Israeli biometric database authority acknowledges potential security flaws
A legal adviser to the Israeli Biometric Database Management Authority acknowledged this week that the potential for database breaches of the country’s experimental biometric identity database couldn’t be ruled out, but that it was not a pressing concern.
According to a report in Haaretz, Naama Ben-Zvi, the attorney in charge of biometric applications for the Prime Minister’s Office, told the Knesset Constitution, Law and Justice committee, which is responsible for oversight of the database: “It’s a question of a risk management, what you want to achieve versus what you’re risking. Nobody will sign a security certificate that the database will never leak.”
The Movement for Digital Rights (MDR) spoke up about this disclosure saying it validated the group’s claim that the biometric database project could result in an invasion of citizens’ privacy. According to a report in The Jerusalem Post, MDR’s lawyer Yehonatan Kleigar commented: “At this meeting, they put the truth on the table for the first time [as the authority] said on the record that the working assumption was that the entire biometric database would be hacked … Now we are not the only ones who are saying this.”
The trial period for the biometric database project was supposed to wrap up at the end of this month after being extended once, but last month Interior Minister Arye Dery said he would ask the Knesset to extend the trial period another nine months, but, according to the Chair of the Knesset panel overseeing the project, he has yet to submit an official request to the Knesset on this issue.
Ben-Zvi noted that the committee set up to oversee the database experiment had recommended against extending the trial period and that the committee’s view is that the database is essential, but that it should only include low-res face photos, and not fingerprints. The recommendation, issued last month, said the committee opposed including fingerprints “in light of the existing risks in managing this sensitive database over time and the need to choose the alternative which constitutes an invasion of privacy that isn’t greater than necessary, that includes the minimum amount of information needed to achieve a satisfactory result.”
The head of the Biometric Database Management Authority, Jon Kamni, said 935,000 Israelis have voluntarily joined the national database and that 1.5 million digital identity cards and passports have been issued.