Israel’s Interior Ministry has been forced to admit that the Population Authority’s biometric database was breached in two separate incidents that occurred in 2017 and 2018. The government insists that both were “operational incidents” that did not lead to any leaks or compromise the security of the database, but the 2018 breach is still being investigated and the scope and nature of both hacks remain unknown.
Either way, the news is likely to create tension between the Population Authority and the Israeli public, which only learned about the breaches after the Israeli Digital Rights Movement petitioned the High Court of Justice for documents related to the creation of the biometric database. The watchdog group uncovered the breaches in their examination of the documents, nothing that neither incident was reported to the public or the Israeli Knesset at the time.
The latter is particularly noteworthy thanks to a 2017 law that requires any events involving the biometric database to be reported to four separate bodies, including the Knesset’s Joint Committee on Biometric Identification. The database has records on 3.5 million Israelis, and has issued 2.1 million biometric identity cards and 2.7 million biometric passports.
For Israelis, the news recalls an incident that occurred 13 years ago, in which the country’s entire population registry ended up online after a subcontractor copied it and then shared it with someone who would later sell it.
It’s also reminiscent of several recent incidents in other parts of the world. India’s Unique Identification Authority has tried to downplay the severity of a recent Aadhaar breach, while the US Customs and Border Protection agency is facing criticism after a subcontractor illegally transferred facial recognition images to its own servers to train a matching algorithm.
Taken together, the breaches are enough to erode the public trust, especially given the recent controversies and debates around state surveillance.
June 25, 2019 – by Eric Weiss