Why does the US still retain the biometrics of millions of Iraqis?

Houssam Azzam, 37, stands in his office.  Fallujah, Iraq, February 5, 2023. Thomson Reuters Foundation/Abdullah Dhiaa al-Deen

Houssam Azzam, 37, stands in his office. Fallujah, Iraq, February 5, 2023. Thomson Reuters Foundation/Abdullah Dhiaa al-Deen

What’s the context?

The U.S. biometric program in Iraq set the stage 20 years ago for a new era of mass collection of biometric data

  • Twenty years after the U.S. invaded Iraq, it still holds on to millions of Iraqis' biometric data
  • Military planners say biometric collection project was necessary for security and intelligence purposes
  • Human rights groups say the biometric program trampled Iraqis' rights

LOS ANGELES/BEIRUT - Houssam Azzam was 17 when the U.S. military took over his hometown of Fallujah in 2004 and detained him as part of a roundup of young men in western Iraq.

His photo, fingerprints, and iris scans were entered into a database, alongside a trove of information about him and his family, even though he said he was only ever involved in peaceful protests against the U.S. presence.

"They were occupying forces," he said. "They violated an entire country's rights so of course they would violate an individual's human rights," he said, referring to the U.S. retaining his biometric data.

Twenty years on, the photo U.S. forces snapped of the 17-year-old detainee flashes up on the screen at customs, alongside his biometrics, every time Azzam, who runs a Fallujah-based NGO, travels through Baghdad airport.

Harvesting the data of millions of Iraqis, like Azzam, was part of the U.S. military's quest for "identity dominance", a term coined by John Woodward, director of the Department of Defense's Biometrics Management Office from 2003 to 2005.

An Afghan woman holds her phone in Kabul June 8, 2014. 
REUTERS/Ahmad Masood
Go DeeperAfghans scramble to delete digital history, evade biometrics
Go DeeperThe UK needs new legislation for biometric technologies
An Iraqi Marsh Arab man looks at dry ground that was previously covered with water at the Chebayesh marsh in Dhi Qar province, Iraq, June 3, 2022.
Go DeeperIraq's political stalemate pushes climate action to backseat

The program led to the biometrics of nearly 3 million Iraqis being stored in a database in West Virginia - where they are still held 20 years later.

U.S. military planners saw biometrics as a key tool to fight the insurgency in Iraq and keep U.S. bases safe. Twenty years after the 2003 invasion, the program is held up as an example of how to use biometrics to tackle security threats.

But rights groups, as well as some Iraqis whose data was collected, see the biometrics program as trampling on the rights of an occupied population and setting the stage for out-of-control mass biometric collection.

"They collected as much as they could - it wasn't that they were focused on collecting biometrics on people who were a threat, they will collect as much as possible," said Jeramie Scott, a lawyer with the U.S.-based Electronic Privacy Information Center (EPIC).

"And even though the initial reason behind collecting it has passed, they kept it all," he told Context.

The Department of Defense (DoD) biometric database is built to share data with various other U.S. government agencies, including immigration and law enforcement, according to descriptions posted online and contractors who helped build the system.

A spokesperson for the DoD referred questions about biometrics work in Iraq to the Defense Forensics and Biometric Agency, which did not respond to a request for comment.

The spokesperson flagged a 2016 Department of Defense policy document, which states that "biometric collections are encouraged during all military operations and military intelligence activities where legal and appropriate."

'Perfect storm'

The beginning of the Iraq war coincided with a search for biometric solutions to a range of identity and verification challenges. In 2004, the U.S. Defense Science Board recommended the U.S. military launch a drive for" tagging, tracking, and locating," targets in its war on terror.

"The Iraq war was the proof of concept of using biometrics for intelligence purposes," Woodward, who is now a professor at Boston University, said in a phone interview. "A lot of things lined up - it was the perfect storm."

In addition to biometrics gathered in military operations, the U.S. hired private contractors to "enroll" millions of Iraqis in databases.

Toby Stell, a contractor from Oklahoma, traveled around Iraq between 2007 and 2013 collecting data on thousands of Iraqis and sending it more than 6,000 miles away to the Pentagon's Automated Biometric Identification System database in West Virginia.

During stints in Baghdad, Nineveh, and in Kurdistan, Stell would often work 12 hours a day, seven days a week. "There'd be hundreds of people in line," he recalled, "It was never-ending."

