June 16, 2015 -
The Digital Rights Movement has published a new report that criticizes the biometric database that Israel’s Interior Ministry is currently trialing, identifying a number of defects that could potentially result in data being leaked from the system, according to a report by Haaretz.
The move comes a couple of months after Israel Interior Minister Gilad Erdan presented legislation to enforce a mandatory national biometric identification system.
The new report, authored by computer and information security experts, is released in advance of the completion of the biometric database’s trial period, which will occur later this month.
The Biometric Database Management Authority purposely omitted vital information in its report on the trial period in an effort to mislead decision-makers, said the report.
When the database’s trial period ends, the Knesset will decide whether to make it mandatory for people to join the biometric database, continue the trial period or destroy the database.
This is not the first time the database has had some issues. Following the previous announcement by the interior minister that it planned to pass legislation to make the database mandatory, the state comptroller stated that he had detected “essential faults” in the system and that legislation should therefore be put on hold.
“The experts’ report analyzes and presents the faults and information gaps in the reports released by the biometric authority, to the extent of concern over intentional exclusion of information and systematic attempts to mislead Knesset members and the public with partial and false information,” a letter appended to the report states.
Authored by Professor Eli Biham, Zvi Dvir, Professor Karine Nahon, Doron Shikmoni and attorney Yehonatan Klinger, the report will be given to the Israeli prime minister, other ministers, MKs and the state comptroller.
The report states that the Biometric Database Management Authority did not “meet its obligation to hold a true trial, which would provide the MKs with the information needed to make a considered decision with regard for the need for a database, nor did it bother to seriously examine alternative methods to meet the requirements of the law.”
The authors found that the Biometric Database Management Authority contracted with private companies to collect the sensitive information in its possession, such as hiring data backup services from the communications management firm Internet Binat two years ago and from Bezeq International last year.
The report also states that the Biometric Database Management Authority does not maintain any physical separation between its communication networks, and instead, operates an information separation program. This contradicts the senior Interior Ministry and authority officials’ previous claims that the database is kept completely separate from outside networks.
Additionally, the report mentions that the Interior Ministry could have prevented the 71 cases of mistaken identity relating to the biometric database by simply using smart ID cards.
The report goes on to state that a central database is wholly unnecessary, that the biometric authority presented the wrong facts about biometric databases worldwide, and that the authority did not research or consider any accepted alternatives to developing a database.
In response to the Digital Rights Movement’s report, the authority said it had submitted a finalized report approximately two months ago to the interior minister, the prime minister and the Knesset, which “summarizes the trial period and details the activities implemented.”
The authority said the report was made available to any parties opposed to the database at the time, “and if they so desire, they can raise professional and germane questions.”
“The method of basing the report on partial data and half-truths is not professional and does a disservice to the truth,” said the authority. “Despite our offers to these opponents to meet and receive answers to the questions that are bothering them, we never had the privilege of setting up such a meeting.”