Cybersecurity

How to improve security of biometric data

U.S. soldiers from 3rd Platoon, Bravo Company, 1-22 Infantry Battalion collect biometric data from two villagers during a patrol in Shingkay village in Kandahar province in southern Afghanistan October 4, 2010.  REUTERS/Erik de Castro   (AFGHANISTAN - Tags: MILITARY CONFLICT) - GM1E6A503B601

An answer to our personal security or another security challenge to be solved? Image: REUTERS/Erik de Castro

Algirde Pipikaite

Listen to the article

  • A biometric system in Afghanistan could be at risk in the ongoing conflict.
  • The system contains the personal information of millions of Afghans.
  • It's a lesson for governments, private sector and civil society to be consulted and involved when developing an inclusive and secure biometric system in other contexts.

The international community has many concerns when it comes to the security and safety of people in Afghanistan. One of the main concerns for the privacy and security community, especially the ones who devote their knowledge and expertise to defending human rights online, is the existence of a biometric system that contains the personal information of millions of Afghans.

This system contains millions of fingerprints, iris scans and face photos of Afghan people who had their biometric data collected by US and coalition forces. The system was built more than 15 years ago to facilitate tracking and quickly identifying people for variety of purposes, from distributing e-vouchers by the World Food Programme to maintaining an electronic national identity card system.

Have you read?
  • Where are fleeing Afghans finding refuge?

What is biometric data and what are the privacy concerns?

Different from a password or an identification card, any collected biometric data, like fingerprints or iris scans, is much harder to forge, making it a reliable way to positively identify individuals. But that also means that it's harder to change it in the event of data being exposed or compromised. One can change their password or an ID card, but one cannot change their fingerprint or iris. Biometric data is as unique as a person, and the privacy and security measures thus have to be evaluated accordingly when developing and implementing biometric systems.

Many human rights and civil society groups have called for more security measures from the beginning of the development of this biometric system. They have expressed concerns that if proper security measures were not implemented, the system might introduce more harm long-term than help. They also demanded for plans to erase and delete all biometric data in case of emergencies like a change in government and ability to inform anyone whose data was exposed or compromised. It is currently unclear what data could be at risk.

A broader challenge is that if security challenges are not adequately addressed and emergency plans are not put in place when developing digital identity systems, confidence in the digital identity ecosystem could be dented, which could prevent its full potential value being unlocked.

How can we improve biometric security?

To avoid situations where biometric data could be exposed or compromised, a close cooperation between government, the private sector and civil society needs to be established. When developing digital identity ecosystems, nations face new cybersecurity challenges to ensure data confidentiality, integrity and availability on an ongoing basis. That is where different actors bring various perspectives that have to be considered and evaluated to prevent any potential harm and damage caused by a misuse, exploit or hack of the system.

Managing cyber risk is already a major leadership challenge in public and private sectors. The risks associated with cyberthreats are often opaque, and it is difficult to calibrate the right nature and scale of investment in cybersecurity. Global leaders must think of potential harm caused by misuse or exploit of technology and ensure the measures are in place to use these technologies for good and include a variety of voices when developing them.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

5 ways to achieve effective cyber resilience

Filipe Beato and Jamie Saunders

November 21, 2024

We asked 6 tech strategy leaders how they're promoting security and reliability. Here's what they said

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum