Roy Friedman is taking Israel’s Population and Immigration Authority to task for mishandling biometric data that was captured at the Israeli border. Friedman is the head of the Identity and Biometrics Applications Unit of Israel’s National Cyber Directorate, while Population and Immigration Authority is the country’s border protection agency.
The problem, according to Friedman, is the Immigration Authority has been extremely cavalier about who has access to its systems. Israeli law has previously allowed the Immigration Authority to store low-resolution photos of people who pass through the country’s borders. However, that law has not been updated for several years, and facial recognition technology has improved to the point that many of those photos can be used for automated identification. As a result, Friedman argues that the agency is now in possession of a de facto biometric database that strains the limits of Israel’s biometric privacy guidelines.
To make matters worse, Friedman found that the Authority also shared its photos with another government agency. The law only permits the collection of low-res photos for internal use, so the sharing of those images is a more direct violation of Israel’s biometric legislation. The Immigration Authority has been sharing images since as far back as 2015, though it claimed that it stopped the practice in February after Friedman first became aware of the activity.
The Immigration Authority database contains images of millions of Israeli citizens. Friedman has not publicly disclosed the name of the other agency that had access to those photos, though separate reporting indicates that that agency is not the Israel Police. The country’s law enforcement agency has expressed interest in the border database, but has thus far been left to rely on photos pulled from driver’s licenses and other permits instead.
For its part, the Immigration Authority argued that the image database is useful to border control agents who sometimes need to perform manual identity checks. Friedman indicated that he will continue tracking the situation until a satisfactory resolution is reached, and has asked the Immigration Authority to provide more detail about the mechanisms for deleting the biometric data shared with another agency.
Of course, the news is distressing to privacy advocates, who suggested that the exchange further demonstrates that the Immigration Authority cannot be trusted with people’s personal information. The Authority has already acknowledged that its biometric database was breached in 2017 and 2018, and Israeli lawmakers are still advancing a controversial bill that would give the police broad leeway to use facial recognition on public surveillance cameras.
May 25, 2022 – by Eric Weiss