Knesset panel tells Deri to wipe fingerprints from biometric database

Although cyber experts have said that there is no need for fingerprints to be retained as a countermeasure against fraud, Deri tried to convince the committee to keep them.

A man has his fingerprint scanned [file] (photo credit: REUTERS)
A man has his fingerprint scanned [file]
(photo credit: REUTERS)
The Knesset’s joint committee on the biometric database on Tuesday told Interior Minister Arye Deri to remove fingerprints from the smart passports database by May 31, 2022.
Although cyber experts have said that there is no need for fingerprints to be retained as a countermeasure against fraud, Deri tried to convince the committee to keep them.
But Knesset Law, Justice and Constitution Committee chairman Yakov Asher warning the minister that the Knesset’s patience was not infinite and it was apparent that possibly for the first time, privacy concerns had won over a majority of the political echelon.
Asher cautioned that it was dangerous to put “all forms of identity defense into a database that could be hacked.”
When the Biometric Law went into effect in mid-2017, there was some resistance from opposition MKs and pro-privacy NGOs, but it gained broad support from lawmakers. At the time, the mainstream view in the Knesset was that including fingerprints in the mix of the biometric database was a necessary evil to combat identity fraud and to assist the police in tracking criminals.
Privacy concerns delayed the law’s passage for some time and even in May, State Comptroller Matanyahu Englman issued a report stating that the private details of 4.5 million citizens was inadequately protected in state databases. 
At a Knesset Constitution, Law and Justice Committee hearing over the potential new law in March 2016, it was reported by attendees that a representative of the Biometric Database Management Authority admitted that its identity card database is not secure, acknowledging the potential for database breaches.
The Movement for Digital Rights at the time slammed the admission by Naama Ben Zvi Riblis, a lawyer for the authority, saying it validated the group’s claim that the biometric database project could result in an invasion of citizens’ privacy.
“At this meeting, they put the truth on the table for the first time [as the authority] said on the record that the working assumption was that the entire biometric database would be hacked… Now we are not the only ones who are saying this… So why do we need this? Why take the risk?” said the NGO’s lawyer, Yehonatan Kleigar. 
Committee spokesman Shimon Malka at the time said the authority confirmed that, “No one will sign an insurance form that the database will never be hacked,” but claimed that the NGO had taken the statement out of context.
It seems that the key turning point came when Roi Friedman, an official from the Israel National Cyber Directorate (INCD), told the committee that a technological revolution in facial recognition has taken place since the first biometric pilot program was launched in 2013.
When the biometric database law was passed, cyber officials said that fingerprints were needed because facial recognition technology was not reliable enough beyond five years. But now, the INCD was saying unequivocally, that new algorithms have greatly reduced errors and that facial photos can be effective for identification purposes for more than 10 years.
At one point, Friedman said that some facial recognition technology could allow using facial photos on smart passports for up to 18 years, although the INCD’s recommendation was to switch every 10 years.
One qualification to the Biometric Database Law was that fingerprints were not mandatory, but those who did not give their finger prints were told that they would need to wait longer in line and would need to renew their passports every five years instead of every 10.
Asher said that this intermediate situation was nonsensical for any longer than the pilot period.
Given that the INCD told the committee that the number of instances where fingerprints had helped block fraud was miniscule (they did not reveal the exact number for security reasons), Asher said he saw no reason to continue using them for smart passports.
However, even with improved facial recognition technologies, INCD officials conceded that fingerprints were still more reliable and produced fewer errors.
Former Mossad deputy chief and Yesh Atid-Telem MK Ram Ben Barak opposed the use of fingerprints from the outset. He said that the only reason that fingerprints would be used now would be to help police track and identify criminal suspects.
Most MKs said that to retain finger prints in the database was not warranted even if the police wanted it to be so and they said the police could seek to pass a separate law on the issue if they thought it was necessary.
The Interior Ministry said it would consider eliminating finger prints, but that this could not be an automatic decision and it explained that some of the facial recognition technologies needed to supersede finger prints would need to be purchased at substantial cost and be integrated into the state’s vast technological systems.
Deri created a task force to study the elimination of fingerprints from the database, including the consequences of such a step.