Despite the fact that nearly 200,000 Israelis have already voluntarily joined the biometric database project, the Digital Rights Movement is claiming that the security of the database, which stores the biometric and personal data of its subjects, has not been secured, as required by law. The Database Management Authority released a report last month, which brought to light that seemingly, only now “The preparations are being completed at the Immigration and Population Authority to perform survey summaries and independent penetration tests.”
In a letter sent to the Minister of the Interior, the Digital Rights Movement stressed that it is strongly opposed to the fact that although the pilot program has been running since the end of June 2013, it has yet to implement the necessary security checks. The Movement emphasized in the letter that “the Information Security Authority requires a risk survey and penetration tests as a condition for approval that the [biometric] system was tested and found to comply with the level of security required. It is not enough to complete the preparations for conducting the risk and penetration tests, rather, they need to be effectively carried out and to repair any security defects that come to light as a result. As long as the penetration tests have not successfully been completed, it cannot be said that the data of the citizens that volunteered for the biometric experiment are stored properly.”
In response, The Biometric Database Management Authority said that the position of the Digital Rights Movement reflects a lack of understanding of information security processes necessary for the database, and contrary to what was stated in the letter, all security checks were carried out as required and all approvals received in order to operate the biometric database. Source: Calcalist (In Hebrew, by: Omer Kabir).