EXCLUSIVE: This Is How the U.S. Military’s Massive Facial Recognition System Works
Documents obtained by OneZero show how the military captures biometric data around the world
Over the last 15 years, the United States military has developed a new addition to its arsenal. The weapon is deployed around the world, largely invisible, and grows more powerful by the day.
That weapon is a vast database, packed with millions of images of faces, irises, fingerprints, and DNA data — a biometric dragnet of anyone who has come in contact with the U.S. military abroad. The 7.4 million identities in the database range from suspected terrorists in active military zones to allied soldiers training with U.S. forces.
“Denying our adversaries anonymity allows us to focus our lethality. It’s like ripping the camouflage netting off the enemy ammunition dump,” wrote Glenn Krizay, director of the Defense Forensics and Biometrics Agency, in notes obtained by OneZero. The Defense Forensics and Biometrics Agency (DFBA) is tasked with overseeing the database, known officially as the Automated Biometric Information System (ABIS).
DFBA and its ABIS database have received little scrutiny or press given the central role they play in U.S. military’s intelligence operations. But a newly obtained presentation and notes written by the DFBA’s director, Krizay, reveals how the organization functions and how biometric identification has been used to identify non-U.S. citizens on the battlefield thousands of times in the first half of 2019 alone. ABIS also allows military branches to flag individuals of interest, putting them on a so-called “Biometrically Enabled Watch List” (BEWL). Once flagged, these individuals can be identified through surveillance systems on battlefields, near borders around the world, and on military bases.
“It allows us to decide and act with greater focus, and if needed, lethality.”
The presentation also sheds light on how military, state, and local law enforcement biometrics systems are linked. According to Krizay’s presentation, ABIS is connected to the FBI’s biometric database, which is in turn connected to databases used by state and local law enforcement. Ultimately, that means that the U.S. military can readily search against biometric data of U.S. citizens and cataloged non-citizens. The DFBA is also currently working to connect its data to the Department of Homeland Security’s biometric database. The network will ultimately amount to a global surveillance system. In his notes, Krizay outlines a potential scenario in which data from a suspect in Detroit would be run against data collected from “some mountaintop in Asia.”
The documents, which are embedded in full below, were obtained through a Freedom of Information Act request. These documents were presented earlier this year at a closed-door defense biometrics conference known as the Identity Management Symposium.
ABIS is the result of a massive investment into biometrics by the U.S. military. According to federal procurement records analyzed by OneZero, the U.S. military has invested more than $345 million in biometric database technology in the last 10 years. Leidos, a defense contractor that primarily focuses on information technology, currently manages the database in question. Ideal Innovations Incorporated operates a subsection of the database designed to manage activity in Afghanistan, according to documents obtained by OneZero through a separate FOIA request.
These contracts, combined with revelations surrounding the military’s massive biometric database initiatives, paint an alarming picture: A large and quickly growing network of surveillance systems operated by the U.S. military and present anywhere the U.S. has deployed troops, vacuuming up biometric data on millions of unsuspecting individuals.
The military’s biometrics program, launched in 2004, initially focused on the collection and analysis of fingerprints. “In a war without borders, uniforms, or defined lines of battle, knowing who is an enemy is essential,” John D. Woodward, Jr., head of the DoD’s biometrics department, wrote in a 2004 brief.
That year, the Department of Defense contracted Lockheed Martin to start building a biometrics database for an initial fee of $5 million. Progress was slow: by 2009, the DoD Inspector General reported that the biometrics system was still deeply flawed. The department indicated that it was only able to successfully retrieve five positive matches from 150 biometric searches. A later contract with defense industry giant Northrop resulted in similarly disappointing results with reports of “system instability, inconsistent processing times, system congestion, transaction errors, and a 48-hour outage.”
By 2016, the DoD had begun to make serious investments in biometric data collection. That year, the Defense Department deputy secretary Robert O. Work designated biometric identification as a critical capability for nearly everything the department does: fighting, intelligence gathering, law enforcement, security, business, and counter-terrorism. Military leaders began to speak of biometric technology as a “game changer,” and directives from the DoD not only encouraged the use of the technology by analysts, but also by soldiers on the ground. Troops were instructed to collect biometric data whenever possible.
The same year, a defense company named Leidos, which had acquired a large portion of Lockheed’s government IT business, secured a $150 million contract to build and deploy what is now known as the DoD ABIS system.
