New regulations and orders introduced by the Ministers’ Committee for Biometric Applications have paved the way for a two-year trial period for the issuance of biometric identification documents (IDs). The Ministry of Home Affairs is in the process of making its final preparations and aims to start issuing the IDs shortly. The IDs will contain encoded fingerprints and a facial image, and will be stored in a national database. A campaign led by privacy activists against the controversial biometric database has thus far failed to yield a positive result.In December 2009 the Israeli Parliament (the Knesset) enacted the Biometric Identifiers and Biometric Data Inclusion in Identification Documents and a Database Act.(1) The act is intended to tackle the large-scale loss and theft of identification cards and passports, which may then later be used by criminals or terrorists.The Biometric Data Act is far reaching. Following a two-year trial period, every citizen will be compelled to provide two fingerprint samples and a facial photograph, to be digitally stored in a national database and on chips embedded in passports and national IDs (mandatory in Israel for citizens over the age of 16). The digital ID will also carry a certified electronic signature that can be used as a substitute for regular handwritten signatures in the execution of transactions.

The biometric database is not intended solely to manage the processing of ID and passports applications. It will also serve as a valuable source of information for law enforcement agencies, under the supervision of a new authority that has been established specifically for that purpose by the Ministry of Home Affairs.

The act as a whole (and the biometric database specifically) raises significant concerns. Privacy advocates have urged the Home Office to re-evaluate the potential grave risks to information security and privacy that the database poses – for example, the irreversibility of biometric data loss and the public’s general mistrust of the government’s ability to secure the database. A proposition to transform the database into a blurred set-base that would enhance security and privacy was recently offered by Professor Adi Shamir, a well-known cryptographer. However, despite backing from the Law Information and Technology Authority, the government eventually rejected Shamir’s proposition.

The new regulations under the Biometric Data Act include procedures for:

• issuing a biometric ID;
• taking fingerprints and facial images from applicants;
• encrypting and securing the data; and
• transferring data between authorities.(2)

A governmental order accompanies the regulations and sets specific rules for the two-year trial period.(3)During this period (starting in November 2011), biometric IDs will be issued to Israeli citizens, subject to their written and signed consent. At the end of the trial period, professional auditors will evaluate the extent of the trial’s success, under a set of pre-determined parameters and following feedback from applicants. Unless the Ministry of Home Affairs decides otherwise, in light of the trials results and public debate, the Biometric Data Act will come into full effect at the end of the trial period and all citizens will be obliged to provide their biometric data, which will be included in IDs and passports, and stored in the national database.

 

For further information on this topic please contact Haim Ravia or Dan Or-Hof at Pearl Cohen Zedek Latzer by telephone (+972 9 972 8000), fax (+972 9 972 8001) or email (haimr@pczlaw.com ordano@pczlaw.com).

Endnotes

(1) The full wording of the Biometric Data Act (in Hebrew) is available at http://law.co.il/media/computer-law/biometric_law.pdf.

(2) The full wording of the new regulations (in Hebrew) is available at http://law.co.il/media/computer-law/biometric_id_reg.pdf.

(3) The full wording of the governmental order (in Hebrew) is available at http://law.co.il/media/computer-law/biometric_id_decree.pdf.