There is a weapon available to virtually anybody that is more powerful and effective than a nuclear weapon. The most powerful weapon on earth is not a conventional one… it is anonymity. Anonymity is the tool of the terrorists; it is the tradecraft of the insurgents, and without countermeasures it is deadly. Anonymity is what allows a ‘vetted’ Afghan soldier to self‑detonate in a crowd of coalition partners. In the U.S. state of Kentucky, two known extremists using anonymity were given asylum as refugees in the US and attempted to use that anonymity to hatch a plot to plant a bomb in a mall. Without countermeasures it is the perfect weapon. In this first of a four-part series Joshua Steinhauer asks: what can be done to combat an unseen enemy? 

One of the greatest lessons learned from the Iraq and Afghanistan wars was how to effectively counter anonymity. These two conflicts were perhaps the largest asymmetric wars since Vietnam. Numerous surrogates were involved in providing funding, material support, training and intelligence to fight against coalition and allied Forces fighting in Iraq and Afghanistan; yet how does one fight against an enemy when the enemy cannot be identified? The answer, like the problem, is complicated. It involves advanced technology and forensic practices that date back over 50 years: human intelligence analysis and old‑fashioned American ingenuity.
   At the heart of this simple yet ominous question is biometrics. Biometrics is part of a complex integration of capabilities and tools; it is a tool that enables an analyst to link an event, a person and a timeline, but it does not fully answer the question of anonymity. Before we go further, let’s analyse the event that triggered the integration of technology, intelligence and law enforcement practices into modern day warfighting. 

Suicide attack
On 21 December 2004, while several hundred US soldiers, US contractors and Iraqi soldiers were enjoying their meal, a Locally Employed Personnel (LEP) who had been working on the base for US Forces for the past two months was given the mission to atack Coalition Forces. He had cleared multiple checkpoints and went about his normal activities until the time was right to carry out his attack. When the moment was right, he walked into the dining facility and detonated a suicide vest killing fourteen US soldiers, four US contractors and four Iraqi soldiers in an instant and wounding another 72 additional personnel. This suicide attack shattered the semblance of security a soldier and contractor had while working and living on a forward operating base (FOB). If this type of attack could take place in Mosul, who could say it wouldn’t take place across any of the more than 350 FOBs operating across Iraq and Afghanistan? 

In the aftermaths of the attack, it was discovered that this individual had ties to the Ansar al Sunnah terrorist group; he never should have been employed by US Forces or allowed access to the base as he posed a significant insider threat. Though there had been intelligence linking this individual to extremist groups and individuals, it had not been integrated into the screening and vetting process of local nationals seeking employment with coalition forces. At this point in the war, Identity Intelligence (I2) was still a very new concept within the military, and especially within the realm of base access. Up to that point, LEPs were only given an access badge that indicated what US FOBs or facilities the individual was allowed access on, their name and what unit or group the individual worked for. What the badge was lacking was a means of verifying that the person handing it to the guard at the entry control point was in fact the same person to whom the card had been issued, because there were no biometrics tying the card to the individual. 

New base access vetting process
Immediately following the attack, commanders began to ask how someone with ties to terrorists could gain entry onto a FOB and detonate a suicide vest. The simple answer is that there wasn’t a system in place that integrated I2 into the base access vetting process. A new system needed to be developed that could remove a person’s anonymity, and provide certainty and fidelity to the base access programme. 
   Shortly after the 2004 dining facility attack, US Forces began to expand the biometric programme as a means of verifying the identities of the Iraqi population nationwide in an effort to remove the anonymity that had been protecting Al Qaeda in Iraq and other anti‑government and insurgent forces. In civilian law enforcement and detainee operations, biometrics was a widely accepted means of verifying a person’s identity and was used extensively in the collecting of evidence and delineating who had been involved in a crime or who was present at the scene of a crime. The terms I2 and battlefield forensics were about to take centre stage in Iraq and became the cornerstone of the new base access programme, answering the critical question of how we should ensure we are employing and allowing the ‘right’ people onto a base and how to protect our people from insider attacks. 
   LEPs being employed on US facilities were now being biometrically enrolled through the Biometric Automated Toolset in which their biometric and biographical information was being fused together and searched through the intelligence databases of the Department of Defense (DoD) to provide a complete identity profile of the individual. This resulted in the US army identifying hundreds of individuals who had ties to terrorist and insurgent groups as actively working with coalition forces, and also providing valuable intelligence on convoy movements, schedules and battle damage assessments of rocket and mortar attacks on US facilities to their organisations. The revelation that coalition forces had been so thoroughly infiltrated was shocking. The use of biometrics and I2 became the defining tool used throughout the war as a means of not just safeguarding US facilities and the Iraqi population, but as a driving factor in removing the anonymity of the terrorist and insurgent groups operating in Iraq and Afghanistan.