But Annie Jacobsen, the author of "First Platoon: A Story of Modern War in the Age of Identity Dominance", a book about the U.S. biometric program, said much of the data collected by U.S. troops and contractors could be incomplete, or inaccurate.

"They put together these databases literally on the fly, with almost no oversight," she said. "Now they are left with an extraordinary amount of data which they collected in such a haphazard manner."

Alongside identifying biometrics, the database could also contain biographical details, religious affiliations, and other sensitive categories, according to specifications published by the DoD.

Fingerprints and other biometric data gathered at the scenes of terror attacks, or at suspected weapons manufacturing sites were also uploaded.

In total, the DoD allocated more than $3.5 billion to build up "combat biometrics," between 2004 and 2012, Jacobsen wrote in her book.

Iraqis who wanted jobs on U.S. bases, or to access sensitive areas such as Baghdad's Green Zone, had to enroll in biometric databases.

Stell recalls enrolling people from all walks of life - from cleaners and cooks, to senior government officials.

According to Katja Jacobsen, a senior researcher at the University of Copenhagen, the biometric rollout in Iraq helped give birth to "the whole idea that if we can only identify who people are, we will be safer," she said.

A 2017 U.S. Government Accountability Office report said biometric data had aided in the capture or killing of 1,700 targets during the preceding decade, and stopped 92,000 people from gaining access to military bases in Iraq and Afghanistan.

"The U.S. military needed to know when it brought someone into custody if they had encountered that person before," explained Woodward. "It saved lives."

The Pentagon did not provide updated figures.

'Unprecedented rights risk'

From the beginning, rights groups raised concerns about the U.S. biometrics program in Iraq - both over the coercive conditions in which they say the data was obtained, and the potential for abuse.

In 2007, EPIC, Human Rights Watch, and Privacy International wrote to the Pentagon warning that the "the massive aggregation of secret files on Iraqis, linked to permanent biometric identifiers, creates an unprecedented human rights risk."

The groups asked what safeguards were in place to ensure the information was not abused - and how long the U.S. planned to store it. Scott said EPIC had no record of receiving a response, but a 2005 DoD policy document stated biometrics would be stored "indefinitely in support of the War on Terrorism."

According to Nina Dewi Toft Djanegara, a Stanford University professor who wrote a report on biometrics in Iraq and Afghanistan, the U.S. was still developing a biometrics privacy policy five years after it began the mass collection of data.

In 2004, the U.S. started a parallel database for the Iraqi government.

"They wanted to give the Iraqis the same capabilities that the FBI has to do background checks," recalled Alex Kilpatrick, a former vice president with tech and consulting firm Ideal Innovations, who worked on biometrics with the Iraqi government.

Although the database was eventually used to screen applicants to the Iraqi police and digitized fingerprints from 280,000 criminal records, the Iraqis were never able to run it entirely on their own, he said.

The Iraqi Interior Ministry did not respond to a request for comment.

As recently as 2022, the U.S. Department of Defense was seeking contractors to help the Iraqi interior ministry maintain its biometric databases, according to procurement records.

Some Iraqis who had to turn over their data think the U.S. went too far.

"It is at the same time a violation of personal freedoms and Iraq's sovereignty," said Salam Khalid, 38, who was forced to have his biometric data taken by U.S. forces to enter his home city of Fallujah in 2005.

Now, he is calling on the U.S. to either hand over the data to Iraq or destroy it.

"Before they had a justification for this. They controlled the area, and they were enforcing their control," he said. "Now, they left Iraq officially and formally. They have no justification to keep our data."

(Reporting by Avi Asher-Schapiro and Nazih Osseiran; Editing by Jon Hemming and Zoe Tabary)

Context is powered by the Thomson Reuters Foundation Newsroom.

Our Standards: Thomson Reuters Trust Principles

Displaced people walk towards the Syrian border near the town of Elierbeh of Al-Hasakah Governorate, Iraq, August 11, 2014. REUTERS/Rodi Said

Part of:

The Iraq war: 20 year anniversary

Twenty years on from the start of the U.S.-led invasion of Iraq, here are our stories on those affected by the violence - from young Iraqis to U.S. veterans

Updated: March 16, 2023


  • War and conflict
  • Data rights

Get our data & surveillance newsletter. Free. Every week.

By providing your email, you agree to our Privacy Policy.

Latest on Context