As an example of the need to prevent the forgery of identity cards and passports, Oren noted that there were quite a few cases of tenants impersonating the owner of the apartment and selling the property, the same applies to cars). Forgeries of Israeli passports by Iranians who want to reach Europe and forgeries of elections. Attorney Jonathan Klinger from the Association for Digital Rights was not convinced by this
A month and a half since then, the biometric database, which accompanies the issuance of identity cards and digital passports, was activated for the first time. Only 15 thousand people bothered to register in the database and receive the new ID cards.
The Ministry of the Interior understood that it was a vote with their feet, although according to them the interpretation should be the opposite - that 15 thousand people agreed to wait several days for a passport, because a non-biometric passport can be obtained on the spot, and usually at this time of the year it is no small thing.
Yesterday, senior representatives of the Biometrics Repository Authority held a press conference and bloggers. The office was represented by Yoram Oren, a technological consultant working with the Ministry of the Interior, Gon Kamini, the Authority's CEO, and Amir Alef, the Authority's information systems manager.
Oren explains: "The change is manifested in several things, firstly - in a huge upgrade of the security marks that are in the passport and the identity card. If the certificates have few security marks that were designed a long time ago and do not provide the goods, there are more security marks and can survive and also things that tell the forger that there is no point in trying to forge the certificate starting with the paper, the background pattern, the fibers and more. In both identification documents, a smart card chip is integrated, the fact that each of us uses 2-3 smart cards - a SIM inside the phone, a card inside the TV set-top box, and there is a bank card.
"A smart card is a computer for everything, computing power like that of a personal computer from 15-20 years ago but with a very high level of security. Here too there is a virtual C drive and files and folders. For example the image file, the chip is on the back cover of the passport, it cannot be seen. Inside it is a file of fingerprints, alphanumeric data, administrative data and especially an electronic signature. If the signature is done correctly, even a superpower will not know how to forge it. There is not a single documented case of successful electronic passport forgery. Optical reading is necessary, after which an encryption key is created, when not all files are equally open, the image is, the fingerprint is not."
Kamini: "We have most likely blocked this loophole. No forger can make them. When you close one loophole, you have to do risk management and ask yourself where the next loophole is waiting for me around the corner, as soon as you move the document away from the forger, the forger turns from forging the document to forging the identity. To prevent the same identity forgery, the biometric database is required.
"The history of the reservoir begins in 1996. A period of very severe attacks. Security officials came and said that our situation in terms of documentation is not good, both the terrorists and the helpers forge IDs. The government made a decision to change the existing documentation in the country. In 2001-2003, Uzi Berlinski established a committee for biometric applications that investigated the issue and in 2002 another government decision was made to change the documentation in Israel and go to biometric documentation. Even then, nothing happened."
"In 2007, Minister of the Interior Meir Shetrit - every ministry attracted the technology. He assigned the work to the National Security Council, which includes the unit for combating terrorism. which established a team of experts for documentation, including representatives of the Remot. The product of the work of 2007 is a booklet called Theory of Operation for an integrated biometric document database in the State of Israel. The law was passed in December 2009, the law of including biometric means of identification in documents and in the database built on a very organized staff work. "
As an example of the need to prevent the forgery of identity cards and passports, Oren noted that there were quite a few cases of tenants impersonating the owner of the apartment and selling the property, the same applies to cars). Israeli passport - they do not forge to get to Israel, they are afraid of the fact that we have a special language and a cultural bubble that the border inspector knows how to recognize, but rather in the hands of Iranians who want to take advantage of the agreement that Israel has to enter Europe without a visa, as well as cases of attempts to falsify voting in the elections.
Oren also described the situation in countries where digital identity cards are issued but no database exists, where the phenomenon of identity theft is on the rise. The forgers switched to forging an identity instead of forging a certificate.
Kamini: The new documentation will enable online government services. It will be possible to insert the certificate into the reader and receive service from government offices on the Internet. The passports will allow fast passage, in Israel and later also abroad.
"The weak link is the Population Authority official. I do not prevent someone from having seven different identities. By the fact that I save the biometric data of everyone who requests a certificate in a central database and those who arrive are checked when they place a fingerprint of the index finger of the right hand, index finger of the left hand and a photo of their face.