Between 2008 and 2017, the DoD added more than 213,000 individuals to the BEWL, a subset of DoD’s ABIS database, according to a Government Accountability Office report. During that same period, the Department of Defense arrested or killed more than 1,700 people around the world on the basis of biometric and forensic matches, the GAO report says.
Krizay’s presentation indicates that the United States used biometric matching to identify 4,467 people on the BEWL list in the first two quarters of 2019. The presentation slide breaks down the numbers: 2,728 of those matches were of opposing forces carried out in the “theater,” or area of where U.S. troops are commanded.
DFBA claims that it has data on 7.4 million unique identities within its ABIS database, a majority of those sourced from military operations in Afghanistan and Iraq, according to the agency’s website.
That number is constantly growing. The documents suggest the DoD can collect biometric data from detainees, voter enrollments, military enlistments in partner countries, employment vetting, or information given to the military.
“Almost every operation provides the opportunity to collect biometrics,” a 2014 document on military biometrics says. “While quality is desired over quantity, maximizing enrollments in the database will likely identify more persons of interest.”
ABIS also enables different operations and missions to create their own biometric watchlists. These databases can be be plugged into custom-built military mobile devices used to scan fingerprints, irises, and match faces against databases, according to a 2014 document outlining biometric procedures across the branches of the armed forces.
“Fusion of an established identity and information we know about allows us to decide and act with greater focus, and if needed, lethality,” Krizay wrote in his presentation.
But much is still unknown about how the DFBA and defense agencies use facial recognition and biometric data. A FOIA request which would return information about these systems was denied in part by the U.S. Army.
“Public release would be tantamount to providing uncontrolled foreign access,” the response letter said.
In his presentation notes for the Annual Identity Management Symposium, Krizay hints at the future of DFBA and ABIS.
“We will still need to reveal adversary agent networks, identify and track proxy forces, protect our rear areas and lines of communication, account for enemy prisoners of war, and identify high value individuals,” he wrote.
The presentation suggests that the department hopes to incorporate biometrics widely into security measures.
“We’ve already shown we can’t secure our personnel systems,” he wrote. “If Wikileaks can obtain over a half a million of our reports, what can the likes of China or Russia do?”
DFBA also plans to better integrate ABIS with other similar databases across the government. Despite DFBA being pitched as the central point of digital biometrics for the military, the department is still unable to share information with the Department of Homeland Security’s biometrics system because of formatting issues. In 2021, the DoD is expected to grant a contract for a new version of its biometrics program, one that brings identification software to the cloud and adds even more capabilities.
“If Wikileaks can obtain over a half a million of our reports, what can the likes of China or Russia do?”
Meanwhile, critics of facial recognition and biometric technology both in and out of government worry about the accuracy of the technology and how it is being used, especially in regards to bias inherent in much of machine learning, as well as privacy violations.
The U.S. Commerce Departments’ National Institute of Standards and Technology (NIST) tests have shown that black females are 10 times more likely to be misidentified than white males. When applied in combat scenarios, such discrepancies can have lethal consequences for individuals misidentified by automated systems.
“It’s unlikely that we will ever achieve a point where every single demographic is identical in performance across the board, whether that’s age, race or sex,” Charles Romine, director of the Information Technology Lab at NIST, told the House Homeland Security Committee in June 2019. “We want to know just exactly how much the difference is.”
Executives at Leidos, the contractor that built ABIS, do not share similar concerns about the accuracy of their data. “Interestingly, the latest U.S. National Institute of Standards and Technology (NIST) tests show that the top-performing algorithms actually work better with black faces than with white faces,” Leidos Vice President John Mears wrote on the Leidos website.
It’s not clear which tests Mears is referring to on the NIST website, but when contacted regarding that quote, NIST did not support his claim.
“As a broad blanket statement it is not correct,” a NIST spokesperson told OneZero, adding that a report studying demographics in facial recognition is currently underway.
Leidos declined to comment for this story, and referred all questions to the DoD when asked how it vetted for bias in its facial recognition algorithms.
This technical challenge is not slowing down the adoption of biometrics. It’s unclear how many identities have been added to ABIS since Krizay’s presentation, or since DFBA last updated its website. Every indicator suggests the military is only growing its capability of collecting more and more data.
As that data is further connected to sources like the Department of Homeland Security, the U.S. military’s surveillance system grows stronger.
“We are not wandering in the dark,” Krizay wrote in his presentation. “We know who people are and more of what they have done.”