Israel launches controversial biometric database
Since mid-2012 the Hebrew University International Human Rights Clinic has been collaborating with Privacy International to produce research about the state of privacy laws and protections in Israel and worldwide.
Last week marked the launch of a long-anticipated pilot of a controversial Israeli biometric database, a project that has been the target of civil society protest and the subject of a challenge in the Israeli Supreme Court.
While there is no shortage of institutions maintaining databases containing personal information of large sections of Israeli society – Israel’s Defense Force, the Bureau of Motor Vehicles, and the Election Authorities, to name just a few – this latest effort raises particular concerns about privacy and the protections of civil liberties.
Concerns from the start
The legislative roots of the database hark back to 2008, when the “Bill for the Inclusion of Biometric Means of Identification within Identification Documentation and Database”, was brought before Israel’s Knesset. The Bill passed in 2009 and the process of bringing it into force began in 2011. The government presented the Bill as an important means of making identity cards less susceptible to forgery and misuse by criminals or terrorists.
Although the Bill contained provisions designed to ensure that the gathering of biometric information would be consistent with respect for human dignity and privacy, it roused the concerns of civil liberties groups. Of great concern was the proposed process of issuing biometric “smart cards”, which would save an individual’s information in a biometric database, rather than saving this information on a ‘smart chip’ contained within the identity card itself.
Local civil society organisations publicly voiced their concerns that the establishment of a biometric database is an extreme and unjustified invasion of citizens’ privacy, which is disproportionate to any practical gains that might be achieved by the accessibility of this information. They also raised concerns regarding the ability to protect the information stored in a biometric database. This public reaction ultimately resulted in an amendment to the proposed law, which required the establishment of a pilot program to test both the efficacy and the necessity of establishing the biometric database.
An unnecessary database
Nevertheless, the resulting Biometric Database Law still raises a number of issues.
First, it must be said that the establishment of this database is unnecessary in order to issue “smart cards” to Israel’s citizens, and the very existence of such a database will make very personal information vulnerable to leaks. Such incidents are not without precedent – for example, in 2006 information contained in the Israel Census Authority’s database, including identity card numbers, dates of birth and death, addresses and familial connections of over 9 million citizens was leaked over the internet.
Biometric information has been characterized as equivalent to the “person herself” – information like fingerprints and voice is unique and immutable, unchangeable except by extreme measures, and the leaking of this information, it is contended, would be an even greater violation of citizens’ rights than previous leaks, as damaging as they have been.
Even in the absence of illegal breaches and leaks, there is an equally serious concern about the database. Under the original proposed Biometric Database law, all citizens would be required to cooperate with State officials gathering biometric information, and biometric information may be taken from individuals in order to compare it to the data stored in the database, for example in criminal procedures.
As a result, and particularly in light of the sensitive security situation in Israel, citizens' private information is in danger of excessive, disproportionate exposure. Access could be allowed to organs of the government and other bodies that Parliament never intended. There is no guarantee, under the proposed Biometric Database Law, that this expansion of access to the database will be prevented in the future.
Fight in the courts
In February 2012, a petition was lodged with Israel’s High Court of Justice by the Association for Civil Rights in Israel (ACRI) and The Movement for Digital Rights, inter alia, in protest of the pilot. The petition criticized the Biometric Database Law, and also stated that the proposed pilot did not include criteria for success and failure, or allow a real examination of this measure is necessary.
The petition was not accepted by the High Court, but in July 2012, the Court ruled on a series of measures to be adopted before the pilot could be launched, including that the Minister of the Interior examine afresh the order establishing the pilot program, and that it must consider whether a database was necessary or whether other, less injurious alternatives might suffice.
The program for the Biometric Database pilot has been revised, and the two-year pilot began last week. Following the pilot, a decision will be made regarding whether the database should be continued, and whether the Biometric Database Law should be allowed to enter fully into force. The precise parameters by which the success or failure of the pilot will be determined are still unknown.