The three also listed voluntary databases that contain biometric data such as the IDF taking fingerprints from recruits for the purpose of identifying victims; The Employment Bureau which maintains a database of fingerprints of over a million citizens, the system that replaces the border police in Israel - to which over a million Israelis have already transferred their palm prints, health insurance companies, the Ministry of Transportation, but also to entities abroad such as Facebook and Google.
According to Alf, "The method in which the database is operated prevents the Interior Ministry official from being able to control it, the biometric data that he takes from the applicants is deleted from his computer and transferred to the central database that is managed separately from the population registration database, the inquiry as to whether double registration was not performed is done offline and the certificate is given to the citizen only after two or three days . The crossover between the repositories is done according to code and there is no direct running of both."
Unfortunately, I was not able to get an answer to the question of whether there were other alternatives, and perhaps they were not thought of because they let the National Security Council handle the issue, and just as for every cobbler every problem is a nail that must be solved with a hammer, so perhaps for the NSC every problem is a security problem, and it must be solved Even at the price of invasion of privacy.
The one who answered the question, and said that it could have been done differently, is attorney Yonatan Klinger, the legal advisor of the Digital Rights Movement, attorney Yonatan Klinger, one of the chief opponents of the database: the question is not whether the database is secure or not, but whether it is necessary. It is clear to all of us that it is not necessary.
Is there a problem that the biometric database is supposed to solve? There is no problem in Israel that people are in the resident register twice. Forging IDs - we have no objection to smart IDs. The smart ID cards are the solution. A smart ID card should be given to every Israeli citizen, but there is no connection between the smart ID cards and the biometric database.
"The smart IDs are still unforgeable if you are not a country. There is no need for a biometric database to solve the problem and since there is no need, they are tied together so that people agree to enter the database."
"Regarding security, it may be that the database is secured at level 11, and between us I do not trust the State of Israel at all, but the fact that the database is secure does not mean that its interfaces are secure. It's enough for me to bribe an official at the Ministry of the Interior, go through the interrogation and identify myself as my father Blizovsky and the day you arrive they will tell you - there is another person, he is in the database. The database not only does not prevent identity theft, it encourages identity theft in this way. As long as the submission process is not done by stopping the state, taking fingerprints from all citizens at once, the ability to identify imposters does not exist. Moreover, the incentive for criminal organizations to enter the database under false names is an incredible one. "
According to Klinger, the biometrics taken are the ones the Israel Police wanted. It was possible to keep in the database details that don't stay anywhere, such as a fingerprint or an iris photograph. The database was designed for police use.
25 תגובות
I am personally against the existence of a biometric database for the reason that it is not related to a smart certificate. Smart certificates can and should be issued without the state having a database like it exists in many European countries. At the same time, all those who argue about the so-called "big brother" on behalf of the state will send his long arms up the ass hole of his citizens are a bit delusional. The State of Israel will not turn into a dictatorship in any way. The State of Israel has stood many tests during its 65 years of existence and although it is struggling for its survival it is an example and a model for Western democracies.
For those interested in more information about the database, there are two excellent websites:
The site of the struggle against the establishment of the biometric database
http://no2bio.org
The Digital Rights Movement website
http://www.digitalrights.org.il
Questions for Eyal, representative of the Biometric Database Management Authority, following his answer to Aya Shamir.
Why did the Shin Bet and the Mossad prohibit their employees from joining the biometric database? After all, the required resources were invested in building the defense of the array, right? So what is the fear?
Will the security classification of the personnel of the Biometric Database Management Authority be higher than that of Anat Kam, Marcus Klingberg and Mordechai Vanuno?
Can all the information in the biometric database be easily smuggled in a pocket on a memory device the size of a one or two shekel coin?
Could you please refer to the following quote?
"Mr. Moshe Basol, who was the head of the information security unit at the Ministry of Foreign Affairs, admitted in the past: "You have to look at the price tag with open eyes, and make a decision that the progress and the benefits it provides indeed justify the price, but let there be no doubt - the biometric database will also be hacked at some point; All or part of it." "
Answer to Aya Shamir,
According to your claim that the database is a security threat because it will be hacked, it is important for me to clarify that it is about protecting one defined and fenced goal. The Biometric Authority system was established as a separate network and without external links. The threats were defined and the required resources were invested in building the defense of the array.
Eyal, how is Yotam? And Kiki? And the other names I forgot you use?
