Cybercrime (Photo: ShutterStock)
Not many people know this, but the Authority for the Management of the Biometric Database enjoys similar confidentiality to bodies such as the Shin Bet, the Mossad, or the Atomic Energy Commission, and it is excluded from the Freedom of Information Act. This fact is often used to hide trivial details such as exactly how many people work at the Authority for the Management of the Biometric Database Zvi Dvir, a privacy activist and member of the digital rights movement,
not give up, and went all the way to the Supreme Court, which ruled that the Authority has an obligation to consider requests for information without reference to the nature of the request and the interests at stake. This is how it became known to the public how many employees are employed by the Authority to manage the biometric database, and in which roles.
To me and voila!
Technology has received the list of employees directly employed by the Authority to manage the biometric database, and there are 23 employees in total, of which 21 are civil servants and two outsourced programmers who are not civil servants.
This number is somewhat puzzling, considering the size of the database that the authority has to manage, its maintenance and, of course, its complex and sensitive security - because to remind you - this database contains the facial images and fingerprints of millions of citizens in Israel.
This becomes even more puzzling, when you see the list of paid external consultants and external subcontractors of the Authority for the management of the biometric database, which is not small, and includes sensitive positions such as the authority's legal advisor, and several others mentioned as "consultants" without a specific description of their role.
This is not what the legislator intended.
At the time, when enacting the Biometric Database Law, the legislator insisted that all employees of the Authority, without exception, be civil servants, that this would be their only occupation and that they pass the security classification requirements as defined by the General Security Service.
Section 11 of the Law "Inclusion of Biometric Identification Means and Biometric Identification Data in Identification Documents and Databases, 2009" states as follows:
This database contains the facial images and fingerprints of millions of Israeli citizens. (Photo: screenshot, YouTube)
"Employees of the authority will be state employees and will not perform any other role than their role in the authority; the employees of the authority will act according to the instructions of the head of the authority and under his supervision. No employee will be employed in the authority, unless he has passed a security suitability test as defined in section 15 of the General Security Service Law."
The fact that the authority uses quite a few external consultants (some of them, apparently, also provide services to other state bodies) alongside two full-time employees who are not state employees - on the face of it, violates the language of the law and its intent, and is essentially a de facto circumvention of the section in question in the law, which was not enacted for nothing or for decoration .
Those external consultants employed in the tender are, as their name implies - external.
Today there are and tomorrow they are not, they are not directly employed by the State of Israel and necessarily provide services to other entities, contrary to what was defined by law and required exclusivity of occupation, and perhaps which of them are in a conflict of interest?
The fact that the authority uses external employees extensively does not really seem like proper management - especially if you look at the great sensitivity of the managed database, and especially if you remember the intention of the legislator and the strict requirements of the law in this regard - that the employees of the authority for the management of the biometric database will not perform any role other than their role in the authority for the management of the biometric database And they will all be civil servants, without exception.
The response of the authority for the management of the biometric database has not yet been received, we will update it when it is received.
privacy and security
The Authority for the Protection of Privacy