Did the Israeli Biometric Database undergo the required security test?

Despite the fact that nearly 200,000 Israelis have already voluntarily joined the Israeli Biometric Database Project, the Digital Rights Movement alleges that the security of the database, which stores the biometric and personal data of the 200,000 participants, has not been properly tested, as required by law. The Biometric Database Management Authority released a report last month, which brought to light that seemingly, only now “the preparations are being completed at the Immigration Authority to perform risk analyses and independent penetration tests”.

 

In a letter sent to the Minister of the Interior, the Digital Rights Movement stressed the severity in that although the pilot program has been running since the end of June 2013, it has yet to implement the necessary security tests. The Movement emphasized in the letter that “The Israeli National Information Security Authority requires a risk analysis and penetration tests as a condition for approval that the [biometric] system was tested and found to comply with the level of security required. It is not enough to complete the preparations for conducting risk analysis and penetration tests, rather, they need to be carried out in practice and any security defects revealed must be repaired.  As long as the penetration tests have not successfully been completed, it cannot be said that the data of the citizens that volunteered for the biometric experiment are adequately stored”.

 

In response, the Biometric Database Management Authority said that the position of the Digital Rights Movement reflects a lack of understanding of the information security processes necessary for the database, and that contrary to what the letter alleged, all security checks were carried out as required and all approvals were received in order to operate the biometric database. Source: Calcalist (In Hebrew, by: Omer Kabir).