To Eyal, the representative of the Authority for the Management of the Biometric Database,
As you well know, your claim that without a database any person can collect as many identities as he wants is not true. As the State Comptroller made clear, there is no evidence that many such cases, if any, have happened in the past and there is a good reason for this. The police already have accessible and rich biometric information on criminals and this information is very easily available to any investigator. Since most of the criminals who commit serious crimes are already registered in the police database, impersonating the Ministry of the Interior will not save them. It's like I'll be wanted after a bank robbery and then I'll decide to go to the police to get a certificate of integrity. Furthermore, even the few cases of duplicate purchases that might occur can be prevented with the help of many other methods: witnesses, a more complex questionnaire, and so on. These are not perfect solutions, but they are very good solutions, with negligible security risk, without compromising privacy and at a low cost.
The biometric database, in addition to its harm to privacy, democracy and security, does not provide a perfect solution to the prediction problem and it will not prevent daily predictions. When a faker presents himself as the owner of the vehicle I am interested in buying, I will not have access to the database to verify his identity. If it weren't for the biometric database, we would already have certificates with a smart chip, even without biometric data at all and certainly without a database, and I could go to the nearest post office, insert the car seller's certificate into the device of the Ministry of the Interior and thus make sure that it is not fake. But such a possibility is remote. Why? because of you Because of your biometric database and the egos of consultants of various kinds who are not willing to come down from the tree. In the meantime, you will waste hundreds of millions of shekels, enjoy nice salaries, and endanger the privacy and security of all of us. In the end, it will be the Knesset that will have to get you off the tree, and if not it, then the High Court of Justice.
Hello everyone,
Ira - You claim that the commercial channels were able to identify themselves on behalf of someone else. It is important to understand that this very case proves how necessary the database is! Think about this: even if the same reporter were to issue a biometric identity card and in fact impersonate someone else, on the day the owner of the real identity came to the Ministry of the Interior to issue a biometric card, they would have seen (thanks to the database) that a certificate had already been issued for her identity, and thus, after investigation of course, they would have found out Who faked her identity? Without the database, anyone could impersonate another person and the authorities would not have been able to discover the forgery because there was no way to verify the biometric data.
Nitzan - the claim in section 5 that "were it not for the biometric database, we would all already have smart certificates in our pockets". If it weren't for the biometric database, every criminal could issue an infinite number of identities at the Ministry of the Interior because the system would not have the ability to see the multiple identities of the person, is this what we want to happen?
Best regards,
Eyal, representative of the Authority for the Management of the Biometric Database
The people of the biometric database authority need a lot of courage to claim that the establishment of the database contributes to security. The biometric database is not only a threat to the privacy of all of us but also a first-rate security threat. Its leak would make it possible to track every Israeli, anywhere in the world, at any time, throughout his life.
Aryeh, the norm is represented by the big brother
And another comment from a ethnologist:
In Germany they decided not to make a biometric database. They must have learned something from their own history.
Do we in Israel have to wait for a repeat class to learn?
Thank you so much for the compliment.
People like you only prove how much in Israel 2013 a person who just wants a little peace, not to harm anyone, should be afraid of the establishment and its supporters, no less than Nazi Germany and other fascist dictatorships. Read a little history about Chile and Argentina for example, before you go out on the street to kill delusional anarchists. There they thought exactly like you' and from that started cooperation with the regime and turning a blind eye when the regime murdered people, precisely because it thought like you about 'anarchists'..
But let's assume that it's fine, you're the good citizen and I'm just a nativist and an anarchist on a dime (you forgot to say delusional). Answer me two questions:
Do you really believe and can guarantee that the regime in Israel cannot degenerate into a totalitarian regime? (In my opinion, he aspires to this and is on his way, but he has not yet arrived) Given the fact that this happened to regimes that were considered more democratic and enlightened, and no regime is immune from this.
And if your honest answer is yes, then I sincerely wish you to be healthy and get to die a fool at the age of 120 or older.
But if the answer is no, is it worth taking the risk and giving the regime, any regime, biometric data?
.
The real reason for the mass forgery of Israeli passports is the ongoing delay in issuing the new passports, a delay that began because of Meir Shetrit's decision to condition the acceptance of a passport or ID card of the new type on registration in the biometric database. If it weren't for this unfortunate decision, every Israeli would already have a certificate and passport protected from forgery and no Iranian would be walking around the world with an Israeli passport.
