Israel's Comptroller: Biometric Database Full of Flaws

Report says there is not enough information to determine whether the data-gathering system is even worthwhile. Meanwhile, Interior Minister Shalom orders extension of the trial period of the project.

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Minister Shalom inaugurates new biometric passport system, in May.
Minister Shalom inaugurates new biometric passport system, in May.Credit: Tomer Appelbaum

A special report by State Comptroller Joseph Shapira reveals a series of defects in the National Biometric Database project. Glitches during its trial period, which began two years ago and was supposed to end next Sunday, led Shapira to decide that there is insufficient information to determine whether the database is necessary and what the scope should be of the information stored in it.

Meanwhile, hours before the report was made public on Tuesday, Interior Minister Silvan Shalom decided to extend the trial period of the project until March 2016. The Ministerial Committee on Biometric Applications, whose members include the prime minister and the ministers of the interior, justice and public security, approved the decision. Extension of the period also requires approval by a special Knesset committee, and later by the entire plenum.

In his report, the comptroller criticizes the use of a temporary biometric system for comparative purposes during the pilot stage of the project, and the fact that fingerprints were taken from 430,000 Israeli citizens using scanners that were later replaced due to doubts about the quality of their performance. Shapira also found problems in the planning of the trial period and noted the shortage of information regarding instances of identity theft and impersonation, which the biometric database was supposed to prevent.

Alternatives to the database and the type of information to be stored in it have not yet been properly examined, although the law stipulates such an investigation, according to the comptroller's report.

The comptroller's office initially studied the database project between January and July 2014, but its final examination was only completed in January 2015. The Population and Immigration Authority reported that it has already taken steps to repair some of the defects discovered by the comptroller.

One of the main issues discussed in the report is the fact that the core system of the Biometric Database Management Authority, which compares the data collected, was only used on a temporary basis – because procedures for acquiring a permanent system became bogged down.

“During the course of the trial period," the report reads, "the person in charge of biometric applications and members of the advisory committee raised questions as to whether the results received during the trial period would be valid, and whether under the circumstances where a temporary system rather than a permanent one was used, it would be possible to make decisions based on them at the conclusion of said period.

“It was found that these important questions were left unanswered for months,” the text continues. “Only in December 2014, about six months before the end of the trial period, did the person in charge of biometric applications and the advisory committee decide that they were satisfied regarding the validity of the results, and the ability to make decisions at the end of the trial period, based on the temporary system.”

The comptroller also devoted extensive discussion in his report to the replacement of the fingerprint scanners during the trial period: “The Population Authority began to replace the scanners in the offices only in July 2014, about two years after the suspicion first arose regarding the quality of the fingerprints, and about a year after the beginning of the trial period, during which time fingerprints were taken from about 430,000 residents with this mechanism.

“It was found that in light of the existence of hundreds of thousands of fingerprints acquired with this scanner in smart ID cards and the database, there is sometimes a need for a long and complex, manual comparison of the fingerprints held by the Biometric Database Management Authority. Moreover, sometimes it is difficult to verify the identity of the citizen with the smart card issued to him.”

Sub-par performance

After prolonged use of scanners with sub-par performance quality, the comptroller is doubtful whether use can be made of the fingerprints that were taken with them, for the purpose of examining alternatives to the type of information that must be collected in the database.

With respect to preparations for the project's pilot phase, the report states that, “despite the importance and complexity of the trial period, which involved dozens of secondary tasks that are interdependent and carried out by different organizations, and although the director general of the Prime Minister’s Office said already in July 2012 that a detailed work plan would be sent to the interior minister within 60 days from the start of the trial period – the Population Authority and the Biometric Database Management Authority worked for about eight months according to a general work plan, rather than the detailed one (including, for example, detailed timetables and milestones) that had been submitted and approved.”

During initial operation of the database, then-Interior Minister Gideon Sa’ar and senior officials in the Population and Immigration Authority warned of a serious and worrisome phenomenon of identity theft and impersonation, due to the poor quality of existing Israeli ID cards and passports. This was the main reason for setting up the database to begin with. The state comptroller found that the declarations were not necessarily well founded.

“Although the Biometric Database Management Authority is taking steps to collect information and data about these phenomena," says the report, "and papers on this subject have been prepared or are in advanced stages of preparation – as of January 2015 this infrastructure had yet to be formulated in a manner that will enable decision-makers to come to conclusions based on it at the end of the trial period.”

The comptroller’s office also remarked that “the transition to the use of smart ID cards is in itself meant to substantially reduce the possibility of counterfeiting identification documents ... In light of that, the State Comptroller’s Office believes that we should not be satisfied with information about the ease with which old documents can be forged – which justifies the transition to the use of smart cards, but not necessarily the need for the database – rather, we should try to assess the chances of receiving duplicate documents, and the damage that will be incurred in the future because of it, after the entire population begins to use smart cards.”

One of the main tasks imposed by the law on the Biometric Database Management Authority was to examine alternatives to the database itself and to the type and amount of information to be stored in it. The comptroller warns that the authority did not fulfill its role properly: “In September 2014, over a year after the trial period began, it was found that the Population Authority had yet to make a final decision regarding the manner of examining the alternative of the preliminary inquiry process, due to legal and technological difficulties.

“Only about half a year before the end of the period was there a decision on a method of examining the alternative. As of January 2015, the method had not yet been implemented, and there are still steps that must be taken before that happens. In addition, in light of the findings about the inquiry process in its present format, there is doubt as to whether it can be relied on for the purpose of serving as a real alternative to a database.”

The comptroller further notes in the report that the effectiveness of the examination of the biometric alternatives is still not clear: “It is doubtful whether we can make use of the examination of the biometric alternatives as it was carried out before the replacement of the scanner, in order to make a decision regarding the amount of information that should be stored in the database. Therefore, the Biometric Database Management Authority reported that it is preparing to carry out a renewed examination of the biometric alternatives, based on fingerprints acquired with the new scanner."

One particular alternative involving data collection was not examined at all, due to the reservations of the authority regarding the possibility of examining it on the temporary biometric system.

Another issue discussed by the report is safeguarding the information in the database: “In light of the possible consequences of leaking information during the issuing of smart ID cards and storing the information in the database – before a final determination is made at the end of the trial period, the two authorities (the Population Authority and the Biometric Database Management Authority) must once again ensure that all the technological and other systems used in implementing the law meet the standards and the level of safeguarding of information determined by the PMO's National Information Security Authority, and are in keeping with the regulations of the Population Authority and the Biometric Database Management Authority.

“In addition, the State Comptroller’s Office believes that prior to making a decision regarding the future of the biometric database at the end of the trial period, the interior minister should once again approach the National Information Security Authority in the PMO, to receive its opinions.”

Click the alert icon to follow topics: