Written by Haim Ravia and Dotan Hammer
The Israel Commissioner of Biometric Applications in the National Cyber System has issued a report highlighting that any database that includes facial images constitutes a biometric database that requires special attention, even if the quality of the images is poor and it is not presently used for verification and identification processes. The Commissioner explains that this approach is due to the improvement in facial recognition algorithms in the last decade. Therefore, photocopies of identity cards that contain a facial image are now considered biometric information. The report was submitted to the government in July but was made publicly available only in September.
The Commissioner examined databases in ten government ministries and public agencies that maintain over 13 million biometric records, most of which are facial images. Millions more are held by local authorities, but their precise number is unknown. Consequently, facial images of citizens are stored in multiple instances across different biometric databases.
The report reveals a series of failures by government ministries and public agencies that hold biometric databases. The deficiencies identified are duplication of records and biometric databases; lack of understanding that a database of facial images is a biometric database; and a lack of awareness of the risks inherent in the management of databases. According to the report, some entities do not cooperate with the Commissioner’s unit, making it difficult to examine their functions.
Key findings of the report include:
- Most audited agencies are required to invest substantial efforts to meet the required level of cyber protection or delete the databases in their possession.
- The decision of the Ministry of Transportation to eliminate the biometric database of drivers’ licenses, which includes 6.1 million records, has yet to be implemented. With each passing day, new driver’s license holders are added and the risk of breaches increases.
- No special arrangement has been formulated to date regarding the biometric databases used by the police, although 10 years have passed since the government decided to do so.
The report urges a reduction in the risks arising from the biometric databases by collating the various facial image databases into one secure and supervised database, from which the relevant agencies can receive service. It also encourages the increased use of identity cards and biometric travel documents, which enable a high degree of identity verification and authentication, without the need to access any biometric database.
Click here for the full report of the Israel Commissioner of Biometric Applications (in Hebrew).