To Aryeh, in my response above there is a list of world-renowned experts, from the right and the left, who oppose the establishment of the biometric database. By the way, this is a very partial list. Among the opponents of the biometric database are the winners of the Nobel Prize, the Israel Prize, the Israel Defense Prize and our leading information security experts. Could you please tell me who from this list is a nativist or an anarchist on a dime?
I read these talkbacks (most of them at least) and you guys are scary. I really hope that you do not really represent the norm, but only in your imagination. So gentlemen of the non-normatives, gentlemen of the nativists and anarchists in the dime, you feel like running and issuing a certificate immediately.
Democracy in the State of Israel is deteriorating.
The question is not whether the database is secure enough or not.
The question is who will control the pool and use it for their needs. And will these needs really be the needs of the public.
Zeev, you imply as if the strong do not hurt the weak, you must be closing your eyes.
The government is the strongest (under the pretext that it represents the majority, which is nothing more than a blind eye), and the police, the army and the "security agencies" are the executive authority of the government.
Then it turns out that the government can hurt people according to its whims and at the same time the government tries to deny the people the ability to defend themselves.
Response to the point.
You wrote: "The right to impersonate and hide is a natural evolutionary right reserved for every person."
The right of the strong to harm the weaker is also an evolutionary right.
And about 'normative people' such as Mr. 'Dea Ishita' (is his avoidance of revealing his name due to the fear that he will be revealed as an employee of the Ministry of the Interior?) it has already been said 'beware of the normative', or in short 'normative caution'. Totalitarian regimes like the one mentioned in my previous response and others, have always been based on such 'normative' ordinary citizens, who turned a blind eye to all the actions of the government as long as it preserved the bourgeois order for them, and also volunteered to serve it as loyal slaves as informers and assistants. Those who doubted and promoted the democratic spirit in human history were always the 'delusional anarchists' who were victims of the 'normative' stinkers, so it is not enough to keep the law and be 'normative' and in itself there is no great pride in that.
The question of whether the biometric database is secure or not is not important to me personally and in principle.
As the son of a former Nazi Germany, there is a very good chance that I would not have been born if Germany had such a repository in the 30s. The operation of a biometric database is an expression of the thirst for power and control of the government and its institutions, especially the "security" ones. I believe that every government, even if it was a leftist government, has a desire for total control. This is the nature of a government, but the Nazi tendencies of the Israeli government are a clear and proven thing (you can learn about it from various bills by Yariv Levin and others in Likud to differentiate between first-class and second-class citizens, and of course from the "Jewish State" legislative proposals, from the Praver plan, from the laws Against the "infiltrators" and from reading the accepted books about the members of the jihad called "The Jewish Home". - a senior partner in the coalition, and more) especially in the hands of such a government it is forbidden to give power = knowledge voluntarily. And in a general and universal way, the balance between the will of a government as it is to rule and the right of the citizen to defend himself from this will and for privacy and respect, is the basis for the existence of a democratic state and providing a total information base in the hands of a government is an irreversible violation of this balance.
So even if they prove to me that the biometric database is the most secure thing there is, I will refuse and call others: refuse biometrics!
To the commenter named personal opinion, why didn't you write your full name? why are you hiding Are you not a law-abiding and normative citizen? Or maybe your privacy, unlike that of other people, is important to you?
Personal opinion, stop being dumbfounded, the law enforcement agencies could have eradicated the crime a long time ago.
Anyone who has studied a little about political science and crowd psychology knows that the government has a clear interest in having some crime in the country.
The biometric database is designed to strengthen the rule over everyone. It has nothing to do with ordinary crime.
The right to pretend, and to hide is a natural evolutionary right reserved for every person. Whoever allows all kinds of factors to take away this right lives in a bubble.
The people of the Ministry of Interior and the Biometric Authority repeat the same deceptions over and over again.
1. In the opinion of all the information security experts in Israel, including the winners of the Turing Prize and the Israel Prize, one does not need to be a superpower in order to break into the biometric database.
2. In any case, even without hacking, for the reservoir to leak, all that is needed is a memory device the size of a small coin in the pocket of the next Hoanunu, Anat Kam, or Marcus Kleinberg.
3. There are two superpowers, Russia and China, whose interests often conflict with Israel's and at least one of them, as we know, has penetrated our intelligence organizations and the biological institute's database several times.