Biometrics Task Force
Since the period immediately after the 11 September 2001 attacks, the DoD had been investigating biometrics technologies as a means of access control and credentialing. But as the wars in Afghanistan and Iraq took shape, they started looking at biometrics for intelligence and operations support. In 2005, the DoD moved the Biometrics Fusion Centre from control of the Army G‑6 (Communications Directorate) to control of the Army G‑3/5/7 (Operations Directorate) in an attempt to operationalise biometrics. Subsequently, the name was changed to the Biometrics Task Force (BTF). 

Management structure
In 2005‑2006, the BTF was already getting biometric data from the Iraqi prison records and from gate access collection at the FOBs. At the same time the Army G‑2 (Office of the Deputy Chief of Staff for Intelligence) had been pioneering handheld biometrics collection devices for use in daily patrols, tactical checkpoints, source identification and deconfliction. These devices and the core biometrics match, store and share database managed by the BTF, became the de facto heart of the biometric capability for deployed forces. At the time, because there was no programme management function, there were devices in warehouses and under desks in both Afghanistan and Iraq not being used for lack of understanding how they should be employed. The Army brought in a management team, including a project manager (PM) and leaders with experience in operations and intelligence.

One of these, a Special Assistant to the Director of the BTF, was Bill Vickers. Mr Vickers was charged with developing the management structure for the niche capability, developing with the PM phased implementation and deploying teams of experts to both Afghanistan and Iraq. These ‘Torch’ teams would become the ground commander’s experts in biometrics. During a radio interview in 2007, Mr Vickers commented on the need for an expansive biometrics programme that created identity ‘tags’ that followed a suspect in perpetuity. That programme would by necessity be integrated with law enforcement, Department of State and Department of Homeland Security biometric efforts, so he pushed to establish data sharing arrangements within what later became known as the DoD and interagency ‘Triad’.

Expeditionary forensics
People within the DoD and the intelligence community viewed biometrics and I2 as a new term or tool. Yet it is used daily within law enforcement, it may have been phrased differently by law enforcement, but the essential practice was the same. How do you piece together physical evidence (forensics), combine it with good investigative techniques (human intelligence and analysis) and quickly produce meaningful results through advanced database matching (biometrics)? Most importantly, how do you perform these tasks in the wind, heat and dust of the combat environment? Law enforcement has been using biometrics in the form of fingerprints and facial images to identify nefarious individuals and using biometrics as a means of linking a person to an event and timeframe of a crime. Prosecutors use this information to obtain convictions through the court systems and remove the offending individuals from the population, thereby reducing crime and protecting people. The DoD began developing the ability to collect information about a person in terms of interviews and collecting biometrics at points of encounter to be stored in a DoD biometric repository. To complete the identity picture and effectively counter the Improvised Explosive Device (IED) networks, the DoD needed to develop a forensic capability that would provide forensic expertise all the way forward. So the idea of ‘expeditionary forensics’ was established and the DoD deployed the first Joint Expeditionary Forensic Facility (JEFF) to Iraq.

Fingerprint collection
This law enforcement concept had been around for over a hundred years, and though it had not been brought to the battlefield in the early years of the war, that was about to change. When an IED detonates, it leaves forensics evidence which may come in the form of a fingerprint on the tape used to tie the wires and phone together, or a fingerprint on the phone or trigger device itself. By collecting that fingerprint and adding it to a biometric database, one now has something to use in future investigations. Through integrating biometrics into the screening process for individuals trying to gain employment on a FOB, coalition forces were now able to search those fingerprints against the database of fingerprints that has been collected from IED events, raids and weapons seized during military operations. This allowed coalition forces to ensure that individuals being hired to work with Coalition Forces had not participated in any terrorist or insurgent activities. Follow‑on analysis of the individual’s name against other intelligence biographical databases further ensured that the individual was not a known terrorist or insurgent within the intelligence community or law enforcement agencies. The fusing of this data to create an identity profile, similar to how law enforcement identify a suspect, became the cornerstone of countering anonymity. The JEFF provided the final piece of the puzzle, the ability to quickly identify those ‘latent’ prints on an IED or sniper rifle and create searchable data that could be compared to the data collected and stored in the DoD biometrics database. The walls of anonymity were beginning to come down. 

The other parts of this four‑part series will discuss:
• Identity and battlefield forensics (part two).
• The integration of defence biometrics into border security and law enforcement (part three).
• The integration of full spectrum identity management from a defence and government perspective (part four).

+ posts

Joshua Steinhauer worked in the area of Human Intelligence during the Iraq troop surge from 2006 through 2007 and then as a contractor in Iraq from 2008 through 2010. He then went on to become the Identity Operations Manager at US European Command in Germany before returning to the US in 2014. He has an MSc in Major Programme Management from the University of Oxford and holds degrees in International Studies and Political Science from the University of Wisconsin and an MBA.

Previous articleErrors in machine readable travel documents
Next articleMobile biometrics