Knesset member Meir Sheetrit, with the backing of
many members of the Israeli law enforcement establishment, is trying to
put his proposed "biometric identification document" law on a fast
track to Knesset approval (this means speeding up the reading process).
The proposed law includes some real solutions to real problems, but
also elements that seem to create more problems than they solve.
One problem the law is meant to solve is that of forged identity cards.
Sheetrit claims that there are hundreds of thousands of people
using such forged cards, sometimes for obtaining entry and employment
in Israel and sometimes for obtaining fraudulent benefits. The solution
provided by the law is simple and effective: to distribute electronic
"smart cards", like those used in many other countries. Such cards
would be much more difficult to forge in the first place, and could
include a variety of techniques to make forgeries easy to detect. It
would also provide the convenience of making them easy to read - the
card could be swiped.
A further problem that is worth solving is that of stolen or borrowed cards.
people may want to help others masquerade as Israelis, or as innocent
Israelis rather than wanted criminals or the like. I don't imagine
there are hundreds of thousands of these, but there may be thousands.
This is a smaller problem with a more expensive fix, but the fix still
seems plausibly worth the price: include biometric information on the
card. Each person obtaining an ID card could have its fingerprints
scanned, and the digitized information would be added to the smart
card. If there was ever any doubt if the person bearing a card was
actually the person named on it, law enforcement officials could take
fingerprints and see if they match the information on the chip.
The third thing the law proposes is to require the Interior
Ministry to save all this information in a unified data bank. In other
words, the government would have a centralized data base of all
citizens' names, ID numbers, and biometric information. Now the
cost/benefit calculation becomes very lopsided. The "problem" this
would presumably solve is if you have someone in front of you, he
doesn't have an ID card, and you want to know his identity. The data
base would enable you to take his fingerprints and uniquely find his
identity. What problem does this solve? If someone is arrested for a
crime you can already take his fingerprints, and if he has committed a
crime in the past his fingerprints are already on file.
How often do law enforcement officials have a
legitimate interest in rapid identification of people who have no
criminal record? Not hundreds of thousands of instance, not even
thousands. It must be a rare occasion - perhaps demonstrators
exercising their democratic right to protest government actions? So the
up-side of this legislation seems quite minimal.
What about the downside? The first downside is the cost.
Creating, administering and particularly securing a data base cost lots
of money. It's hard to see how the minimal benefit really justifies
Another important downside is the loss of privacy. It is true
that biometric information is not the worst breach of privacy; the
worst breaches are those that link a person's identity with private
information. An example would be the ability to find out if someone has
a criminal record, what his income is, personal status etc. (The most
extreme instance is Britain's proposed IMP law, which would link
people's identity with their phone calls - a veritable invitation to
fishing expeditions.) Just being able to identify a person from his
fingerprints is less of a problem.
However, consider the unique problems of such a data base. Any
data base can be compromised. So a key question is, what is the
downside of a breach? For example, every so often there are news
reports of thousands of credit card numbers being stolen; probably
actual cases are many times more common.
Whenever this happens, all the cardholders have to change their
numbers. But there is no fix for breaches of a biometric data base. You
can't ask seven million people to change their fingerprints.
The worst aspect of the new law is that it would include facial
features as a biometric identifier. This would greatly multiply the
potential for nefarious uses (identifying demonstrators using
photographs; criminals using it to identify subjects of interest etc.)
with virtually no contribution to legitimate uses - if you have the
person in front of a law enforcement official you can take his
Introducing smart ID cards with a chip is a cheap fix to an
expensive problem. Including biometric information on the chip is a
more expensive fix to a cheaper problem, but it still seems reasonable.
Creating a centralized data base of biometric information on every
Israeli citizen seems indefensible if the biometric information is
"active" (like fingerprints or better yet palm prints) and
unconscionable if it is of the passive kind, like facial features. If
Sheetrit thinks he can make his case to the Israeli people I'm willing
to let him, but by no means should such far-reaching legislation be on
a fast track.
Asher Meir is research director at the Business Ethics Center
of Jerusalem, an independent institute in the Jerusalem College of
Technology (Machon Lev).