Should Israelis fear biometric database?

The Israeli government is likely to soon decide whether to establish a biometric database of all citizens, a move strongly opposed by cybersecurity experts and civil rights groups.

al-monitor A person uses a sensor for biometric identification, Oct. 16, 2015.  Photo by REUTERS/Fabrizio Bensch.

Topics covered

terrorism, right to privacy, privacy, intifada, identity, biometrics

Dec 18, 2015

Following the Nov. 13 attacks in Paris by the Islamic State (IS), a three-panel cartoon circulated on social networks. The first panel shows a woman wearing a skirt with the French word “Liberté” (freedom) on its hem and walking a leashed dinosaur with the word “Sécurité” (security) on its back. In the second panel, the dinosaur has become much larger, while the woman is much smaller and struggles to lead him. In the third panel, the dinosaur is devouring her. The moral is clear: Faced with a security threat, many would justify measures infringing on individual freedom and civil rights, as long as such measures are taken to protect their lives.

In a related matter, an Israeli government pilot program to establish a biometric database of all citizens is scheduled to conclude in March 2016. With Israelis in a panic over the ongoing wave of terror attacks by Palestinians, the timing couldn't be more perfect for the public's acceptance, with resignation, of a far-reaching violation of privacy, even though it is rather doubtful that such a violation would actually help against terrorism.

The Knesset passed a bill in December 2009 to establish a biometric database of all citizens. Given the controversy over the proposed bill, however, the Ministry of Interior launched a voluntary pilot project in July 2013, offering citizens the option of having their biometric indices — that is, scanned facial features and fingerprints — stored in the database. Under the plan, the pilot was to be carried out over two years, after which the government would decide whether to enact into law the bill requiring all citizens to participate.

The March 2015 Knesset elections happened to coincide with the date for the pilot's conclusion, so Interior Minister Silvan Shalom decided to extend the program until March 2016. According to Shalom, as of June 2015 some 730,000 people had taken part in the pilot.

Jonathan Klinger, an attorney and legal adviser to the Digital Rights Movement, argues that this was achieved at least in part through deceptive tactics and sometimes coercion. He recounts seeing people applying for new IDs being pushed into getting biometric cards by being told it was their only option, rather than a voluntary option and that they could also opt for a regular ID. The Ministry of Interior's Biometric Database Management Authority flatly denies the allegation.

Yet, what bothers a number of information security experts is the state's insistence on not only collecting biometric data for use in ID cards, but also on storing the data in a single, all-inclusive database. In Israel, where in the past sensitive databases have been breached or leaked, experts fear that the release of the information in the biometric database will only be a matter of time.

“It is a question of cost versus benefit,” said Nurit Gal-Oz, head of the computer science department at Sapir Academic College and who led a session on the issue at the Israel: Sderot Conference on Society, Nov. 24-25. The Interior Ministry did not send a representative to the debate.

“If the database is leaked, it will be possible to [falsely] incriminate people or to counterfeit [identity papers] and who knows what else. People are worried about being stabbed on the street, but does this justify tracking citizens wherever they go? Is this reason enough to allow the authorities to crosscheck information and thus figure out exactly who you're hanging out with, what organizations you're affiliated with or what your sexual preferences and political leanings are?”

Eli Biham, former dean of the Technion: Israeli Institute of Technology's computer science department and current head of the Cyber Center there, said the database will not help in identifying terrorists at the scene of an unfolding attack or prevent mistaken identification of Israelis as attackers. “The database will not be activated automatically,” he explained. “The gun is operated only by the security agent who has his finger on the trigger. It does not receive data from the database confirming whether the target is an attacker or an innocent Israeli citizen. So, as long as we don't implant a wireless chip in the head of every Israeli citizen — a chip connected directly to the database and from there to the weapons of the security agents — biometrics cannot prevent shootings.” 

