Systematic Government Access to Private-Sector Data in Israel
Systematic Government Access to Private-Sector Data in Israel
Balancing Security Needs with Democratic Accountability
Abstract and Keywords
Israel is a democracy committed to the protection of human rights while at the same time trying to contain uniquely difficult national security concerns. One area where this tension is manifest is government access to communications data. On the one hand, subscriber privacy is a constitutional right protected by legislation and Supreme Court jurisprudence; on the other hand, communications data are a powerful tool in the hands of national security and law enforcement agencies. This chapter examines Israel’s attempt to balance these competing interests by empowering national security agencies while at the same time creating mechanisms of accountability. In particular, Israel utilizes the special independent status of the attorney general as a check on government power.
Israel is a democracy committed to the protection of human rights while at the same time trying to contain uniquely difficult national security concerns. One area where this tension is manifest is government access to communications data. On the one hand, subscriber privacy is a constitutional right protected by legislation and Supreme Court jurisprudence; on the other hand, communications data are a powerful tool in the hands of national security and law enforcement agencies. In this chapter I examine Israel’s attempt to balance these competing interests by empowering national security agencies while at the same time creating mechanisms of accountability. In particular, Israel utilizes the special independent status of the attorney general as a check on government power.
II. National Legal Context and Fundamental Principles
Israel is a parliamentary democracy with a system of checks and balances between the legislative branch (the “Knesset,” or Parliament); the executive branch (the “Memshala,” or government); and a strong judiciary. Its constitution is compiled of a series of “Basic Laws” setting forth the structure of and relations among the institutions of power as well as the fundamental human rights. Under a 1995 Supreme Court decision, these Basic Laws enjoy constitutional status, enabling the judiciary to strike down inconsistent legislation.1 Also sharing constitutional (p.92) status are a number of fundamental human rights not enumerated in the Basic Laws, including equality, freedom of speech, and freedom of religion.2
When analyzing human rights in Israel, two important preliminary observations must be made: first, a distinction must be drawn between “Israel proper” and the territories that it occupies since 1967. Although Israel proper is a democracy strongly committed to human rights, the occupied territories are in a state of belligerent occupation and subject to a military regime. In this chapter, I analyze the legal situation strictly in Israel proper, an analysis that has no bearing on the situation in the occupied territories. It is important to note that although described as a Jewish state in its Declaration of Independence, Israel includes large religious and ethnic minorities, namely Muslims (approximately 20 percent of the population and 80 percent of non-Jews), Christians, and Druze, some of which claim de facto discrimination.3
Second, since its inception in 1948, Israel has been in a state of war with some or all of its neighbors, and has undergone waves of fierce terrorism targeting civilian population. This means that more than most Western democracies, Israel had to balance its pursuit of human rights with a need to defend national security, fight terrorism, and occasionally engage in full-scale war. Accordingly, national security considerations have had a profound impact on Israeli constitutional and legal discourse; at the same time, they have neither upended the rule of law nor completely displaced fundamental rights. On more than one occasion, the Israeli Supreme Court reaffirmed its commitment to the rule of law even in cases pitting strong national security interests: for example, outlawing torture in interrogations,4 or displacing the military erected security barrier.5 In one landmark case, Supreme Court Chief Justice Aharon Barak wrote: “there is no security without law, and the rule of law is a component of national security.”6
A. The Constitutional Right to Privacy
Section 7 of Basic Law: Human Dignity and Freedom (1992) (Basic Law) states:
(a) All persons have the right to privacy and to intimacy.
(b) There shall be no entry into the private premises of a person who has not consented thereto.
(c) No search shall be conducted on the private premises or body of a person, nor in the body or belongings of a person.
(d) There shall be no violation of the confidentiality of the spoken utterances, writings or records of a person.7
In several key decisions, the Israeli Supreme Court stressed that the right of privacy is a basic constitutional right.8
Like all fundamental rights, the right to privacy is not absolute. It is subject to the so-called “limitation clause” in Section 8 of the Basic Law, which states: “There shall be no violation of rights under this Basic Law except by a law befitting the values of the State of Israel; enacted for a proper purpose; and to an extent no greater than is required.” Any legislative or executive action is subject to this constitutional instruction; if it restricts the right to privacy, it will survive only if it passes scrutiny under the limitation clause.
For example, in Association for Civil Rights in Israel v. Minister of Interior (2004), the Israeli Supreme Court struck down as unconstitutional public sector data-sharing practices although such data sharing had been authorized by statute.9 The Supreme Court ruled that data transfers were overly broad and had disproportionate effect on individuals’ privacy rights. It ruled that data transfers must be restricted by regulations specifying the precise recipients of data, data uses, and data security measures. It provided that transfers of data from government to private-sector financial institutions must be expressly authorized by primary legislation; anti-money laundering provisions in secondary regulations did not suffice.
In Plonit v. National Rabbinical Court (2006), the Israeli Supreme Court held that “the right to privacy is one of our most important fundamental rights. It is (p.94) one of the freedoms shaping the democratic character of Israel’s legal system. Its roots run deep in our Jewish heritage. It is mandated by Israel’s values as a Jewish and democratic state.”10 These holdings were reiterated in Rami Mor v. Barak ETC (2010), a case in which the Supreme Court refused to order an ISP to unmask a John Doe defendant, holding that the constitutional right to privacy entails a right to anonymity.11 Justice Eliezer Rivlin stated:
The shattering of the “illusion of anonymity” in a reality where a user’s sense of privacy is a myth may raise associations of a “big brother.” Such an infringement of privacy must be minimised. Anonymity shelters must be preserved within reasonable boundaries as they constitute an important aspect of Internet culture. To a great extent, anonymity makes the Internet what it is, and without it freedom in the virtual space would be mitigated. The prospect of tracking those in the virtual space would have a stifling effect on their behavior.
