State Comptroller and Ombudsman Matanyahu Engelman published today (Tuesday) the annual audit report on social, security and other issues. In the report, the State Comptroller addresses deficiencies found in the conversion system in the Prime Minister's Office.
According to the report, the Conversion Division operating in the Prime Minister's Office is in charge of all processes related to the field of state conversion in the State of Israel. The division is responsible for the special conversion courts, for the procedures for training converts in preparation for conversion, for accompanying converts and supporting them in the process, and for carrying out the actual conversion procedures - up to the issuance of a conversion certificate, which is a civil-legal confirmation of religious conversion and is recognized for all purposes in Israel.
The State Comptroller examined the robustness of the computerized system used by the conversion system. The information and documents collected in this system are sensitive, and a breach of the confidentiality, integrity, or availability of the information in the system could cause economic and image damage to the State of Israel and the converts.
Want more news, videos and stories? Join the Haredim 10 WhatsApp channel >>
In August 2023, the State Comptroller's Office conducted an applied (applicative) robustness test of the Maor system used by the conversion system. The audit was conducted at the Prime Minister's Office, and specifically in the Conversion Division operating within it.
The subcommittee of the Knesset's State Audit Committee decided not to place on the Knesset table or publish data from this chapter in order to preserve state security, in accordance with Section 17 of the State Comptroller Law, 5718-1958 [consolidated version]. The confidentiality of this data does not prevent understanding of the essence of the audit.
The audit team managed to issue a false conversion certificate through the system, allowing the holder to impersonate a Jew and in this way deceive any person and state institutions that consider this certificate to be proof of proper conversion, while bypassing the work process and control measures built into the system.
The audit raised five high-risk deficiencies, including the possibility of an anonymous attacker flooding the system with data by automatically sending case opening forms.
Five medium-risk deficiencies and ten low-risk deficiencies were also raised.
It should be noted that most of the deficiencies raised in the inspection concern an "internal threat," meaning a potential threat from users with access permission to the Maor system. This is in contrast to an "external threat" from parties who do not have access permission to this system.
Comptroller Engelman recommends that the Prime Minister's Office take action to correct the deficiencies identified in the audit. It is appropriate for the National Digital System and an available government unit to examine whether the deficiencies detailed in this report are also relevant to other computerized government services that deal with issuing official documents to the public.
