The data left behind: How the Taliban could mine Afghan data to target U.S. allies

U.S. officials racing to evacuate Afghan allies have limited time before another threat comes into play: vast digital data stores that will expose Afghans’ ties to American operations on a massive scale once in Taliban hands.

Telecom companies store reams of records on who Afghan users have called and where they’ve been. Government databases include records of foreign-funded projects and associated personnel records. And stashes of biometric data like fingerprints make people easy to identify.

“There’s almost no doubt that they’ve gotten their hands on an enormously valuable trove of information that they can exploit at their leisure,” said Thomas Warrick, a former Department of Homeland Security counterterrorism official.

American forces and diplomats rushed to destroy their own records on Afghan citizens as they departed, but the rapid takeover of Kabul left large stores of data open for exploitation inside Afghan businesses and government offices. That gives today’s technologically adept Taliban tools to target Afghans who worked with the U.S. or the deposed Afghan government with unprecedented precision, increasing the danger for those who don’t get out on evacuation flights.

Much of the attention has been on the race to scrub data off the internet: The U.S. government has taken down videos, stories and photos of Afghans from its sites, as have many Afghan businesses. Social media companies including Facebook, LinkedIn and Twitter are rolling out tools to help limit who sees Afghan users’ profiles, posts and connections. But those efforts don’t touch the huge collections of data sitting in Kabul.

Take call logs. Telecommunications companies keep a record of nearly every phone call placed and to whom. U.S. State Department officials used the local cell networks to make calls to those who were working with the United States, including interpreters, drivers, cooks and more, said Walter Koenig, a former U.S. diplomat who worked with Afghan private sector businesses from 2011 to 2015.

“I don’t think anything’s off the table in terms of any personal rights,” Koenig said of the Taliban. Even before they gained control of the country, the Taliban had attacked telecom infrastructure and extorted mobile phone companies.

Call records would be particularly useful to the Taliban, said Tamim Samee, an Afghan-American entrepreneur who ran an information technology company in Afghanistan in the mid-2000s.

“That is the scary part, because if they find one central person for their purposes, and then want to figure out who called them, they could certainly go to the company that owns that number, and ask them to give the call records,” said Samee, whose company designed databases for telecom companies, among others. “In this case, the company will do it.”

Under the former government, an agency could submit a request for cell phone call records through the Ministry of Communications, which could force companies to provide the data. But that was a “judicial process” unlikely to be followed by the Taliban, Samee argued.

And it goes beyond call logs. Cell phones and mobile apps share data about users with third-party apps, such as location data, that the Taliban could easily get, said Welton Chang, chief technology officer at Human Rights First, a human rights advocacy group.

“It’s possible that it’s as simple as a Taliban official walking over to an office building and saying ‘You have to turn over this data set to us,’” said Chang, who is also a former Defense Intelligence Agency and Army intelligence officer.

The U.S. helped create some of the data through funding and efforts to modernize the government. The former Afghan government started collecting biometric data about Afghan citizens, including military personnel, in 2006, and the U.S. government helped the country set up the ability to wiretap and monitor phone calls for surveillance purposes. Afghan citizens’ ethnicity information can also be found in databases supporting the national ID system and voter registration.

Afghan government offices also have troves of databases and tax records that could reveal people’s connections to U.S. or other foreign-backed efforts. International non-governmental organizations, for example, had to provide the names of key staff members, along with copies of founding and board members’ “educational and ID documents” when registering to work in the country. During their previous rule, the Taliban scoured paper documents like military commendation records to target those who supported the former communist regime, according to an autobiography by former Taliban official Abdul Salam Zaeef.

The Taliban have already gathered a lot of information on U.S. allies through on-the-ground intel. But the digital stores now available to them are more comprehensive, extremely detailed and likely very accessible.

The quick takeover in Kabul had even the U.S. government scrambling to destroy and delete data, even though it had established procedures for doing so. Embassy staff got the order on Aug. 13, two days before Kabul fell, to destroy materials “which could be misused in propaganda efforts” like agency logos and American flags. Around the same time USAID sent an email to its offices and its contract organizations ordering them to scrub websites, delete YouTube videos and remove any other public-facing content that would identify individual Afghans.

But as many Afghan professionals rushed to the airport to flee the country or hid in their homes, it’s unlikely that Afghan companies or government offices took similar precautions.

“The U.S. military and intel communities would have been pretty good about pulling its own capabilities out, but there’s no indication that there was a comparable plan for the other civilian security and welfare-type ministries,” said Warrick, the former DHS official.

And even the U.S. government did not manage to destroy all of its records. The Taliban has seized U.S. military biometric devices containing iris scans and fingerprints of Afghan citizens that can now be used to track down those who helped U.S. and NATO forces.

Accessing phone data, specifically, won’t take much technical expertise, national security and surveillance experts warn. The Taliban have become well-versed in communicating through texts and social media to capture people’s attention and sway them to their side. They even explored a short-lived Android app in 2016. And only minimal knowledge of encryption or databases is needed to unlock the massive government databases left behind in Afghanistan, said Chang, of Human Rights First.

It’s likely government databases were at least partially compromised even before the Taliban took over, given the poor security of the systems, Samee said. “There’s no way that any of the Afghans’ government databases were secure enough to stay within the government,” he argued.

The Taliban could also rely on their allies in Pakistan and remaining government ministry workers left in the country to help crack leftover equipment and databases, said Mallory Knodel, chief technology officer at tech-funded nonprofit the Center for Democracy and Technology.

James Lewis, a former State Department official and current director of the Center for Strategic and International Studies’ strategic technologies program, said the Taliban could use this data in two ways: surveillance and retaliation against Afghans who helped the United States or selling any data left behind about U.S. military operations to prospective allies like Pakistan or China.

“It’s likely that the Afghan government that just fell was collecting on people who were connected to the U.S. in some way for a whole set of reasons,” Lewis said. “So if you want to make friends, you show up with this offering.”

Representatives for Afghanistan-based telecommunications companies Roshan, Afghan Telecom and MTN did not respond to a request for comment. The State Department also did not respond to a request for comment.

Alexandra S. Levine contributed to this report.

Related posts