In Issakov Inbar v. State of Israel (2011), the Israeli National Labor Court severely restricted employers’ ability to monitor their employees’ email correspondence, holding that given the constitutional status of the right to privacy, exemptions to the Privacy Protection Act, 1981 (PPA), must be interpreted narrowly.12 In its opinion, the Court made clear statements concerning the suspect nature of employee consent and mandated implementation of principles of legitimacy, transparency, proportionality, purpose limitation, access, accuracy, confidentiality, and security. This decision has recently been reaffirmed by the Supreme Court.13
B. The Statutory Right to Privacy
Israel has not only constitutional protections for the right of privacy but also an omnibus privacy protection statute, the PPA. The PPA applies to both the private and public sector and confers civil, administrative, and criminal rights and obligations. Section 1 of the PPA prohibits infringement of an individual’s privacy without that individual’s consent. Chapter A of the PPA deals with general privacy protection, listing 11 alternative causes of action for infringement of privacy.14 Especially pertinent in the context of communications data are Section 2(1) of the PPA, which refers to “spying on or trailing a person in a manner likely to harass him (…); ” Section 2(2): “listening-in prohibited under any law;” Section 2(5): “copying or using, without permission from the addressee or writer, the contents of a letter or any other writing not intended for publication (…); ” and (p.95) Section 2(9): “using, or passing on to another, information on a person’s private affairs otherwise than for the purpose for which it was given.” An infringement of privacy constitutes a civil tort and, if intentional, a criminal offense.
Section 19 of the PPA provides an exemption from liability under Section 2 for “security services,” defined to include the police, military intelligence (known according to its Hebrew acronym “Aman”), the Israeli Security Agency (ISA) (known according to its Hebrew acronym as “Shin Bet” or “Sahabak”),15 and the Institute for Intelligence and Special Operations (known according to a shorthand version of its Hebrew name, “Mossad”).16 It states:
(a) No person shall bear responsibility under this Act for an act which he is empowered to do by law.
(b) A security authority or a person employed by it or acting on its behalf shall bear no responsibility under this Act for an infringement reasonably committed within the scope of their functions and for the purpose of carrying them out.
Nongovernment entities cooperating with a security service while compromising the privacy interests of their customers can rely for a defense on Section 19(a) above as well as on Section 18(2)(b) of the PPA, which states that “[i]n any criminal or civil proceeding for infringement of privacy, it shall be a good defence if (…) (2) the defendant or accused committed the infringement in good faith and in any of the following circumstances: (b) the infringement was committed in circumstances in which the infringer was under a legal, moral, social or professional obligation to commit it.”
Informational privacy is further regulated by Chapter B of the PPA, Israel’s data protection statute. Recognized by the European Commission in 2011 as providing “adequate” protection under EU data protection law,17 Chapter B of the PPA establishes a procedure for database registration18 and sets forth informational privacy principles including transparency,19 purpose (p.96) limitation,20 security,21 confidentiality,22 access and rectification,23 and restrictions on transborder data flows.24
Significantly, Section 32 of the PPA provides an exclusionary rule pursuant to which (subject to certain narrow exceptions) “material obtained by the commission of an infringement of privacy shall not be used as evidence in court without the consent of the injured party.” This provision was used to quash evidence obtained from a suspect by use of force,25 by a party illicitly copying the counterparty’s computer hard disk,26 and by a husband covertly photographing his wife having intercourse with another man.27 A separate provision is used to disqualify evidence obtained through an illicit or improperly authorized wiretap.28
IV. Government Access
A. Facilitating Government Surveillance
Similar to the Communications Assistance for Law Enforcement Act (CALEA) in the United States, Section 13 of the Israeli Telecommunications Act (Telephone and Broadcast), 1982 (Telecommunications Act) empowers government officials to provide instructions to telecommunications operators to modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities.
Under Section 13 of the Telecommunications Act, the prime minister, after consulting with the Minister of Communications and based on a request by the Minister of Defence, Minister of Domestic Security, the ISA, or the Mossad, can issue instructions to a telecommunications licensee with respect to “the installation of equipment, performance of a telecommunications service, or ensuring technological compatibility to telecommunications equipment (…) including the provision of access to equipment, as much as necessary to perform the roles of the security services or exercise their legal authority.”29 Section 13(a) of the Telecommunications Act defines a “security service” to include the Israel Defence (p.97) Forces, ISA, Mossad, police, and prison service. A licensee is defined broadly through a complex set of definitions in Section 1 of the Telecommunications Act30 to include any fixed line or cellular operator, and ISPs, as well as broadcast licensees (cable and satellite operators).
Under Section 13(d) of the Telecommunications Act, the prime minister’s instructions under Section 13(b) must remain secret. Section 13(e) of the Telecommunications Act provides immunity from civil or criminal liability (for example, for infringement of privacy) to a licensee and its employees for complying with an obligation under the same section. The payment by the government to the licensee for services rendered in accordance with Section 13(b), always a contentious issue, is regulated by Section 13(c) of the Telecommunications Act, which provides:
The payment for services rendered or actions taken according to subsection (b) … will be determined in an agreement between the relevant security service and the licensee based on reasonable expense reimbursement and taking into account the existing price for the services rendered; in the absence of an agreement, the payment will be determined by a person appointed by the Attorney General…
Wiretapping, or lawful intercept, is regulated in Israel under the Wiretap Act, 1979 (Wiretap Act). The Wiretap Act generally prohibits wiretapping and sets rules for lawful intercept by law enforcement and national security agencies. It defines a “conversation” as including not only voice communication but also communications between computers. It defines a wiretap as listening in to a conversation using a device without the consent of either party to the conversation.
