Knesset panel demands removal of fingerprints from biometric database
The Knesset’s joint committee on the biometric database on Tuesday told Interior Minister Arye Deri to remove fingerprints from the smart passports database by May 31, 2022.
Although cyber experts have said that there is no need for fingerprints to be retained as a countermeasure against fraud, Deri tried to convince the committee to keep them.
But Knesset Law, Justice and Constitution Committee Chairman Yakov Asher warning the minister that the Knesset’s patience was not infinite and it was apparent that possibly for the first time, privacy concerns had won over a majority of the political echelon.
Asher cautioned that it was dangerous to put “all forms of identity defense into a database that could be hacked.”
When the Biometric Law went into effect in mid- 2017, there was some resistance from opposition MKs and pro- privacy NGOs, but it gained broad support from lawmakers. At the time, the mainstream view in the Knesset was that including fingerprints in the mix of the biometric database was a necessary evil to combat identity fraud and to assist the police in tracking criminals.
Privacy concerns delayed the law’s passage for some time and even in May, State Comptroller Matanyahu Englman issued a report stating that the private details of 4.5 million citizens was inadequately protected in state databases. Some years ago, the biometric database was hacked.
It seems that the key turning point came when Roi Friedman, an official from the Israel National Cyber Directorate ( INCD), told the committee that a technological revolution in facial recognition has taken place since the first biometric pilot program was launched in 2013.
When the biometric database law was passed, cyber officials said that fingerprints were needed because facial recognition technology was not reliable enough beyond five years. But now, the INCD was saying unequivocally, that new algorithms have greatly reduced errors and that facial photos can be effective for identification purposes for more than 10 years.
At one point, Friedman said that some facial recognition technology could allow using facial photos on smart passports for up to 18 years, although the INCD’s recommendation was to switch every 10 years.
One qualification to the Biometric Database Law was that fingerprints were not mandatory, but those who did not give their finger prints were told that they would need to wait longer in line and would need to renew their passports every five years instead of every 10.
Asher said that this intermediate situation was nonsensical for any longer than the pilot period.
Given that the INCD told the committee that the number of instances where fingerprints had helped block fraud was miniscule ( they did not reveal the exact number for security reasons), Asher said he saw no reason to continue using them for smart passports.