Former Israeli privacy commissioner: 'the national biometric database is prone to security threats'

In December 2009, the Israeli parliament (the 'Knesset') enacted the Biometric Identifiers and Biometric Data Inclusion in Identification Documents and in a Database Act (the "Biometric Act"; see our detailed article). The Biometric Act's primary purpose was to tackle large-scale loss and theft of identification cards and passports, later used by criminals and terrorists. This past July, the Israeli Ministry of Interior's Population, Immigration and Border Authority (PIBA) launched a two-year pilot phase of the biometric database. During this pilot phase, Israeli citizens who choose to participate in the pilot will be asked to provide their fingerprints and be facially photographed. They will then be issued smart national ID Cards, which are encoded with their collected biometric data.

But in an interview to Globes (see full article in Hebrew), advocate Yoram Hacohen, until recently the head of the Israeli Law, Information and Technology Authority (ILITA, the Israeli privacy regulator), reveals that Israel "could have already had smart national ID cards in 2009, which would have been very difficult to counterfeit physically and impossible to hack-into electronically, if only [the decision-makers] had said 'let's wait with the [biometric] database, conduct a thorough review, and examine what is done [in this field] throughout the world' ".

Hacohen harshly criticizes the decision by Mr. Meir Shitrit, the then-Minister of Interior, to establish a national biometric database, "he said that a national ID card without a biometric database is not a good ID card. That statement is unjustified. Even PIBA didn't want the biometric database at the time, because it significantly complicates the procedure of issuing smart ID cards… Members of the Knesset allowed Mr. Shitrit to conduct the legislative process and didn't ask questions. They acted as if it was his own matter, they only participated in the final votes and didn't comprehend that it isn't a matter of technological bits but a matter that lies at the very essence of democracy."

Advocate Hacohen, who as the head of ILITA was also the Database Registrar under the Israeli Protection of Privacy Law, warns that the State of Israel does not adequately protect its databases, in that "it safeguards the databases of the IDF, the Mossad and those of critical infrastructures. But everything else is protected in a far lesser manner, and the potential damage is overwhelming". According to Hacohen, "the information [in the biometric database], could be a strategic asset to crime organizations – for example, information pertaining to people in the witness protection program – therefore, there is a greater threat of attempts to gain unauthorized access".