The government is working on legislation to authorize the Shin Bet security services to use sophisticated surveillance technology such as spyware.
The proposed amendment to the Shin Bet law, which is being drafted by the Justice Ministry and the domestic intelligence agency, is meant to legalize methods that the Shin Bet is currently using without authorization in law.
The Shin Bet law of 2002 regulates the agency’s operations, most of which are classified and thus not subject to public oversight. Article 11 requires Israeli telecommunications firms to give the agency information about any conversation or message that passes through their networks. But newer technologies to collect information now exist, including spyware like NSO’s notorious Pegasus.
For two decades, the agency has stored the communications data it collects in a database. Article 11 says this data can only be used with permission from the agency’s director and in cases where it’s needed for the agency’s operations. Every three months, the director must inform the prime minister and attorney general of any permits he issued to use this data, while the Knesset’s Subcommittee on the Secret Services must be informed about such permits once a year.
The new proposal, a copy of which was obtained by Haaretz, says the Justice Ministry, the Shin Bet’s legal adviser and other relevant parties have been working for a long time to draft a “comprehensive amendment to Article 11,” both “to adapt the article to the agency’s current needs and to increase supervision and oversight of the agency’s operations.”
Ministry officials said the amendment would include mechanisms to prevent violations of human rights, especially the right to privacy, and it will invite public comment on the draft before the final version is submitted to the Knesset.
Last June, in response to the Shin Bet’s use of cellphone tracking to trace coronavirus patients’ contacts, the Association for Civil Rights in Israel wrote then-Attorney General Avichai Mendelblit to protest such technology being used without authorization in law, and to demand greater oversight of its use.
“The Shin Bet possesses an incomparably sensitive database on all Israeli citizens and residents and has advanced database-search capabilities that enable it, within hours, to ascertain every place a person has been, now and in the past, as well as his contacts with other people,” it wrote. “This is no less invasive than wiretapping, and in some ways even more invasive.
“The Shin Bet maintains and searches this database without needing a search warrant from a judge or any outside party, and oversight of its use of the database is weak,” ACRI wrote. “The law gives no protection to journalists’ sources and lacks even basic guarantees to prevent overuse of it, leaks of information from it or its use for other purposes.”
ACRI demanded that the Shin Bet be required to get judicial authorization to use the database. It also demanded creation of an external body to provide retroactive oversight.
Justice Ministry official Neta Konigstein had rejected these demands on Mendelblit’s behalf. “No one disputes that Article 11 enshrines powers that infringe on human rights, including the right to privacy,” she wrote. “But we don’t accept the claim that the authorization for this infringement and the way it’s implemented deviate from the accepted constitutional norms.”
Nevertheless, the ministry is now preparing an amendment to the law.
Konigstein said the Shin Bet is obligated to use the database only for authorized purposes, but acknowledged that some information from it could be shared with other parties “if there’s a specific need for this in order to fulfill the agency’s purposes.”
Regarding the fear that journalists’ sources might be revealed, she wrote that surveilling a journalist requires approval from senior Shin Bet officials and rejected ACRI’s demand that this requires a judicial warrant. As for fear that information from the database could reach foreign countries, Konigstein said such information is shared only in rare cases and only with high-level approval and oversight.
Gil Gan-Mor of ACRI told Haaretz that the Shin Bet’s use of the database to track coronavirus patients showed the public “that the agency possesses a terrifying database that contains extremely sensitive information about each and every one of us. This information enables the Shin Bet to easily build an intimate profile, ranging from our social contacts through our religious beliefs to our sexual orientation, and surveil even people who aren’t suspected of anything. Database searches are performed without a judicial warrant or even minimal oversight.
“This is an extreme privacy violation that has no parallel in other democratic countries,” he added. “Such power is corrupting and dangerous, and politicians’ pressure to use the database for various purposes is enormous. We saw that with the coronavirus, and also recently, when there was pressure to use the database to investigate ordinary crimes as part of the war on crime in the Arab community.
“Such power requires serious protections and external oversight mechanisms,” he continued. “It’s worrisome that the Attorney General’s Office is demonstrating such laxness about protecting our privacy and doesn’t understand the danger to democracy posed by concentrating such powers in a secret service.”
He demanded the immediate establishment of “an independent SIGINT commission headed by a judge to oversee technological surveillance by the Shin Bet and police,” and urged MKs “to abandon their apathy and carry out effective oversight of surveillance technologies.”