The Science and Technology Committee, headed by MK Uri Maklev, discussed yesterday (Tuesday) the security of the biometric database at the Ministry of the Interior.
The discussion was scheduled in light of the demands of MK Yulia Malinovsky, MK Yael Cohen-Paren, and MK Sharan Haskel, following a breach that was revealed in which programmers accessed the details of those scheduling appointments at the Population and Immigration Authority, as well as the employment of an employee in the biometric database's information security on behalf of a contractor company.
Fathi Maklev addressed the meeting: "It is very important that such issues are not only in the media and are in the public sphere. Even when outsourcing, there must be a clear policy on the information security of government ministries and, God forbid, lawlessness. There is an opportunity here to raise the issue, not with the aim of beheading, but with the concern that all matters will be corrected to the end and that there will be no situation where such matters will be revealed even slightly.".
Want more news, videos and stories? Join the Haredim 10 WhatsApp channel >>
MK Yael Cohen-Paren: "We have discovered that a group of unsophisticated amateur hackers, not some foreign government, managed to penetrate the Interior Ministry's system. This raises serious questions about the database's ability to secure the important and private information of every citizen.".
Ido Talmi, Information Security Manager at the Population and Immigration Authority: "The breach that was covered in the media concerns the appointment scheduling system. For 20 days, the server of the company hired to operate the system was not protected, and approximately 150,000 SMS messages from people scheduling appointments for a biometric certificate were exposed.
""As soon as we learned of the malfunction of the company we hired, we sent a response team that checked the entire company system and gave them instructions on how to secure all the information. Today, there is no such thing as storing information on the company's servers. In light of the malfunction, we are in the process of ceasing activity with the company that provided the service.".
In response to a question from MKs Maklev and Faren about why the Population Authority doesn't operate the system itself, Talmi said: "With an external company, we achieve a reduction of 80% in the cost of the queue system.".
Meir Gobstein from the Biometric Database Management Authority said regarding the story of the employee who was responsible as a contractor for the biometric database: "This was an employee who incorrectly held the title 'responsible' - anyone who is responsible for the biometric database and determines policy in the authority is solely a civil servant.".
Legal advisor to the Biometric Authority, Attorney Margalit Levy: "It is not always possible to employ high-level computer professionals as civil servants who are required for the ongoing handling of the biometric database, and therefore the legislator allows, in a position that cannot be filled by a civil servant, to recruit employees from outside, provided that they go through all the required process and classification and after specific approval for each one signed by the Minister of the Interior and the Prime Minister.".
