General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsFor Sale on eBay: A Military Database of Fingerprints and Iris Scans
https://www.nytimes.com/2022/12/27/technology/for-sale-on-ebay-a-military-database-of-fingerprints-and-iris-scans.htmlNo paywall
https://archive.vn/8nAEc
The shoebox-shaped device, designed to capture fingerprints and perform iris scans, was listed on eBay for $149.95. A German security researcher, Matthias Marx, successfully offered $68, and when it arrived at his home in Hamburg in August, the rugged, hand-held machine contained more than what was promised in the listing.
The devices memory card held the names, nationalities, photographs, fingerprints and iris scans of 2,632 people.
Most people in the database, which was reviewed by The New York Times, were from Afghanistan and Iraq. Many were known terrorists and wanted individuals, but others appeared to be people who had worked with the U.S. government or simply been stopped at checkpoints. Metadata on the device, called a Secure Electronic Enrollment Kit, or SEEK II, revealed that it had last been used in the summer of 2012 near Kandahar, Afghanistan.
The device a relic of the vast biometric collection system the Pentagon built in the years after the Sept. 11, 2001, attacks is a physical reminder that although the United States has moved on from the wars in Afghanistan and Iraq, the tools built to fight them and the information they held live on in ways unintended by their creators.
Exactly how the device ended up going from the battlefields in Asia to an online auction site is unclear. But the data, which offers detailed descriptions of individuals in addition to their photograph and biometric data, could be enough to target people who were previously unknown to have worked with U.S. military forces should the information fall into the wrong hands.
*snip*
intrepidity
(7,307 posts)Expect more and more of this, and not just from military or govt.
getagrip_already
(14,764 posts)One device, likely lost in the fog of war in afghanistan, is not a crisis in security.
Modern day equivalents fully encrypt the data, so even if you snagged one out of jfk airport, you wouldn't have any useful data.
Now if you want to say the worldwide collection of PII, including facial, fingerprint, iris, and even DNA, is scary, I would agree with you.
One old device stolen and sold. Meh. There is worse information on the dark web about you.
intrepidity
(7,307 posts)There were several, some sold by military-surplus auction winners (ie, not stolen). The issue seems to be that the memory cards were not removed before the military sold tgem
It's scary because, as the article says, such PII is *forever*. One (or several) "whoops!" by the military can never.ever be undone for those who are forever compromised.
Yes, that especially. All of it.
getagrip_already
(14,764 posts)This work was largely carried out by contractors. The military has very strict guidelines on memory card/hard drive disposal.
The contractors may have even left them behind in the mad rush to the exits.
Still not a huge issue.
intrepidity
(7,307 posts)Clearly not for you. For the thousands of others, they should disagree.
I'm not personally affected either, yet I see it as a massive failure. When you collect such data, you are entirely responsible for its forever safekeeping. If you can't guarantee that, you forfeit the right to collect it. Imho.
2naSalit
(86,647 posts)It will be their info among others.