A series of court decisions and instructions by the attorney general weighed whether the capture or interception by the police of certain synchronous or asynchronous communications such as email messages, text messages, and voicemails constitute a “wiretap” or rather a “search,” which is subject in Israel to less legal process. The general thrust of these cases is that the capture of voicemail,31 text messages32 or emails on a suspect’s device constitutes a search, whereas the interception of messages in transit, for example on the servers of an ISP, constitutes a wiretap.33 Nevertheless, the Supreme Court has not yet confronted these (p.98) issues and the attorney general continues to view the capture of any asynchronous communications, even on an ISP’s servers, as a search.
Lawful intercept by the police is allowed pursuant to a warrant issued by a President of a District Court.34 A broader mandate is provided to security services, defined as military intelligence or the ISA. A security service may obtain a permit for a wiretap from the prime minister or the Minister of Defence (in this Act, the “Minister”) without judicial oversight. Under Section 4 of the Wiretap Act, “the Minister may authorise a wiretap in writing if requested to do so in writing by the head of a security service and if he is convinced, after giving due weight to the infringement of privacy, that it is necessary for national security.” Sections 4(b)–(c) of the Wiretap Act describe the specifics that must be found in a Minister’s permit, including the identity of the individual or device whose communications will be intercepted, the location of the conversations, and the duration of the monitoring (not to exceed three months, subject to periodic extension). However, the requirement to specify such details is qualified by the phrase “all if they are known in advance.” This implies that the Minister may well issue general wiretapping permits. In urgent cases, the head of a security service may himself authorize a wiretap for a period no longer than 48 hours; immediate notice must be sent to the Minister who is authorized to revoke such a wiretap.35
Although not subject to judicial oversight, national security wiretap permits are reported quarterly to the attorney general;36 and the number of such permits is reported annually to a special parliamentary committee convening behind closed doors.37 Additional issues regulated by the Wiretap Act include the manufacturing, import, and possession of wiretapping equipment;38 data retention and deletion requirements;39 the wiretapping of communications subject to evidentiary privileges;40 and the admissibility of evidence obtained through an illegal or improperly authorized wiretap.41 Generally, such evidence is inadmissible; yet certain exemptions apply, namely “in a criminal proceeding for a serious felony, if a court decided to admit the evidence after having been convinced … that the interest in reaching the truth outweighs the interest in privacy.”42 An additional (p.99) requirement for admissibility in these cases is that “an improperly authorised wiretap performed by a person who is in place to obtain legal authorisation will be inadmissible, except if performed in good faith due to an error based on apparent legal authorisation.”43 A 1995 amendment to the Wiretap Act provides that “evidence obtained by a lawful wiretap will be admissible in a criminal proceeding to prove any offense,” meaning not just the offense for which the permit was sought but any other offense discovered in the process.44
In the past few years, two high level inquiries were conducted into police (but not national security) use of wiretapping, one by a parliamentary committee and the other by the State Comptroller. These investigations were motivated, among other reasons, by high profile irregularities in the police use of wiretapping, including in the case of a government minister suspected of sexual misconduct. The parliamentary committee issued a public report in January 2009, proposing legislative amendments as well as putting in place internal rules and regulations on quality control, data deletion, incidental capture of a call subject to evidentiary privilege, transparency, and more.45 Some of the proposed amendments were included in a government-sponsored bill submitted to Parliament in 2009 and still making its way through the legislative process.46 The State Comptroller issued its report in June 2010, sharply criticizing the police for their lack of sufficient guidelines and violations of those guidelines that do exist.47 The State Comptroller’s report included detailed information about the volume of wiretapping permits issued to the police (but not the security services). For example, in 2004, the police petitioned the courts 962 times for wiretap permits, only 3 of which petitions were rejected; similar numbers were revealed for the next four years.48 These figures appear high compared to those in other Western democracies such as the United States, which has a population 50 times larger than Israel’s yet had only 1,773 wiretap permits in 2005; or the UK, with a population 10 times larger than Israel’s, and 1,983 wiretap permits.49 In addition, the State Comptroller expressed concern with the common police practice of obtaining (p.100) authorization for a wiretap based on investigation of a serious felony, only to use the evidence to prosecute a lesser offense.
C. Communications Data
In 2007 the Knesset enacted a new statute regulating the authority of law enforcement agencies to access communications data, the Criminal Procedure Act (Enforcement Powers—Communications Traffic Data), 2007 (Communications Data Act). Until then, law enforcement access to communications (non-content) data was moderated by an arcane provision of a criminal procedure statute dating back to the 1930s titled “seizure of an object.”50
Notice, however, that access by the ISA to communications data is regulated by a specific provision in the General Security Service Act, 2002 (ISAA). The passage of the Communications Data Act was accompanied by intense public debate, including more than a dozen multi-stakeholder parliamentary hearings. In the process, the new statute was dubbed the “Big Brother Law” in the press and its validity is currently being challenged on constitutional grounds in the Supreme Court. This stands in stark contrast to the ISAA, which confers far broader powers to the ISA and does so without any judicial scrutiny. Several reasons could potentially help explain the relative public acquiescence with the ISAA: First, in 2002 the mobile age was just dawning; the public was unaware of the magnitude of the privacy impact of communications data, which up to that point were perceived as a simple “pen register” of calls.51 Second, the ISAA was enacted in the midst of the second Intifada; Israel was awash with horrifying terrorism and the public sought a strong ISA. Third, the ISA, like the Mossad and Aman, have always enjoyed special status in Israeli society and are less prone to public criticism than the police.
