mobile actors. Each of these actions flags the individuals and allows security forces to know more about them and to take appropriate steps such as questioning, enhanced search, or detention.

For specific, deliberate actions such as directed detention operations, the execution of police force high-risk warrants, and targeted raids against identified insurgents, the combined team has leveraged biometrics to confirm identities on the objective, confirm linkage of the detained individuals to previously committed insurgent or terrorist acts, and collect additional biometric evidence.

Why We Do It: The Payoff

The overarching purpose of using BEI- and biometrics-based toolsets is to deny anonymity and increase the effectiveness of security and police operations. This premise also begs additional questions: Is it sustainable for future Afghan security forces? Does the Afghan rule of law process fully condone and embrace the use of biometrics? Are the biometrics processes subject to countermeasures by insurgents? Are insurgents dissuaded by biometrics capabilities? As we address these valid questions, keep in mind the broader element in play: we are likely only in the early stages of biometrics as a 21st-century capability for nation-state security.

Just as U.S. security and justice systems in the 20th century benefited from the use of fingerprint enrollments, “mug shots,” and DNA, scientific and technological breakthroughs coupled with readily accessible national data bases are likely to benefit us in the 21st century. The full potential remains unknown. We regularly read about “cold cases” being solved, death row inmates being cleared or convicted based on new DNA evidentiary technologies, and new biometric forensic extraction techniques that tie violent acts to previously unknown terrorists. Having consistent biometric ingestions and data compilation from individual enrollments and from attack or crime scenes will set conditions to better enable security and law enforcement elements in the future both in Afghanistan and as part of our own homeland security initiatives. Since the world is increasingly linked, and a day’s travel can move both individuals and material to nearly any spot on the surface of the Earth, it is an investment in security we should not allow to go unresourced.

In terms of Afghan sustainability, both the government and security forces are demonstrating signs of readiness to pursue biometrics in their own rights. We do not delve into the question of funding here, but we do highlight the fact that the rule of law sector acknowledges biometrics as a legal tool and accepts biometric forensic data in national courts. Afghan security forces are increasingly trained in evidence collection, handling, and retrieval. The government maintains its own biometric database, its own access to enrollment technology, and a growing forensically trained workforce. Additionally, the government is expanding a warrant-based targeting program, issues warrants based on biometrically derived evidence, and has a growing information technology infrastructure to allow better access to biometric and other identity-based information for select fielded forces and operating units. Coalition and other international efforts continue to enable the ANSF and the security- and justice-related ministries to pursue these capabilities. The issue ultimately is one of confidence and established practice with sustainable processes, not lack of interest or basic capability.

The Afghan rule of law sector has supported biometrics as addressed above, and increasingly the courts look for biometrics as a component of the prosecution’s case. Whether it is fingerprints, DNA, or photos of insurgents at the crime scene with seized illegal material, we can confidently state that biometrics are fully embraced by the Afghan legal system at the national level, as evidenced by the actions of the National Security Court at the Justice Center in Parwan (JCIP). The regularly issued criminal warrants from the Ministry of Justice further empower the combined team and ANSF to conduct direct actions and detentions of individuals wanted by the courts. As an enabler to this, the RC-E team provides a mechanism for distribution of warrants and BOLOs in English, Dari, and Pashtu, with the individual’s photo and explanation of the offense. Even matched identities without warrant can be distributed as BOLO information to security forces and placed on leaflets and other media.

BOLO/Warrants (Rule of Law)

In RC-E, the BOLO produced by Combined Joint Task Force (CJTF) Paladin is the foundation upon which the rule of law apprehension program is being developed. These IED-related BOLOs are simply a storyboard detailing an IED event (whether detonation occurred or not) with the results of the exploitation of the site or device and the subsequent identification made by biometric means. This connection between the identified person and the device is sufficiently documented (to include a photo of the subject) and causes issuance of the BOLO. This same information is also submitted to the Anti-Terror Prosecution Directorate (ATPD), which utilizes the information to issue a National Security Warrant (NSW).

To achieve more acceptance of BOLOs by Afghans, the format was changed from a rather bland appearance to a more colorful look. These new BOLOs were issued in 2011. Their nickname of “Jingle BOLO” comes from the colorful trucks seen throughout Afghanistan (called “jingle trucks”). The Jingle BOLOs were designed to be more culturally appealing. We observed a noticeable increase in Afghan acceptance and use of these BOLOs over the following year.