4. There is no connection between the prevention of forgery of certificates and the biometric database. Counterfeiting is prevented by the electronic chip on the certificate that cannot be copied and by other means such as the hologram on the certificate.
5. If it weren't for the biometric database, we would all already have smart certificates with an electronic chip in our pockets that cannot be forged, already ten years ago!
6. The most ridiculous argument in Gon Kamani's words is the existence of many partial reserves, such as the IDF's reserve, some like the Ministry of Transportation's reserve, even without a legal basis. Instead of deleting or stopping updating the existing databases that are a time bomb, then create another database? If the situation is bad then should it be made worse?
7. I am attaching below a partial list of those opposed to the biometric database. Among them are winners of the Nobel Prize, the Israel Prize and the Israel Defense Prize. Are Mr. Kamani and Mr. Oren greater experts than them?
Prof. Israel Oman, winner of the Nobel Prize in Economics for 2005, winner of the Israel Prize in Economic Research for 1994
Prof. Ada Yonat, winner of the 2009 Nobel Prize in Chemistry, the 2007 Wolf Prize in Chemistry and the 2002 Israel Prize
Prof. Yakir Aharonov, winner of the 1998 Wolf Prize for Physics and the 1989 Israel Prize for Physics
Prof. Noga Alon, recipient of the Israel Mathematics Prize for 2008 and the Israel Security Prize for 1984
Prof. Yosef Amri, recipient of the 2001 Israel Prize for Physics
Prof. Jacob Bekenstein, recipient of the 2005 Israel Prize for Physics
Prof. David Harel, recipient of the 2004 Israel Prize for Computer Science
Prof. Yaakov Ziv, recipient of the Israel Prize for Exact Sciences for 1993 and two Israel Security Awards
Prof. Eli Biham, Dean of the Faculty of Computer Science at the Technion, expert in encryption and information security
Prof. Dorit Aharonov, School of Engineering and Computer Science, Hebrew University
Prof. Amos Baymel, Faculty of Computer Science, Ben Gurion University, expert in encryption and information security
Prof. Oded Goldreich, Department of Mathematics and Computer Science, Weizmann Institute of Science, cryptography expert
Prof. Danny Dolev, School of Engineering and Computer Science, Hebrew University, expert in encryption and information security
Prof. Amir Herzberg, Department of Computer Science, Bar Ilan University, expert in encryption and information security
Prof. Avishai Wall, School of Computer Science, Tel Aviv University, expert in encryption and information security, member of the Checkpoint Institute for Information Security
Prof. Yuval Yishai, Faculty of Computer Science at the Technion, expert in cryptography
Prof. Yehuda Lindel, Department of Computer Science, Bar-Ilan University, expert in encryption and information security
Prof. Moni Naor, Department of Mathematics and Computer Science, Weizmann Institute of Science, encryption expert
Prof. Eyal Koshlavitz, Faculty of Computer Science at the Technion, expert in encryption and information security
Prof. Ran Kanti, School of Computer Sciences, Tel Aviv University, expert in encryption and information security, head of the Checkpoint Institute for Information Security
Dr. Alon Rosen, School of Computer Science, Interdisciplinary Center in Herzliya, expert in encryption and information security, member of the Checkpoint Institute for Information Security
Prof. Omer Rheingold, Department of Mathematics and Computer Science, Weizmann Institute of Science, expert in encryption and information security
Prof. Benny Shor, School of Computer Science, Tel Aviv University, expert in encryption and information security
Prof. Amnon Ta Shema, School of Computer Science, Tel Aviv University
Attorney Jonathan Klinger, what is the problem with the Israel Police having a biometric database. All normative law abiding citizens will benefit from this. The ones who should be afraid of this are the criminals. It's time to give law enforcement more tools to eradicate the growing crime phenomenon in the country.
Abi, I just wanted to point out that I agree with Yonatan Klinger, it is very possible that the database is both secure and unnecessary, the dichotomy in the title is incorrect 🙂 CEL: Is the database necessary or unnecessary and dangerous.
The acquisition process (not the submission) is problematic, and they showed it on Channel 2 or 10 - an investigator was able to identify with someone else's identity easily. What happens after that is probably secure, but then it's too late to catch the imposters, and the police have access to effective biometrics for identification at the scenes after the fact and not just for identifying a person present.