Biham added, “The authorities resort to demagogic argumentation, citing security incidents that allegedly could have been prevented by a biometric database — for instance, the Passover massacre at the Park Hotel [in March 2002] perpetrated by terrorists from the territories who managed to cross the Green Line and enter Netanya using fake IDs. The answer to this is simple: To date, the Ministry of Interior has been supporting technology susceptible to forgery. In Europe, smart identification cards that cannot be readily forged have been in use for 20 years now, but here in Israel, the option of identification by smart ID cards that are hard to counterfeit has still not been implemented due to the [state's] insistence on adding biometrics. The Ministry of Interior uses its failure as a justification for embedding quite unnecessary privacy-violating features [in cards].”

The Interior Ministry declined comment on such claims. The Biometric Database Management Authority maintains that the smart ID cards that Biham refers to are not enough to ensure security.

Biham is concerned about the potential threats to the security interests of Israel because of the possibility that the biometric database could be leaked to unfriendly countries. Such an event could enable them to identify Israelis. “They say there will be no invasion of privacy as the fingerprints and scanned facial features will not be linked to any specific ID number,” Biham said. “However, let's say the database is leaked to Dubai. Then what?”

Biham's comments hint at the assassination of Hamas operative Mahmoud al-Mabhouh in Dubai in 2010, attributed in foreign reports to Mossad agents who entered Dubai on false passports. According to the reports, such an operation would have been compromised if Dubai had had the fingerprints of Israeli citizens in its possession. “Dubai would not be interested in the specific identity of any citizen [seeking entry to the state], but only in the fact that it's an Israeli citizen who is trying to enter the country,” said Biham. According to experts, Mossad agents would most likely not be required to provide their biometric data to the general database.​

The Biometric Database Management Authority disdainfully dismisses Biham's concerns about a security breach. “Come on,” said an official at the authority speaking on condition of anonymity. “What's the odds of the database reaching Dubai? These are speculative, unrealistic scenarios.” An official response to Al-Monitor noted that “equally sensitive databases are managed by bodies such as the Israel Defense Forces, Shin Bet, Mossad and other organizations. And they have never been breached or leaked.”

“The Biometric Database Management Authority is run unprofessionally. The State Comptroller of Israel himself has asserted that they lied to the interior minister,” said Klinger. “These are people unfit to run a grocery store. The biometric database is liable to tip the relationship between citizen and society in a democratic state, turning us all into suspects — a mere computerized figure. Israel already has databases for all sorts of groups that the state wants to supervise, such as foreign workers, and this can be legally justified. However, a citizen who has a right to the presumption of innocence should not be included in the same data pool as people whose identity can be accessed from afar [by computer].”

Officials from the Biometric Database Management Authority reject these arguments out of hand. The authority's website explains that supervision of the database will be rigorous and that only a few people will have access to it. They argue that the database is designed to prevent the forgery of ID cards, rather than the tracking and monitoring of citizens. The authority claims, “No access to the biometric data stored in the database will be granted to the police, the Population Authority or any other entity. Retrieval of information from the biometric database shall be prohibited under the law.”

“The problem is that nobody knows what will happen next,” said Gal-Oz. “What will future governments do? With what elements will they cooperate?” Biham shares these concerns, stating, “As soon as they acquire the data, they will end up using it.” According to him, one would be hard pressed to find experts outside the security and political establishments willing to vouch for the biometric database, because it is not a good solution to the problems of terrorism or secure IDs.

Alas, unlike some experts, it seems that quite a number of Israelis could be convinced of the need for a biometric database, given the security situation in Israel, even though they might end up being the ones targeted.

Continue reading this article by registering at no cost and get unlimited access to:
  • Al-Monitor Archives
  • The Week in Review
  • Exclusive Events
  • Invitation-only Briefings

More from  Israel

al-monitor
Alliance with ultra-Orthodox could bring Netanyahu down
Mazal Mualem | Education | Oct 20, 2020
al-monitor
UAE delegation arrives in Israel
Rina Bassist | | Oct 20, 2020
al-monitor
Israel’s Bennett in dilemma over his growing popularity
Ben Caspit | Israeli elections | Oct 20, 2020
al-monitor
Israel, Bahrain establish diplomatic relations at a ceremony in Manama
Rina Bassist | Israeli-Gulf relations | Oct 19, 2020