Inspector General (IG) Robert P. Storch announced today that the Department of Defense Office of Inspector General (DoD OIG) released the report, “Evaluation of the Control and Accountability of DoD Biometric Data Collection Technologies.” The biometric devices included as part of the review were the Biometric Automated Toolsets (BAT), Secure Electronic Enrollment Kits (SEEK), Javelin, Biosled, and the Handheld Interagency Identity Detection Equipment (HIIDE).
“This evaluation was intended to assess and help prevent unauthorized personnel, including adversaries, access to sensitive personal information that could jeopardize the safety of both U.S. and partner forces,” said IG Storch. “Improving DoD-wide standards for encryption and data protection requirements for biometric devices would help to reduce the risks of inadvertent release of such sensitive information.”
The DoD OIG found that the Services and Combatant Commands followed DoD policy and their own specific guidance and procedures, and maintained proper accountability of biometric devices. However, we determined that some biometric devices did not have the ability to encrypt data stored on them because current DoD biometrics policy does not specify information security standards or require encryption capabilities on biometric devices. Additionally, the DoD did not consistently provide certification of destruction or sanitization of biometric data when biometric devices were turned in for disposal.
To address these issues, the DoD OIG recommended that the Under Secretary of Defense for Intelligence and Security update the DoD Biometrics Policy to include standards for encrypting and protecting data on biometric devices. We also recommended that biometric device owners and custodians be required to sanitize data and maintain sanitization records when turning in the devices for disposal. DoD officials agreed to take the recommended actions to address the issues.
The report released today follows two reports issued by the DoD OIG within the past three years regarding biometric technologies:
- DODIG-2022-065, “Evaluation of the Screening of Displaced Persons from Afghanistan,” February 17, 2022
- DODIG-2020-062, “Evaluation of Force Protection Screening, Vetting, and Biometric Operations in Afghanistan,” February 13, 2020. (The 2020 report is classified. To file a FOIA request, please submit a request to FOIA.gov.)