A person uses a sensor for biometric identification on a smartphone in Berlin.
(photo credit: REUTERS)
The Knesset late on Monday approved a landmark law by a 39-to-29 vote limiting the use of biometric databases for smartcard identification, following its passage by the Knesset Constitution, Law and Justice Committee in its final readings.
The law’s final version reflects a number of compromises made to address privacy concerns that have made it the center point of a grand battle for years.
While the Digital Rights Movement (DRM) praised the compromises, it still vowed to petition the High Court of Justice to declare the database an unconstitutional violation of privacy rights, such that smartcards can continue, but with no database.
Until now, to get a “smart” biometric card, a person was required to give the national biometric database access to personal facial recognition and fingerprinting data.
Once the law goes into effect – which is expected to be on July 3 – it will be voluntary to enter fingerprint data into the database.
The DRM called publicly for citizens to wait to join (if they plan on joining at all) until after July 3 so they can join without having to enter their fingerprints into the database.
The law also includes an option to delete fingerprint data for anyone who already gave their permission to access that data.
Fingerprints for those under the age of 16 will not be included in the database and the police cannot use the database for law enforcement purposes until the Knesset approves related regulations on the issue.
Even once the regulations go into effect, court approval will be needed before fingerprints in the database can be used for law enforcement purposes. A battle still remains between Defense Minister Avigdor Liberman and Public Security Minister Gilad Erdan over whether that must be a lower magistrate’s court (as Erdan prefers) or higher district court (as Liberman prefers.) The Government’s cyber chief will be entrusted with reviewing the database every 18 months, instead of every two years, to see if there is a new alternative to fingerprinting for identification.
From the start, there has been heated debate about privacy rights and whether a database exposes citizens to new kinds of identity and personal information theft, in an age when cyber hacking seems unstoppable.
That debate has lasted for years to include multiple extensions of a pilot program that now has data on a sizable portion, though still a minority, of the country.
Interior Minister Arye Deri previously signaled that he would push to make joining the database – including taking finger prints and facial recognition pictures – required for all identity cards going forward.
It appears that Deri had to compromise early on Monday to garner a narrow majority in the Knesset Constitution, Law and Justice Committee.
Those objecting will still have their fingerprints and facial recognition picture taken, but it would only be connected to their smart-card, not placed in the database, and as a penalty of sorts, they would need to renew their ID cards every five years instead of every 10.
The country suffered from forged identity cards for years. That eventually led to the Knesset authorizing in 2009 a pilot program of the biometric database as a way to try to roll back false identity cards.
New identity cards linked to the biometric database contained far more personal information, such as the fingerprint data and a facial scan, to make it more difficult to falsify or steal cards.
The authority for managing the database was established in August 2011, and the pilot was launched June 30, 2013, with 430,000 voluntarily registering for the biometric card in its first year.