1. Law Enforcement Access
The Communications Data Act defines “communications data” as “location data, subscriber data, and traffic data; as long as these do not include contents data.”52 As discussed above, access to contents data is regulated by the Wiretap Act. The Communications Data Act sets forth three tracks for law enforcement access to communications data. First, under Section 3 of the Communications Data Act, the police, as well as a list of enumerated law enforcement agencies, can petition a Magistrates Court for authorization to obtain communications data in order to save or protect the life of an individual; to uncover, investigate, or (p.101) prevent a crime; to apprehend and prosecute a criminal; or to confiscate property under the law.53 The term “crime” is defined broadly to include “a felony or a misdemeanor”—drawing sharp criticism from privacy and human rights activists. Section 3(g) of the Communications Data Act provides that “in its decision and in determining the period of time for access to communications data, the court will bring into consideration … the degree of infringement of individual privacy, the severity of the crime, whether the individual is a professional benefiting from an evidentiary privilege, and the type of communications data sought.”
The second track allows for access in urgent cases without a court order. Under Section 4 of the Communications Data Act, a senior police officer may issue an urgent order effective for 24 hours “if such an order is necessary to prevent a felony or apprehend a felon or to save the life of an individual and there is insufficient time to petition a court for a Section 3 order.”54 The Communications Data Act requires the police to report periodically to the attorney general and to a parliamentary committee about the number of Section 4 orders issued.55 Both Section 3 court orders and Section 4 urgent orders are addressed at telecom operators and telecom operators must comply with them promptly. Section 3(i) provides that the reasons specified by a court for a Section 3 order will not be disclosed to the telecom operator. Telecom operators are bound to secrecy under Section 5 of the Communications Data Act, which provides that “[a] telecom provider or its employee will not disclose to a subscriber or any other person the transfer of communications data to the police or any other enforcement agency, except if ordered to do so by a court.”56 Section 15 of the Communications Data Act amended the Wiretap Act, authorizing the court or an officer issuing a wiretap permit to also authorize access to communications data.57
The third track, which sparked fierce public controversy, authorizes the police to require a telecom operator, defined for the purposes of this section as strictly a fixed line or cellular operator (i.e., not an ISP), to turn over an updated file containing (1) the identifying details of all of its subscribers58 including unique device identifiers for their phones or parts thereof, and (2) information concerning the mapping of its cellular antennas, including identifying details for each antenna and its area of coverage.59 Under Section 7 of the Communications Data Act, the police must maintain the security and confidentiality of the database (p.102) established under Section 6, including logging access and not using the data for any purpose except those authorized under Section 3.
The Communications Data Act authorizes the Minister of Domestic Security to issue regulations governing the maintenance of the Section 6 database. Such regulations must be approved by the parliamentary Constitution, Law and Justice Committee. In August 2008, the Minister of Domestic Security presented the draft regulations to the parliamentary committee; yet his proposal was met by stiff resistance when the hearing surfaced apparent abuses of power by the police. For example, Cellcom, Israel’s largest cellular operator, revealed that as a matter of practice the police required access to data items not explicitly enumerated in the Communications Data Act and generously exercised its authority to issue urgent Section 4 orders.60
In April 2008, the Association for Civil Rights in Israel (ACRI) petitioned the Supreme Court to invalidate parts of the Communications Data Act, arguing they constituted a disproportionate infringement of the fundamental right to privacy. The Supreme Court heard the case, ACRI v. Israeli Police, in an expanded panel, usually reserved for weighty constitutional issues.61
In its petition, ACRI focused its criticism on three aspects of the law: First, it argued that permitting access to communications data in the context of misdemeanors is overly broad; it requested that the court limit access to cases involving serious felonies. Second, ACRI argued that the test for providing a judicial order under Section 3 is too loose, enabling the police to obtain orders for the purpose of intelligence gathering without probable cause for a specific crime. Third, ACRI argued that a police officer’s power to issue an urgent order under Section 4 must not extend to cases involving a professional benefiting from an evidentiary privilege (e.g., a lawyer or physician). Finally, ACRI argued that the database established under Section 6 of the Communications Data Act must exclude details of individuals who opted-out of caller ID.
Pursuant to the submission of the ACRI’s petition, the Israeli Press Council and the Israeli Bar, which enjoys the membership of more than 50,000 lawyers, asked to join ACRI as petitioners. In its petition, the Israeli Bar emphasized the need to craft a specific solution for urgent orders addressed at professionals subject to evidentiary privileges. In addition, it argued that unlike the PPA and the (p.103) Wiretap Act, the Communications Data Act lacks a provision rendering improperly obtained evidence inadmissible at trial.
In May 2012, the Israeli Supreme Court denied the petitions and upheld the validity of the Communications Data Act, despite recognizing its infringement on privacy. In an 82-page decision, the court analyzed the legislation under the constitutional limitation clause, finding that it was enacted for a proper purpose and restricted constitutional rights to an extent no greater than is necessary. At the same time, the Court set forth strict criteria for implementing law enforcement access to communications data under each of the statutory tracks. The court emphasized the accountability of law enforcement authorities to the attorney general and to Parliament. In approving the validity of the law, the Court set forth guidelines, particularly around access to communications data of professionals benefitting from an evidentiary privilege.
2. Security Services Access
As discussed above, the ISA enjoyed broad access to communications data even before the enactment of the Communications Data Act. In the 1990s, the government of Israel decided to enact a law regulating the status and powers of the ISA, which until then operated based on government decisions and without legislative mandate.62 Years of preparatory work by the legal department of the ISA and the Ministry of Justice led to the enactment of the ISAA in 2002.63 The ISAA treads a middle path between “skeletal” national security agency statutes, such as the UK’s,64 and voluminous, detailed statutes, such as Australia’s.65 Although not addressing thorny issues such as the use of force in interrogations, the ISAA does introduce a specific section for communications data.66 Section 11 of the ISAA provides:
(a) in this section—’Licensee’—as defined in Section 13 of the Telecommunications Act (Telephone and Broadcast), 1982.
‘Data’—including communications data, except contents data as defined in the Wiretap Act, 1979.
(p.104) (b) The Prime Minister may set forth rules determining that categories of data found in databases of a licensee are required for the ISA for performing its roles under this law and that the licensee must transfer such categories of data to the ISA.
