Israel’s Biometric Database Authority fails to report 2 security incidents
Israel Hayom reports that the Israeli National Biometric Database Authority (BDA) failed to report two information security incidents to the parliamentary committee overseeing its operations.
The incidents reportedly took place in 2017 and 2018 and that in failing to report the issue, the BDA essentially broke the law as according to the Biometric Database Law, the BDA is required to report any information security event to the Knesset Committee on Biometric Applications.
The BDA maintains that citizens’ privacy was not compromised by either incident, and says both were extensively investigated by the Israel National Cyber Directorate. A spokesperson for the Israeli Digital Rights Movement told local media that the BDA’s disregard for the law “is one of the symptoms of a system that doesn’t give a damn about its citizens,” adding that the situation “brings to light troubling questions about the BDA’s operations.”
The biometric database has long been under criticism from information security experts and privacy groups who argue that it fails to meet the necessary security standards required to protect the data stored in its servers. The management of the database has been contested in court after it was allegedly performed by a private contractor for two years, in violation of the laws establishing it. Last year a committee reviewing the country’s biometric database law found that the fingerprint identification system was suffering high rates of failure when used both at the country’s borders and by police.