Privacy Advisor

Global Privacy Dispatches- Israel- Biometric Database

August 1, 2008

By Dan Or-Hof, CIPP

A New National Biometric Database Threatens Privacy

A draft bill on biometric identification recently has been introduced by the Israeli Home Office. The Israeli government is looking to regulate the legal status of biometric national IDs, travel documents and passports, but its proposal goes one step further than legislation adopted in the more than 40 countries that have already introduced biometric passports, in a way that poses a significant threat to privacy.

Under the proposed bill, every citizen will be compelled to provide two fingerprint samples and a facial photograph, to be digitally stored in a national database and on chips embedded in passports and national IDs. (National IDs are mandatory in Israel for citizens over the age of 16.) The digital ID will also carry an electronic signature, thus allowing the execution of transactions that require signature by digitally signing them.

A special authority will be established under the Home Office to supervise the use of the national biometric database. On top of the fingerprints and facial photographs, the national biometric database may include additional unique biological and physiological data that can assist in identifying and authenticating the identity of persons.

The database will be available for use by the Shin Bet domestic security agency and the Mossad intelligence service without the need for a court approval. Although the database is predominantly meant to regulate the identification of citizens in transit in and out of the country, the proposed bill allows a district court, after considering the privacy implications, to issue a special warrant authorizing the police to use information contained in the database to investigate and prevent felonies.

A special committee composed of members from the Home Office and the security and intelligence services will formulate rules to secure the sensitive data and to tackle data breaches and misuse.

Justifications


According to statistical data provided by the Home Office, more than 155,000 national IDs are lost or stolen every year, and 52 percent of the applicants for new IDs have criminal records.

As indicated in the explanatory notes, the proposed bill sets out to make the counterfeiting and illegal use of national IDs and passports more difficult. The collection and use of biometric data will also simplify the identification procedures in cases of mass disasters and support the investigation and prevention of crimes and terrorist attacks.

Privacy Concerns

The proposed national database will contain sensitive personal information of unprecedented scale and security agencies will have access to that data for all purposes of national security and crime prevention. As a result, an initiative that was initially intended to regulate electronic identification in borders and regulate digital transactions has evidently evolved into an effort to significantly enhance mass surveillance.

Privacy advocates urge the Home Office to re-evaluate the potential grave risks to information security and privacy that the bill poses and to re-consider the need to collect and store the biometric data.

Furthermore, the reliability of a biometric system to provide definitive identification is highly questionable for numerous reasons, among them: biometric data is unique and there is no feasible method to compensate for the loss, or misuse of such data; other national databases have been breached, hacked, intercepted or misused, and personal information compromised as a result. Security measures and safeguards can reduce such risks but cannot eliminate them; biometric systems produce false-negative and false-positive results, thus transferring an extremely difficult burden onto the individual to prove that she is who she claims to be (or is not what the government official claims she is); The chips embedded in passports and national IDs will undoubtedly be subject to constant criminal and hostile efforts to crack the security measures and access the data contained in them.

Further Deliberations


The draft bill was submitted for review to the chief justice of the Supreme Court, the chief prosecutor (formally known as the legal advisor to the government), the Association for Civil Rights in Israel, the deans of the four leading law faculties and other figures and institutions in the Israeli legal community.

It is expected that further public deliberations will be made before the bill is submitted for first reading by the Knesset, the Israeli parliament.

Dan Or-Hof is a senior counsel at Pearl Cohen Zedek and Latzer LLP, with specific expertise in data protetion and privacy law. He may be reached at dano@pczlaw.com.