Biometric Passports: Questions the Lebanese Government
Posted on: July 21, 2016
Questions the Lebanese Government Should Answer about the New Biometric Passports
Mostly about how the government can protect our personal data.
We still lack a data protection law in Lebanon
Lebanon will adopt a new biometric passport by the end of July 2016, said General Security chief Major General Abbas Ibrahim in an interview for Lebanese newspaper Assafir less than two weeks ago. (It is already done)
While expected, the announcement left unaddressed many key concerns about how this process and the data collected will be handled, particularly with regard to the protection of personally identifiable information (PII).
Given the pervasive lack of trust in the Lebanese government—exacerbated by the gross mismanagement of the passport renewal process earlier this year—it is essential that several sets of questions be asked and answered publicly and transparently before the implementation of biometric passports.
We have outlined the questions we think need to be addressed before the program moves forward:
Inkrypt won the bid that valued $140 million. Inkrypt’s general manager, Jacques Seif, said: “We will handle all the programming and software development in-house.”
Should we trust Inkrypt to protect our data?
What legal framework and security standards will they use to protect the data?
Who will audit their code for bugs or security holes?
Gemalto, the Dutch/French subcontractor, will be in charge of manufacturing the passports. (What?)
Over the last few years, the company was hacked by the NSA and the GCHQ.
Gemalto confirmed the attacks.
Has the Lebanese government has publicly acknowledged this breach or proposed countermeasures for how similar attacks might be prevented?
There’s a history of leaking personal data and selling it on the black market in Lebanon.
How can we avoid this from happening to our biometric data?
What are the laws and regulations used to protect our data?
Where is the data stored?
Who has access to the data?
How is it protected?
We still lack a data protection law in Lebanon.
How can the government make sure that our data is protected in the absence of any protective legal framework?
Any adoption of new technologies must include a thorough review of the risks and rewards vis à vis both national security and personal security, including the protection of personally identifiable information.
New laws and regulations must be enacted where necessary. This is an issue that we urge the Lebanese government to take seriously.
In addition to the author, Jessica Dheere, Ghida Frangieh, and Jad Shokor helped in this blogpost
Mohamad is advocacy and policy director at Social Media Exchange (SMEX). He has initiated and contributed to several successful online campaigns, such as #stopthislaw and #ProtectPrivacy, and is currently focused on bringing together knowledgeable and progressive voices to push for sound Internet governance in the Arab region.
He tweets as @MoNajem and blogs for SMEX and Global Voices Advocacy.
Adonis Diaries 
Leave a Reply