GAO Finds Pentagon Still Struggling with Biometrics

A GAO report concludes that U.S. military operators lack confidence in biometrics technologies.

GAO recommends that DOD's Under Secretary of Defense for Acquisition, Technology, and Logistics publish an updated biometrics strategic plan and a supporting biometrics implementation plan that "includes intended outcomes, measures of effectiveness, and responsibilities, among other things."

The Defense Department still has major issues with its biometrics and forensics program, according to a new GAO report. 

On the positive side, DOD has come a long way since a 2011 GAO audit found that DOD lacked comprehensive long-term requirements for implementing biometrics, such as policy, doctrine and training, and that funding came from money marked for overseas operations.

Six years later, auditors have now concluded that "DOD has validated enduring non-materiel and material requirements for deployable biometric and forensic capabilities." Funding is also shifting from overseas operations monies to normal funding.

GAO also pointed to several initiatives to develop and acquire biometric capabilities, including the Army Next Generation Biometric Collection Device, Forensic Exploitation Laboratories, and the SOCOM Biometric Collection Device.

Since 2008, biometrics and forensics have enabled the U.S. military to kill or capture 1,700 individuals, deny 92,000 more from access to military bases, and place 213,000 on DOD's watchlist.

While DOD does have up-to-date strategic plan for forensics, its strategic plan for biometrics dates back to 2008 and needs to be updated, according to GAO.

In addition, GAO discovered that some DOD biometrics programs were rated so low that some military organizations wouldn't use them. For example, when U.S. Central Command announced a real-time identification of individuals, the Army -- which is the lead agency for biometrics and forensics -- came up with a Near Real Time Identity Operations Solution.

"Based on their lack of confidence in the system, SOCOM and the Marine Corps sought and received approval for their forces in the CENTCOM area of responsibility to use their existing capabilities instead of the Near Real Time Identity Operations solution," GAO found.

"Marine Corps officials asserted that the Near Real Time Identity Operations solution continued to provide incomplete match/no-match data as of May 2017. Army officials acknowledged that the Near Real Time Identity Operations solution operational assessment identified major deficiencies; however, they stated that the Army had addressed the major deficiencies as of May 2017."

In addition, DOD's Automated Biometric Identification System lacks a geographically dispersed backup capability. "DOD ABIS has a partial back-up system that is located less than 20 miles away from its primary site in West Virginia, thereby making it vulnerable to many of the same natural and man-made disasters to which the primary site is vulnerable," GAO noted. Defense contractors are also experiencing difficulties in finding qualified personnel to operate ABIS.