BALTIMORE — Three years ago in Iraq, U.S. forces taking suspected insurgents into custody kept track of their identities by marking their foreheads with Sharpie pens.
Today, the military collects all 10 fingerprints, two iris scans, a voice sample, a digital photograph of the face and DNA.
In Iraq, “I don’t have to ask permission to take someone’s biometrics,” said Lt. Col. J.M. Manson, who serves at the Marine Corps headquarters’ plans policies and operations division.
That won’t always be the case, he admitted at the annual Biometrics Consortium.
Taking a person’s DNA, for example, would be considered taboo in the United States and many other countries.
To help fight the Iraqi insurgency, the Defense Department has pushed about a half dozen biometric collection technologies into the field.
As is the case with many cutting edge technologies sped into current operations, policies on how best to use them are not fully developed. But the Pentagon is taking small steps to integrate the rapidly advancing technology into its long-term plans.
A 168-page Defense Science Board task force report on biometrics released in March attempted to summarize the services’ needs and capabilities for collecting unique data on a person’s identity. The report contained a whopping 46 recommendations — more than twice the number of proposals from similar board reports, said William Gravell, co-chairman of the committee that authored the report.
Among the conclusions was that the importance of biometrics in the Defense Department is growing, but “operational responsiveness, organization, coordination, programmatics and research and development all showed serious deficiencies.”
“Technology is improving” the report continued. “But the Defense Department was not initially set up to drive the process or apply results optimally.”
Gravell said the report he helped write was lacking the moment it left the printing press.
It should instead have addressed the field of “identity management,” which is roughly defined as the information technology backbone that ties the data together.
In other words, collecting fingerprints, mug shots and iris scans is fine, but the data must be collected efficiently, stored and then transmitted to the right people who can use it to make decisions.
An ID card, or what he called a token, is not enough.
“The history of identity management in the first half decade of the 21st Century is just a conga line of technical projects that work, but fail because they’re not accepted,” he said.
“Basic identity enrollment never pays off. Period,” he added.
The value of biometrics is in the applications, he said.
An oft mentioned success story repeated at the conference was of the latent fingerprint found on an improvised explosive device fragment in Iraq. Investigators had the fingerprint, but no identity to match it with. They received a break in the case when a man came to a U.S.-managed detention center. Visitors to such facilities must submit to scans of 10-fingerprint, both irises and pose for a digital photo. These are known as the “13 biometrics template.”
After the subject left the facility, his fingerprint was matched in a database. The next time he came to visit his friend, he was taken into custody.
Myra Gray, director of the Defense Department’s biometrics task force, said the obvious flaw in the system is that they had to wait for the suspect to visit a second time.
“How can we have that turn around so we can get that answer the first time?” she asked.
Thomas Dee, director of defense biometrics at the office of the secretary of defense, said collecting the measurements is the easy part. “But if you can’t do the match, if you can’t make the decision behind it, it’s not that useful to you.”
His office is the lead in the Defense Department for biometrics issues and the Army is the executive agent.
Improvements are needed in the sensors, databases, applications, communications gear and decision support tools, he said. “It’s your whole information technology backbone ... that’s the hard part we need to bring together,” he added.
U.S. Central Command is not the beginning or the end of the story, he added.
The department has identity management needs in combat applications, and also in business and intelligence gathering. Ensuring pre-approved personnel can gain access to facilities and computers is a “business” need. “We need to be able to do everything CitiBank is able to do,” he added.
While soldiers may have a great deal of leeway to collect biometric data in a combat zone, he warned that this won’t always be the case. The Defense Department must address privacy and “public perception” issues, he said.
Overseas bases generally have tight security, noted Marine Lt. Col. Frank Lugo, deputy chief of force protection and mission assurance division at U.S. Northern Command.
But anyone who has entered a base in the states knows a driver’s license is about all it takes to pass through the gates. About 50 percent of those on a domestic base at any given time are not members of the U.S. military, he said.
A group of alleged homegrown terrorists known as the “Fort Dix Six” used a pizza delivery business as a cover to conduct surveillance at the New Jersey base. An electronics store clerk who saw their videotapes alerted the FBI. Prosecutors accused them of plotting to plant explosives to kill service members.
“I think we got really lucky,” Lugo said.
The individual services and Northcom are only now beginning to tackle this problem, he said. Overseas bases use the defense biometric identification system, which verifies that a person can enter a secure area, but only about five facilities stateside do so, he said.
Please email your comments to SMagnuson@ndia.org