(c) Any use of data found in a database according to subsection (b) is subject to a permit issued by the Head of the ISA after being convinced that the data are required for the ISA for performing its roles under this law; the permit will specify, inasmuch as possible, details concerning the data sought, the purpose for which they are sought, and the database in which they are found; the permit will be limited in duration for a period not greater than 6 months; except that the Head of the ISA may periodically extend this period.
(d) The Head of the ISA will report quarterly to the Prime Minister and the Attorney General, and annually to the parliamentary committee for ISA matters, about permits issued and data used under this section; reporting details will be set in rules.
(e) The Prime Minister will promulgate rules regarding the retention by a licensee of categories of data according to subsection (b) for a period that he determines and the transfer of categories of data to the ISA; the Prime Minister will determine in rules agreed upon by the Minister of Justice provisions regarding the storage and security of data transferred to the ISA under this section and deletion or destruction of data that are no longer necessary.
(f) Section 13(e) of the Telecommunications Act will apply to the performance of obligations under this section.67
The access powers under section 11 of the ISAA apply to data held by “licensees” under the Telecommunications Act. As discussed above, a licensee is defined broadly in the Telecommunications Act to include any fixed line or cellular operator, and ISPs, as well as broadcast licensees (cable and satellite operators).68
Section 11(b) grants the prime minister almost unfettered authority to promulgate rules setting forth categories of communications data that a licensee must transfer to the ISA. Such rules were in fact put in place by the prime minister, yet their content remains classified in accordance with Section 19(a)(1) of the ISA.69 Under Section 11(c) of the ISAA, the Head of the ISA has broad powers to permit ISA access to or use of such categories of communications data that the prime minister set forth in his rules. Indeed, the only condition qualifying both (p.105) the prime minister’s and Head of ISA’s respective authority is that the communications data “are required for the ISA for performing its roles under this law.” The communications data subject to the ISA authority include any data held by a licensee with the notable exception of communications contents.70
To counterbalance these broad powers, the ISAA sets forth certain transparency requirements. First, under Section 11(c) of the ISAA, the Head of ISA must specify in each permit details concerning the data sought, the purpose for which they are sought, and the database in which they are found. Yet this requirement is tempered by the modifier “inasmuch as possible,” effectively allowing for much less detailed permits. In addition, each permit is limited in duration for a period no longer than six months; yet such a term may be extended time and again indefinitely. More significant, under Section 11(d) of the ISAA, the Head of ISA must report periodically to the prime minister and the attorney general (quarterly) and to the parliamentary committee for ISA matters (annually) about permits issued and data used under Section 11. These reporting requirements, although not public or subject to judicial oversight, are significant, as they are made to the highest official in the executive branch (the prime minister) and the legal service (the attorney general), as well as to the legislative branch (the parliamentary committee).
Although formally part of the executive branch, the attorney general enjoys a unique status in Israel’s constitutional and administrative system. He is the only legal counsel to the government and the head of the general prosecution. His advice to the government is binding. He provides guidance to the government ministries’ legal advisors, who are subject to the authority of the attorney general even where his position conflicts with that of their responsible minister.
Elyakim Rubinstein, a former attorney general and current Supreme Court justice, explains:
A written directive by the Attorney General instructs the Government ministries to abide by legal opinions; the legal advisor’s opinion binds the ministry; the Attorney General’s advice binds the government subject, of course, to court decisions.71
In court, the government cannot be represented by outside counsel without the agreement of the attorney general, which is very rarely given. The attorney general is a non-political, professional appointment selected by a search committee chaired by a former Supreme Court justice. A candidate for attorney general must himself be eligible to become a Supreme Court justice.
To understand the attorney general’s degree of autonomy and isolation from political influence, consider that as head of the prosecution, Israel’s last attorney (p.106) general Meni Mazzuz indicted an acting president (Moshe Katzav, convicted of rape and sentenced to eight years imprisonment), prime minister (Ehud Olmert, forced to resign, convicted of corruption and sentenced to 27 months imprisonment), minister of finance (Avraham Hirschzon, convicted of corruption and sentenced to 5.5 years imprisonment); and minister of justice (Haim Ramon, convicted of sexual misconduct and sentenced to community service).
By imposing strict reporting requirements on the attorney general, the ISAA strikes a balance between granting the ISA broad powers and imposing a degree of accountability. This balance may not be optimal—given the isolation of the process from public or judicial scrutiny. Yet this arrangement is not trivial as in some other Western democracies where the degree of engagement of the security services with the government legal service may not be as strong, and the government legal service itself not as independent.
The final provision of Section 11 of the ISAA provides immunity from civil or criminal liability to a licensee and its employees for complying with an obligation under the same section. A similar provision does not appear in the Communications Data Act, meaning that a telecom operator or its employee complying with an order under the Communications Data Act must rely on the exemptions in Sections 18(2)(b) or 19(a) of the PPA or Section 6 of the Torts Ordinance (New Version), which provides a blanket immunity from tort liability for non-negligent acts or omissions mandated by a legal obligation or based on a good faith belief in the existence of such an obligation.
Finally, it is important to note that access to communications data for national security purposes under the ISAA is restricted to the ISA; the regime does not apply to additional national security organizations such as the Mossad and Aman, particularly Unit 8200 responsible for SIGINT (signals intelligence).72 There is no public information concerning these organizations’ access to domestic communications data, if any.
3. Data Retention
Unlike the EU,73 Israel does not have a general data retention statute. This means that the telecom operators could ostensibly delete communications data promptly after using them for their own purposes. Indeed, one interpretation of the purpose limitation provisions in the PPA74 is that such deletion is required by privacy law. To this end, Section 11(e) of the ISAA authorizes the prime minister to promulgate rules “regarding the retention by a licensee of categories of data (p.107) according to subsection (b), for a period that he determines.” As discussed, such rules, if they have been put in place, remain secret. A similar provision is not found in the Communications Data Act, raising doubts whether telecom operators must retain data if not required to do so by the prime minister’s national security rules.
