Israel’s transportation continues to hold on to a database containing facial photos, despite promising to have them deleted. During a meeting of the Knesset Science and Technology Committee it was revealed that the ministry of transport was still holding onto the facial database of drivers deemed to be dangerous, in contrast to an order to have them deleted by November 1.
In a testimony to the potential risks of facial databases, the State Comptroller’s report from last May found numerous flaws in the way this database was being managed, including flawed security that left it exposed to possible hacking and the unregulated transferring of data from it to the police.
The state possesses a number of databases. The most sensitive of these is the biometric database at the interior ministry, which collects data such as fingerprints and facial photos. Whereas that database is strictly monitored, with legal prohibitions on transferring any data to other agencies, data from the licence database at the ministry of transportation, which includes information about 4.5 million Israelis, is transferred to the police and other authorities without any oversight.
Moreover, according to the comptroller’s report, the transfer of data from this database is done without any transparency, as far as the public is concerned. In other words, the ministry does not inform people when information about them is given to the police.
It further turned out at the Knesset committee meeting that there is currently no governmental agency that coordinates all the different databases or that is familiar with this data in a manner that allows for actual oversight. This despite the fact that Israel is currently under multiple cyberattacks, in the course of which hostile elements - like Iran - could obtain sensitive information about people.
>> Do you work in Israeli hi-tech and have a story to share with us? We can promise full anonymity: Click here to send us an encrypted email
The debate was led by MK Einav Kabla from the Kahol Lavan party and focused on privacy and facial recognition technology. Kabla demanded representatives of the transportation ministry, the police and the national cyber directorate explain why the database had not been deleted, as was supposed to happen.
- Cities across Israel installed surveillance cameras with no oversight, Knesset report says
- Stop looking at your phone! New tech wants to save distracted drivers from themselves
- Here's how to protect yourself against Israel’s cyber snooping
The ministry representative, Alon Lichtenstein addressed this issue. After some stammering as he tried to explain the situation, he said that the main reason was the objection of the police and the cyber directorate.
Kabla then turned to Roy Friedman, the director of the Identity and Biometric Applications unit at the cyber authority, asking him to address this issue. Friedman replied that there was no reason not to delete the database, as requested. Kabla then turned to the police representative, asking him if it was true that the database was not deleted due to police objections. She was told, again, after much fumbling, that there was no reason not to erase the database. It was then decided to totally expunge the information, although no concrete date was set for doing so.
“I’m glad that MK Kabla managed to bring this public issue up for debate, allowing for practical solutions which will delete many databases” said attorney Yehonatan Klinger, the legal counsel for the Movement for Digital Rights. “If a short two-hour session was sufficient to prove that the photo databases used in smart ‘travel cards’ and in driver licences and in related databases were not essential, I’m convinced that a deeper survey will reveal [the same is true for] dozens of other government databases.”
Later in that meeting it turned out that the database collected from people holding the travel card, held by the National Public Transport Authority, had actually been deleted in fact. This database included information on 4.5 million people, including one million minors. The State Comptroller had remarked that this database contained very sensitive information, and was insufficiently monitored.
“What we are witnessing is an example of a regulator succeeding in applying oversight, with a debate that’s to the point, based on facts and data and doesnt veer into populist talking points. It suddenly turns out that catchphrases such as ‘state security’ can disappear,” adds Klinger. “Suddenly the police explain that they don’t require the ministry of transportation’s photo database and the National Public Transport Authority no longer needs facial photos, with law enforcement agencies being able to make do with less information.”