In Israel, a heated debate is underway about whether Israel’s Interior Ministry will move ahead with the creation of a governmental biometric database containing digital fingerprints and facial photographs, which would be linked to “smart” national ID cards containing microchips. At the heart of the issue is a major concern about privacy: Aggregated personal information invites security breaches, and large databases of biometric information can be honeypots of sensitive data vulnerable to exploitation.
On July 23, Israel’s High Court of Justice held a hearing on a petition filed by civil rights advocates who sought to strike down a law establishing a governmental biometric database and an associated two-year pilot program. The law approving the database, enacted in 2009, met with public resistance until the government backed down and agreed to begin with only the pilot program. The pilot was supposed to be a test for determining whether it was actually necessary to move forward with building the biometric database, but an Interior Ministry decree that sanctioned the program did not actually contain any criteria to measure whether the program succeeded or failed.
While three justices voiced harsh criticism of the database, they didn’t move to cancel the project altogether. Instead, they determined that the pilot program description has to present clear criteria for success and failure, so that it would be conducted as a true test. The ruling requires the Interior Ministry to examine the very necessity of a central database, and to seriously weigh possible alternatives. The court also called for an independent review of the program, and preserved petitioners’ right to return and present their claims against the database and pilot program.
In the course of the hearing, several justices characterized the proposed database as a “harmful” and “extreme” measure. They have good reason to be skittish: Last fall, officials discovered that information in Israel’s primary population database had been hacked in 2006, and the personal records of some 9 million Israelis—both living and dead—were uploaded to the Internet and made freely available. The database contained substantial information including full names, identity numbers, addresses, dates of birth and death, immigration dates and familial relationships. Given this blemished track record, there is naturally a concern that a database that also contained biometric information would meet the same fate.
“Every once in a while, we find the census in .torrent files all over the web,” noted Jonathan Klinger, an attorney who teamed up with Association for Civil Rights in Israel (ACRI) lawyer Avner Pinchuk in opposing the biometric database. The petitioners included ACRI, the Movement for Digital Rights, Professor Karin Nahon of the University of Washington and Hebrew University, and Doron Ofek, an information security expert.
“The State in fact accepted the position of the petitioners and the Justices, according to which the order establishing the biometric database is illegal and does not enable an examination of the database’s necessity,” noted Pinchuk, the ACRI attorney. “The Interior Ministry’s intention to establish a database even before this essential flaw is amended demonstrates the hastiness and aggression that have characterized this dangerous project since its inception.”
Israel's biometric database is just one of several massive governmental identification programs moving forward at the global level. India is still working toward creating the world’s largest database of irises, fingerprints and facial photos, while Argentina is building a nationwide biometric database of it own. As more of these identity schemes crop up across the world, serious critical examination of these systems is urgently needed.