Israel's secret biometric database revealed
The database was created without planning by Israel’s Population and Immigration Authority, which wants to legalize it, without the restrictions regulating the country’s official database
Omer Kabir | 10:39, 17.07.21
We all make mistakes at work. It's natural. We sometimes do not understand enough about what we are doing, sometimes unexpected external factors surprise us, and sometimes the best intentions go wrong. Israel’s Population and Immigration Authority had a work error of such: unintentionally, creating a secret biometric database that operates alongside the official biometric database, and which includes face images of most Israeli citizens. However, now that this oversight has been exposed, the governmental office is not apologizing for its mistake or working to correct it. Rather, it seeks to legalize it and create a second large-scale biometric database, with significantly fewer protections than those of the official database.
The existence of the secret database was revealed in a report from the Executive Director of the Identity and Biometric Applications Unit in the Israel National Cyber Directorate, which was sent in June to the Minister of the Interior, Ayelet Shaked, and was obtained by Calcalist. Alongside the secret database, the report reveals a number of significant shortcomings in the activities of the biometric database and the Smart IDs project. From a dispute between the office of the commissioner and the biometric authority that prevents supervision of the database, to a lack of coordination between the various authorities, which prevents the project from reaching its goal: Countering identity theft.
"In the past 12 years, the government has built walls of a transparent prison around us. A biometric database, phone triangulation, driver's license database, Ein HaNatz (License Plate Recognition system), and now also the Population Authority’s database," said Nir Hirshman of the Digital Rights Movement. “We all saw how easy it is to degenerate into a dictatorship. Part of the change required by the new government is to steer the wheel in this context as well and put us back on a liberal democratic path. Enough with surveillance, enough with the destruction of privacy. If there is a database that has been created unlawfully, it should be deleted immediately and those responsible for its creation should be prosecuted. Any such database is a potentially dirty bomb, which could leak into the hands of hostile elements, or be used by the enemies of democracy."
The biggest issue arising from the report is that without any intention at all, the Population Authority has created another biometric database of facial images, without all the limitations and protections of the official biometric database. How did it happen? The law allows the Population Authority to keep on its computers face images in low quality taken for the official database for the purpose of "visual presentation". Such an image is defined by law as an image that allows visual identification of its subject, but that the biometric data that can be extracted from it is not sufficient for computerized identity verification.
And that's really what the authority did. But then, something that should have been anticipated happened: technological development. "In recent years there has been significant progress in facial recognition algorithms, which are now much more advanced compared to the technological capabilities that existed at the time the law was drafted," the report reads. "A test conducted by the Executive Director's unit, using up-to-date algorithms, indicated that the accuracy ratio of comparison of low-quality images is similar to the accuracy rate of the original images. The lower-quality facial images stored in the Population Authority's systems constitute a “biometric means of identification” and a biometric database for all intents and purposes. The current situation, in which the Population Authority does not meet the requirements of the law, is unreasonable, especially considering the long period of time."
You might expect the authority to take responsibility for the situation and work to remedy it, but no. "This issue has many practical and operational implications that will affect the authority’s ability to fulfill its purpose, will impact its day-to-day work, will have a direct impact on the service to the citizens and its capabilities to execute its responsibilities within its role," the Population Authority responded. "The authority's position is that legislative changes must be made to allow it to continue to hold on to photos. The Population Authority will initiate legislative changes when a government is formed."
This means that after unintentionally establishing an illegal biometric database of facial images and being exposed, the Authority now seeks to retroactively legitimize the existence of this database.
However, unlike the official biometric database, there are no protections, such as separating biometric information from identifying information, complete isolation from outside networks, and stringent access restrictions.
This is a clear example of the slippery slope of violation of individual freedom and civil rights. Sometimes it is created through legislation, as in the case of the face recognition camera system that the police seek to set up. But sometimes we go through it by mere inertia, as a result of seemingly unintentional and unrelated events, which is the case here.
What is really troubling is that these two slippery slopes may converge into one: once the police have their face recognition biometric camera system, they will likely want access to a biometric database of citizens in order to identify them. And here it has a biometric database for all intents and purposes that doesn’t require overcoming complex legislative defenses to access it. It may even be possible to make do with sending a polite request to some clerk.
Another significant failure has to do with the authorities’ handling of impersonation attempts when issuing biometric documents. "According to the procedure, an official of the Population Authority at the bureau where a suspicion of impersonation arises files a complaint on the matter at a local police station," the report reads. "But because the police file the complaints according to the ID number of the person reporting them, then each complaint is handled separately and not as part of all the complaints of the Population Authority. This practice results in the dismissal of most complaints due to a ‘lack of public interests.’ Hence, although one of the main goals of the smart documentation project is to prevent deception, in practice, suspicions of forgery and impersonation are not investigated. The manner in which the issue is dealt with is flawed and may harm the response to impersonation.”
The report also unveils failures in the executive director’s ability to oversee the biometric database. "The office of the Executive Director regularly encounters ongoing difficulties in carrying out the supervision of the database, which are manifested in repeated delays in document sharing and in the delay of tasks and discussions," it states. "This situation makes it difficult for the commissioner to fulfill his duties under the law. Therefore, the Executive Director seeks the intervention of the relevant bodies in the Ministry of the Interior in order for these issues to be addressed immediately."
The Identity and Biometric Applications Unit, in response, placed the responsibility on the executive director himself: “Oversight that is not conducted with transparency and presents summaries that do not faithfully reflect what is said in discussions creates difficulty for the authority to perform its tasks successfully under the law. In addition, tasks assigned to the authority, which are not always under the authority’s responsibility and by law (such as the analysis and segmentation of data from the database and / or the changing of tasks to be performed) place an unreasonable burden on the authority, which is already limited in its human and technological resources, and lead to harming its day-to-day activities, as well as its work plan.” In one example brought up in the response, a classified matter that was not in the work plan was inspected by the authority. Afterwhich, “demands were received from the executive director for further inspections, although they did not relate to the database. And although it has been clarified that these tasks will impair the ability to perform other tasks due to limited resources."
The director disagrees with these allegations writing in his report that: "The dates of the periodic hearings are coordinated at the beginning of the year and with a bi-monthly frequency. The summaries of the discussions are sent to the authority and if it believes that the summary does not reflect what was said, it sends its comments. When necessary, an amended summary is issued."
The report also says that the biometric comparison system in the database has not been calibrated for the past four years. This system is crucial for the biometric database, and without it, the images and fingerprints stored in it are meaningless. The authority said in a response that the calibration could not be carried out without the involvement of the supplier in the process, which should be physically present, however, due to Covid-19 limitations it was not possible to bring in experts from abroad for non-emergency needs.