The CJTF Paladin BOLOs occur as the result of post-blast analysis (PBA) conducted by the various explosive ordinance detachments supporting the overall mission. This PBA yields items of evidentiary value in varying forms. The Afghanistan Captured Material Exploitation Laboratory (formerly the Combined Explosives Exploitation Cell and Joint Expeditionary Forensics Facility labs) receives the items and conducts extensive scientific analysis and testing, often producing biometrically identifiable samples that will support positive matches for identification purposes. These matches can be used to initiate a warrant for identified individuals involved with the security incident. Often, these warrants are also used to create the Afghan BOLO report that is disseminated to the ANSF.

While the BOLO is not an official Afghan document, it does contain what some would term “sufficient cause” (“probable cause” in our system) for a judicial order. In this case, the ATPD reviews the “evidence” relating to the IED event (with subsequent positive identification), and, once satisfied, the ATPD issues an NSW. This warrant is significant in that as an official Afghan government “order,” it should be followed and its execution should not only be expected but compelled. Unlike the BOLO, the NSW must be given due deference, and it is the responsibility of the Afghan law enforcement community to aggressively pursue the subject of the warrant.

Army Secretary John McHugh (speaking) and Army Chief of Staff General Raymond T. Odierno testify before House Armed Services Committee (U.S. Army/Teddy Wade)

Currently, there are roughly 150 CJTF Paladin IED BOLOs issued in RC-E (see tables 1 and 2) with459 throughout Afghanistan, and 73 CJTF Paladin IED NSWs issued in RC-E with 305 throughout the country. While the majority of apprehensions based on these BOLOs and NSWs are essentially the result of “military” (either coalition forces or ANSF) missions, there have been apprehensions based purely on Afghan law enforcement actions. As rule of law becomes more widespread, law enforcement will become more involved in the apprehensions of these BOLO and NSW subjects.

To assist the ANSF, the RC-E has instituted a program to make these BOLOs and warrants available to the ANSF electronically by uploading them to a public Web site that has been established as a leave behind system for use by the Afghan government and people. This site, called Ronna(Pashto for “guiding light”), is a relatively new concept, and its use can be termed “in its infancy” at best. Properly utilized, Ronna can provide a simple tool for Afghan law enforcement to utilize in managing a basic wanted persons program.

Ronna in Support of the BOLO/Warrant Program

In July 2011, Ronna was targeted as a potential repository for the CJTF Paladin BOLOs and resulting warrants issued by the ATPD. In a sense, the American National Crime Information Center system would be replicated in that these BOLOs and warrants would be available electronically and would cover all of Afghanistan.

The first phase of the process was to upload all CJTF Paladin BOLOs and IED-based NSWs. This project began in September 2011, and, as mentioned, over 450 BOLOs and 305 warrants have been uploaded. The second phase of the process (currently under way) is to ensure the widest possible dissemination of the capabilities of Ronna as it relates to support of the law enforcement mission. To achieve this end, law enforcement professionals have been informing their contacts during key leader engagements of the existence of Ronna, that it can be viewed in either Pashtu or Dari, and that wanted person information is contained therein regarding those individuals linked to IED events by biometric evidence. It is envisioned that the Operations Coordinating Centers Regional and Provincial, a combined coalition force–Afghan force site existing in almost all provinces throughout the country, will be the springboard for implementing electronic searches for BOLOs and warrants by ANSF.

To be sure, success is not guaranteed. There are yet issues to overcome such as high illiteracy rates among ANSF, lack of computers and connectivity, infiltration of ANSF by insurgents, and government interference from either outright corruption or simple bureaucratic meddling/control. If, however, even marginal success is achieved, the message to Afghan law enforcement would be that this electronic medium could provide great assistance and support in the mission of service to the people.

Biometrics and the Afghan Judicial System

Experience and lessons learned from Iraq have shown that the judiciary will accept biometric evidence if it has been educated in the process of biometrics including not only the scientific basis for reliability but also the actual collection, preservation, and security (chain of custody) of such evidence.

In Afghanistan, the model for successful use of biometric evidence in criminal prosecutions is the Afghan National Security Court located at the Justice Center in Parwan. The trials conducted at the JCIP are entirely Afghan administered and controlled, using Afghan laws, judges, prosecutors, defense lawyers, and investigators. Justice advisors from the U.S. Defense and State Departments mentor, train, and advise these prosecutors, defense counselors, and judges at both the primary court and appellate court levels.

