THE SNOWDEN revelations about the existence of classified surveillance programs run by the US National Security Agency led to a number of important legal and policy changes in the United States, including the tightening of institutional safeguards and introduction of new limitations on government data collection and analysis. Specifically, intelligence services in the United States lost their authority to engage in the bulk collection of domestic telephone metadata (call logs), while new restrictions were placed on the use of incidental information collected through surveillance of foreign targets.
Heightened concerns over striking a correct balance between the interest of governments in accessing data for security reasons and individual privacy rights have also manifested themselves in other contexts.
For example, the European Union’s Court of Justice recently issued a decision to strike down domestic laws in the United Kingdom and Sweden that required telecommunication companies to retain their customers’ metadata (including information about their call location and on-line traffic logs) for prolonged periods of time.
Furthermore, in many other countries, including Colombia, South Korea, New Zealand and South Africa, a lively public debate is taking place over the limits of governmental surveillance power.
In light of these developments, the lack of attention being paid in Israel to issues of security surveillance is rather surprising. Especially given that existing laws in the country give domestic security agencies very broad powers of collection and access to data and metadata.
Though Israel’s security apparatus undoubtedly has the technological capacity to access and utilize that data, the state imposes few institutional constraints and oversights on its surveillance activities.
On the one hand, police access to communications content and metadata is placed under rather strict regulation – as mandated by the provisions of the Wiretapping Law and the Communications Data Law – and is subject to meaningful judicial controls. On the other hand, security services’ access to data and metadata is more loosely regulated. Data needed for national security purposes can be intercepted without judicial involvement – with ministerial authorization, subject to the approval of the attorney general (who must periodically report to a Knesset committee).
Moreover, access to metadata is regulated by secret regulations. It also appears that surveillance activities undertaken by Israeli security agencies may be exempt from the scope of Israel’s Privacy Protection Law. Apparently, neither law nor practice limits the retention period of data held by telecommunication companies or by the security agencies that receive copies. Restrictions on retention and access to caller identification information are few and far between.
Another area that appears to be sparsely regulated is data mining – the use of powerful search functions to extract and cross reference information available to the public. Since the Wiretapping Law allows the monitoring of “public conversations” for reasons of national security, it could be argued that data mining of publicly accessible social media and other on-line sites is not precluded under existing legislation.
How can Israelis’ privacy be better protected, without harming national security or creating the next Snowden?Yuval Shany
Finally, it’s unclear whether the prime minister has exercised his powers under the Bezeq Law to authorize the installation of a communications infrastructure, which could include interception devices, since under the provisions of the abovementioned law, any exercise of such power may be kept secret for national security purposes.
The overall picture is that Israeli security agencies retain considerable surveillance powers, subject to very few checks and balances.
Although some administrative and very limited judicial and parliamentary oversight does exist, much of the activity in this field occurs below the radar screen and appears to be subject to limited controls. This is a cause for concern and could invite – as we have seen in the US and in other countries – abuse of power and massive curtailment of privacy rights.
How can Israelis’ privacy be better protected, without harming national security or creating the next Snowden? A few ideas should be considered: First, the appointment of an independent data protection ombudsman (such an office already exists in several countries), who would have the necessary security clearance to review laws and policies in the field of surveillance. Such an ombudsman could, in principle, also examine complaints about misuse and abuse of authority by security agencies and generate a greater degree of accountability.
Second, a right to notification should be established, informing individuals whenever possible – generally, after the fact – that data or metadata relating to them was reviewed by a relevant security agency. Such a notification would allow individuals to mount a challenge, before judicial or administrative agencies, to surveillance activity they deem to be improper, rendering existing practices much more transparent.
Finally, it is important for Israel to have a public discussion on the rights of data subjects (citizens) to control the information about them and their activities, as well as to review existing surveillance laws in light of the existence of such new rights.
We thus need to figure out how to strike a more appropriate balance between important national security interests and newly defined privacy interests of all individuals living in a digital age.