During January 2022, the Calcalist newspaper published an investigation according to which, for several years, the police have also routinely used offensive cyber tools developed by the NSO Group and allow remote infiltration, without the knowledge of investigated parties.
Following this publication Israel Internet Association (ISOC-IL), together with other civil society organizations, appealed to the Attorney General on January 18, 2022 for the immediate cessation of use of these tools as they are used without authority, in violation of the law and severely harm constitutional rights.
The Association further expressed its firm position in a special discussion on the subject in the Knesset’s Internal Security Committee on January 24, 2022 and provided background materials to committee members about the capabilities of the technological tools for hacking and searching mobile phones and how new information technologies – in cloud computing and forensic technologies – require updating the legal regulation of searches in computer material in general, and hacking and searching of smartphones and cloud services in particular.
Summary of the position of the Israel Internet Association
Although the courts have long recognized the enormous extent of harm of the State authorities’ powers to seize and infiltrate computer materials and mobile phones in particular, relevant legislation is far behind and does not adequately address the unique constitutional challenges posed by the scope of personal and sensitive information that the investigative authorities can extract by infiltrating and searching personal digital devices.
These tools share unprecedented features and capabilities: hacking or bypassing most of the security features built into the phone and the ability to copy the wealth of data stored in it and in cloud accounts to which the device is linked; together with advanced organization and analysis capabilities that enable law enforcement authorities to examine and analyze the wealth of information from the smartphone easily and efficiently.
As a starting point for the public and legal discussion that must be held regarding the operation of offensive cyber tools that allow hidden remote access to citizens’ digital devices, the Israel Internet Association emphasizes the following points:
- Hacking and remote takeover of smartphones infringe on the constitutional right to privacy and due process, which can only be done by virtue of a law authorizing state authorities to do so. Within this framework, it is necessary to deny the position whereby the Wiretapping Law, in its current form, confers the required authority for the use of offensive cyber tools. Therefore, even if the tools are used after a court order has been obtained, it is doubtful whether this order is admissible in view of the lack of authority to do so.
- Due to the lack of clear authorization in the law, the Israel Police must stop using offensive cyber tools immediately.
- The legislation in Israel regarding searches and wiretaps is outdated and not adapted to the Internet age. A comprehensive procedure should be promoted to update the relevant laws, while strictly safeguarding the constitutional rights of suspects.
- Even if we assume that the Wiretapping Law allows the police to operate offensive tools such as the NSO Pegasus, clear limits on their operation must be set, bearing in mind that these tools allow the investigating authorities access to means of collection that clearly exceed the boundaries of the law.
- In addition to the question of the authority and scope of hacking and searching of computer material, a public discussion should be held and restrictions placed on the future use that can be made of the collected digital material, including procedures for signing and deleting it after a limited period of time.