Army Secretary John McHugh (speaking) and Army Chief of Staff General Raymond T. Odierno testify before House Armed Services Committee (U.S. Army/Teddy Wade)

The use of biometrics in prosecutions at JCIP now plays a prominent role in the convictions of those individuals who have been so matched to criminal offenses. The majority of these criminal cases involve biometric matches to instrumentalities of criminal acts. This use of modern science by the Afghan National Security Court has resulted in convictions in almost every case where a biometric match has been made between the defendant and the criminal instrument (compared to a roughly 80 percent conviction rate in all prosecutions). The success story does not end with convictions alone. In cases involving DNA evidence, sentencing is consistently longer than those without DNA use (see figure).

While the success of biometric evidence use in court has become the norm at the JCIP, this is not the case in the primary courts at the provincial level. Although the government has established its own forensics laboratories, there has yet to be infusion of lab results into the mainstream judicial system. Afghans still require a concerted training and indoctrination program for those judges below the national level in the acceptance and use of biometric-based evidence. Work continues to develop the evolution of forensics use and availability for the primary courts (judges, investigators, prosecutors, and defense attorneys) at the provincial level and below and in the use and acceptance of biometrics as credible evidence.

So does widespread biometric use dissuade the insurgent from participating in crimes or terrorist events? We believe so. This is not true for every insurgent, and we are not painting this capability as a panacea for counterinsurgent strategy. The facts are that insurgents understand that the ANSF and coalition can remove their anonymity permanently. They know that when they are enrolled they are no longer unknown. Those reintegrated know they are forever registered, and a return to the insurgency will not be without great risk for recapture or increased sentence when they are prosecuted. The resultant pressure from knowing these facts does change behavior, which could and should be exploited. In a growing number of operating areas, the use of billboards, leaflets, and television and radio broadcasts routinely make “most wanted” lists of insurgents public, with tip line and contact information for citizens to provide information. Village elders and community leaders are aware of the programs and understand the practical use of biometrics against insurgents.

Three Success Stories

“Hey, I’ve Seen You Before!” As Gul and Mohammad, members of an Afghan local police force, sat at their checkpoint surveying the countryside, they noticed people walking slowly down the road toward them. As the small group reached the checkpoint, Gul and Mohammad, who like many of their comrades were unable to read, matched the faces before them with the BOLO photos hanging on the wall. Gul, closely examining the five faces, asked a male in his late 20s to step forward. As he did, Gul pulled down a BOLO from the wanted board behind him and studied both the face in the poster and face in front of him. With a broad smile, Gul told the man “You are mine” and took him into custody. The face on the BOLO was an individual identified as being involved in multiple IED events. He had years earlier been biometrically enrolled by a U.S. Army patrol that encountered him during an enrollment mission.

It did not matter that the Afghan police officers who identified and apprehended him could not read or write. What did matter was that by using the earliest form of biometric identification, facial recognition, the officers removed a dangerous bomb maker from the battlefield, making the area safer for not only coalition and Afghan security forces, but also innocent Afghan citizens who have been victimized by war for decades.

The Lone Bomber. Two police officers watching from their vehicle saw an approaching motorcycle and knew immediately that something was wrong. The motorcycle’s speed and erratic movement dictated a stop and inquiry. The police asked for proof of identity but none was produced. After incomplete or evasive answers to routine questions, the police transported the motorcyclist to a nearby police station for further investigation. He had no identification documents and continued to be evasive regarding his identity, so he was subjected to an iris scan that identified and connected him to over a dozen bombing events. He was placed under arrest and a further check via computer under his true name revealed not only a BOLO, but a national security warrant on him as well.

The Bomber Gang. A group of insurgents had been operating in a rural agricultural province in eastern Afghanistan for some time, plying their deadly trade as bomb makers and emplacers. Their activity resulted in the killing and wounding of International Security Assistance Forces as well as ANSF. It was just a matter of time until they were identified with a particular IED and apprehended. All told, 39 separate attacks contributed to the identification matches and subsequent apprehensions. In some instances, the IED events from which the evidence derived occurred years before.

