Nearly four years after the Knesset passed a law authorizing it, a public “beta test” of Israel’s biometric database system was launched on Monday.
Residents of the central Israeli town of Rishon Lezion were invited to trade in their current Israeli identity cards for a new “smart card” that will digitally encode not only their personal information, but also their fingerprints, photo, and facial profile (the contours and other details of the face). The government will study the results of the voluntary pilot program, searching out glitches and problems in the system before it becomes mandatory — according to plans, in two years.
One of the main reasons to volunteer for the program, say advocates, is that it makes identity theft much more difficult. Probably the strongest advocate of the system is MK Meir Sheetrit (Hatnua), who proposed the law and got it passed when he was interior minister in 2009. “With the biometric database, the state will be able to issue identity cards and passports that cannot be copied or fabricated,” Sheetrit said in a radio interview Monday.
“The current ID cards are very easy to fake, and there are hundreds of thousands of people, including illegal aliens and Palestinians, who are walking around with phony ID cards, using the identities of law-abiding Israelis to commit many crimes. The burden of proof of their innocence is on the heads of those whose identities were stolen,” Sheetrit added. “Establishing and implementing this database is a security priority of the first order.”
But Sheetrit is one of the few public voices advocating for the biometric database. Under pressure from many MKs, organizations, and activists, the government has already several times postponed implementing the program’s pilot phase. Opponents say that, given that Israelis has no constitutional protections (other than the Basic Laws, which, opponents say, do not provide a remedy to abuses of privacy in the use of biometric database information), the likelihood of misuse of private information is high.
Avner Pinchuk, the head of digital privacy issues for the Association for Civil Rights in Israel, has written extensively on the possibility that police could, for example, use the database to intimidate individuals who are considered “politically questionable,” such as right-wing “hilltop youth” or left-wing activists who demonstrate weekly against Israel’s security fence. In addition, Pinchuk has written, the recent mass thefts of credit card information from Israeli banks by Saudi and Iranian hackers prove that no data is completely secure. If a hacker were to invade the biometric database, the country’s security could be badly compromised, enabling terrorists to create “foolproof” Israeli ID cards that would allow them unfettered access to Israel’s population centers, where they could carry out attacks.
ACRI, along with other groups, has filed numerous petitions with the High Court seeking injunctions against the implementation of the pilot program. The latest was dismissed just several weeks ago, removing the last obstacle to launching the program.
As if to confirm Pinchuk’s and others’ security fears, a Justice Ministry report leaked to the media over the weekend said that, despite the extra time the government has had to prepare for the database’s implementation, it suffered from significant security problems, even on the eve of the pilot program’s introduction. The report pointed to a shocking lack of security — the software didn’t even have an antivirus program. In addition, a team from the ministry’s Technology Authority, as well as a team from private security firm Comsec, were able to break into the database, the report said.
One of the reasons for the lack of security, the report said, was that apparently administrators apparently feel that since the system is “closed,” and there is no access to it from outside networks, it is safe from hacking. But that leaves open the possibility of “internal hacking,” the report said, in which a disgruntled employee or hacker could access records using a USB drive, for example, similar to the data theft committed by former IDF soldier Anat Kam.
In response, the Population Registry issued a statement saying that things weren’t so bad. “The Justice Ministry’s report does not relate to information loaded onto the biometric smart cards, but to information that it is checked against online government databases,” which presumably would not allow access to a user if the data did not match the information on the card.
That’s still no comfort to opponents of the database, including former Likud minister and MK Michael Eitan, one of the most outspoken opponents of the project. Security issues aside, said Eitan, “the issue of the biometric database is an issue of how we see the future of Israel. Will we be a free country that respects the privacy of its citizens like the advanced countries of the world, or will we turn into one of the leading ‘police states’ in the world?”
Eitan’s method of battling the system: Just ignore it. “As of now there is no obligation to join the pilot program, and I see no reason why Israelis should turn themselves into guinea pigs for a project that will not benefit in any way Israelis, the country, or our security.”