Computer and information security experts warn that defects in the biometric database the Interior Ministry is building could lead to information leaking from the system, according to a new report, released ahead of the conclusion of the biometric database’s trial period at the end of this month. The report’s authors say that the Biometric Database Management Authority left out information in its report on the trial period in an attempt to mislead decision-makers.
The report was published by the Digital Rights Movement, which opposes the biometric database. When the trial period is over, the Knesset will have to decide whether to require people to join the biometric database, continue the trial period or to delete the database.
Shortly after the previous interior minister, Gilad Erdan, announced he was going to move ahead on making the database obligatory, the state comptroller warned that he had found “essential faults” in the system and therefore requested that legislation be halted. The state comptroller’s report on the matter is to be published soon.
Last week the Knesset Control Committee’s sub-committee on security rejected a request by security agencies to make extensive parts of the report confidential, and allowed it to be published in full.
Interior Minister Silvan Shalom has not yet taken a stand on the database.
“The experts’ report analyzes and presents the faults and information gaps in the reports released by the biometric authority, to the extent of concern over intentional exclusion of information and systematic attempts to mislead Knesset members and the public with partial and false information,” a letter appended to the report states.
The report, which will be given to the prime minister, other ministers, MKs and the state comptroller, states that the Biometric Database Management Authority did not “meet its obligation to hold a true trial, which would provide the MKs with the information needed to make a considered decision with regard for the need for a data base, nor did it bother to seriously examine alternative methods to meet the requirements of the law.”
The report was written by Prof. Eli Biham, Zvi Dvir, Prof. Karine Nahon, Doron Shikmoni and attorney Yehonatan Klinger.
The authors found that the Biometric Database Management Authority contracted with private companies to obtain the sensitive information in its possession. For example, two years ago, the authority hired data backup services from the communications management firm Internet Binat and last year from Bezeq International. The report also found that the Biometric Database Management Authority maintains no physical separation between its communication networks but rather only an information separation program, although senior Interior Ministry and authority officials have said that the database is completely cut off from outside networks.
The report states that the 71 cases of mistaken identity involving the biometric database could have been avoided by the use of smart ID cards and that a central database is not necessary.
The report also said that the biometric authority of presenting wrong facts about biometric database worldwide. The authors based their information on a report by the Knesset research center that notes that joining a biometric database is for the most part on a voluntary basis in other countries. The report also says that the Biometric Database Authority did not look into accepted alternatives to such a database in other countries, as the law required it to do. According to the report, the authority gave unreasonably low grades to alternatives that it did examine.
The Biometric Database Authority responded: “The activities of the authority over the past two years were carried out under the oversight and close monitoring of a number of official bodies, which have recently issued concluding reports. All the bodies gave an unqualified recommendation that the need for the database has been proven and the trial period ended successfully and obligations were fulfilled as required.”
The authority said it had submitted a concluding report about two months ago to the interior minister, the prime minister and the Knesset, which “summarizes the trial period and details the activities implemented. At this point in time, it would be proper for opponents to read the report closely, understand that very professional, comprehensive and reliable work was done, and if they so desire, they can raise professional and germane questions.”
The authority also said: “The method of basing the report on partial data and half-truths is not professional and does a disservice to the truth. Despite our offers to these opponents to meet and receive answers to the questions that are bothering them, we never had the privilege of setting up such a meeting.”