The Biggest Problem With Israel’s New Biometric Database: Police Misusing Citizens' Data

High-level security isn't enough to protect fingerprints and other identifying biological traits, allowing hundreds of police to peer into Israelis' private lives.

When Interior Minister Gideon Sa’ar launched the trial period for Israel’s biometric database on Sunday, he almost pleaded with the public not to be alarmed. “There is no reason to panic,” he said, promising that the system that was set up “met the highest standards of data security and privacy protection.”

No doubt the database has high-level security to reassure citizens, but that won’t protect individuals’ private information - such as their fingerprints and other identifying biological traits - from those permitted to enter the database. Based on the Israel Police’s experience with databases, assumptions can be made about what will happen without strong safeguards to prevent the misuse of the biometric information by those permitted access.

The Israel Police has its own database and relatively easy access to the country’s largest collections of personal information. The police can request information from government ministries, Internet companies, credit card companies and cellphone companies. In emergency situations, the police can even access databases without a court order.

According to police regulations, the use of databases is limited to a defined group of police officers and is meant for work purposes only. However, hundreds of police, mainly officers, have official approval to access databases that allow them to peer into our private lives.

An examination of police disciplinary tribunal hearings shows that in recent years there have been dozens of disciplinary cases involving police use of databases for private purposes. These cases were only brought to the disciplinary stage following a complaint by the injured party, after the latter realized that their privacy had been invaded. This suggests that the number of such cases that go unreported and undetected is much larger.

In such disciplinary hearing dealt with a veteran detective in the Tel Aviv District. The detective used his authorization to enter the police database in May 2011 to pull information on the husband of a woman in the middle of a divorce. He told the woman, with whom he was friendly, that her husband had a criminal record. The woman used the information to threaten her husband that she would use his past against him if he made the divorce difficult. After the husband filed a complaint with the Justice Ministry’s department for the investigation of police officers, the detective faced a disciplinary hearing. He received a severe reprimand and a fine of NIS 1,500 that was to be paid to the Israeli Police.

In another case, this one involving a police station investigations coordinator, the officer not only misused a police database, but also investigated the targets of his private inquiry, wholly unrelated to his job. The police investigator had become friendly with a lawyer representing him in a court case. The lawyer told him about a difficult divorce he was going through and asked the police investigator to retrieve information regarding the attorney who was representing his wife. The lawyer used this information to file a complaint against his wife’s attorney. However, the police investigator then summon his lawyer friend’s wife and her attorney to the police station to be interrogated. At the time, the woman had no idea about the connection between the police investigator and her lawyer husband. After a disciplinary hearing, the investigator received a severe reprimand and a fine of NIS 1,000.

Police stated, however, that the number of police who misuse private information taken from databases is small, and that the issue is under control.

“The Israeli Police maintain constant supervision over the use of databases, monitor data-mining activities, and in the event there is suspicion of forbidden use, the matter is transferred immediately to be handled by the relevant authorities on the criminal disciplinary level,” Israel Police said in a statement to Haaretz.

Police added that in 2011, six police faced disciplinary hearings for improper use of databases due to the force’s “tight supervision” of database use.

However, from the examples mentioned above and others, as well as the relatively light punishments doled out to police who were caught, it seems clear that the police disciplinary tribunal does not view malicious misuse of private data to be that serious a matter. Only in the most severe cases were police caught misusing such data fired from the force.

Take the example of a Border Police commander responsible for volunteers, who was fired last year. She was conducting a secret affair with a known criminal, who was also married. The criminal asked her to pull data about him from the police database. The woman, who didn’t have access to the database, asked a colleague with database access to help her as a favor. The colleague informed her that her boyfriend had a quite a long criminal history. The Border Police commander then proceeded to lie on behalf of her boyfriend when he was caught driving without the necessary documents, and when a police search was conducted at his home. Only then was a complaint filed against her. The disciplinary tribunal gave her a serious reprimand, a demotion and at a later stage she was kicked out of the Border Police.

Tomer Appelbaum