Feature image via Wikipedia.

      Lebanon will adopt a new biometric passport by the end of July 2016, said General Security chief Major General Abbas Ibrahim in an interview for Lebanese newspaper Assafir less than two weeks ago. While expected, the announcement left unaddressed many key concerns about how this process and the data collected will be handled, particularly with regard to the protection of personally identifiable information (PII).


Given the pervasive lack of trust in the Lebanese government—exacerbated by the gross mismanagement of the passport renewal process earlier this year—it is essential that several sets of questions be asked and answered publicly and transparently before the implementation of biometric passports. We have outlined the questions we think need to be addressed before the program moves forward:


Inkript won the bid that valued $140 million. Inkrypt’s general manager, Jacques Seif, said: “We will handle all the programming and software development in-house.”


Should we trust Inkript to protect our data?
What legal framework and security standards will they use to protect the data?Who will audit their code for bugs or security holes?
Gemalto, the Dutch/French subcontractor, will be in charge of manufacturing the passports.


Over the last few years, the company was hacked by the NSA and the GCHQ. Gemalto confirmed the attacks.


Has the Lebanese government has publicly acknowledged this breach or proposed countermeasures for how similar attacks might be prevented?
There’s a history of leaking personal data and selling it on the black market in Lebanon. How can we avoid this from happening to our biometric data?
What are the laws and regulations used to protect our data?
Where is the data stored?
Who has access to the data?
How is it protected?
We still lack a data protection law in Lebanon. How can the government make sure that our data is protected in the absence of any protective legal framework?


Any adoption of new technologies must include a thorough review of the risks and rewards vis à vis both national security and personal security, including the protection of personally identifiable information. New laws and regulations must be enacted where necessary. This is an issue that we urge the Lebanese government to take seriously.

In addition to the author, Jessica Dheere, Ghida Frangieh, and Jad Shokor helped in this blogpost

This page is available in a different language العربية (Arabic) هذه الصفحة متوفرة بلغة مختلفة

smexadmin

  1. Pingback: Occidente e Turchia dopo il contro-golpe di Erdoğan - Limes

  2. Thank you for writing this article and shedding the light on some key issues in Lebanon that have been obviously neglected. I am keen on privacy as I feel it is not just a human right but also a stimulant for personal growth as well as economic welfare. However, driven mostly by my emotional reactions towards any sense of intrusion from either a government or any other entity, I feel that my intellect fall short at explaining, to myself and others, why the biometric data should be kept private. In other words, what information does the biometric data contain that would pose a threat to the owner in case it is shared? What possible scenarios can exist in which my PII can be used by any entity (government entities) that would either pose a threat to me or be used for economic or political gain?
    Thank you and please excuse my ignorance.

  3. Pingback: SMEX Investigates: Who’s Watching Us? | SMEX: Channeling Advocacy

  4. Hi admin !! I read your website everyday and i must say you have very interesting
    content here. Your page deserves to go viral. You need initial boost only.
    How to go viral fast? Search for; forbesden’s tools

Leave a Comment

Your email address will not be published. Required fields are marked *