In mid-August, the Taliban swiftly advanced to take control over the Afghan territory and government. International organizations and foreign nations scrambled to evacuate Afghan translators, journalists, human rights defenders, and others who might be identified as targets by the new regime.
While vulnerable individuals were understandably and rightfully prioritized in the evacuation efforts, non-human materials and resources were left behind in the chaos of the Taliban’s takeover. Included in the materials left behind were hardcopy archives that international civil organizations and the Afghan Independent Human Rights Commission had collected to document human rights abuses committed by the Taliban, Afghan forces, and other actors. Over decades, human rights investigators had amassed thousands of pages of evidence including victim affidavits, photographs and videos of human rights abuses, and forensic evidence related to mass graves. Sensitive personal identifying information of victims, witnesses, and human rights documenters was also embedded in these documents. However, in the melee of the Taliban’s quick ascent to power, these hardcopy documents were left in cardboard boxes in Afghanistan. Many of these documents have since been transferred to a safe location pending their exfiltration from the country, but they remain at risk. The analog storage techniques used in the Afghan context present a variety of dangers including destruction, custodial transfer, and loss. With the Taliban’s unexpectedly swift overthrow of the Afghan government, all of these dangers have become increasingly likely.
But it did not have to be this way. Modern storage and verification technologies could have been leveraged to neutralize these risks. This article delves into the technical details of attempts to modernize today’s evidence safehouses (including those of the Starling Lab, with which this author is affiliated) and how these technologies’ might be deployed in future investigations that take place in high-risk conflict zones.
In the Afghan context, two key dangers arise given that the Taliban may ultimately gain possession of the hardcopy records of these sensitive documents. First, individuals identified within the documents could be exposed to real threats of harm, especially if they remain in Afghanistan. Second, the documents themselves could be destroyed, thus wiping out decades of human rights documentation and setting back any chance for international or domestic accountability mechanisms to bring perpetrators to justice. The hardcopy records may have been relatively secure while a friendly government was in power in Afghanistan, but now those records are vulnerable to exploitation and destruction by the new regime. As the window to evacuate individuals that remain in Afghanistan closes, so too does the opportunity to recover these documents from the Taliban’s control.
In the future, instead of storing sensitive information and evidence in physical hardcopies, modern technological solutions can and should be deployed to preserve and protect such documentation. As a first step, international organizations should move to digitize physical documents that are currently held in active conflict zones. In the event that disaster strikes and the hardcopies are destroyed, digital versions of the documents will remain accessible for future accountability efforts, thus obviating the need to choose between prioritizing the evacuation of individuals or investigation reports. Funding and providing the necessary technological tools should be a priority for international donors endeavoring to support local documentation efforts.
Merely digitizing these documents, however, could expose them to both public and legal attacks on their veracity. In an age in which the technical manipulation of digital objects is prevalent, it is of utmost importance to secure the documents in a manner that lends trust to their underlying contents. Advanced cryptographic tools and methods are now readily available and provide an array of solutions for the next generation of archiving. Each ensure that the original documents are authenticated, encrypted, and distributed for safe keeping. Together, they offer a digital solution to embed trust in the international community’s most sensitive documents and evidence of human rights abuses.
Cryptographic tools like hashing algorithms can be used to detect the manipulation of digital objects. Data, such as image pixels or text records, are paired with the metadata that typically accompanies the object. The data are then passed through a deterministic one-way algorithm, called a hash, to generate a “fingerprint” in the form of a unique string of letters and numbers. Once a digital object is hashed, any subsequent tampering with the object instantaneously changes the hash value. To determine whether the object remains in its original state, one need only compare the original hash value to the value currently associated with the object. Thus, the hash acts as a seal, which freezes the object in time to detect manipulation by malign actors.
Hashing protocols have long been the cornerstone for authenticating legal e-discovery standards and best practices, like those at Duke’s University’s Electronic Discovery Reference Model (EDRM). However, legal practitioners often miss that hashes alone are still vulnerable and require further steps to be secured. None of these steps are challenging per se but they require planning.
To start, both the hashes of the file and the file itself need to be encrypted. This step should be done close to the source of capture, such as the camera or the scanner. Once complete, this digital signature scheme ensures that only trusted authorities have completed the hashing process. The encryption of the underlying data then ensures that sensitive information is not publicly available and only accessible by an approved source.
Once hashed, signed, and encrypted, a digital file can then be distributed with a decentralized web protocol for objective storage and its metadata and hash can be registered on a decentralized ledger. Rather than centralizing the control of the digital documents in one entity that exposes data to a single point of failure and vulnerability for manipulation, this solution allows users to leverage decentralized web protocols to distribute the responsibility to multiple devices within a network. These protocols ensure that every 24-hours (or even more frequently) there is a fixity check on the data, to ensure they haven’t been manipulated. Cryptography not only automates these checks, but also ensures that they cannot be gamed by bad actors. This kind of “trustless” authentication essentially repurposes the most robust distributed ledger solutions used in financial services to help create immutable legal records. Nodes on the network are granted the power to verify that the hash values of the digital objects on the network remain unchanged. This combination of distributed object storage and distributed ledger technologies serves to strengthen the twin goals of preservation and authentication.
Finally, where appropriate, the data can also be decrypted and then analyzed by a plurality of experts who can attest to the validity of the data and give proper context. This web of knowledge can also be secured and syndicated on decentralized systems to ensure those sensitive records are protected. Using both cryptographic methods and decentralized web protocols, human rights defenders around the world can preserve their investigatory documents until accountability proceedings take place.
The Starling Lab, based at the University of Southern California and Stanford, has developed and deployed some tools to preserve and validate evidence of historical events and human rights abuses. (Full disclosure: I am currently a Fellow at the Starling Lab.) In their first case study, Starling worked together with the Reuters News Agency to create a trusted photographic archive of the 78 days between the 2020 U.S. election and President Joe Biden’s inauguration. This database houses hashed and stored photos from this time period as well as the accompanying metadata to verify the photos, including time stamps, dates, and location of capture. Together, these data points serve to authenticate the digital copies of the photos and videos for later use in journalistic or legal proceedings.
One could imagine a similar system deployed in the Afghanistan human rights accountability context. Instead of storing hardcopies of sensitive interviews, forensic reports, and identifying information on paper in a physical archive located in Afghanistan, the documents could be hashed and stored on a decentralized web storage and distributed ledgers. Only authorized users within the decentralized network would have access to those documents, and any edits to the data would be logged in the hash value and detected by the network users. Together, the hash and the decentralized web protocol would provide an immutable record of these documents that can be digitally stored for decades until accountability proceedings take place. Thus, even with the unpredictably swift collapse of the Afghan government, these critical documents would be preserved for future use in accountability proceedings.
While technological solutions are not a panacea in the human rights accountability context, their strategic deployment can help alleviate some of the logistical difficulties of holding perpetrators to account. Of all of the potential use cases, sensitive human rights documentation is perfectly placed to benefit from both cryptographic methods and decentralized web protocols. Digitizing, hashing, and storing evidence of human rights abuses would insulate the physical documents from any number of risks including regional instability, natural disasters, or even regime change. Cryptography can help to embed trust in the documents and shore up vulnerabilities that arise between the moment that traditional human rights investigations take place and accountability proceedings begin, even when unpredictable and catastrophic events take place. Although resource constraints will naturally delay the deployment of these technologies, it is in the international community’s interest to prioritize the digital preservation of human rights documentation to prevent future loss of that invaluable work.