The question of whether telecom providers are required (or, conversely, allowed) to retain communications data arose in the Amir Liran v. Pelephone case.75 The plaintiff requested that his two cellular operators delete his communications data after he settled his bill. To assure the cellular operators he was not going to challenge the bills, he was willing to execute a waiver of claims. He argued that the retention of his communications data without a specific purpose infringes his privacy and violates the PPA. The attorney general, who has authority to intervene in litigation in order to represent the public interest, submitted an opinion in the case arguing that the Communications Data Act should be interpreted to permit the retention of communications data by telecom operators “for a reasonable period of time.” The Tel Aviv District Court accepted the attorney general’s argument, holding that absent a specific obligation to delete communications data, telecom operators were permitted to retain them. This decision was criticized by commentators, including the author of this chapter, who argued that the court misinterpreted the balance struck by the PPA between individual rights and legitimate business interests and failed to take account of the constitutional status of the right to privacy.76
4. The Mechanics of Data Transfers
What are the mechanics of data transfers from telecom operators to law enforcement and security services? Are transfers moderated by an employee of the telecom operator, or do data flow at the will of ISA operatives? Is the “switch” to the “pipe” in the hands of the telecom company or the security service? Who pays for retention and use of stored communications data? Although technical, these questions often determine the effective protection provided to subscribers’ privacy rights. In practice, human rights are usually protected by detailed procedures and protocols and more easily compromised in their absence.
In Movement for Freedom of Information v. Ministry of Communications, the Israeli Movement for Freedom of Information (the Movement), an NGO, petitioned an administrative court under the Freedom of Information Act, 1998 (FOIA), to order the state to make public the “secret annexes” to the licenses of mobile operators and ISPs.77 The Movement argued that when the government (p.108) awarded mobile operators and ISPs licenses, it annexed secret rules regulating the access of the ISA to the operators’ databases. The Movement stated that even as Parliament debates the details of the draft Communications Data Act, the ISA enjoys unrestricted access to similar data without judicial oversight or public scrutiny. The Movement argued that although specific uses or data categories may warrant secrecy, there is no reason to conceal from the public the fact that government access exists. The government resisted the FOIA request and the petition, arguing that the annexes do not provide the ISA with any surveillance powers but rather set forth technical specifications for placing the “pipe” through which the data are channeled. Use of the “pipe” is only made in the presence of a statutory mandate, which is available for public review.78 After having reviewed the “secret annexes” and heard the government’s arguments ex parte in closed chambers, the court confirmed that the annexes contain strictly technical specifications as opposed to legal mandates and suggested that the Movement withdraw the appeal, which it did.79
An additional question concerns payment for retention and use of stored communications data. Section 10 of the Communications Data Act provides that “a licensee is entitled for reimbursement of expenses related to the transfer of communications data to the police or another investigating authority under Sections 3, 4, or 9, as well as for the transfer of a file under Section 6, in an amount determined by the Minister of Communications (…) The amount reimbursed shall be based on recovery of reasonable expenses.” Some commentators believe that this provision was the motivating force for the enactment of the Communications Data Act, as before the legislation came into force the telecom operators charged the police high fees to perform similar services.80 During the legislative hearings, one Member of Parliament suggested intentionally setting a high fee in order to temper the police’s zeal to obtain data, thereby protecting individuals’ privacy through a prohibitive cost structure.81
On August 7, 2011, the government of Israel approved the establishment of the Israel National Cyber Bureau (INCB) charged with leading the promotion of cyber-related matters in Israel, coordinating between the various bodies, enhancing the protection of national infrastructure from cyberattack, and encouraging the advancement of the subject in industry and academia (Decision (p.109) 3611). The INCB reports directly to the prime minister. On February 15, 2015, the government approved a comprehensive plan for national readiness in cyberspace, including the establishment of a National Cyber Defence Authority that will have overall national responsibility for cyber defense (Decision 2444).
The Authority, which will be established over a three-year period, will oversee cyber defense actions so as to provide a comprehensive response against cyberattacks including dealing with threats and events in real time. It will also operate an assistance center, a Cyber Event Readiness Team (CERT), for dealing with cyber threats. In connection with the establishment of the Authority, a group of Israeli privacy and data security experts, including the country’s former privacy regulator Yoram Hacohen, wrote a letter to the attorney general expressing concern about lack of privacy protections and mechanisms for oversight in the arrangement.
Under Decision 2444, the Authority was required: (1) to conduct, operate, and implement, as needed, all the operational defensive efforts in cyberspace at the national level, including handling cyber threats and incidents in real time, formulating an ongoing situational awareness, consolidating and analyzing intelligence, and working with the defense community as detailed in a classified addendum; (2) to operate the national CERT, including working to improve cyber resilience, providing assistance in handling cyber threats and incidents, consolidating and sharing relevant information with all the organizations in the market, and serving as a central point of interface between the defense community and the organizations in the market; and (3) to build and strengthen the cyber resilience of the entire market through preparedness, training, and regulation.
At this point, it remains to be seen what if any voluntary or obligatory data sharing requirements will be imposed on businesses vis-à-vis the Authority or national CERT.
6. Additional Laws
In addition to the laws discussed above, which focus on communications data, Israel has launched various legislative initiatives involving collection of personal data by government, including a national biometric database (Law on Inclusion of Biometric Identifiers in Identification Documents and Database, 2009), a new credit reporting database (Credit Information Act, 2016), a connected cities initiative (City Without Violence), and a government decision to access to PNR and API (Advance Passenger Information) data of airlines flying to and from Israel (Government of Israel Decision 2258). These laws and initiatives demonstrate an ongoing erosion in privacy protections for individuals’ data, particularly when faced with strong state interests.
