Hosting Israel’s National Biometric Database backup in commercial data center violates law: report
Israel’s National Biometric Database Authority has broken the law by hosting its backup in commercial database space owned and operated by a private company, the Jewish Press reports, based on documents originally reported by Hebrew-language daily Israel Hayom.
According to The Biometric Identification Methods and Biometric Identification Data in Identification Documents and Database Act, 5769 – 2009, individuals must pass a security check to perform actions that allow access to the database. The legislation also applies data access minimization and data protection rules. The backup database is stored on servers hosted by Bezeq International, but the Jewish Press reports that security experts say it should be stored offline in a government facility, in accordance with Biometric Identification act rules.
“The core activity of the Biometric Database Management Authority is the management and security of the biometric information of residents of the State of Israel,” the Interior Ministry wrote in a response to the original report. “The requested information is classified at the highest level, and therefore the ISA does not intend to disclose processes or methods of work relating to the manner in which the biometric information is stored or secured. The Authority is subject to and operates according to the requirements of the law and in accordance with the directives of the authorized bodies set out in the law.”
A private contractor who had been the database administrator for more than two years took the government to court after an Interior Ministry was chosen to take over the role to comply with the rules governing who is eligible to administer the sensitive database.