In early August 2011, the gang appeared before the JCIP. It was the first IED network case to appear before this court. Of the 11 suspects from the Mota Khan District of Paktika Province, all but one had been biometrically matched to the 39 separate events. The 10 biometrically matched suspects were convicted of violations of Articles 19 and 14 of the Afghan Penal Code with sentences of 14 years for four of the defendants, 9 years for another four, and 2 years for two. The Combined Explosives Exploitation Cell Lab (now the Afghanistan Captured Materials Exploitation Lab) provided 13 latent to known matches. DNA labs provided 29 DNA to known matches. CJTF Paladin’s Theater Explosives Exploitation Cell provided six replicas of the primary devices that were recovered as evidence.

While these events might seem to be routine examples of good police work in the United States, Europe, or other developed nations, there was nothing routine about them occurring in remote parts of Afghanistan. The use of biometrics and supporting Internet connectivity is a major success story in the continuing transition to rule of law in the country. The use of biometrics in identifying IED makers and emplacers has been an ongoing achievement, first in Iraq and now in Afghanistan.

As in all biometric matching programs, first and foremost, a well-populated reference (or comparison) database must be established. Obviously, the more references available (identified persons via biometric identifiers such as DNA sample, fingerprint sample, and/or iris scan), the greater the probability that there will be a match from biometric evidence taken from an IED or other event of a criminal nature.

Insights from Afghanistan

Collections and enrollments matter and increase the effectiveness of all other operations. As more elements of a selected population are enrolled and more forensic evidence is collected, there is a substantial increase in ratio of operations to matches. Considering the close-knit nature of a community and the consistent patterns of the insurgency—inherently a localized minority group of insurgents (and criminal elements) conducting the majority of attacks—the biometric program advantages to the combined team multiply with every ingest of biometric data. Even the out-of-towner or foreign fighter transient is placed at greater disadvantage.

Border police at Wesh review information flier about Afghan 1000 Biometrics Facility (U.S. Army/Joseph Johnson)

Border police at Wesh review information flier about Afghan 1000 Biometrics Facility (U.S. Army/Joseph Johnson)

Back-end database management, rapid dissemination, and data ingest from collections and enrollments are critical in maintaining speed and actionability for operating forces. The need for regular updates and watch list refresh directly enables BEI and follow-on successes. Information technology must continue to support the data transfer and dissemination processes via coalition and Afghan infrastructures.

The enrollment of biometric data, whether individuals are enrolled directly or through forensic extraction, is especially important for foreign fighters and transient populations. As stated earlier, these individuals are part of a population base demographic that could impact the security of multiple nations, demonstrating the global nature of the 21st-century security environment.

Incident tracking and analysis will discern patterns and enable better planning for security operations. Units should never enter an area for targeting raids, deliberate detentions, or clearance operations without knowing who they will likely encounter. “Never going anywhere for the first time” is a great proposition. The BEI-based process of developing biometric named areas of interest allows units at all levels to pull the known entities from the database and plot them (by site of enrollment or by associated event location) on the operations graphic as an overlay. Units can review the density of previously enrolled individuals, review in aggregate or by individual, assess threats based on matches to security incidents, and better predict where these individuals are likely to be ahead of the operation, especially when they integrate the biometrics with other all-source intelligence as part of the intelligence preparation.

Treat every event as a means to collect additional biometrics. The planning phase of every operation should include the biometric enrollment and battle drill for the collection and preservation of evidence for further forensic biometric exploitation. Treating every site or event as a crime scene and an intelligence operation will produce positive effects. The use of properly collected materials and the thorough processing of detainees will pay off in terms of prosecution and lead to additional actionable intelligence.

Continue to migrate biometrics to the application and support of rule of law. As the obvious endstate of a successful counterinsurgency campaign, rule of law in the 21st century must include the latest scientific advances in the field of criminal justice. Although biometrics has been introduced successfully to the Afghan courts, its use must become more widespread as not only an investigative tool, but also as credible evidence with an understanding of its value in ascertaining truth.

The full appreciation of the biometrics program and BEI is a key enabling factor in the continued progress of the counterinsurgency in Afghanistan. Moreover, the implications of future biometrics-related collections, exploitations, and applications are promising if not yet fully known. As we continue to see great gains and daily successes in Afghanistan by our ANSF partners, as well as direct payoffs for units that fully leverage current best practices, we can confidently state that the biometric component of the fight in Afghanistan is an investment in our future. Our national security forces have an ever-advancing capability in biometrics and BEI to reduce our collective risks, aid our allies, and defeat our adversaries. JFQ