[This Wednesday I shall lecture at the LiSS working group conference, here is a draft of my lecture] From 2003, and until today, the Israeli Government has been working diligently in order to legislate the biometric database act and the orders and ordinances according to it. However, This biometric database is not the only biometric database in Israel and is not the only database where government authorities have access to. In my brief lecture, I shall present a different approach, asking whether this database act was actually required and what are the reasons for choosing a legislative act when doing so. When doing so, I’ll have to ask whether the act of legislation was needed because the social contract was broken, or because it was a megalomaniac act made out in will to block any different approach to databases.
1. Database Laws, Privacy.
Let’s first understand how government databases operate. The Israeli Privacy Protection Act does not differentiate public sector databases from private sector ones; moreover, article 23D provides any person the right to know about such database and article 23C provides government bodies the right to request and transfer data from other databases when the action is required by law or by the body’s function. Meaning, if it was it’s desire, the Government could have set up a registered database and operated the biometric database out of such act; but in such case, it couldn’t have mandated the people to provide their biometric information.
So what could it do? It could have amended the Census Act. The Israeli Census Act is the act regulating the management of the Israeli Census (which, as we already know, was leaked to the Internet); article 2 writes down the fields in the database that are required to be listed. In such case, amending and mandating a person’s biometric data under it could have solved the biometric database problem in a 1-line amendment, without requiring massive legislation.
However, The Israeli legislator decided to pass a 30 page long act (PDF), which describes in full the security and use in detail, and allow public debate over it. In order to understand why, let’s understand how other government databases work.
2. Government Databases and legislation.
First let’s see what are the databases which were legislated and which weren’t; Meir Sheetrit, the biometric database’s entrepreneur, said that “Israel has enough [other] biometric databases“. However, if we inspect his claims, we find out a different perspective; the one who says who and when is required to provide his information willfully to the database.
Let’s first inspect what are the databases that were legislated under the Israeli Law: The Israeli Anti-Money Laundering Act, The Israeli Census Act (which actually does not establish a database, but only allows the inquiry of information), The Police DNA Database (The Criminal Procedure Act (Searching in a person’s body and taking of identifying information)), Criminal Records (The Criminal Record Act).
On the other hand, there are quite a lot of databases which contain information which is as personal and as sensitive as the legislated databases, including the migrant workers biometric database, the driver’s license database which includes photographs and according to the Israeli transportation office, does not require legislation in order to retain a database (where the transportation office provides this biometric information at least to the ministry of interior), the unemployed database, which contains fingerprints of unemployed and the Bus Authority database that contains information regarding passengers and their routes.
3. Why do you legislate databases?
We can see that while some databases were legislated because of their sensitive nature (money laundering, f.e), there is no actual difference between the sensitivity; There is no actual difference between money laundering information or the biometrics of a migrant worker. We can also say that legislation did not come because of the voluntary nature of the database; a person cannot choose to be unemployed or not to travel by car or bus. None of the non-legislated databases are actually voluntary; they just address specific needs and puts the person “agreeing” to provide the information in an inferior place: he is either unemployed, or he wishes to travel to Israeli to work, he may want to drive in Israel or take a bus. These are all daily functions that a person cannot go without.
4. Why Legislation.
Now, let’s go to the theoretical assumption that legislating the biometric database could have been made without any real or substantial legislation; It could have actually just establish a national database by issuing an order of the Passport Act, seeing that most Israelies have a passport, and hold the information in a way that is “required” to issue a passport; he could have went in the same way the Transportation Office went, and required just the issuance of fingerprints. However, the choice to legislate the database was taken. And why?
The reason is the Israeli Privacy Protection Act, but not the article requiring willful consent, nor the article mandating informing the data subject on its rights, but because of article 23C. Let’s inspect the text:
“Notwithstanding article 23b, providing the information is permitted, if not prohibited by any legislation or professional ethics – (1) between public bodies, if one of the following exists (a) providing the information is in the authority or role of the body who provides the data and it is required to exercise a law or a cause by the authority of the data provider or its recipient; (b) providing the database is to a public body who is allowed to demand such information according to law from any other source; (2) from a public body to a government office or another state establishment, or between offices or bodies as such, if the providing of information is required to exercise any legislation or for a purpose in the authority or roles of the data provider or its recipient …”
Well, we do need to read this carefully: There could have been a state-wide database without legislation; however, in such case the Police could not have been granted access to the information. And why? because neither article 23b(a)(i) nor article 23b(a)(ii) allow it: The first alternative requires specific authorization under law to disclose the information and the second requires that the police would have been authorized to request the information at source. However, the police are not entitled to coerce a person to give them his biometric information, and the ministry of interior [was] not authorized to specifically assist the police.
Therefore, unlike other databases, the mobility of the information and the detachment between the cause of why it was collected and its use brought the actual need for legislation.
5. Ruling out other factors.
Now, we can inquire about the question of whether this was actually the reason; whether there was a secret hand that required it. The only reason to explain why a 30-page long bill was passed was explained when alternatives were presented to the government. The rejection of the Adi Shamir proposal, for a non-identifiable database, and the choice to store both a person’s facial photo and fingerprint (where such information is not required to maintain a clean database, see Yoram Oren’s statement “if the purpose is to reduce a list, then yes“). Meaning, the legislator was presented with at least two alternatives that allow a secure database that does not allow double-inclusion and does not retain so much sensitive data, but rejected it.
Such rejection may be discussed later in courts when inquiring about the constitutionality of the act, but that’ out of the point. The choice of both legislating and deciding on this architecture was made solely in order to allow surveillance.
6. Summary and Conclusions.
We know that the legislator had other options to legislate a database (or not to legislate it); and that it could have allowed it to be used quicker, without any pilot and even with the coercion against the persons, but in such case, the police and other security authorities could not have obtained access to the database. Therefore, the sole purpose of addressing legislation is in order to allow such access, and unless we can rule this out, this is the true purpose of the database.