In Violation of Law, Israel Biometric Database Is Run by a Subcontractor

Problem revealed in labor court suit over bidding process to fill the job on a permanent basis

Tomer Appelbaum

One of Israel’s most sensitive databases – the one containing biometric data of all Israeli citizens – has been managed by a private contractor for the more than two years in contravention of the law, according to a lawsuit now being heard in the National Labor Court.

The suit, which was filed last October against the civil service commission and the Interior Ministry, was filed by Meital Magid, an employee of a company called Log-On specializing in data security that was contracted by the Interior Ministry.

The suit says Magid has in practice been managing the database since September 2015 while a permanent manager was being sought.

But under the 2011 law establishing the database, the government’s biometric database management authority must be a government employee. Not only is Magid not a civil servant, but she is also responsible for a database that contains private information of Israeli citizens, including fingerprint samples and facial photographs.

Magid filed the suit after losing out to a rival when the authority announced it was seeking candidates for the job. Avi Manor, an Interior Ministry employee, won the bid, beating out Magid and a third candidate.

In her suit, Magid asserted she was the better-qualified candidate for the job, among other reasons because “the plaintiffs has been occupying the positions in practice on an interim basis for three consecutive years.” The suit points to document Magid had signed in the role of information security officer.

The Movement for Digital Rights, which became aware of the problem thanks to the legal action, said that it was unacceptable for a contractor to be in charge of the database. “The biometric database has been deemed critical infrastructure, and infrastructure like this can’t be under the management of someone with so little experience,” said Nir Hirshman, a spokesman for the organization.

In fact, one of the biggest leaks of sensitive information in recent years occurred when information from the population registry was stolen by a subcontractor for the Labor and Welfare Ministry in 2005. The employee, Shalom Bilik, was convicted last September.

The labor court accepted Magid’s claim three months ago and ordered the search process for a permanent manager to be frozen. As of now, she remains in the job on an interim basis.

Jonathan Klinger, the legal adviser for the Movement for Digital Rights, said the law was quite clear that the biometric database manager has to be a civil servant, and for good reason. “Experience has shown that contractor workers like Edward Snowden have been behind some of the most serious leaks,” he said.