A person uses a sensor for biometric identification on a smartphone in Berlin.
(photo credit: REUTERS)
In a long-awaited hearing on Monday, the High Court of Justice pressed the state hard about why it could not switch the citizenry over to smart card passports without the need for the controversial biometric database.
Justice Isaac Amit quite plainly said to the state that there was no question that the biometric database “harms privacy” so “why do we even need it?” The Biometric Database Law was passed by a 39-to-29 vote on February 27, 2017 to make it harder to perpetrate identity theft and increase certain economic and electronic efficiencies. The state says that the database is needed to maximize the identity theft protection. But it came after years of controversy dating back to 2009, and some adjustments to address criticisms.
While the Digital Rights Movement NGO has praised the changes as mitigating some of the privacy and security violations, it filed the current petition stating that the database itself was still unconstitutional and dangerous, and that biometric smart-cards can continue, but with no database.
Until now, to get a “smart” biometric card, a person was required to give the national biometric database access to personal facial recognition and fingerprinting data.
As of June 1, 2017, those getting smart-cards can join without having to enter their fingerprints into the database.
Fingerprints for those under the age of 16 are not included in the database and the police cannot use the database for law enforcement purposes until the Knesset approves related regulations on the issue.
A court approval will be needed before fingerprints in the database can be used for law enforcement purposes.
Those objecting will still have their fingerprints and facial recognition picture taken, but it is only connected to their smart-card, not placed in the database, and as a penalty of sorts, they would need to renew their ID cards every five years instead of every 10.
The Government’s cyber chief will be entrusted with reviewing the database every 18 months, instead of every two years, to see if there is a new alternative to fingerprinting for identification.
From the start, there has been heated debate about privacy rights and whether a database exposes citizens to new kinds of identity and personal information theft, in an age when cyber hacking seems unstoppable.
DRM’s petition said the database “caused great harm to Israeli democracy” and that, “we all go on to the black list of potential suspects. The rule in our democracy until now has been very simple: if you did not break a law, you do not go on the suspects’ list…But from this moment…everyone changes into a suspect…and this must be annulled.”
The justices seemed concerned that citizens did not have a choice about whether to join the database or not and when the state said that the change was part of the inevitable wave of technological change, Justice Neal Hendel responded that, “to say it’s the new thing is not always convincing.” He added that other new technologies have moved ahead too fast and caused damage.
At the same time, the court pressed the petitioners, noting that to date, the nightmare scenarios of widespread violations of privacy stemming from the database had not transpired.
Also, they noted that much of the information in the biometric database is already collected by the state or the army in other platforms.
Before the court rules on the broader issue, the sides were ordered to respond in the next 30 days whether the state could present classified evidence to the court, without the petitioners present, to make its case.