V. Concluding Observations
Israel regulates government access to communications data through four legislative instruments: the Wiretap Act, which deals with interception of communications contents; the Telecommunications Act, which deals with compatibility with (p.110) surveillance technologies; the ISAA, which deals with ISA access to communications data; and the Communications Data Act, which deals with such access by the police. In all cases, broad powers are conferred on the executive branch in the context of national security, reflecting Israel’s unique challenges in this space. At the same time, mechanisms for accountability are put in place through periodic reporting requirements to Parliament and to the attorney general.
(1.) C.A. 6821/93 Bank Ha’Mizrachi Ha’Meuchad Ltd. et al. v. Migdal Kfar Shitufi, 49(4) P.D. 221 (1995).
(2.) See for example HCJ 721/94 El-Al Israel Airlines v. Danielowitz, 48 P.D. 749 (1994) (equality); HCJ. 73/53 and 87/53 Kol Ha’am v. Minister of The Interior, 7 P.D. 871 (1953) (freedom of speech); HCJ 5016/96 Horev v. Minister of Transportation, 51(4) P.D. 1 (1997) (freedom of religion).
(3.) For resources see, for example, Association for Civil Rights in Israel, Arab Minority Rights, http://www.acri.org.il/en/category/arab-citizens-of-israel/arab-minority-rights/.
(4.) HCJ 5100/94 Public Committee Against Torture v. The State of Israel.
(5.) HCL 7957/04 Zaharan Yunis Muhammad Mara’abe et al. v. Prime Minister of Israel et al. (Supreme Court, Sept. 15, 2005), https://ihl-databases.icrc.org/applic/ihl/ihl-nat.nsf/caseLaw.xsp?documentId=FF996DAFB177F6ECC12575BC004899A5&action=openDocument.
(6.) HCJ 428/86 Barzilai v. Government of Israel, 40(3) P.D. 505 (1986), available in English at http://elyon1.court.gov.il/files_eng/86/280/004/z01/86004280.z01.pdf (petitioner attacked a decision by the president of Israel to pardon before trial officers of the General Security Service, who allegedly executed two terrorists who hijacked a bus and took hostages).
(8.) Civ. App. 1697/11 A. Guttsman Architects v. Vardi (Sup. Ct. January 23, , HCJ 6650/04 Plonit v. National Rabbinical Court (Sup. Ct., May 14, 2006); HCJ 8070/98 Association of Human Rights v. Ministry of Interior, 58(4) S.CT. 842 (2004); see also Omer Tene, “Israeli Data Protection Law: Constitutional, Statutory and Regulatory Reform,” 8(1) Privacy and Data Protection 6 (2007); Alon Kaplan & Paul Ogden eds., “Israeli Business Law: An Essential Guide” (1997), at 30.01.
(9.) HCJ 8070/98 ACRI v. Ministry of Interior, 58(4) S.CT. 842 (2004).
(10.) HCJ 6650/04 Plonit v. National Rabbinical Court (Sup. Ct., May 14, 2006).
(11.) RCA 4447/07 Rami Mor v. Barak ETC (Sup. Ct., March 25, 2010).
(12.) Lab. App. 90/08 Issakov Inbar v. State of Israel (Nt’l Lab. Ct. February 8. 2011).
(13.) Civ. App. 3661/16 Remet Ltd. v. Rami Shamir Civil Engineering Ltd. (Sup. Ct. August 23. 2016).
(14.) Privacy Protection Act, § 2(1)–(11) (1981).
(15.) The ISA is responsible for internal security, domestic intelligence and counter-intelligence, and the fight against terrorism.
(16.) The Mossad is responsible for foreign intelligence and covert missions beyond Israel’s borders.
(17.) Commission Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2011:027:0039:0042:EN:PDF. It is interesting to note in this context that Ireland attempted to undermine Israel’s adequacy decision, arguing that Israeli security services are likely to access personal data shipped from the EU to Israel. See Laurence Peter, “Ireland Delays EU Deal with Israel on Data Transfers,” BBC, September 3, 2010, http://www.bbc.co.uk/news/world-europe-11176926.
(18.) §§ 8–10 of the PPA.
(19.) § 11 of the PPA.
(20.) § 8(b) of the PPA.
(21.) § 17 of the PPA; as well as the Privacy Protection Regulations (Conditions for Data Storage and Security and Public Sector Data Sharing), 1986.
(22.) § 16 of the PPA.
(23.) §§ 13–15 of the PPA.
(24.) The Privacy Protection Regulations (Transfer of Data to Databases Outside of Israel), 2001.
(25.) Add. Hear. 9/83 Oiknine v. Military Court of Appeals, 42(3) P.D. 837 (1988).
(26.) BSE (TA) 1614/02 Multilock v. Rav Bariach (Tel Aviv Dist. Ct. February 7, 2002).
(28.) See analysis in Crim. App. 1302/92 State of Israel v. Nachmias, 49(3) P.D. 309 (1995).
(29.) Telecommunications Act (Telephone and Broadcast), 1982, § 13(b)(2).
(30.) The nuances of the definition of a licensee are beyond the scope of this chapter, given the complexity of the Israeli licensing system, which comprises of “general” and “special” licenses as well as “general permits” under Section 4A1 of the Telecommunications Act.
(31.) Crim. App. 10343/01 Badir v. State of Israel (Supreme Court April 30, 2003).
(32.) BSP 3544/07 Adar v. Israel Police (Tel Aviv District Court September 18, 2007).
(33.) Crim. 40206/05 State of Israel v. Philosoph (Tel Aviv Dist. Ct. February 5, 2007).
(34.) A president of a District Court in Israel is a senior judge who ranks junior to only Supreme Court justices.
(35.) The Wiretap Act, § 5.
