Israeli authorities have tracked down the source of a leak which resulted in the illegal publication online of personal information about every one of Israel's citizens, the Justice Ministry announced Monday.

The database provides the personal and familial information of all Israeli citizens in the Population Registry – more than nine million people, some of whom are no longer alive. Each citizen's family relations, personal identification number and other private information are contained in the database.

Open gallery view Israelis protesting against biometric database. Credit: Motti Kimche / Archive

The affair raised concerns that the comprehensive information exposed to the public would be exploited for personal, business or even security-related use.

According to the investigative details released on Monday, it was a former Welfare Ministry contracted employee who stole the information in 2006 from the Population Registry, which he had access to through his job.

The employee stored the database in his home and even updated it sporadically in accordance with the Interior Ministry's updates. He was later sacked for other criminal-related reasons and passed on the information from the database to a business client, who subsequently uploaded the details onto his computer server.

Over the course of several months, the registry exchanged hands in the ultra-Orthodox community until it fell into the possession of a man named Ari, who used it extensively and uploaded it to the internet. He used internet protocol addresses based outside of the country, worked in internet cafes, and used other methods of subterfuge in order to prevent his own identity from being discovered.

At some point, the registry was sold for the paltry sum of only a few thousand shekels, and it is likely that it was used for malevolent purposes. Since the start of the investigation, Israeli agents have attempted to track down every copy of the registry and remove it from the internet.

One copy of the registry was tracked to an obsessive collector of Israeli databases, who was found to have an enormous trove of them. One of the databases that was found in his possession was a list of adopted children in Tel Aviv and Jerusalem.

Over the course of the investigation, six people were arrested, including the contractor and the man named Ari, and they were subjected to various arrest conditions.

The issue of hacking into databases containing information about Israeli citizens has made headlines in recent years, especially after a Knesset committee approve protocols for a biometric database this last June. Many academic and industry experts warned that in its present form, the registry represents a danger to citizens, even if it is not hacked.

The Knesset committee meeting that authorized the protocols for establishing a biometric database for all Israeli citizens consisted of no more than two members of Knesset: Shas MK Avraham Michaeli and Kadima MK Meir Sheetrit, who has been pushing to establish the database for several years now.

In practice, the decision eliminated the possibility of operating a biometric database in a way that would limit the risk to peoples privacy, which critics of the present plan had advocated.

MK Michael Eitan, the most ardent objector to the registry among Israeli politicians, related to the issue of security in an interview with Haaretz. Using a biometric database today is likely to be as dangerous as the use of an unsupervised nuclear plant that can leak. In the same way, a leak in a biometric database can cause irreversible damage that could take decades to repair.

If heaven forbid databases like these are leaked to the public – and sadly it is difficult to be sure that they wont be, said Eitan, on the balance sheet of advantages that the database can provide, compared to the use of biometric identification without a database, it is preferable to use IDs without a database.

Professor Eli Biham, Dean of the Technion Faculty of Computer Science said that the main fears regarding the establishment of a biometric database are related to the problematic history of the security of the population database – even if the information is encrypted.

The law specifically allows security services, such as the police, the Shin Bet, etc., to pull information from the database. This accessibility raises the possibility that someone would enter the database for purposes other than for which it was intended.

In addition, it is expected that there will be fake fingerprints and other errors in the system, and these could lead to innocent people being investigated by the police.

Avner Pinchuk, in charge of information and privacy issues for the Association for Civil Rights in Israel told Haaretz, This database includes personal details that cannot be altered. The minute someone has access to the database, it opens up the possibility of acts that would violate peoples rights and freedoms.

More generally, Pinchuk continued, this database will allow whoever controls it to disturb the public order and national security.

The biometric database also can be used to gain access to other sensitive information. The information allows one to identify a person based on his biometric information. Facial recognition software allows one to identify anyone photographed on camera, using the biometric database.

