Around 4.5 million citizens details, including facial pictures, are not sufficiently protected from misuses or outside hacking, the State Comptroller report said on Monday. The problems highlighted by the comptroller related to the Transportation Ministry database for drivers licenses as well as the private sector database for smart bus cards. The report said that the databases are “defined as a database with a high danger” of being misused or hacked. Comptroller Matanyahu Englman said that neither database had sufficient protections for privacy or from outside hackers and that those in charge did not even have comprehensive information with which to assess the protections. Of the 4.5 million smart bus cards, he noted that it was especially problematic that over 1 million children’s identities and facial pictures were potentially exposed. Englman recommended that the Transportation Ministry immediately catch-up on these issues for the drivers license database and that the state authority for biometric smart cards start to perform oversight of the private sector smart bus cards program. The comptroller was harsher with the Transportation Ministry, noting that the Justice Ministry warned it already 14 years ago to address some of the ongoing concerns. The report also referred to a lack of legislation and addressing of information security regarding information held on 55,000 foreign workers and voice prints regarding 5,500 prisoners A separate recommendation in the report with major potential implications was that the government investigate the possibility of consolidating drivers licenses into the smart card program for efficiency purposes. Next, Englman criticized over 30 government agencies for failing to streamline their employees toward use of smart cards for access to their offices as opposed to old-fashioned and decentralized methods of access. Interestingly, the report did not look at the security of the state’s biometric database which has been hacked in the past. Petitions to the High Court of Justice had even held up that database for years until November 2016 due to security concerns. There is also an ongoing probe by the state’s Privacy Authority into Elector, a company used by the Likud during the elections, which allegedly accidentally leaked private information of 6.5 million voters online. The probe has dragged out for months, but does not appear to have been part of the comptroller’s report. The Interior Ministry responded to the report saying that its own database “is a crucial and professional source of knowledge which provides more than a decade of experience in the biometric arena, and which is managed and secure with the highest protections for privacy.” The ministry praised efforts by the comptroller to reduce threats to privacy and redundancies in the databases kept by the Transportation Ministry, the private sector and by other authorities. The Transportation Ministry responded that it follows the regulations and recommendations of the Israel National Cyber Directorate regarding information security. The ministry said that it invests efforts to try to reduce the potential harm to privacy rights. It added that it is working with the Population Immigration and Borders Authority to consolidate the databases into one spot.
Lawyer Yehonatan Klinger of the Movement for Digital Rights responded to the report saying it confirmed their worst fears. For years, Klinger said they warned that establishing a biometric database would leave personal data unguarded. Now, he said that even if the national biometric database is secure (which even that is open to question), it is irrelevant because every citizens’ information can be grabbed from the drivers license or bus smart card databases. “This situation is like locking the door and then leaving all of the windows wide open.” He added that the Privacy Authority in Israel was established with extremely weak non-binding powers and is usually excluded from key decisive meetings.
Source
Jesus Christ is King
Comments are closed.