(36.) The Wiretap Act, § 4(d).
(37.) The Wiretap Act, § 4(e).
(38.) The Wiretap Act, § 11.
(39.) The Wiretap Act, § 9B.
(40.) The Wiretap Act, §§ 9-9A.
(41.) The Wiretap Act, § 13.
(42.) The Wiretap Act, § 13(a)(2).
(43.) The Wiretap Act, § 13(a)(2).
(44.) The Wiretap Act, § 13(c1).
(46.) Wiretap Act Bill (Amendment No. 6), 2009, http://www.justice.gov.il/NR/rdonlyres/BD69535B-EC59-45AA-AE63-6DB0C65112F4/16891/455.pdf.
(47.) State Comptroller Opinion, Wiretapping in Criminal Investigations, June 2010, http://www.mevaker.gov.il/he/Reports/Pages/156.aspx.
(48.) 2005: 996 petitions, 14 rejected; 2006: 1255 petitions, 7 rejected; 2007: 1484 petitions, 11 rejected; 2008: 1797 petitions, 16 rejected.
(49.) These figures are derived from the State Comptroller’s report, at p. 62. Other Western democracies had a much higher instance of wiretapping authorizations. For example, Italy had 100,000 and Germany 42,000.
(50.) Criminal Procedure Ordinance (Arrest and Search), 1969, § 43.
(51.) This is the hypothesis of Avi Dichter, the Head of the ISA at the time of legislation, in a conference on “A Decade for the ISAA,” College of Management School of Law, March 20, 2012.
(52.) Communications Data Act, § 1. Each of the terms “location data,” “subscriber data,” and “traffic data” is further defined in § 1.
(53.) Communications Data Act, § 3(a).
(54.) Communications Data Act, § 4(a).
(55.) Communications Data Act, §§ 4(e) and 14(a)(2).
(56.) Communications Data Act, § 5.
(57.) Communications Data Act, § 15, adding § 9C of the Wiretap Act.
(58.) “Identifying details” is defined as name, ID number, address, and telephone number. Communications Data Act, § 1.
(59.) Communications Data Act, § 6.
(60.) See Protocol No. 639 from meeting of the Knesset Constitution, Law and Justice Committee, August 13, 2008. Cellcom’s representative said: “I don’t know if this is the time or place to say this, but this statute takes the telecom operators out of the game of data transfers. The police have the authority and ability to cross the data whichever way they want. They’ll have the antenna’s area of coverage; they’ll have the subscribers’ database; they can do many things with this information.” The regulations were adopted in Dec. 2008. Criminal Procedure Regulations (Enforcement Powers—Communications Traffic Data) (Database of Identifying Communications Data), 2008.
(61.) HCJ 3809/08 Association for Civil Rights in Israel v. Israeli Police (Sup. Ct. May 28, 2012).
(62.) The decision to legislate was motivated by a series of public scandals, such as the execution without trial of two Palestinian terrorists by ISA operatives and later attempt of cover-up (the “Line 300 Scandal”); as well as the Supreme Court decision in the Public Committee Against Torture case, supra note 4, outlawing the use of force in interrogations.
(63.) For a thorough review of the legislative process and rationale see Arye Rotter, The General Security Service Act—Anatomy of Legislation, Mar. 2010. (Rotter was Legal Counsel for the ISA during the legislative process).
(64.) Security Service Act 1989, c. 5, which has only seven sections.
(65.) Australian Security Intelligence Organisation Act 1979, Act No. 113 of 1979.
(66.) General Security Service Act, § 11.
(67.) This is the author’s translation and is non-binding.
(69.) Section 19(a)(1) of the ISA provides that “rules, internal instructions, internal procedures and the identity of ISA operatives, in the past or present, as well as additional details concerning the ISA to be determined in regulations, are secret and their disclosure or publishing prohibited.”
(70.) See definition of “Data;” General Security Service Act, § 11(a), which stands in stark contrast to the highly detailed and nuanced definition of communications data in the Communications Data Act.
(71.) See Elyakim Rubinstein, “The Attorney General in Israel: A Delicate Balance of Powers and Responsibilities in a Jewish and Democratic State,” 11:2 Israel Affairs 417, 422 (2005).
(72.) See, for example, Gil Kerbs, “The Unit,” Forbes, February 8, 2007, http://www.forbes.com/2007/02/07/israel-military-unit-ventures-biz-cx_gk_0208israel.html.
(73.) Directive 2006/24/EC of the European Parliament and of the Council of 15 Mar. 2006 on the Retention of Data Generated or Processed in Connection with the Provision of Publicly Available Electronic Communications Services or of Public Communications Networks and Amending Directive 2002/58/EC, 2006 O.J. (L 105) 54 (April 13, 2006).
(74.) Privacy Protection Act, §§ 2(9) and 8(b).
(75.) Civ. 1994/06 Amir Liran v. Pelephone (Tel Aviv District Ct. November 30, 2010).
(76.) See Omer Tene, “Cellular Customers Have No Privacy,” The Marker, January 11, 2011, http://www.themarker.com/law/1.596014; Dan Hay, Communications Data in Israel (Tel Aviv: Vital Publishing) 2011, 45–48.
(77.) Admin. App. 890/07 Movement for Freedom of Information v. Ministry of Communications (on file with the author).
(78.) The use of the “pipe” metaphor appears in the government’s response: Response of the Government of Israel to Admin. App. 890/07, at ¶ 35 (on file with the author).
(79.) Admin. App. 890/07, protocol and decision of November 5, 2007 (on file with the author).
(80.) See, for example, Hay, above note 76, at p. 206. In the government-sponsored bill leading to the enactment of the Communications Data Act, the government explained: “The police are required to pay very significant fees to the operators. The rates vary depending on the company, and there is no clear relation between the fee and the expenses incurred.”