Civil and digital rights groups this week petitioned Israel’s High Court to cancel a pilot project for a nationwide biometric database that the government plans to create. The government, according to petitioners, will be unable to guarantee the security of the information in the database; if the database is hacked, citizens’ bank accounts, and perhaps lives, will be in danger, they say. And even if it is not hacked, the freedom and rights of Israelis could be compromised.
Among the groups demanding that the project be shelved are the Association for Civil Rights in Israel (ACRI) and Israel Digital Rights Movement (IDRM). “The concentration of all Israelis’ biometric information in one database allows an unprecedented ability to exert control” over Israelis, the petition read. “It constitutes an unacceptable and intolerable compromising of individual rights to privacy and freedom. It is an attempt to override the principles of democracy. And in addition, it jeopardizes the safety and security of the public.”
In 2009, the Knesset decided to adopt “smart” identity cards to replace the current laminated paper cards citizens are supposed to carry around. Counterfeit cards had become nearly commonplace, with fake cards serving individuals who sought to fraudulently obtain various benefits from the state, such as National Insurance stipends. The smart cards, advocates say, will put an end to the counterfeiting; instead of just a photo, which is the main identification feature on the current cards, smart cards will contain biometric information, including fingerprints and facial structure.
Producing such a card requires a very advanced technological operation, which the criminals who trade in false ID cards are unlikely to have. And since the identification information on the card needs to be matched with its holder via face pattern scans or fingerprint checks, the likelihood of counterfeiting is practically nil, supporters of the program say.
While the benefits of the smart card are acknowledged even by ACRI and IDRM, the utility of the biometric database is not. The database takes the concept of smart cards a step further, recording all the information on the cards in a central database. The idea is to allow security personnel to proactively detect the presence of “risky” individuals — terrorists, spies, etc. — without having to check their smart cards. A simple camera scan of a crowd at a train station, for example, would allow security personnel to check the database and weed out a potential terrorist or criminal.
The smart card and database laws were passed as part of the same bill, with the smart card aspect of the law kicking in only when the database is set to roll.
Clearly, say the petitioners, there is a huge opportunity for abuse by law enforcement authorities who have access to the database. Avner Pinchuk, the petitioner representing ACRI, is the head of digital privacy issues for the organization, and he has written extensively on the possibility that police could, for example, use the database to intimidate individuals who are considered “politically questionable,” such as right-wing “hilltop youth” or left-wing Peace Now protesters who demonstrate weekly against Israel’s security fence. In addition, Pinchuk has written, the recent mass thefts of credit card information from Israeli banks by Saudi and Iranian hackers proves that no data is completely secure. Were a terror group to invade the biometric database, the country’s security could be badly compromised.
Although the law authorizing both smart cards and the database was passed some three years ago, implementation has been delayed because of the ongoing public debate on the database. ACRI and other groups have sought numerous injunctions against the law, and the government has postponed implementation several times.
Since the passage of the law, changes have been made to the original plan to ensure that the information will not be abused by law enforcement authorities, and wouldn’t be useful to hackers even if they do break into the database (for example, by separating names, numbers, and fingerprints in the database so that even if the information is stolen, the hackers won’t know which prints belong to which number or identity without access to a code, which is kept separate from the database itself).
All that is well and good, say the petitioners.
But no one can foretell future events, and there is no way to know if the database will be abused in the future; and since the smart cards are quite effective at preventing counterfeiting, why not just rely on them, say the petitioners. Their stance is supported by numerous Knesset members, the most outspoken of whom has been the Likud’s Michael Eitan, who has said that implementation of the database “is the first step to a police state,” besides being a golden opportunity for hackers bent on compromising Israel’s security.
Knesset members who voted for the law say there is nothing to fear, with MK Meir Sheetrit (Kadima) going so far as to call those opposed to the database “paranoid.” Many countries use some form of biometric database (like the US, which uses facial biometric data on passports), and the freedom of residents of those countries has not been compromised. As far as hackers are concerned, said Sheetrit, “So let’s say they steal a database of fingerprints. What are they going to do with them?”
The petition’s target, the Population Registry, issued a statement saying: “The Biometric Database is designed to protect Israelis from identity theft and the counterfeiting of identity documents. The law passed in 2009 after extensive discussions and Knesset committee sessions, with strong participation by all ministers and relevant government officials, and especially by members of the Knesset Science, Interior, and Constitutional Committees. These discussions and sessions enabled all interested parties, including those opposed to the law, to express their positions.”
“We intend to study the petition and will respond to specific points in court,” the Population Registry’s statement concluded.